[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2002046983A1 - A method for arranging accounting and a communication system - Google Patents

A method for arranging accounting and a communication system Download PDF

Info

Publication number
WO2002046983A1
WO2002046983A1 PCT/FI2001/001066 FI0101066W WO0246983A1 WO 2002046983 A1 WO2002046983 A1 WO 2002046983A1 FI 0101066 W FI0101066 W FI 0101066W WO 0246983 A1 WO0246983 A1 WO 0246983A1
Authority
WO
WIPO (PCT)
Prior art keywords
data transmission
connection
server
debiting
user
Prior art date
Application number
PCT/FI2001/001066
Other languages
French (fr)
Inventor
Kimmo Lahdensivu
Olli Jussila
Original Assignee
Sonera Oyj
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sonera Oyj filed Critical Sonera Oyj
Priority to AU2002217172A priority Critical patent/AU2002217172A1/en
Publication of WO2002046983A1 publication Critical patent/WO2002046983A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0213Standardised network management protocols, e.g. simple network management protocol [SNMP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/04Billing or invoicing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1403Architecture for metering, charging or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/68Payment of value-added services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/80Rating or billing plans; Tariff determination aspects
    • H04M15/8016Rating or billing plans; Tariff determination aspects based on quality of service [QoS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/81Dynamic pricing, e.g. change of tariff during call
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/24Accounting or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5029Service quality level-based billing, e.g. dependent on measured service level customer is charged more or less
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/01Details of billing arrangements
    • H04M2215/0112Dynamic pricing, e.g. change of tariff during call
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/01Details of billing arrangements
    • H04M2215/0196Payment of value-added services, mainly when their charges are added on the telephone bill, e.g. payment of non-telecom services, e-commerce, on-line banking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/20Technology dependant metering
    • H04M2215/2026Wireless network, e.g. GSM, PCS, TACS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/22Bandwidth or usage-sensitve billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/32Involving wireless systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/74Rating aspects, e.g. rating parameters or tariff determination apects
    • H04M2215/7414QoS

Definitions

  • a method for arranging accounting and a communication system is arranged.
  • the present invention relates to a method for arranging debiting as presented in the preamble of the appended claim 1.
  • the invention also 5 relates to a communication system according to the preamble of the appended claim 10.
  • Data processing devices can be used to set up a data transmission connection, for example via an optional communication network to 0 serving devices (servers) of various service providers.
  • the data processing devices are thus equipped with means for logging in a communication network, such as a modem or the like.
  • the user can, for example, browse the home pages of the service provider in the Internet, subscribe goods electronically, pay bills, etc.
  • the 5 optional communication network can be used for setting up a remote connection to the data network of a firm.
  • the data network can be formed, for example, as a so-called virtual private network (VPN) utilizing a public data network, such as the Internet data network.
  • VPN virtual private network
  • the data transmission connection it is possible to determine various service levels and quality classes, for example, on the basis of the 5 data transmission capacity and/or data transmission rate required for the connection.
  • the use of different services as well as different quality classes or service levels is typically priced so that the higher the quality of service (QoS) level and/or the data transmission rate used in the connection, the more expensive it is to use the connection.
  • QoS quality of service
  • the debiting of the use of the services is not necessarily based on the connection time but on the quantity of information transmitted during the connection at each QoS level and for each sen/ice.
  • the solutions of prior art involve the problem how to record the debiting correctly, i.e. according to the real use of services by the user.
  • this debiting is normally based on such a method in which the device providing a service applies a counter, for example, for each service user and/or QoS level.
  • the values of these counters are read at intervals.
  • a debiting server makes an inquiry of the values of the counters at the device providing the service, about all QoS levels, rules and other configuration units at predetermined intervals.
  • This data is combined with the log data of the terminal server, through which the user is connected to the data system and for which the user is allocated a separate address for the time of the connection.
  • the debiting of the total communication is performed, for example, by using information provided directly by the authentication/debiting protocol used in the connection.
  • the address identifies the user in the data network of the data processing device, wherein this address can be used to direct packets intended for the user to the correct data processing device.
  • the address is, for example, a so-called IP address, which can be a static address allocated for a specific user, or it can be a dynamic address, wherein a connection-specific address is allocated for each connection, for example, in the address space of the Internet operator.
  • IP address can be presented in so-called dot notation format, wherein the address comprises four decimal numbers separated from each other by dots. Such an address can be exemplified with 123.255.1.198.
  • the data network is normally also provided with a name server for storing the above-mentioned address as well as the identifying name corresponding to the address, such as www.company.fi.
