WO2008053169A1 - Method of extending a signalling domain in a communications system - Google Patents

Abstract

A method of remotely controlling switching apparatus located in a host network domain comprising the steps of generating a signalling message at an application server in a first network domain controlled by a separate entity to the entity controlling said host network domain; receiving said signalling message at a signalling firewall located at a point of interconnection between said host network and said first network; filtering at the signalling firewall said signalling message to retain only one or more signalling operations which conform with a set of one or more criteria for remotely controlling said service switching apparatus; forwarding from the signalling firewall a filtered signalling message to a service switching apparatus located in said host network domain; processing said received signalling message at said service switching apparatus to control the operation of switching apparatus located in said host network domain, wherein the filtering action performed by the signalling firewall enables a plurality of differing application servers to share control of the switching apparatus located in said host network domain through the same point of interconnection, thus extending the signalling domain of each of said application servers. This enables switching apparatus located in the host network domain to be remotely controlled to prevent payload communications traffic associated with said signalling message from reaching said first network domain, thus preventing call tromboning effects.

Description

METHOD OF EXTENDING A SIGNALLING DOMAIN IN A COMMUNICATIONS SYSTEM

The present invention relates to a method of extending a signalling domain in a communications system.

In particular, but not exclusively, the invention provides an interconnection scheme for a communications system comprising a plurality of networks which enables a plurality of third parties to share control of switching apparatus located in another network through the same point of interconnection. In particular, but not exclusively, the invention relates to an interconnection scheme which enables network operators to share control over network switching equipment with third parties. This is achieved by allowing third parties to send and receive signalling through a shared point of interconnection leaving the payload traffic associated with that signalling within the network operator's host communications network.

Many incumbent communications network operators are now configuring their network architecture to enable third parties to implement communications services. However, to provide such services, third parties must incur some not inconsiderable expenditure. Routing payload traffic through points of interconnect between third party networks and a public communications ("host") network requires the third party to provide switching equipment in its own network which is often costly to install and maintain. Moreover routing traffic through points of interconnect occupies resources of both the costly equipment of the third party and the switching equipment in the operator's (host) network at the point of interconnection.

Each third party traditionally reserves ports both on its own network as well as on the host operator's switch at the point of interconnection via which traffic flows between the two networks. In addition, where controlling systems are implemented to regulate how traffic flows between the two networks, a third party may need to access certain functionality provided by switching equipment located within the host communications network and traditionally controlled solely by the host communications network operator.

It is known that to enable third parties to access service capabilities within a host communications network, the host communications network operator can open an interface to equipment which third parties can access using techniques such as the application programming interfaces (APIs) proposed by the Parlay & Parlay X standards bodies. However, known interface solutions are limited in that the communications and signalling protocols which carry signals within a third party communications system must be communicable through the interface and recognised by the receiving equipment. In addition, ports must still be reserved for each third party to send and receive both signalling and payload traffic on the equipment located at the point of interconnection between that party's communications network and the host communications network, regardless of the use made of the reserved switch resources by each third party.

Network operators are known to use INAP (Intelligent Network Application Part) to provide within the host communications network a range of value added applications. The Intelligent Network or IN is a network architecture for fixed and mobile communications which enables operators to provide value- added services. The IN concepts are described in the International Telecommunications Union Transmission standards documentation (ITU-T standards Q.1210 to Q.1219, also known as capability set one (CS1). Further enhancements are provided by a second capability set of standards documents (CS2) also available from the ITU. Unless explicitly defined otherwise, all terms described herein are to be construed in a manner consistent with their definition in the INAP standards documentation.

Figure 1A of the accompanying drawings shows schematically an exemplary arrangement of an intelligent Network in which a plurality of service control points (SCPs #1 , #2, #3) 12 are trusted (and are operated and/or controlled) by the network operator. A service control point SCP 12 is a network element which is capable of providing intelligent network (IN) functionality for call processing. An SCP 12 is a component within an IN which enables the party operating the component such as a carrier to offer services by acting on some characteristic of a communications transmission such as its format, code, content, or protocol to provide additional or restructured information or to provide a subscriber interaction with stored data such as by translating 0800 (also known as toll free or free phone) numbers to a plain old telephony service (POTS) number or a trunk group.

As mentioned above, conventionally, each third party service provider must reserve ports on the switching equipment located at the point of interconnection between their communications network and the host communications network, regardless of how much they are utilising the interconnection. Accordingly, each SCP 12 is arranged to use a trusted signalling protocol to communicate via different reserved ports^' (ports #1 , #2, #3 respectively shown in Fig 1A are reserved for SCPs #1 , #2, #3) with the network operator's service switching point (SSP) 10. These SCPs 12 can also be connected using a Common Channel Signalling number 7 (also known in the art as SS7) signalling network with one or more STP (Signalling Transfer Points) so as to allow reuse of the signalling port capacity on the SSP 10 instead of having dedicated signalling ports. An SSP 10 is a switch enhanced with intelligent network software capability to support management and/or the provision of intelligent network services. Usually an SSP 10 is co-located with a telephone exchange and acts as a trigger point for further services to be invoked during a call. The SSP 10 implements a finite state machine (the Basic Call State Machine) which represents each call in as an abstracted set of states (off hook; dialling; answer; busy; hang up etc). In this way, calls progress through a series of states corresponding to points in the call, with each state change representing a transition that is preceded by one or more events. Where a transfer of control can occur between an SSP 10 and an SCP 12, the points in the call are associated with a detection point (DP), As each state is traversed, the state change event at a detection point (DP) may trigger the SCP 12 to wait for further instructions (this is achieved by the SSP 10 querying the SCP 12 and the SCP 12 instructing the SSP 10 which set of DP's to monitor after the SSP 10 detected at call start (i.e., the SCP 12 sends details of the Initial DP(s)).

Typical triggers include the subscriber dialling number or the dialled number (e.g. 0800 numbering schemes trigger free-phone billing). DP processing thus enables the state transition to be monitored by the SCP through an event reporting mechanism. Two types'of DPs are known in the art: trigger DPs (TDPs) which are statically armed and event DPs (EDPs) which are dynamically armed under the control of the SCP 12.

The arming of a detection point results in an event report being sent to the SCP 12. An event report is usually either a notification (which inform the SCP 12 of the event) or a request (which requires some action by the SCP 12, implying control is transferred to the SCP 12).

Figure 1 B shows schematically an arrangement where a point of interconnection is configured at the trunk exchange of a host communications network for one such third party. In Figure 1 B, the third party's (for example, a mobile telephone operator's or any other licensed operator's (OLO's)) communications network interconnects traffic in the host communications network via specially reserved ports on the switching equipment at the point of interconnection (i.e., certain ports on the trunk exchange switch and on the OLO's switch are configured to function as points of interconnection).

Figure 1 B shows how call tromboning results when a party A uses fixed or mobile communications equipment 14 and the telephony services of another party, for example, another licensed operator (OLO) to communicate with party B's fixed or mobile communications equipment 28 whose network address (for example, a mobile telephone number) resolves to a network address within another network not directly connected by the third party network or within the network party A is already connected to. In Figure 1 B, the solid arrow lines between A and B indicate payload traffic, and the broken arrow lines indicate signalling traffic.

In Figure 1 B, signalling traffic is set up between A and trunk exchange 18 via a local switch 16 . The trunk exchange 18 includes SSP 12 (not shown) which receives a call set up request from party A. The SSP 12 determines the network address of the call destination is associated with the telephony service of another party (for example another licensed operator (OLO)). As shown in Figure 1 B, the SSP 12 determines that the OLO's network is to be used for the traffic initiated by party A and forwards the signalling to the OLO's switch 22. The OLO's switch 22 determines that the physical location of the mobile or fixed communications equipment 28 of party B is located within another network (shown here for simplicity as in the host's network). The OLO switch 22 then generates more signalling to enable a connection to be established via the trunk exchange switch 18 and another local switch 20 with B's communications equipment 28. Once the connection has been established, the payload traffic (which may be voice or data) is sent along the connection established via the OLO switch 22.

The same holds when the party B being called has a private or dynamic telephone number that only the OLO would know, in that case, the party A calls a public number that party B has shared with party A and the OLO would translate in the OLO switch the party B public number into the party B private or dynamic number valid at the moment of the call establishment. An application of this concept is known as Personal Numbering service.

The payload traffic loop between the trunk exchange 18 to the OLO switch 22 is known as call tromboning and utilises the resources of the trunk exchange and OLO switching equipment as it occupies reserved ports 24 on the OLO switch 20 and reserved ports 26 on the trunk exchange switch as well as bandwidth on the interconnecting communications links.

The invention seeks to mitigate and/or obviate the problems known in the art by providing a signalling firewall which seeks to provide a third party with the ability to remotely control the call progress logic of the trunk exchange switch to avoid any tromboning of payload traffic.

