WO2007020185A1 - Controle de l'acces d'appareils a un reseau de transmission de donnees - Google Patents

Controle de l'acces d'appareils a un reseau de transmission de donnees Download PDF

Info

Publication number
WO2007020185A1
WO2007020185A1 PCT/EP2006/064881 EP2006064881W WO2007020185A1 WO 2007020185 A1 WO2007020185 A1 WO 2007020185A1 EP 2006064881 W EP2006064881 W EP 2006064881W WO 2007020185 A1 WO2007020185 A1 WO 2007020185A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
data processing
processing system
data transmission
transmission network
Prior art date
Application number
PCT/EP2006/064881
Other languages
German (de)
English (en)
Inventor
Mohammad Vizaei
Original Assignee
Siemens Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft filed Critical Siemens Aktiengesellschaft
Publication of WO2007020185A1 publication Critical patent/WO2007020185A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses

Definitions

  • the invention relates inter alia to a method for transmitting data packets, for example with the steps:
  • the first data processing system and the second data processing system are, for example, personal computers, portable computers (laptops) or handheld computers.
  • the computers each include at least one processor that executes instructions from programs stored in a memory of the computer.
  • Data processing systems are operated in a local data transmission network, for example in an Ethernet LAN (Local Area Network) or in a so-called WLAN (Wireless Local Area Network).
  • the local data transmission network can also consist of two individual local data transmission networks, for example an Ethernet and a WLAN.
  • a common protocol for the transmission of data in local communication networks is the Internet Protocol or the Protocol TCP / IP (Transmission Control Protocol / Internet Protocol) or the protocol UDP / IP (User Datagram Protocol), the IETF (Internet Engineering Task Force ).
  • TCP / IP Transmission Control Protocol / Internet Protocol
  • UDP / IP User Datagram Protocol
  • IETF Internet Engineering Task Force
  • other protocols can also be used to transmit data packets in the local communication networks.
  • a data packet contains a packet header with address information and a packet body with payload data, e.g. Signaling data, program data, music data, voice data, image or video data, etc.
  • the device identifiers are addresses that are structured like Internet addresses but need not be publicly known. However, other device identifiers may be used, e.g. the so-called MAC address (Media Access Control Address), which is usually stored non-volatile in network units by the manufacturer of the network unit.
  • MAC address Media Access Control Address
  • the third data processing system is for example a so-called LAN router, which performs a switching function based on network or Internet addresses.
  • the LAN router allows the two data processing systems to access the main data transmission network, e.g. the Internet, without the two data processing systems must have their own Internet address or network address in the main data transmission network.
  • Such methods are referred to as port and address translation (PAT).
  • PAT Port and address translation
  • NAPT Network Address and Port Translation
  • Internet service provider only the Internet address of the third data processing system known, ie, for example, the outer Internet address of the LAN router, but not the internal network addresses of the first data processing system and the second data processing system.
  • a data processing unit is to be specified, which is particularly suitable for carrying out the method.
  • the task related to the method is by a
  • the invention is based on the consideration that the data transmission to the data processing systems can be monitored in a simple manner on the basis of the device identifier.
  • the distribution of an available amount of data or time of use provides an incentive for the efficient use of resources.
  • the message is sent to a system administrator of the local communication network.
  • the blocking of the data transmission to or from the first data processing system including the main data transmission network can be achieved, for example, by the fact that this data processing system may no longer make requests to the main data transmission network with which data is requested.
  • the amount of data or the time of use with respect to the second data processing system is also detected.
  • a second limit value is specified for the second data processing system, wherein the second limit value may not be exceeded in the data transmission from the main data transmission network to the second data processing system.
  • a second actual value is detected, which indicates the data volume transmitted to the second data processing system or the time relevant for the second data processing system.
  • the second actual value and the second limit value are also compared and a second message is generated or the data transmission to the second data processing system is blocked when the second limit value is exceeded.
  • access to the main data transmission network it is possible to ensure compliance with the stipulated division of the data volume or time of use.
  • an assignment is stored in the third data processing system in which a first port address is assigned to the first device identifier and a second port address is assigned to the second device identifier. If a data packet from the main data transmission network arrives in the third data processing system, a port address specified in the data packet is read. With the help of the assignment, the data processing system is determined for which the data packet is determined. The recipient address in the data packet is changed according to the determined address.
  • Such methods are performed especially in routers.
  • a router is particularly suitable for carrying out the method according to the invention, because the method can be carried out there in a simple manner.
  • the data packets are transmitted in accordance with the Internet protocol, in particular according to the TCP / IP protocol, see RFC (Request For Comments) 791 and 793 of the IETF.
  • the detection of the amount of data or the time in the third data processing system, in particular in a router performed, in particular in a router that forwards data packets according to Internet Protocol.