  • the present invention provides an improved debiting method and a communication system, in which the debiting data corresponds to the real situation as accurately as possible.
  • the invention is based on the idea that the communication system is provided with a management server, through which the connections are set up and the debiting data are collected. More precisely, the method according to the present invention is primarily characterized in what will be presented in the characterizing part of the appended claim 1. The communication system according to the present invention is primarily characterized in what will be presented in the characterizing part of the appended claim 10.
  • Fig. 1 shows a communication system according to a preferred embodiment of the invention in a reduced chart
  • Figs. 2a to 2d show the operation of the invention in the system of Fig. 1.
  • Figure 1 shows a communication system 1 according to an advantageous embodiment of the invention, in which the user sets up a dynamic data transmission connection from a data processing device 2 to a terminal server 3.
  • the data processing device 2 is, for example, a personal computer (PC) comprising a modem or the like for logging in an optional communication network 4.
  • the data processing device can also be a wireless communication device with data processing facili- ties.
  • the modem used can be a radio card or a corresponding wireless modem.
  • the communication network 4 can be either a public switched telephone network (PSTN) or a wireless communication network.
  • PSTN public switched telephone network
  • the communication network 4 forms a communication channel (tunnel) between the data processing device 2 and the terminal server 3.
  • the terminal server 3 is, for example, a server device of an operator providing Internet services. The user has thus made a contract with the operator, wherein the user has been allocated a user identification and possibly a static address, in addition to which the user will need a password to set up a connection. It is obvious that, instead of a static address, it is possible to use a dynamic address, wherein the terminal server 3 allocates, at the beginning of each connection, an address for the user's data processing device 3 from a specific set of addresses. This address will be used in the data transmission between the data processing device 2 and the communication network 4 in a way known as such.
  • GTP GPRS Tunneling Protocol
  • the terminal server 3 is arranged to communicate e.g. with the management server 5.
  • the user identification and password are transmitted to the terminal server 3 to authenticate the user and to prevent misuse.
  • the terminal server 3 retrieves the identification data through the management server 5.
  • the terminal server 3 preferably transmits a connection set-up message complying with an authentication protocol, such as Radius, to the management server 5. This is indicated by arrow A2 in Fig. 2b.
  • the user identification and the password are preferably transmitted in a format encrypted with an encryption key.
  • the management server 5 communicates with a database server 6 which comprises an authentication database 11.
  • the management server 5 transmits messages received from the terminal server 3 further to the database server 6 (arrow A3 in Fig.
  • the database server 6 retrieves the identification data from the authentication database 11 on the basis of the user identification and the password (arrow A4 in Fig. 2b).
  • the authentication database 11 contains authentication data about registered users, for example, to allow the use of the services to registered users only.
  • the manage- ment server 5 starts to configure the connection with a serving device 7, 8. The purpose of this is to set up a data transmission connection for the use of the service between the terminal 3 and one or several serving devices 7, 8.
  • the management server 5 and the terminal server 3 communicate, for example, according to said Radius protocol, which is intended particularly for authentication and debiting applications.
  • this Radius protocol is also used by the management server 5 and the authentication database server 6 in their communication.
  • the man- agement server 5 supervises the messages of the Radius protocol to find out which measures should be taken, primarily in relation to debiting.
  • the management server 5 detects that it receives a message relating to the setting up or termination of a connection, the management server 5 will take measures relating to debiting, such as inquire and/or set the value of the counters in the serving devices 7, 8.
  • an authentication message is used, wherein the management server 5 detects this authentication message and, for example, the user identification and password included therein as parameters.
  • the management server starts one or more counters (not shown) for the user, according to the services, QoS levels etc. set for the connection.
  • the management server 5 is used, for example, as a proxy between the terminal server 3 and the authentication database server 6 and as an initiator of measures relating to transactions to be debited.
  • the configuration of the services is started.
  • the configuration of the services between the management server 5 and the serving device 7, 8 is executed, for example, by the Simple Network Management Protocol (SNMP).
  • SNMP Simple Network Management Protocol
  • the serving device 7 determines the class of service (CoS) set by the user or selected for the connection (arrows A8 and A9 in Fig. 2c) as well as a virtual connection to the virtual private network 12 of the firm, preferably via the terminal server 8 of the virtual private network (arrows A10 and A11 in Fig. 2c), if the user is logging in said virtual private network (VPN).
  • CoS class of service
  • the user can use the virtual private network 12 of the firm in the same way as when using a work station in the office (arrows A12 and A13 in Fig. 2d).