A first aspect of the invention seeks to provide a method of extending the signalling domain of an application server associated with another communications network into the signalling domain of switching apparatus located in a first communications network, the method comprising the steps of: said switching apparatus forwarding a signalling message to said application server, said signalling message seeking to establish a path for a communications call to a called communications device accessible via a destination network, wherein said communications device is associated with said other communications network; the application server generating a signalling message to configure the switching apparatus to establish a path for the communications call to the called communications device which does not cross into the other network; receiving said signalling message at a signalling firewall located at a point of interconnection between said first communications network and said application server's communications network; processing at the signalling firewall said signalling message to retain only one or more signalling operations which conform with a set of one or more criteria for controlling said switching apparatus; forwarding from the signalling firewall a processed signalling message to switching apparatus located in said host network domain; and processing said received signalling message at said switching apparatus to control the operation of said switching apparatus located in said host network domain, wherein the processing action performed by the signalling firewall enables a plurality of application servers each associated with a different other communications network to share control of the switching apparatus located in said host network domain through the same point of interconnection, and wherein in said step of processing said signalling message, and wherein one or more parameter values of said one or more signalling operations are processed by said signalling firewall so that only signalling compliant with parameters for operations trusted by the signalling protocol of the host communications network are communicated through the signalling firewall to the service switching apparatus to extend the signalling domain of each application server.

Another aspect of the invention comprises a method of remotely controlling switching apparatus located in a host network domain comprising the steps of: generating a signalling message at an application server in a network domain controlled by a separate entity to the entity controlling said host network domain; receiving said signalling message at a signalling firewall located at a point of interconnection between said host network and said application server's network; processing at the signalling firewall said signalling message to retain only one or more signalling operations which conform with a set of one or more criteria for remotely controlling said switching apparatus; forwarding from the signalling firewall a processed signalling message to a service switching apparatus located in said host network domain; processing said received signalling message at said service switching apparatus to control the operation of switching apparatus located in said host network domain, wherein the processing action performed by the signalling firewall enables a plurality of differing application servers to share control of the switching apparatus located in said host network domain through the same point of interconnection.

In one embodiment of the invention, said other communications network associated with said application server comprises a mobile communications network, for example, a long range wireless communications network such as a cellular communications network.

In one embodiment, the switching apparatus comprises service switching apparatus, for example, a service switching point which uses the INAP signalling protocol and/or switching apparatus such as a communications network exchange or other equivalent switching apparatus for traffic in said first network.

In one embodiment, in said step of processing said signalling message, one or more parameter values of said one or more signalling operations are processed.

In one embodiment, the processing action performed by said signalling firewall filters said signalling message.

In one embodiment, the processing action performed by said signalling firewall amends said signalling message. In one embodiment, the processing action performed by said signalling firewall corrects said signalling message.

The processing action may comprise filtering to remove the parameter from the signalling message, and/or amend the value of the parameter to comply with, for example, previous information exchanged in the signalling message and/or verify the value of the parameter against pre-set criteria.

Upon detection of incorrect or unauthorised information in the signalling message, in one embodiment, the signalling firewall clears down the call. Alternatively, upon detection of incorrect or unauthorised information in the signalling message, the signalling firewall prevents the call from being set-up.

Alternatively, in another embodiment, upon such detection of incorrect or unauthorised information in the signalling message, the signalling firewall continues the call using a corrected and/or filtered (as appropriate) signalling message.

In one embodiment, said plurality of differing application servers share control over ports on the switching apparatus for interconnecting payload communications traffic to their respective network domains.

In one embodiment, each said application server only reserves a port resource on said service switching apparatus in response to a routing requirement for payload communications traffic whose signalling has been routed through to said application server's network domain by said application server.

In one embodiment, said routing requirement is a routing requirement to interconnect with the application server's network domain, and wherein said port resource comprises one or more ports which enable interconnection between the host network and said application server's network domain.

In one embodiment, in said step of processing said received signalling message, said switching apparatus located in said host network domain is controlled to prevent payload communications traffic associated with said signalling message from reaching said application server's network domain.

In one embodiment, said signalling firewall implements message flow control between said host network domain and said application server's network domain by performing the steps of: supervising the message transfer rate; determining if the rate of messages received from the application server is too high; and buffering messages from the application server network domain to prevent these from overloading said service switching point. network domain and a plurality of application servers' network domains by performing the steps of: supervising the message transfer rate from each domain; determining if the rate of messages received from all application server network domains collectively is too high; and buffering messages from each of said application server network domains to prevent these from overloading said service switching point.

In one embodiment, said application server's network domain is controlled by a first network operator, and said host network domain is controlled by a host network operator, and said signalling firewall partitions the signalling between said application server's network and said host network to ensure trusted signalling messages are forwarded to said service switching apparatus and untrusted signalling messages are blocked.

In one embodiment, one or more application servers are located in the same application server network and each application server is arranged to generate signalling messages relating to a plurality of differing services, and wherein said signalling firewall is configured to selectively process said signalling messages for each of said plurality of services to remove any conflicting control signals which would otherwise be received by said service switching apparatus.

In one embodiment, said application server provides signalling to service switching apparatus located in a connectionless communications transport protocol host network .

In one embodiment, said application server provides signalling to service switching apparatus located in a connection-oriented communications transport protocol host network .

In one embodiment, said host network comprises an intelligent network, said signalling comprises signalling conforming to the INAP signalling protocol, said application server comprises a service control point, and said service switching apparatus comprises a service switching point.

In one embodiment, said switching apparatus comprises said service switching apparatus.

In one embodiment, in said step of processing, a sequence of operations conveyed by a plurality of said signalling messages is monitored for conformance with a predetermined sequence.

In one embodiment, if a signalling operation is received out of sequence one or more of said plurality of signalling messages are processed to provide an acceptable sequence of signalling messages.

In one embodiment, in said step of processing, a sequence of operations conveyed by a plurality of said signalling messages is monitored for conformance with a predetermined sequence.

In one embodiment, in said step of processing, a sequence of operations conveyed by a plurality of said signalling messages is monitored for conformance with predetermined response time.

In one embodiment, if a signalling operation is received out of sequence, one or more operational parameter values of said out-of-sequence signalling operation is filtered.

In one embodiment, the filtering performed depends on the message position in the sequence.

In one embodiment, said filtering operation comprises one of the following: verifying and/or blocking and/or allowing said operation and/or parameter value.

In one embodiment, the signalling firewall sends signalling messages to a plurality of application servers regarding the same communications call. After each application server has responded, the signalling firewall allows the call signalling to pass through the firewall to the destination network only if all of said plurality of application servers provides positive feedback for the communications call. In one embodiment, the messages sent by the signalling firewall contact each application server for the communication call sequentially. In an alternative embodiment, the messages sent by the signalling firewall are sent in parallel to each application.

Another aspect of the invention comprises a signalling firewall arranged to implement said receiving, processing and forwarding steps in any previous method claim.

Another aspect of the invention comprises a signalling firewall located at a point of interconnection between one or more application servers and service switching apparatus a host network domain, each application server providing one or more services accessible via said service switching apparatus in the host network domain, the firewall comprising means to intercept and process signalling originating from each one or more application servers and comprising: receiving means to receive a signalling message generated by each application server; means to process said received messages by filtering and/or amending and/or correcting each received signalling message to retain only one or more signalling operations having operational parameters which conform with a set of one or more criteria for a service provided by said application server requiring said application server to remotely control said switching apparatus located in the host network domain; and forwarding from the signalling firewall a processed signalling message to said service switching apparatus in said host network domain, wherein the signalling firewall is configured to perform a processing action to enable a plurality of differing first parties to share control of said service switching apparatus located in said host network domain through the same point of interconnection.

Another aspect of the invention comprises an inter-network comprising at least two network domains and a signalling firewall located at the point of interconnection according to previous aspects of the invention. Another aspect of the invention comprises a signal comprising a set of instructions conveying control information for switching apparatus providing service switching functionality in a host network, the signal being generated by an application server providing switch control functionality located in another network and conveyed through a signalling firewall between the host network and the application server's network to enable said application server to remotely control said switching apparatus located in said host network, the signalling firewall being arranged to enable a plurality of application servers to share control of their respective utilisation of one or more ports of said switching apparatus in the host network.

Another aspect of the invention comprises a suite of one or more computer programs which operate in a distributed communications environment comprising a plurality of application servers having switch control functionality located in respective network domains, and service switching apparatus located in a host network, at least one program being arranged individually and/or collectively to configure a signalling firewall to implement said receiving, processing and forwarding functionality according to previous aspects of the invention.

Another aspect of the invention comprises a suite of one or more computer programs which operate in a distributed communications environment comprising a plurality of application servers having switch control functionality and located in respective network domains and service switching apparatus located in a host network, each program being arranged individually and/or collectively to configure a signalling firewall to implement a signal filtering operation to enable each of said plurality of application servers to convey signalling in a trusted form to said switching apparatus located in another network, the signalling firewall being arranged to enable a plurality of application servers to share control of their respective utilisation of one or more ports of said switching apparatus.