  • the third data processing system in which detection is preferably carried out, is connected to a double line or a two-wire line, for example to two copper lines. Via the lines, the third data processing system can be connected to a fourth data processing system which allows access to the Internet, for example with an access data processing system of an Internet service provider.
  • the double lines allow a broadband data transmission with a Data transmission rate of, for example, greater than 500 kilobits per second. Depending on the length of the double line, however, the data transmission rate is also limited to the top and, for example, less than 2.5 megabits per second.
  • Double-line methods are also known as XDSL (X - Digital Subscriber Line). So the following standardized procedures are used:
  • ADSL Asymmetrical Digital Subscriber Line
  • HDSL High Data Rate Digital Subscriber Line
  • VDSL Very High Data Rate Digital Subscriber Line
  • Broadband data transmission allows many times the bandwidth of traditional Internet connections with modems that allow a data transmission rate of, for example, less than 64 kilobits per second. Due to the large bandwidth, simultaneous access from several data processing systems via a DSL connection is possible. A distribution of the available amount of data or time to this data processing system from the side of the local data transmission network indirectly also allows an efficient use of the bandwidth.
  • the detection is carried out in the third data processing system, wherein the third data processing system can forward less than 10 megabits per second.
  • This is a small router, such as used in small corporate networks with less than 10 data processing systems or in local home networks, for example, where fewer than five computers are connected to multiple family members. Unlike routers used, for example, by Internet service providers, minors have different requirements, especially with regard to setting parameters and ease of programming.
  • the device identifiers are:
  • license plate which consist of a network address and a license plate of a network unit.
  • a limit indicates a maximum amount of data that is to be transmitted in a unit of time to the first data processing system, for example within one month.
  • the data volume transferred to the first data processing system is summed up in a next development in order to determine the actual value.
  • the accumulated value is reset to zero.
  • the well-known NTP Protocol RFC 958 or SNTP Simple Network Time Protocol RFC 1361 of a server can be used on the Internet to automatically detect the end of a month.
  • the data to and / or from the first data processing system including the
  • Data stream transferred from the main data transmission network from a value indicating the remaining amount of data.
  • a limit value indicates a maximum useful life in which the main data transmission network can be used by the first data processing system in a predetermined time interval, for example in one month.
  • the actual value can be determined in a simple manner by logging on and off the first data processing system at the router.
  • the times used by the first data processing system are totaled or subtracted from a value indicating the remaining usage time.
  • the sum value is set to zero or a starting value for subtracting or subtracting is specified again.
  • NTP Network Time Protocol
  • the invention also relates to a data processing unit which contains a monitoring unit which monitors the amount of data or the time specified for a data processing system based on device identifiers specified in the data packets to be forwarded.
  • the unit contains a unit for carrying out a method step of the method according to the invention or one of its developments.
  • the above-mentioned technical effects also apply to the data processing unit.
  • FIG. 1 shows the structure of a local network behind a
  • FIG. 2 shows method steps when carrying out a monitoring method
  • FIG. 3 shows the structure of a data processing unit in which the method steps can be carried out.
  • FIG. 1 shows a computer network 10 which contains the following components:
  • An ISP computer 14 Internet Service Provider connected to the Internet 12, which allows a large number of subscribers access to the Internet 12, eg more than 100 or more than 1000 subscribers, - a telephone line 16 connected between the computers 14 and a router 18 is switched and uses only two wires for data transmission, which are, for example, twisted, a local data transmission network 20, for example an Ethernet, which contains the router 18 and, for example, three local data processing systems 22, 24 and 26 or other data processing systems (not shown).
  • the data processing systems 22 to 26 are via network connections 30 to 34 with the
  • Router 18 connected.
  • the data processing systems 22, 24, 26 have in this order in the local data transmission network 20 internal network addresses IPl, IP2 or IP3 and so-called MAC addresses MACl, MAC2 and MAC3.
  • the network addresses IP1 to IP3 and the MAC addresses MAC1, MAC2 and MAC3 are not known in the computer 14 of the Internet service provider. In the computer of the Internet service provider only an external Internet address IPR of the router 18 is known.
  • the router 18 has an internal network address in the local communication network 20 that is different from the Internet address IPR.
  • FIG. 2 shows method steps in the implementation of a monitoring method in which the amount of data that is transmitted to the data processing system 22, which is also referred to as a data processing system DVA1, is monitored.
  • the method begins in a method step S36.
  • limit values GW1 and GW2 are specified for the data processing system 22 and the data processing system 24, which is also referred to as data processing system DVA2.
  • the GWl limit is 20 megabytes per month and the GW2 limit is 40 megabytes per month.
  • the limit values GW1 and GW2 are preferably stored in the router 18.