  • a virtual connection may contain several nodes (not shown), via which information is transmitted between the virtual private network 12 of the firm and the user's data processing device 2.
  • the service to be provided for the connection can be divided into classes of service e.g. on the basis of the rate at which information is transmitted and the error rate guaranteed in the data transmission.
  • the QoS classes which can be allocated for each user depend, for exam- pie, on the contract between the operator and the user. Furthermore, the QoS classes may be affected by the properties of the operator's own network and the way of routing the connection each time. However, in the routing of the connection, the aim is to take into account the QoS level requested for the connection at the stage of setting up the connection.
  • the management server 5 is also used as a management station for connections.
  • the management server 5 uses manage- ment agents formed in connection with a device, such as a serving device 7, 8, a bridge, a router, etc., connected to the communication network 9.
  • the management server 5 is also provided with a management database for maintaining information relating to the management of connections which are active at each time, such as user identifica- tions, data about the QoS levels, rules, or the like.
  • the management server can communicate with the serving devices 7, 8 via said management agents.
  • the management server s can request for status information about connections active in the serving device 7, 8, such as counter data, from the management agent.
  • the counters can be used to maintain information, for example, about the quantity of packets transmitted in the connection and the payload information transmitted in them.
  • the management server 5 transmits to the management agent of the serving device 7, 8 one or more configuration messages, in which a value of a resource of the management agent can be set to a desired value.
  • the resource can be the data transmission rate corresponding to a specific QoS level requested for a service in the communication channel, the quantity of communication streams allocated for the connection, or the like.
  • a configuration message is used to release resources allocated for the connection.
  • the user can use the data processing device 2, for example, to retrieve information from the communication network and to transmit information via the communication network, for example, to the virtual private network 8 of a firm.
  • the information to be transmitted is converted to a suitable format to be transferred in the communication system, and, in a corresponding manner when information is received from the communication system, the necessary conversions are made so that the information can be transferred to the use of an application, such as a browser program.
  • the terminal server 3 monitors, preferably by means of its own management agent or in another way, the quantity of data to be transmitted between the user's data processing device 2 and the terminal server 3, by examining, for example, the quantity of infor- mation contained in the packets of the physical layer.
  • the terminal server 3 can be provided with a management agent with a counter for each data transmission direction, or one counter which counts the quantity of data being transferred in both directions. If a separate counter is arranged for each data transmission direction, it is possible to take into account the data transmission direction in the pricing. However, when a common counter is used, the pricing of the data being transferred is irrespective of the data transmission direction.
  • the serving devices 7, 8 are used to monitor the quantity of data transferred via the serving devices 7, 8, such as the quantity of data transferred through connections complying with different QoS levels, the quantity of data transferred in the virtual private network, and the quantity of data transferred in other services possibly used during the connection.
  • the values of the respective counters are increased on the basis of the data transferred.
  • the management server 5 detects the termination of the connection on the basis of the message traffic, after which the management server 5 makes a counter inquiry of the management agents of the terminal server 3 and the serving devices 7, 8, or arranges, in another way, the collection of service-specific traffic data from the devices 3, 7, 8 implementing the service (VPN, CoS, etc.).
  • the terminal server 3 defines, for example, how much information has been transmitted between the system and the user's data processing device 2, and preferably transmits a Radius message to the management server 5.
  • the message preferably contains the value of the counter which indicates the quantity of data transferred in the connection.
  • the management agents of the serving devices 7, 8 transmit the current values of the counters monitoring each QoS level, respectively.
  • the terminal server 3 and the serving devices 7, 8 transmit the data from the counters to the management server 5 preferably as messages complying with the SNMP protocol, but it is obvious that other protocols can be used as well.
  • the management server 5 forms a debiting transaction, separately for the use of the vir- tual private network tunnel and for each rule/QoS class. These transaction data are transmitted to the debiting system 13, from which the debiting can be performed.
  • the management server 5 deletes the data relating to the user's connection in the serving devices 7, 8 and resets the counters of the terminal server 3 relating to the connection.
  • the present invention can be applied in dynamic data transmission connections, particularly in the debiting of such services, in which the debiting is based on the quantity of information to be transferred.