Another aspect of the invention comprises a method of remotely controlling switching apparatus located in a host communications network domain comprising the steps of: generating a signalling message for a communications call to be routed via said switching apparatus at an application server in a communications network domain controlled by a separate entity to the entity controlling said host communications network domain; receiving said signalling message at a signalling firewall located at a point of interconnection between said host communications network and said application server's communications network; filtering at the signalling firewall said signalling message to retain only one or more signalling operations which conform with a set of one or more criteria for remotely controlling said switching apparatus; forwarding from the signalling firewall a filtered signalling message to a service switching apparatus located in said host network domain; processing said received signalling message at said service switching apparatus to control the operation of said switching apparatus located in said host network domain, wherein the filtering action performed by the signalling firewall enables a plurality of differing application servers to share control of the switching apparatus located in said host network domain through the same point of interconnection, wherein in said step of filtering said signalling message, one or more parameter values of said one or more signalling operations are filtered and only signalling compliant with parameters for operations trusted by the signalling protocol of the host communications network is communicated through the signalling firewall to the service switching apparatus, whereby the separate entity server is able to dynamically assign ports associated with switching apparatus within the host communications network domain to enable communication calls to be transferred to a destination communications network domain differing from the communications network domain of the separate entity without tromboning the content of the communications calls into the network domain of the separate entity.

Another aspect of the invention seeks to provide a method of routing a communications call from a source apparatus associated with a calling party located in a first communications network to a destination apparatus associated with a called party associated with a second communications network comprising the steps of: at said source apparatus generating first signalling information associated with said communications call; routing said first signalling information via switching apparatus located in said first communications network to an application server located in said second . communications network and associated with said destination apparatus; and processing said first signalling information at said application server to generate second signalling information which is passed back to said switching apparatus via a firewall located at the boundary between the network domain of the first communications network and the network domain of the second communications network, wherein said second signalling information controls the call routing logic of said switching apparatus to determine a path for said communications call to take to said destination apparatus which does not enter the network domain of said second communications network.

The filtering actions performed comprise actions which may amend and/or correct as well as block the passage of signalling messages received by the switching apparatus.

The differing aspects and preferred embodiments of the invention are as set out above and in the accompanying independent and dependent claims respectively, whose content is incorporated into the description by reference.

The invention also comprises any appropriate combination or replacement of features recited in an embodiment with features recited in another embodiment and/or within the context of a different aspect where these are apparent to those of ordinary skill in the art.

Accordingly within the host communications network (in the sense that it is the network domain of the calling party, also referred to herein by the term "first communications network"), signalling is controlled by a first party. The invention considers the situation where a call is placed by a device in the first network to a mobile communications device associated with one or more "home" networks but not located in any of these home networks. A home network is within a different domain of control from that of the first network, i.e., it is controlled by a different entity (i.e., a different operator), and is also referred to herein by the term "other network".

The routing of communications calls and processing of signalling messages for communications calls to mobile communications devices associated with a particular network usually requires the communication call to be processed by a routing server for that particular network. Accordingly, each other network will comprises one or more application servers, also referred to herein by the term "Switch Control Points" or SCPs if the Intelligent Network Application Protocol is used in that respective network, which process any received signalling associated with a receive communications call and which provide appropriate control messages to establish the communications call with its destination. For each application server controlled by another party (i.e., for each application server which lies accordingly within a separate network domain from that of the first party) signalling is ςontrolled by that other party. The invention enables the other party to control signalling operations which take place within the first party's communications network, i.e., the invention enables the domain over which each application server can control signalling to extend to within the domain of the host network rather than terminate at the network boundary. This enables communications calls associated with mobile communications devices to be routed more efficiently so that the overall length of the path taken by the communications call from its source to its destination is reduced in the case where the destination is roaming. The invention enables a telephone call placed to a mobile communications device which is roaming out of its home network to be routed directly to its current network domain, rather than via the home network. Only the call signalling for that communications call is passed to the "home" network for the destination device via the call signalling firewall according to the invention. The call signalling firewall then enables the application server processing the call signalling in the "other" network to generate signalling (control messages) which configure the switching apparatus located in the host (or first) communications network to establish a path for the communications call to the location of the called mobile communications device. This frees up the switching apparatus from having to establish a path of a communication call needlessly into the other network, which would normally result in the call control being transferred from the host network to the other network and then back to the host network (known in the art as call tromboning). Instead, the firewall allows control messages to be received to configure the switching apparatus to forward the communications call directly to its destination without call tromboning.

The preferred embodiments of the invention will now be described with reference to the accompanying drawings which are by way of example only and in which:

Figure 1 A shows a prior art signalling arrangement between a SSP and a plurality of SCPs;

Figure 1 B shows a prior art call tromboning arrangement between a SSP and a SCP; Figure 2A shows a signalling arrangement between a SSP and a plurality of SCPs according to one embodiment of the invention;

Figure 2B shows how the signalling shown in Figure 2A can avoid call traffic tromboning;

Figure 3 shows an embodiment of an INAP signalling arrangement between a third party application server and an SSP according to an embodiment of the invention;

Figure 4 shows a call flow for a successful call attempt followed by call clear down towards a third party Application Server according to an embodiment of the invention;

Figure 5 shows a call flow for an unsuccessful call attempt according to an embodiment of the invention;

Figure 6 shows a call flow for an unsuccessful call attempt with invalid event detection points according to an embodiment of the invention; and

Figure 7 shows a call flow for an unsuccessful call attempt for a destination busy/route select failure for a pre-paid application towards a third party application server according to another embodiment of the invention.

The invention will now be described with reference to preferred embodiments and the best mode currently contemplated by the inventors. Specific features and functional equivalents may be omitted from the description for clarity where their inclusion is apparent to those of ordinary skill in the art, and the description of the invention implicitly includes such features where appropriate unless their exclusion is explicitly mentioned.

Figure 2A shows a signalling arrangement according to an exemplary embodiment of the invention in which a communications signalling firewall 32 is provisioned at a point of interconnection between service switching point (SSP) 30 associated with a host communications network and a plurality of SCPs #1 , #2, #3 (individually SCP 34a,b,c). Here, each SCP 34 is assumed to be implemented within a third party IN but more generally, the switch control functionality implemented by each SCP in an IN network can be implemented by any appropriate third party application server for other types of communications network. Those of ordinary skill in the art will also appreciate that a number of different services may be implemented by any individual application server (i.e., by an SCP in an IN network) and that a number of application servers may be controlled by the same third party (and/or co-located in the same network).

As shown in Figure 2A, the signalling firewall 32 is located at a shared point of interconnection which enables each SCP 34 to interconnect to the SSP 30 via signalling channels, without requiring at SSP 30, each individual SCP #1 , #2, #3 to reserve ports for payload traffic. Instead, each SCP #1 , #2, #3 is able to remotely control the SSP 30 via the signalling firewall to reserve ports as required (i.e., dynamically) for traffic received by the SSP 30 which requires access to the network domain of that individual SCP (#1 , #2 or #3).

As shown in Figure 2A, between the SSP 30 and the untrusted SCPs 34a,b,c the signalling firewall 32 performs a filtering operation on signalling messages generated by each of the SCPs 34a,b,c to block unacceptable operational messages (and/or unacceptable parameter values in acceptable operational messages and/or unacceptable sequences of acceptable operational messages). This prevents control messages from reaching the SSP 30 which are unacceptable to the host communications network operator (or to the entity controlling the SSP 30).

The signalling firewall 32 enables each SCP 34 to use a different protocol, whether trusted by the SSP 30 or not, as the signalling firewall 32 prevents unacceptable operations and/or unacceptable operational parameters for acceptable operations and/or unacceptable sequences of acceptable operations which are generated by any individual SCP 34 from being received by the SSP 30. In this way, a signalling firewall 32 according to the invention enables a plurality of third party services to be provisioned in -such a way that the resources for payload communications traffic are not needed to be reserved on the switching equipment at the points of interconnection between each third party communications network and the host communications network. These resources for payload communications traffic are shared between the host communications network and all third parties as interconnection with the host communications network switch equipment is through signalling only. A plurality of third party application servers can thus share a point of interconnection and the signalling firewall 32 implements one or more security measures to prevent an operation by one third party application server from impacting the operation of any other application server sharing that point of interconnection and/or from impacting the operation of the host communications network itself. In one embodiment of the invention, each third party application server interconnects only through one (or more) reserved signalling port(s) with the host operator's switching equipment. In an alternative embodiment, a plurality of third party application servers generate operational messages which share one or more signalling ports on the host operators switching equipment (the number of ports reserved on the host switching equipment may be subject to any appropriate contention regime known to those of ordinary skill in the art being suitably implemented on the switch equipment).