  • a method step S40 the router 18 receives a data packet from the computer 14, which is transmitted in accordance with the Internet protocol. With the aid of the known methods PAT (Port and Address Translation) or NAPT (Network Address and Port Translation), the router determines in a method step S42 the data processing system 22 to 26 for which the data packet which has been received in step S40 is determined. In this case, for example, stored in the router 18 Used routing table. In step S42, the router 18 also determines whether it is a data packet destined for a data processing facility 22, 24 to be included in the monitoring process.
  • PAT Port and Address Translation
  • NAPT Network Address and Port Translation
  • step S42 immediately after the method step S42 follows a method step S44, in which the router 18 forwards the data packet to the data processing system 26.
  • step S40 is again followed by another data packet.
  • method step S42 If, on the other hand, it is determined in method step S42 that the data packet received in method step S40 is intended for data processing system 22 or 24, a method step S46 follows immediately after method step S42. In method step S46, a counter value is incremented in the router 18 which indicates the data volume transmitted to the data processing system 22 or 24.
  • a method step S47 the router 18 checks whether the limit value GW1 has been exceeded in the case of a data packet for the data processing system 22 or the limit value GW2 in the case of a data packet intended for the data processing system 24. If the limit value GW1 or GW2 has not yet been reached or has not yet been exceeded, method step S44, in which the data packet is forwarded via the local data transmission network 20, follows immediately after method step S47.
  • a method step S48 follows in which a message is generated for the system administrator of local data transmission network 20.
  • the message indicates that the limit has been exceeded.
  • the sys- temadministrator block downloads from the relevant data processing system.
  • the system administrator turns to the user of the relevant data processing system 22 or 24.
  • the method step S44 follows, in which the data packet is forwarded to the relevant data processing system 22 or 24.
  • the data packet is not forwarded after the message S48, but the method is continued directly in step S40.
  • the forwarding of data packets to the data processing system 22 is prevented, see dashed line 49th
  • the available usage time for the data processing systems 22, 24, 26 is detected. Monitoring the time is particularly easy if the local data transmission network is a WLAN.
  • FIG. 3 shows the structure of a data processing unit 18a that can be used instead of the router 18.
  • the data processing unit 18a does not include a processor that executes instructions of a program.
  • the data processing unit 18a contains only electronic circuits which perform the function of the data processing unit 18a, wherein the method steps explained with reference to FIG. 2 are carried out.
  • the data processing unit 18a contains: a transmission / reception unit 50 enabling the connection of the local data transmission network 20,
  • a transmitting / receiving unit 52 enabling the connection to the telephone line 16, the telephone line 16 being connected, for example, to a so-called splitter for frequency division, in particular directly, that is to say in the form of a splitter. without the interposition of further units,
  • a monitoring unit 54 which carries out the method steps explained with reference to FIG. 2, a routing table 56 used to forward the data packets arriving from the Internet or over the telephone line 16,
  • Memory units for storing the addresses IP1, IP2, etc., the limit values GW1, GW2, and the actual values IW1, IW2, etc.
  • the data processing unit 18a includes a processor 58 which executes instructions of a program stored in a memory unit of the data processing unit 18a.
  • the units of the data processing unit 18a are internally interconnected, for example via a bus system, see arrow 60.
  • a user can be specified individual download or time limit in the router 18, 18a. This is in the broadest sense, the billing of a data transfer affected, for example, the so-called Internet charging. Cost summary and cost control for Internet download limits on a time or volume basis is also available for broadband connections used by multiple machines that are not known to Internet service providers. This solves the problem that a number of computers connected to a router can individually be given a usage limit or in which one
  • Usage limit for Internet access is shared among multiple users.
  • This method can be used in addition to methods in which the Internet service provider prescribes a usage limit that is assigned to a specific user ID (identification) under a password, this usage limit having no reference to individual users of a local network whose computer supports the user network. Share ID and password.
  • the method can also be used in addition to a program on a computer of the local network 20, are carried out with the aggregate evaluations of download activities of all or individual connected computers. The inventive method also works when this computer is turned off.
  • the endpoints ie hard and soft IP clients, a private Internet protocol network, for example, by using DSL routers or wireless routers, or Bluetooth routers networked.
  • thresholds for amounts of time or data per user For example, the main user may administratively set time and / or download limits for each user depending on the model used, e.g. per day, per week, per month, per quarter or similar define.
  • Many routers also have NTP (Network Time Protocol) mechanisms. As a result, the router is able to query the date and time after signing up on the Internet without any additional programs. Thus, an automatic reset of the used counter values, e.g. on the first of each month, done automatically.
  • NTP Network Time Protocol
  • the router can capture or measure the current usage per user.
  • the user's lock is also easily possible since the router is technically capable of no longer sending packets to the user from the Internet or ignoring all received packets that are to be forwarded to the Internet. However, local services are not affected so that the user in question can continue to use the local data transmission network 20 without restrictions. With this simple extension, the router owner can always determine the current Internet usage per user.