  • some advantageous applications of the invention to be mentioned in this context include a firewall service and a web cache service intended to be used for browsing in the Internet.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Development Economics (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Quality & Reliability (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to a method for arranging debiting in a communication system (1) comprising at least one communication network (9), at least one optional communicant network (4), at least one terminal server (3), and at least one database server (6). The database server (6) communicates with at least one authentication database (11) containing information for user authentication. In the method, a data processing device (2) is connected via the optional communication network (4) to the terminal server (3) of the communication system (1), and the user is authenticated from the authentication database (11). If the user is authenticated, at least one data transmission connection is set up for data transmission between the data processing device (2) and the communication network (9); at least one property is determined for the data transmission connection, and the data transmission connection is monitored to determine the value of at least one debiting parameter. In the method, the data transmission between the terminal server (3) and the database server (6) is examined to determine the moments of setting up and termination of the connection, and the value of said at least one debiting parameter is determined substantially at the moments of setting up and termination of the connection. Thus, the debiting is executed on the basis of the value of said at least one debiting parameter at the moments of setting up and termination of the connection.

Description

A method for arranging accounting and a communication system.
The present invention relates to a method for arranging debiting as presented in the preamble of the appended claim 1. The invention also 5 relates to a communication system according to the preamble of the appended claim 10.
Data processing devices can be used to set up a data transmission connection, for example via an optional communication network to 0 serving devices (servers) of various service providers. The data processing devices are thus equipped with means for logging in a communication network, such as a modem or the like. The user can, for example, browse the home pages of the service provider in the Internet, subscribe goods electronically, pay bills, etc. In addition, the 5 optional communication network can be used for setting up a remote connection to the data network of a firm. The data network can be formed, for example, as a so-called virtual private network (VPN) utilizing a public data network, such as the Internet data network. Thus, the offices of the firm are connected to each other by means of a public 0 communication network, and logging in the network is prevented from other persons than employees of the firm.
For the data transmission connection, it is possible to determine various service levels and quality classes, for example, on the basis of the 5 data transmission capacity and/or data transmission rate required for the connection. The use of different services as well as different quality classes or service levels is typically priced so that the higher the quality of service (QoS) level and/or the data transmission rate used in the connection, the more expensive it is to use the connection. However, in 0 all services, the debiting of the use of the services is not necessarily based on the connection time but on the quantity of information transmitted during the connection at each QoS level and for each sen/ice. Thus, the solutions of prior art involve the problem how to record the debiting correctly, i.e. according to the real use of services by the user.
35 In solutions of prior art, this debiting is normally based on such a method in which the device providing a service applies a counter, for example, for each service user and/or QoS level. The values of these counters are read at intervals. For example, a debiting server makes an inquiry of the values of the counters at the device providing the service, about all QoS levels, rules and other configuration units at predetermined intervals. This data is combined with the log data of the terminal server, through which the user is connected to the data system and for which the user is allocated a separate address for the time of the connection. The debiting of the total communication is performed, for example, by using information provided directly by the authentication/debiting protocol used in the connection.
The address identifies the user in the data network of the data processing device, wherein this address can be used to direct packets intended for the user to the correct data processing device. The address is, for example, a so-called IP address, which can be a static address allocated for a specific user, or it can be a dynamic address, wherein a connection-specific address is allocated for each connection, for example, in the address space of the Internet operator. The IP address can be presented in so-called dot notation format, wherein the address comprises four decimal numbers separated from each other by dots. Such an address can be exemplified with 123.255.1.198. The data network is normally also provided with a name server for storing the above-mentioned address as well as the identifying name corresponding to the address, such as www.company.fi.
Such solutions of prior art involve, for example, the problem that it is not possible to determine precisely the quantity of data transferred by the user during the connection, because it is very unlikely that the login and logout of the user would occur precisely at the sampling. Thus, a requirement for an increase in the accuracy in solutions of prior art is that the values of the counters are read so often that it is possible to achieve the desired accuracy. However, this will significantly increase the traffic between the device providing the service and the debiting server, and the debiting data may still be different from the actual situation.
It is an aim of the present invention to provide an improved debiting method and a communication system, in which the debiting data corresponds to the real situation as accurately as possible. The invention is based on the idea that the communication system is provided with a management server, through which the connections are set up and the debiting data are collected. More precisely, the method according to the present invention is primarily characterized in what will be presented in the characterizing part of the appended claim 1. The communication system according to the present invention is primarily characterized in what will be presented in the characterizing part of the appended claim 10.
Considerable advantages are achieved by the present invention when compared to methods and systems of prior art. In the method according to the invention, it is possible to detect the moments of setting up and termination of the connection in a management server which studies the values of the counters formed for the connection at the beginning of the connection and after its completion, to obtain a value describing the real situation as precisely as possible. Thus, the debiting can be allocated better according to the actual use. This will also facilitate the pricing of various services, because the actual use and the respective costs can be recorded more accurately than in systems of prior art. Furthermore, in the communication system according to the invention, the data of the counters do not need to be read as often as in systems of prior art, wherein the need for data transmission is reduced.