In this way, as only signalling compliant with the parameters for operations trusted in the signalling protocol adopted by the host communications network operator, is communicated through the signalling firewall 32 to the SSP 30, the third party is then able to dynamically assign ports within the host communications network domain to enable communication calls to be transferred to that third party's network domain, or to route traffic which would otherwise be transferred to that third party's communications network domain elsewhere, for example, to avoid call tromboning effects. In one embodiment, the third party is granted access to the host communications network's signalling network via the point of interconnection, enabling the third party to generate signalling which is propagated to other switching equipment with the host communications network (and/or other signalling networks accessible via the switching equipment in the host communications network, such as SSP 38 in Figure 2B).

Thus the invention enables each third party application server sharing the point of interconnection to remotely control the call treatment. behaviour of the switching equipment located within the domain of the host communications network by partitioning the signalling between each third party communications network and the host communications network domain. This enables, regardless of whatever signalling protocol is used within a third party communications network domain, only trusted signalling, i.e., signalling which conforms to one or more criteria established for the host network, to filter through into the host network domain so that the filtered signalling relates only to the service(s) which that particular third party is providing.

The partitioning of signalling between the host and third party network domains (the respective domains over which each party has control over how signalling traffic is processed in the communications network) thus enables the host operator to configure their switching equipment so that a third party is able to remotely control the configuration of the switching equipment at the point of interconnection. In this way that interconnection between the two networks can be established on demand by the third party for payload traffic destined for that third party. As mentioned above, one benefit of provisioning a third party with means to control how the host operator's switch is configured is that it enables interconnection between the two network domains to no longer require port reservation for the payload traffic on the switching equipment for that third party at the point of interconnection. This enables a plurality of third parties to share resources located on the host network switching equipment: i.e., it is now possible for more than one application server (36) located in a network domain which differs from the network domain of one or more other application servers to share resources located on the host network switching equipment. Another benefit is that payload traffic (i.e., the actual communications content) no longer needs to be tromboned via the third party network domain when for reasons of cost or physical location of the called party, the termination point for that communication is located within another network domain (for example, the network domain of another third party or the host network domain).

Figure 2B shows schematically two third party application servers 34a,34b interconnecting with a host network service switching point via a single point of interconnection associated with a firewall 32 in one exemplary embodiment of the invention. In Figure 2B, the communications protocol accepted at the host switching equipment (SSP 30) is a trusted form of INAP, and in one third party network domain (as shown in Figure 2B the third parties are both other licensed operators OLOs) a switch control point (SCP #1) 34a is located, and in another third party network domain OLO network #2 is located a switch control point SCP #2 34b.

Figure 2B shows schematically how interconnection on signalling (dotted lines) is implemented according to one embodiment of the invention in such a way as to avoid any payload traffic (dashed lines) tromboning between the network #2 and the host network. In Figure 2B, a connection is sought by communications equipment 14 operated by party A with communications equipment 28 operated by party B. To set up the connection, signalling is communicated via local exchange 16 to trunk exchange 18 which resolves the destination address to within a network domain controlled by an entity differing from the entity controlling the host communications network. The entity controlling the network domain of the application server, is referred to generally herein as a third party, for example an other licensed operator (OLO) where the host communications network domain is controlled by a first network operator (for example, the incumbent operator). The terms OLO and third party are used herein below as synecdoches for any different entity controlling the domain of the application server/SCP and differing from the entity controlling the domain of the host network within which the service switching apparatus (30) is located.

The trunk exchange switching apparatus 18 forwards the signalling to the OLO application server (here SCP 34b) located within the network domain OLO #2 via signalling firewall 32 at the point of interconnection to the OLO network domain #2. When the signalling is received by the OLO SCP 34b, it resolves the destination address and determines that the communications call is to be terminated outside the domain of OLO 34b, in this example, in the host network itself. Such an automatic determination can be derived by SCP 34b from routing rules configured to take into account a number of reasons, for example, it may be more economic to terminate a communications call outside the OLO network domain #2 or it may be that the communications equipment 28 is mobile communications equipment which is outside the range of the OLO network #2.

Returning to the exemplary scenario shown in Figure 2B, party A's communications equipment 14 is located within the host network domain and the communications call from party A to party B is to be also terminated within the host network domain. Accordingly, to avoid call tromboning, the SCP 34b of the invention generates additional signalling which seeks to control the configuration of the switch equipment located within the host network domain to ensure that the host network switch (for example that located at SSP 30 of the trunk exchange 18) routes the payload traffic of the communications call (which may be voice or data) directly through to the appropriate destination within the host network. This results in separate paths being established for the signalling which crosses into the OLO network domain and back again from the payload traffic which remains within the host network domain.

As there is no need for payload traffic to cross into the OLO network domain, interconnection being implemented using signalling alone, the number of ports which need to be reserved on the host network operators' switching equipment and the OLO switching equipment at the point of interconnection is limited to the number capable of supporting only signalling traffic.

The generation of control signalling for the host switching equipment in addition to conventional call connection signalling by the SCP located in the OLO network domain requires a high level of security to ensure firstly that only trusted signalling (by which is meant signalling by authorised parties which communicates permitted control information) is received by the switching equipment located in the host network. Any untrusted signalling must be prevented from reaching the host network switching equipment.

Signalling firewall 32 implements appropriate security techniques to ensure that signalling generated by the SCPs 34a,b to remotely control switching equipment such as switching apparatus 18 or service switching apparatus 30 located within the host network is restricted to within the boundaries that the network operator of the host network has defined as acceptable.

Figure 3 of the accompanying drawings shows an embodiment of the invention in which a signalling firewall comprises an INAP (Intelligent Network Applications Protocol) signalling firewall which is implemented to filter out untrusted INAP signalling from a third party application server 36 capable of generating INAP control signalling (and thus capable of functioning as an SCP).

Figure 3 shows the third party application server 36 located within a third party network domain using a form of INAP which includes features "untrusted" by the SSP 30 in the host network domain. The INAP proxy signalling firewall 32 imposes "trusted" features on the INAP call signalling/call authorisation protocol originating from the third party application server 36, to ensure only trusted INAP signalling reaches the host network domain SSP 30 and/or any other SSPs such as SSP 38 located within the destination network (which may, for example, be an SS7 network).

In an alternative embodiment, the untrusted INAP is replaced with another call signalling and/or call authorisation protocol like the session initiation protocol (SIP), remote authentication dial in user service (RADIUS), or DIAMETER. The Diameter based protocol (see the Internet Engineering Task Force Diameter suite of recommendations for comment such as RFC 3588) is intended to provide an Authentication, Authorization and Accounting (AAA) framework for applications such as network access or IP mobility. This enables a third party application to be implemented in a non-INAP environment which converges time division multiplexed and Internet Protocol (IP) applications allowing a single application (such as prepayment monitoring for example) to provide services for both connection oriented and connectionless networks.

Those of ordinary skill in the art will find apparent in the description herein that a third party application server 36 providing INAP signalling in an IN environment is also capable of functioning as an SCP. Equivalent features to that provided by an INAP compliant SCP can also be provided by a third party application server where INAP is not the untrusted signalling protocol. In this respect, any reference to an SCP 34a,34b,36 in an IN environment in this description acts as a synecdoche for a third party application server in other network environments, where such an application server 34a,34b, 36 is configured to have an equivalent capability to generate signalling to control switch equipment in another network such as a host network.

The term host network in the best mode of the invention currently contemplated by the inventors is a public switched telephony network which operates a converged (or alternatively differentiated) voice and data networks.

The terms third party SCP and third party application server (34a,34b,36) are thus functionality equivalent in the sense that the term SCP is used for an IN network topology whereas the term application server denotes the ability provided by the invention to connect a range of applications not restricted to IN applications.

SIGNALLING FIREWALL FEATURES

Signalling firewall 32 screens messages generated within the third party network domain to prevent the transfer of signalling operation messages between the third party domain and the host network which fall outside the scope of the supported third party service. The signalling firewall 32 thus retains a list of all calls and their parameters (for example, the caller identification and the called number) for which control is granted to the application server (or SCP) of each third party which uses that point of interconnection. The signalling firewall 32 uses this list to prevent all signalling that is coming from the third party application server which would impact calls not within the control domain of the third party application server. This causes the calls associated with the rejected signalled to also be rejected.

The signalling firewall 32 can also, using the information it has gathered from the initial call set-up message, ensure that the relevant parameters of the call such as caller identification and called number are not being altered by the third party application server.

The signalling firewall also protects the host network from unauthorised call sequences or non agreed call sequences, such as re-directing the call to another destination, setting up temporary connections and other activities a third Party network may not wish to perform should all full INAP messages and sequences be made available for use. In one embodiment, the signalling firewall ensures that call release procedures are dealt with within a predetermined time, for example, that the dialog between the third party application server does not exceed predefined reaction times for any messages expected back.