Landscapes

  • Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne, entre autres, un procédé selon lequel la quantité de données transmise par ou à une unité de traitement de données (22) est déterminée sur la base d'une caractéristique d'appareil contenue dans des paquets de données à transmettre. La quantité de données déterminée est vérifiée au moyen d'une quantité de données prédéterminée afin de permettre le partage d'une quantité de données disponible dans un réseau de transmission de données local (20).
PCT/EP2006/064881 2005-08-19 2006-08-01 Controle de l'acces d'appareils a un reseau de transmission de donnees WO2007020185A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102005039343.8 2005-08-19
DE102005039343A DE102005039343B4 (de) 2005-08-19 2005-08-19 Verfahren zum Übertragen von Datenpaketen und Datenverarbeitungseinheit

Publications (1)

Publication Number Publication Date
WO2007020185A1 true WO2007020185A1 (fr) 2007-02-22

Family

ID=36968165

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2006/064881 WO2007020185A1 (fr) 2005-08-19 2006-08-01 Controle de l'acces d'appareils a un reseau de transmission de donnees

Country Status (2)

Country Link
DE (1) DE102005039343B4 (fr)
WO (1) WO2007020185A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020120126A1 (fr) 2018-12-14 2020-06-18 Volkswagen Aktiengesellschaft Procédé d'exploitation d'un réseau de données d'un véhicule automobile et véhicule automobile ayant un réseau de données exploitable correspondant

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120094600A1 (en) 2010-10-19 2012-04-19 Welch Allyn, Inc. Platform for patient monitoring

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999005828A1 (fr) * 1997-07-25 1999-02-04 Telefonaktiebolaget Lm Ericsson (Publ) Qualite dynamique de reservation de service dans un reseau de communications mobile
WO2004006520A1 (fr) * 2002-07-04 2004-01-15 Webtraf Research Pty Ltd Procede, systeme et dispositif permettant de surveiller et de reguler le transfert de donnees dans des reseaux de communication
US20040203815A1 (en) * 2002-04-16 2004-10-14 Texas Instruments Incorporated Wireless communications system using both licensed and unlicensed frequency bands

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2381424B (en) * 2001-10-26 2005-01-05 Roke Manor Research A method of controlling the amount of data transferred between a terminal and a server

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999005828A1 (fr) * 1997-07-25 1999-02-04 Telefonaktiebolaget Lm Ericsson (Publ) Qualite dynamique de reservation de service dans un reseau de communications mobile
US20040203815A1 (en) * 2002-04-16 2004-10-14 Texas Instruments Incorporated Wireless communications system using both licensed and unlicensed frequency bands
WO2004006520A1 (fr) * 2002-07-04 2004-01-15 Webtraf Research Pty Ltd Procede, systeme et dispositif permettant de surveiller et de reguler le transfert de donnees dans des reseaux de communication