In one embodiment, the signalling firewall 32 further comprises means to monitor the rate of arrival of the messages to and from the third party application server 34a, 34b, 36. This prevents either system exceeding its processing capability due to the sheer volume of signalling arriving. In another embodiment, the signalling firewall 32 further comprises means to balance the rate of arrival of the messages between several third party application servers 34a, 34b, 36 to ensure adequate access to the host network's resources and preventing starvation of service provision by one or more third party application servers 34a, 34b, 36 should one or more other third party application servers 34a, 34b, 36 launch a peak load of signalling messages onto the host network.

Upon detection of an anomaly, the signalling firewall 32 is configured to either reject the call and initiate proper signalling on its initiative to the host network in one embodiment of the invention. In an alternative embodiment, it is configured to only generate alarms and allow the call to progress. In another alternative embodiment, the signalling firewall 32 is configured to generate an error message to the third party application server 34a, 34b, 36, allowing the third party application server 34a, 34b, 36 to correct the error and re-send instructions that are in line with agreed messages and content.

In this way, all messages considered inappropriate to the third-party service which the host network switching equipment 18, 30, 38 supports are discarded by the signalling firewall 32 and are not passed forward to the distant call leg (i.e., onwards to the SSP 30 and SSP 38 in the INAP signalling environment shown in Figure 3). Blocking of such messages will result in the termination of the call attempt and generation of an error report.

As mentioned above, signalling firewall 32 screens not just operation messages but also the operational parameters within operation messages screened and found valid at the message operational level. For each type of operational message, a filtering table specifies the action of the signalling firewall 32 for each parameter that could be received with the supported messages in this context, and the signalling firewall 32 passes only signalling which meets the criteria, set out in a signalling filtering table. Each message received by the signalling firewall 32 is screened by processing the message contents and correlating these with the contents of the filtering table for that operation and/or operational parameter (which may be performed using any suitable technique known to those of ordinary skill in the art such as by a lookup operation with reference to a database of filtering records, indexed by operation and parameter value for example).

Operations having parameters which the signalling firewall filters include those associated with operations sent from a SCP 34a,34b to an interconnecting SSP 30 such as Request Report BCSM (RRBE), which is an operation used to request the SSP 30 to monitor for a call-related event (e.g., BCSM events such as a busy or no-answer), then send a notification back to the SCP 34a,34b when the event is detected, and Release Call which is an operation used by the SCP 34a,34b to tear down an existing call at any phase of the call for all parties involved in the call, As mentioned above, all parameters considered inappropriate to the services provided by the third party SCP/application server 34a, 34b, 36 which the host network switching equipment supports are discarded by the signalling firewall 32 and are not passed forward to the distant call leg. When such messages are blocked the call attempt is terminated and an error report is generated to network management tools by for example storing the error report on disk upon which the network management tools periodically access the disk to read and interpret the information. When the signalling firewall receives an INAP message which is not listed in the filtering table, it is considered to fall outside the scope of the service offered by the third party. To enable other services to be presented by the third party, the signalling firewall 32 allows the filtering table to be configured to support additional INAP messages/parameters.

An embodiment of the invention in which a third party provides a pre-pay service will now be described which reference to Figure 3 of the accompanying drawings and referring to the signalling firewall filtering scheme implemented according to the criteria set out in the filtering tables shown herein below. Table 1 specifies examples of valid INAP messages and the parameters valid within those messages for an embodiment of the invention in which a third party provides a pre-pay service in which a calling party dials up for services which have been already paid for. Table 1 below shows a sample of the actions the signalling firewall 32 can take and message parameters for an embodiment of the invention in which a third party application server 36 generates an INAP Connect Message which is sent to the INAP proxy signalling firewall 32 by the third party application server 36 as shown in Figure 3.

Table 1 : INAP Connect Message (Application Server to Signalling firewall) fable 1 shows some examples of the type of parameters which may be conveyed in an INAP connect message from a third party application server 36 to signalling firewall 32 and the action that the signalling firewall 32 takes in one embodiment of the invention. Each message according to the invention conveys certain parameters whose values the signalling firewall 32 may perform a verification action on, prevent from being passed on to the SSP 30 by performing a blocking action, or simply allow to pass on to the SSP 30. As shown in the embodiment of the invention shown in Table 1 , when a Connect operation message is received from the third party server 36 by the signalling firewall 32, the signalling firewall 32 will verify, block or allow each parameter conveyed. Those of ordinary skill in the art will know that an INAP Connect Message conveys a plurality of other parameters in addition to the examples shown above, and in this embodiment of the invention all parameters other than those shown resulting in a verification or allowance action are given an appropriate treatment (Allow, Blocked or Verify) in addition to the blocked Carrier and redirectingPartylD.

When the INAP Connect Message is received from the third party application server 36, the signalling firewall 32 processes the message to examine each parameter and associated parameter value. For the parameter such as callingPartyNumber (which is used to provide an alternative number to the CallingPartyNumber provided by the host network) the signalling firewall verifies that the number proposed by the third party application server is acceptable, and if not the connect message is prevented from travelling to the SSP 30 and instead a call release sequence is initiated.

The next table shows some of the parameters that are conveyed in an INAP RequestReportBCSMEvent Operation Message from the third party Application Server 36 to Signalling firewall 32.

Table 2: INAP RequestReportBCSMEvent Message (Application Server -> Signalling firewall)

Those of ordinary skill in the art will appreciate that the RequestReportBCSMEvent message may contain other parameter values, which in this embodiment of the invention are all given an appropriate treatment (Allow, Block or Verify) in addition to the dPSpecificCriteria parameter (which indicates information specific to the event detection point (EDP) which is to be armed). As is well known to those of ordinary skill in the art, the allowed parameter monitorMode indicates how the event is to be reported: if the monitorMode is interrupted, the event is reported as a request, if the monitorMode is notifyAndContinue, the event is reported as a notification, and if the monitorMode is transparent, the event is not reported. leglD indicates the party in the call for which the event is reported.

In this embodiment, the signalling firewall also intercepts messages passing to the SCP (or third party application server 36) from the SSP 30 which relate to the Initial Detection Point Operation. In this embodiment, the signalling firewall 32 allows certain parameters through and blocks others from reaching the application server 36. Allowed parameters include those related to the serviceKey (which identifies for the SCF, the requested IN service), the calledPartyNumber (which identifies the called party in the forward direction), the callingPartyNumber, which identifies the origin of the call or calling party, and the callingPartysCategory, which indicates the type of calling party (e.g., operator, payphone, ordinary subscriber etc.) etc as shown below. Parameters such as originalCalledPartylD (which carries the dialled digits if the call has met call forwarding on route to the SSP), redirectingPartylD (which indicates the directory number the call was redirected from), and redirectionlnformation (which contains forwarding related information such as redirecting counter) are all blocked by the signalling firewall 32 to prevent these parameters from passing through to the application server/SCP.

Table 3: INAP Initial DP Message (Signalling Firewall -> Application Server).

In this embodiment of the invention, the signalling firewall 32 allows only those parameters shown above as allowed and blocks all other parameters in the INAP InitialDP Operation Message from the SSP to the Application Server 36.

Table 4 below shows some parameters allowed in the filtering performed by the signalling firewall 32 on INAP EventReportBCSM operation messages sent from the SSP 30 to the third party application server 36. These parameters are well known to those of ordinary skill in the art and include eventTypeBCSM (which specifies the type of event being reported), eventSpecificlnformationBSCM (which indicates the call related information specific to the event), leglD (which indicates the party in the call for which the event is reported), and miscCalllnfo (which indicates DP related information).

Table 4: INAP EventReportBCSM Message (Signalling firewall -> Application Server)

Figures 4, 5, 6 and 7 of the accompanying drawing shows exemplary INAP signalling message call flows for the embodiment of the invention shown in which a third party is providing a pre-pay service to end users of the host and/or third party communications network(s).

Figure 4 shows the call flows for a successful call establishment and clear down towards third party application server 36. In Figure 4, the SS7 signalling domain of the PSTN to the SSP 30 is indicated by dotted lines, the trusted INAP signalling domain between the SSP 30 and the signalling firewall 32 is indicated by dashed lines, and the untrusted INAP signalling domain from the signalling firewall 32 to the application server 36 by dot-dashed lines.

The call attempt call flow shown in Figure 4 commences with an Initial Address Message 100 which received by the SSP 30 from the calling party (not shown in Figure 4, but for example, party A in Figure 3). This then generates an initialDP message 102. The Initial DP trusted signalling message 102 contains the calling number of the calling party and other detail which useful in determining a routing function for the call such as the called party number, the service key (an identifier for the third party service) and the bearer capability (bearer cap). The bearer capability is an ISDN Layer 3 service indication that defines the characteristics of a given call.

The signalling firewall 32 allows after verification the Initial DP trusted signalling message 102 to pass into the untrusted INAP domain where the Initial DP untrusted signalling message 104 is received by the application server 36. The Application server 36 processes the received message 104 and responds with a RequestReportBCSME message 106 which conveys details such as an event detection point 7 EDP7(answer) and an event detection point 9 EDP9(disconnect)Leg 1&2 in order to achieve the arming of Event Detection Points in the host SSP on either or both of the call leg (the incoming or the outgoing call leg) that are relevant for the application logic. The signalling firewall 32 verifies the message received and upon successful screening passes an eventually modified RequestReportBCSM message 110 to the SSP 30. At the same time the application server 36 generates a connect signalling message 108 which conveys details such as called party number which passes through the signalling firewall 32 into the trusted INAP domain to control the generation at the SSP 30 of a number of SS7 signalling messages which are conveyed to another SSP 38. In this way, the third party application server is able to cause SSP 30 to generate signalling which controls the call routing logic of signalling equipment 30 within the host network (or another network). In Figure 4, upon reception of the connect signalling message 108, the SSP 30 generates SS7 signalling comprising another initial address message (IAM) 114 which is received by SSP 38 which in turn generates an address complete message (ACM) 116 and when the called party answers the phone an ANswer message ANM 116 which is sent back to SSP 30. When ACM 116 and ANM 118 are received by SSP 30, SSP 30 generates more SS7 signalling ACM 120 and ANM 122 which are passed back to the calling party.

When an event is detected at an event detection point, the event detection point instructs the host switch (SSP 30) to generate a signalling message to the signalling firewall 32 and hence to the third party application server 36. Example of events include the release of the call, or the destination party answering or other as available in the INAP specifications, such as happens with the RequestReportBCSME messages 106 and 110.

The SSP 30 responds by generating an EventReportBCSM 124 which indicates the EDP7 (answer) parameter which is forwarded through the INAP signalling firewall 32 and received as an EventReportBCSM message 126 at the application server 36. The call is then connected end-to-end. Finally when the calling party releases the connection, an SS7 release message (ReI) 128 is received by the SSP 30 which then generates another EventReportBSCM trusted INAP message 130 which passes through the signalling firewall as EventReportBSCM INAP message 132 to the application server 36. This in turn generates a release Call signalling message 134 (which indicates the cause of the release in Figure 4) which again passes through the INAP signalling firewall 32 and as a trusted Release Call signalling message conveying a cause for release is received by SSP 30, which generates appropriate signals in the host network to clear down the call.

Figure 4 thus shows for one embodiment of the invention, the call flow for a successful call attempt followed by call clear down towards the third party application server 36 where a signalling firewall checks the INAP operations and parameter contents of the individual operations at each stage of the call for their validity. Thus in summary, in the embodiment of the invention shown in Figure 4, the INAP message flow is as follows:

i) The initialDP operation message which contains amongst other parameters: Called Party Number; Calling Party Number; Service Key; and Bearer Capability.

ii) The RRBCSME operation(s) message(s) which contain: EDP7 (Answer) - Notify and Continue; and EDP9 (Disconnect) - Interrupted (Leg1 and 2). EDP7 (Event Detection Point 7) is defined in the INAP standard specifications as when the SSP receives an ANswer Message (i.e., as when the SSP 30 receives an ANM). EDP9 (Event Detection Point 9) is defined in the INAP standard specifications as when the SSP receives a Disconnect Message.

iii) The Connect operation message which contains amongst other parameters: ' CalledPartyNumber.

The contents of the Connect operation are checked to ensure that the CalledPartyNumber contains the same as that forwarded in the InitialDP. If the contents have been changed by the application server then the call is rejected and an error report is generated by the signalling firewall.

iv) The EventReportBCSM operation which contains: EDP7 (Answer)

On Initiation of call clear down:

v) The EventReportBCSM operation message which contains: EDP9 (Disconnect)

vi) The ReleaseCall operation message which contains: Cause - As sent in the EDP9 (Disconnect) parameter.

Figure 5 shows the signalling message call flow which is filtered by a signalling firewall according to another embodiment of the invention. In Figure 5, an unsuccessful call attempt is made as the called party number inserted by the third Party application server generates a violation of the rules imposed upon the third Party by the Signaling signalling firewall.

Signalling messages which retain the same operational functionality as that shown in Figure 4 retain their numbering scheme in Figure 5. In Figure 5, when the signalling firewall receives the connect called party number signalling message 108, it performs a verification process on the operation and the parameter contents of that operation to check for their validity. In this case, the verification of the message parameters indicates the connect content is a violation attempt. As a result signalling firewall 32 autonomously initiates a call release by forwarding a Transaction Capability Applications Protocol (TCAP) abort message 140 to the SSP 30 which in turn generates an SS7 release connection message 128 which is passed by to the source of the connection request. .

The Connect operation may violate the third party service in a number of ways. For example, in one embodiment, the Connect operation violates the service through the inclusion of CLI contents other than those sent in the InitialDP. In this embodiment, the connect operation contains a CalledPartyNumber (Violated) content parameter. The contents of the connect operation are checked to ensure that the CalledPartyNumber contains the same content as that forwarded in the InitialDP. Where the contents have been changed by the third party application server 36 the call is rejected and an error report is generated by the signalling firewall towards the network management system (e.g. towards certain network management application tools located in the host network and/or third party network).

Another embodiment of the invention will now be described with reference to Figure 6 of the accompanying drawings which show how an unsuccessful call attempt is managed when this results from an invalid event detection point(s) request message being generated by the application server 36. Signalling messages which relate to the same operational functionality as that shown in Figures 4 and 5 retain their numbering scheme in Figure 6. In this embodiment, the RequestReportBCSME operation violates the service through the inclusion of invalid contents. As shown in Figure 6, the message flow is the same as for Figure 4 and 5 until the application server 36 responds to the received Initial DP message 104 with RequestReportBCSME message 108. When signalling firewall 32 receives message 108 it attempts to validate it.

The contents of the RequestReportBCSME operation are checked to determine that they are valid within the scope of the third party service configuration. This includes whether individual detection points are allowed as well as other parameters that can be contained within the operation. Where the contents are considered to be invalid for the service supported then the call will be rejected by the signalling firewall and an error report generated by the signalling firewall towards the network management tools. As shown in Figure 6, signalling firewall 32 registers a content violation attempt when one or more message parameter contents are not with the service scope defined as acceptable (and as indicated in the signalling firewall filtering table). As a result, a TCP abort message 140 is forwarded to SSP 30 which in turn generates SS7 signalling release message 140 to release the connection.

Figure 7 of the accompanying drawings shows an embodiment of the invention in which a call attempt is unsuccessful due to the either a destination busy or to a route selection failure. Signalling messages which relate to the same operational functionality as that shown in Figures 4 to 6 retain their numbering scheme in Figure 7.

The Call Flow shown in Figure 7 describes an unsuccessful call attempt for a pre-pay application which terminates towards the third party application server 36 as the call cannot be routed onward to server 36 due to busy signalling or unavailable routing. The INAP message flow from the SSP in the embodiment of the invention shown in Figure 7 is as follows:

i) The initialDP operation messages 102, 104 which contain amongst other parameters: Called Party Number, Calling Party Number, Service Key, Bearer Capability. ii) The RRBCSME operation messages 106, 110 which contains amongst other parameters event detection points: EDP7 (Answer) - Notify and Continue, EDP9 (Disconnect) - Interrupted (Leg1 and 2), EDP4 (Route Select Failure) - Optional, EDP5 (Busy) - Optional.

iii) The Connect operation messages 108, 112 which contains amongst other parameters a called party number parameter.

Then, if the call cannot be onward routed to SSP 38 due to a busy or route select failure condition then the call is cleared down using one of the following options:

Option (1)

If EDP4 or EDP5 are not present in the RequestReportBCSME (110) then a TCAP Abort message 144, 146 is sent from the SSP 30 via signalling firewall 32 to the Application Sever 36 and the call is released (by SSP 30 generating release message 128).

Option (2).

If or EDP4 and/or EDP5 are present in the RequestReportBCSME message (110) then an EventReportBCSM 148, 150 is sent by SSP 30 via signalling firewall 32 to the application sever 38 to initiate call clear down, and when the application server 38 receives the event report BSCM message

150 from signalling firewall 32, it generates a release Call message 134 which is passed through signalling firewall 32 as a trusted release Call message 136. When SSP 30 receives the trusted release Call message 136, SSP 30 generates SS7 signalling 128 to release the call. In this embodiment, the INAP message flow further contains:

iv) An EventReportBCSM operation which contains event detection points: EDP4 (route select failure) or EDP5 (busy); and

v) A ReleaseCall operation which contains a Cause parameter derived from the event detection point EDP4/EDP5 message parameters.

In some embodiments of the invention, the signalling firewall 32 receives out of context messages which have the potential or in fact do impact other communications calls associated with a service offered by the same or another third party. In this case, the signalling firewall 32 blocks the received message and generates a report which is sent to the SSP. Examples of such embodiments include where the third party application server 36 sends in CONNECT for a call not under its control, or where it sends in a RequestREportBCMSE for a call not under its control, or where the third party application server 36 sends in release call for a call not under its control. The signalling firewall 32 is configured in this case so that none of these actions by the application server have any impact on calls in progress.