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020120126A1 (fr) 2018-12-14 2020-06-18 Volkswagen Aktiengesellschaft Procédé d'exploitation d'un réseau de données d'un véhicule automobile et véhicule automobile ayant un réseau de données exploitable correspondant
DE102018221742A1 (de) 2018-12-14 2020-06-18 Volkswagen Aktiengesellschaft Verfahren zum Betreiben eines Datennetzwerks eines Kraftfahrzeugs und Kraftfahrzeug mit einem entsprechend betreibbaren Datennetzwerk
US11917007B2 (en) 2018-12-14 2024-02-27 Volkswagen Aktiengesellschaft Method for operating a data network of a motor vehicle and motor vehicle comprising a data network which can be correspondingly operated

Also Published As

Publication number Publication date
DE102005039343B4 (de) 2007-10-31
DE102005039343A1 (de) 2007-02-22

Similar Documents

Publication Publication Date Title
DE60210927T3 (de) Verfahren und Vorrichtung zur Zulassung der Datenübertragung über Firewalls
DE60223806T2 (de) Messung von Netzwerkparametern wie sie von nicht künstlichem Netzwerkverkehr wahrgenommen werden
DE60311079T2 (de) Digitales Teilnehmernanschlussleitungszugangsnetz mit verbesserter Authentifizierungs-, Berechtigungs-, Abrechnungs- und Konfigurationssteuerung für Multicast-Dienste
DE10022431B4 (de) Integriertes IP-Netzwerk
DE602004008415T2 (de) System und Verfahren zum Aufrechterhalten der Netzwerkverbindung
DE102005020098A1 (de) Systeme und Verfahren zum Sammeln und Ausgeben von Teilnehmeridentifizierungsdaten
DE69833206T2 (de) Netzwerkkontrolle zum verarbeiten von statusproblemen
DE60208990T2 (de) Verfahren zur Unterscheidung von Teilnehmer eines Kommunikationssystems, Kommunikationssystem und Kommunikationsgerät
DE102019210229A1 (de) Verfahren und Vorrichtung zur Analyse dienste-orientierter Kommunikation
DE102005039343B4 (de) Verfahren zum Übertragen von Datenpaketen und Datenverarbeitungseinheit
EP1317820B1 (fr) Procede pour etablir des liaisons avec des qualites de service predefinies dans un reseau de communication oriente paquet, a l'aide d'un gestionnaire de ressources
DE602004006251T2 (de) Verfahren zur Sicherung der Kommunikation in einer Lokalnetz-Vermittlungsstelle
EP1897340A1 (fr) Procédé et dispositif de mappage d'adresses
DE69834253T2 (de) System und Verfahren zur Ausführung eines bestimmten Befehls zwischen erstem und zweitem Endgerät
EP1525714B1 (fr) Configuration d'un reseau d'acces telephonique relie a un reseau a large bande et d'un commutateur de paquets associe
DE102010009642B4 (de) System und Verfahren zum Senden von Paketen mit Hilfe der Netzadresse eines anderen Geräts
DE102022200554A1 (de) Bandbreitensteuerungspolicer in einem netzwerkadapter
EP3614642B1 (fr) Procédé de réglage d'un flux, procédé de fourniture des informations d'identification du flux, utilisation d'un serveur de service nommé, appareil, programme informatique et support lisible par ordinateur
EP1559241B1 (fr) Procédé et dispositif pour échanger des données par une liaison tunnel
DE10321227A1 (de) Verfahren zum Datenaustausch zwischen Netzelementen
DE10327545A1 (de) Verfahren und Vorrichtung zur Verarbeitung von Echtzeitdaten
EP2649751B1 (fr) Procédé et système de surveillance d'un système de communication
EP1543670B1 (fr) Procede d'echange transparent de paquets de donnees
DE102008055967B4 (de) Verfahren zur Endpunkt-Adressierung sowie dafür eingerichtetes Netzwerk und Zugangsknoten
EP4080830A1 (fr) Procédé de vérification et de commande d'un trafic de données sortant d'un terminal de réseau domestique compatible ip et système pour sa mise en oeuvre

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06778092

Country of ref document: EP

Kind code of ref document: A1