In this embodiment in which a prepay application is provided by the application server, when a communications cajl is actively terminated by the third party application server, due to the calling party running out of money on his account with the third party, or if for any other reason the third party application server has to terminate the call prematurely (for example, because the caller has exhausted his credit), it will send a ReleaseCall operation to the signalling firewall 32. This will contain cause 21 ( Call rejected ) if the call has not yet been answered. It will contain cause 29 (Facility rejected ) when the call has been answered. The signalling firewall 32 will after verification send the

ReleaseCall operation to the SSP 30 who will act in disarming all armed DPs and release both call legs by sending a release message.

In embodiments of the invention in which signalling messages are received out of sequence, the signalling firewall 32 blocks the messages and generates a report. Examples of such embodiments include where the third party application server 36 sends a connect message 108 before a

RequestReportBCMSE message 106, where the third party application server 36 does not send all

Request Report BCSME messages 106 (for example, only Event detection Point 7 (EDP7), which is the detection of an ANSWER message by the SSP 30 or only EPD 9 (event detection point 9 which is also armed dynamically under the control of the SCP).

Disconnects are also detected in one embodiment of the invention in which the signalling firewall 32 has a configurable option of supervising event time-outs. This includes the ability to clear down call attempts where pre-determined time-outs are exceeded for the following events:

a) Receipt of Request Report & Connect messages after the sending of InitialDP; and

b) Receipt of Release call after sending of relevant Report Event.

For each of the above events, a configurable time-out value shall be provided which, for example, is configurable between the values of 0 to 10 seconds in steps of 100 ms in one embodiment of the invention.

In one embodiment of the invention, signalling firewall 32 is configured to implement message flow control. In this embodiment, the signalling firewall has a configurable option of supervising message transfer rates, which provides protection where the rate of messages received from the third party application server is too high (for example, such as may occur if multiple ReleaseCall messages are received at the same time). The signalling firewall 32 in this embodiment is provided with a buffering capability in order to absorb such events for non error situations. However, where the buffer is exceeded due to application server error conditions (e.g. continuous message transmission from application server) then the signalling firewall 32 discards the messages and generates an error report which is sent to SSP 30.

The invention supports a number of call clear procedures, such as arise when there is application server failure or call termination. For example, if it is determined by the signalling firewall 32 that the application server 36 has encountered a failure situation then the condition shall be detected by the controlling SSP 30 via the expiry of a time-out for the receipt of an expected message. Under these circumstances the call request will terminate and the signalling firewall 32 shall return to an idle state for the call instance.

If the originating party clears at any time during the call setup attempt, then a TCAP ABORT message will be sent from the SSP 30 in order to release the call. This TCAP message will be transited to the application server 36 in order to clear the resources for the call attempt. If the application server 36 is required to clear the call at any time during the call attempt, then it will send an INAP release call operation message to the SSP 30. This will be transited by the signalling firewall 32, and its receipt at the SSP 30 results in call clear down.

The signalling firewall 32 provides transparency to all release causes in the direction of the SSP 30 to the application server 36. In the direction of the application server 36 to the SSP 30, the signalling firewall 32 shall provide transparency for the release causes valid for the service supported by the third party (e.g. those based on ITU Q850) and defaults all others so that these do not transit the signalling firewall 32. Table 5 below shows an example of mapping applied by the signalling firewall 32 to reasons generated by the application server 36 and sent to the signalling firewall 32 to generate reasons sent to the SSP 30 by the signalling firewall 32.

Release Call Operation)

Different from that sent from Revert to original Cause as

SSP in EDP9 -disconnect sent in EDP9 - disconnect

(Original Cause not echoed back n Release Call

Operation)

Table 5: Reason mapping between the Application server 32, the signalling firewall 32 and the signalling firewall 32 and the SSP 30.

Those of ordinary skill in the art will appreciate that the signalling firewall according to the invention is configurable for a plurality of services which are provided by third parties and for a plurality of third parties. Examples of other services include a least cost routing service and service differentiation. This is similar to the prepay service described herein above, and comprises a service in which a third party indicates how traffic should be routed which is accomplished by inserting in front of the called destination number a predetermined routing prefix (out of a list of allowed routing prefixes).

Whilst the above embodiments have been described in the context of an INAP signalling environment which is an application protocol for connection-oriented communications, those of ordinary skill in the are will similarly appreciate that the filtering functionality provided by the signalling firewall can be applied to any communications protocols which have out-of-band signalling including those supported by connectionless protocols such as the Internet Protocol for example, the session initiation protocol (SIP). Thus an application server having switch control functionality does not need to comprise an INAP SCP in all embodiments of the invention.

In an embodiment in which a third party connects via SIP rather then INAP, as with the embodiment shown in Figures 4 to 7, where connection is on INAP, for every INAP message, there is an equivalent SIP relevant message and for every incoming SIP response, and INAP message to steer the TDM network. Other messages from the third Party server would be discarded. Parameters that exceed the boundary of the intended service would be either discarded or overwritten with information valid for that particular call or result in autonomous call clear down triggered by the signalling firewall application.

Modifications to the above features of the invention and features having equivalent effect to the features known to those skilled in the art are implicitly included in the description, and the scope of the invention should be determined by the accompanying claims. In particular, references herein to an other licensed operator (OLO)'s network are synecdoches for references to any other communications network where the processing of signalling information and/or call routing is controlled by a different entity from the entity controlling the processing of signalling and/or call routing in the public switched telecommunications network (PSTN), for example, a mobile communications network such as a cellular, GPRS, GSM, WiFi, WiMax network or any other communications network well known to those of ordinary skill in the art. References to the term communications networks are intended to include references to all appropriate networks known to those skilled in the art as being networks capable of implementing the invention, including telecommunications networks.

In particular, those of ordinary skill in the art will realise that where features indicated as being implemented in software can be implemented in an equivalent manner in hardware, the description is intended to implicitly include any embodiment comprising said features whether implemented in software and/or hardware as appropriate.

The text of the abstract repeated herein below is hereby incorporated into the description:

A method of remotely controlling switching apparatus located in a host network domain comprising the steps of generating a signalling message at an application server in a first network domain controlled by a separate entity to the entity controlling said host network domain; receiving said signalling message at a signalling firewall located at a point of interconnection between said host network and said first network; filtering at the signalling firewall said signalling message to retain only one or more signalling operations which conform with a set of one or more criteria for remotely controlling said service switching apparatus; forwarding from the signalling firewall a filtered signalling message to a service switching apparatus located in said host network domain; processing said received signalling message at said service switching apparatus to control the operation of switching apparatus located in said host network domain, wherein the filtering action performed by the signalling fjrewall enables a plurality of differing application servers to share control of the switching apparatus located in said host network domain through the same point of interconnection, thus extending the signalling domain of each of said application servers. This enables switching apparatus located in the host network domain to be remotely controlled to prevent payload communications traffic associated with said signalling message from reaching said first network domain, thus preventing call tromboning effects.

Claims

1. A method of extending the signalling domain of an application server (34a,34b,36) associated with another communications network into the signalling domain of switching apparatus (18) located in a first communications network, the method comprising the steps of: said switching apparatus (18) forwarding a signalling message to said application server (34a,34b,36), said signalling message seeking to establish a path for a communications call to a called communications device (28) accessible via a destination network, wherein said communications device is associated with said other communications network; the application server (34a,34b, 36) generating a signalling message to configure the switching apparatus (18,30) to establish a path for the communications call to the called communications device (28) which does not cross into the other network; receiving said signalling message at a signalling firewall (32) located at a point of interconnection between said first communications network and said application server's communications network; processing at the signalling firewall (32) said signalling message to retain only one or more signalling operations which conform with a set of one or more criteria for controlling said switching apparatus (18,30); forwarding from the signalling firewall (32) a processed signalling message to switching apparatus (18, 30) located in said host network domain; and processing said received signalling message at said switching apparatus (18, 30) to control the operation of said switching apparatus (18,30) located in said host network domain, wherein the processing action performed by the signalling firewall (32) enables a plurality of application servers to (34a,34b,36) each associated with a different other communications network to share control of the switching apparatus (18,30) located in said host network domain through the same point of interconnection, and wherein in said step of processing said signalling message, one or more parameter values of said one or more signalling operations are processed by said signalling firewall

(32) and only signalling compliant with parameters for operations trusted by the signalling protocol of the host communications network are communicated through the signalling firewall (32) to the service switching apparatus (30) to extend the signalling domain of each application server (34a,34b, 36).

2. A method as claimed in claim 1 , wherein said plurality of differing application servers (34a,34b,36) share control over ports on the switching apparatus (18,30) for interconnecting payload communications traffic to their respective destination network domains.

3. A method as claimed in claim 2, wherein a plurality of network domains are provided, each having one or more application servers (34a,34b,36) and wherein said communications call signalling is partitioned by said call signalling firewall between said network domains such that each application server (34a,34b,36) shares the same point of interconnection to remotely control a communication call treatment behaviour of said switching apparatus (18,30).

4. A method as claimed in any previous claim, wherein said processing action performed by said signalling firewall comprises filtering and/or amending and/or error detecting and/or error correcting action(s) on a signalling message.

5. A method as claimed in claim 3, wherein a plurality of application servers located in a plurality of other network domains share the same point of interconnection to control said service switching apparatus (30), and wherein each application server (34a,34b,36) reserves a port resource on said service switching apparatus (30) in response to a routing requirement for the payload traffic for each communications call, wherein said routing requirement is an initial routing requirement to interconnect with the respective other network domain, and wherein said port resource comprises one or more ports which enable interconnection between the first network domain and said respective other network domain of the application server (34a,34b,36).

6. A method as claimed in any one of claim 1 to 4, wherein in said step of processing said received signalling message, said switching apparatus (18,30) located in said first network domain is controlled to prevent payload communications traffic associated with said signalling message from reaching said other network domain of the application server (34a,34b,36).

7. A method as claimed in any previous claim, wherein said signalling firewall (32) implements message flow control between said first network domain and said other network domain of the respective application server by performing the steps of: supervising the message transfer rate; determining if the rate of messages received from the application server (34a,34b,36) is too high; and buffering messages from the other network domain of the respective application server (34a,34b,36) to prevent these from overloading said service switching apparatus (30).

8. A method as claimed in any previous claim, wherein said signalling firewall (32) implements message flow control between said host network domain and a plurality of application servers' network domains by performing the steps of: supervising the message transfer rate from each domain; determining if the rate of messages received from all application server network domains collectively is too high; and buffering messages from each of said application server network domains to prevent these from overloading said service switching apparatus (30).

9. A method as claimed in any previous claim, wherein a first network operator controls one or more of said other network domains of each respective application server, and a differing network operator controls said first network domain, wherein said signalling firewall (32) partitions the signalling between each said respective other network and said first network to ensure trusted signalling messages are forwarded to said service switching apparatus (30) and untrusted signalling messages are blocked.

10. A method as claimed in any previous claim, wherein one or more application servers (34a,34b,36) are located in the same other network and each application server (34a,34b,36) is arranged to generate signalling messages relating to a plurality of differing services, and wherein said signalling firewall (32) is configured to selectively filter said signalling messages for each of said plurality of services to remove any conflicting control signals which would otherwise be received by said service switching apparatus (30).

11. A method as claimed in any previous claim, wherein said first communications network and/or one or more of said other communications networks comprise a connectionless communications transport protocol network .

12. A method as claimed in any previous claim, wherein said first communications network and/or one or more of said other communications networks comprise a connection-oriented communications transport protocol network.

13. A method as claimed in any previous claim, wherein said first communications network and/or one or more of said other communications networks comprises an intelligent network, wherein said signalling comprises signalling conforming to an INAP signaliing protocol, and wherein said application server comprises a service control point and said service switching apparatus (30) comprises a service switching point.

14. A method as claimed in any previous claim wherein said switching apparatus (18,30) comprises service switching apparatus (30).

15. A method as claimed in claim 1 , wherein in said step of processing, a sequence of operations conveyed by a plurality of said signalling messages is monitored by the signalling firewall (32) for conformance with a predetermined sequence.

16. A message as claimed in claim 15, wherein if a signalling operation is received out of sequence one or more of said plurality of signalling messages are processed by said signalling firewall.

17. A method as claimed in any one of claims 15 or 16, wherein in said step of processing, a sequence of operations conveyed by a plurality of said signalling messages is monitored by the signalling firewall (32) for conformance with a predetermined sequence.

18. A method as claimed in claim 17, wherein if a signalling operation is out of sequence, one or more operational parameter values of said out-of-sequence signalling operation is processed to provide an amended sequence which conforms with a predetermined sequence allowed to pass by said filtering firewall.

19. A method as claimed in claim 16 or 18, wherein the processing performed depends on the message position in the sequence.

20. A method as claimed in claim 16, 18 or 19, wherein said processing by said signalling firewall comprises one of the following: verifying and/or blocking and/or allowing said operation and/or parameter value.

21. A method as claimed in any previous claim, wherein said communications device (28) comprises a mobile communications device and said mobile communications device is roaming in said destination network.

22. A method as claimed in any previous claim, wherein said communications call is to a public number and said communications device (28) is associated with a dynamic telephone number which is determined by said application server.

23. A method as claimed in any previous claim, wherein said communications call is to a public number and said communications device (28) is associated with a private telephone number which is determined by said application server processing said call signalling received from said switching apparatus (18,30).

24. A signalling firewall (32) arranged to implement said receiving, processing and forwarding steps in any previous method claim.

25: A signalling firewall (32) located at a point of interconnection between the respective communications network domains of one or more application servers (34a,34b,36) and service switching apparatus (30) in a first network domain, each application server (34a,34b,36) providing one or more services accessible via said service switching apparatus (30) to communications devices in the first communications network domain, the firewall (32) comprising means to intercept and process signalling originating from each one or more application servers (34a,34b,36) and comprising: receiving means to receive a signalling message generated by each application server (36); means to process each received signalling message to retain only one or more signalling operations having operational parameters which conform with a set of one or more criteria for a service provided by said application server (34a,34b,36) and requiring said application server (34a,34b,36) to remotely control said switching apparatus (18,30) located in the host network domain; forwarding from the signalling firewall (32) a processed signalling message to said service switching apparatus (30) in said host network domain, wherein the signalling firewall (32) is configured to perform said processing action to enable a plurality of differing first parties to share control of said service switching apparatus (30) located in said host network domain through the same point of interconnection by enabling an extension of the signalling domain of each said application server (34a,34b, 36) into said first network domain.

26. An inter-network comprising at least two network domains and a signalling firewall (32) located at a point of interconnection between at least two of said network domains as claimed in either claim 24 or 25.

27. A signal comprising a set of instructions conveying control information for switching apparatus (18,30) providing service switching functionality in a first communications network, the signal being generated by an application server (34a,34b,36) providing switch control functionality located in another communications network and conveyed through a signalling firewall (32) between the first communications network and the application server's communications network to enable said application server (34a,34b,36) to remotely control said switching apparatus (18, 30,38) located in said first communications network, the signalling firewall (32) being arranged to enable a plurality of application servers (34a,34b,36) to share control of their respective utilisation of one or more ports of said switching apparatus (18,30,38) in the first communications network.

28. A suite of one or more computer programs which operate in a distributed communications environment comprising a plurality of application servers (34a,34b,36), each application server having switch control functionality in its respective other communications network domain, and service switching apparatus (30,38) located in a first communications network, at least one program being arranged individually and/or collectively to configure a signalling firewall (32) to implement said receiving, processing and forwarding functionality as claimed in any one of method claims 1 to 24.

29. A suite of one or more computer programs which operate in a distributed communications environment comprising a plurality of application servers (34a,34b,36) each having switch control functionality and located in a respective other network domain and service switching apparatus (30,38) located in a first communications network, each program being arranged individually and/or collectively to configure a signalling firewall (32) to implement a signal filtering operation to enable each of said plurality of application servers (34a,34b,36) to convey signalling in a trusted form to switching apparatus (18,30,38) located in another network differing from the respective server network domain of said application server (36), the signalling firewall (32) being arranged to enable a plurality of application servers (34a,34b,36) to share control of their respective utilisation of one or more ports of said switching apparatus (18,30,38).

30. A method of remotely controlling switching apparatus (18) located in a host communications network domain comprising the steps of: generating a signalling message for a communications call to be routed via said switching apparatus (18,30) at an application server (34a,34b,36) in a communications network domain controlled by a separate entity to the entity controlling said host communications network domain; receiving said signalling message at a signalling firewall (32) located at a point of interconnection between said host communications network and said application server's communications network; filtering at the signalling firewall (32) said signalling message to retain only one or more signalling operations which conform with a set of one or more criteria for remotely controlling said switching apparatus (18,30); forwarding from the signalling firewall (32) a filtered signalling message to a service switching apparatus (30) located in said host network domain; processing said received signalling message at said service switching apparatus (30) to control the operation of said switching apparatus (18,30) located in said host network domain, wherein the filtering action performed by the signalling firewall (32) enables a plurality of differing application servers to (34a,34b,36)^' share control of the switching apparatus (18,30) located in said host network domain through the same point of interconnection, wherein in said step of filtering said signalling message, one or more parameter values of said one or more signalling operations are filtered and only signalling compliant with parameters for operations trusted by the signalling protocol of the host communications network is communicated through the signalling firewall (32) to the service switching apparatus (30), whereby the separate entity server is able to dynamically assign ports associated with switching apparatus (18,30,38) within the host communications network domain to enable communication calls to be transferred to a destination communications network domain differing from the communications network domain of the separate entity without tromboning the communications calls into the network domairrof the separate entity.