In the following, the invention will be described in more detail with reference to the appended drawings, in which
Fig. 1 shows a communication system according to a preferred embodiment of the invention in a reduced chart, and
Figs. 2a to 2d show the operation of the invention in the system of Fig. 1.
Figure 1 shows a communication system 1 according to an advantageous embodiment of the invention, in which the user sets up a dynamic data transmission connection from a data processing device 2 to a terminal server 3. The data processing device 2 is, for example, a personal computer (PC) comprising a modem or the like for logging in an optional communication network 4. The data processing device can also be a wireless communication device with data processing facili- ties. On the other hand, the modem used can be a radio card or a corresponding wireless modem. The communication network 4 can be either a public switched telephone network (PSTN) or a wireless communication network. The communication network 4 forms a communication channel (tunnel) between the data processing device 2 and the terminal server 3. For example, in the case of a wireless communication network, such as the GPRS (General Packet Radio Service), this communication channel is called the GPRS Tunneling Protocol (GTP). This step of setting up a connection is illustrated by arrow A1 in Fig. 2a. The terminal server 3 is, for example, a server device of an operator providing Internet services. The user has thus made a contract with the operator, wherein the user has been allocated a user identification and possibly a static address, in addition to which the user will need a password to set up a connection. It is obvious that, instead of a static address, it is possible to use a dynamic address, wherein the terminal server 3 allocates, at the beginning of each connection, an address for the user's data processing device 3 from a specific set of addresses. This address will be used in the data transmission between the data processing device 2 and the communication network 4 in a way known as such.
The terminal server 3 is arranged to communicate e.g. with the management server 5. Thus, at the moment of setting up a connection, the user identification and password are transmitted to the terminal server 3 to authenticate the user and to prevent misuse. After this, the terminal server 3 retrieves the identification data through the management server 5. The terminal server 3 preferably transmits a connection set-up message complying with an authentication protocol, such as Radius, to the management server 5. This is indicated by arrow A2 in Fig. 2b. In the connection set-up message, the user identification and the password are preferably transmitted in a format encrypted with an encryption key. The management server 5 communicates with a database server 6 which comprises an authentication database 11. The management server 5 transmits messages received from the terminal server 3 further to the database server 6 (arrow A3 in Fig. 2b). Thus, the database server 6 retrieves the identification data from the authentication database 11 on the basis of the user identification and the password (arrow A4 in Fig. 2b). The authentication database 11 contains authentication data about registered users, for example, to allow the use of the services to registered users only. After the user has been authenticated and the permission for the user to use the desired services has been verified (arrows A5, A6, A7 in Fig. 2b), the manage- ment server 5 starts to configure the connection with a serving device 7, 8. The purpose of this is to set up a data transmission connection for the use of the service between the terminal 3 and one or several serving devices 7, 8.
The management server 5 and the terminal server 3 communicate, for example, according to said Radius protocol, which is intended particularly for authentication and debiting applications. Preferably, this Radius protocol is also used by the management server 5 and the authentication database server 6 in their communication. The man- agement server 5 supervises the messages of the Radius protocol to find out which measures should be taken, primarily in relation to debiting. When the management server 5 detects that it receives a message relating to the setting up or termination of a connection, the management server 5 will take measures relating to debiting, such as inquire and/or set the value of the counters in the serving devices 7, 8. At the stage of setting up a connection, an authentication message is used, wherein the management server 5 detects this authentication message and, for example, the user identification and password included therein as parameters. Thus, the management server starts one or more counters (not shown) for the user, according to the services, QoS levels etc. set for the connection. \n practice, the management server 5 is used, for example, as a proxy between the terminal server 3 and the authentication database server 6 and as an initiator of measures relating to transactions to be debited.
After the user has been authenticated and it has been verified that the user is authorized to use one or more services requested, the configuration of the services is started. The configuration of the services between the management server 5 and the serving device 7, 8 is executed, for example, by the Simple Network Management Protocol (SNMP). In the configuration, the serving device 7 determines the class of service (CoS) set by the user or selected for the connection (arrows A8 and A9 in Fig. 2c) as well as a virtual connection to the virtual private network 12 of the firm, preferably via the terminal server 8 of the virtual private network (arrows A10 and A11 in Fig. 2c), if the user is logging in said virtual private network (VPN). After this, the user can use the virtual private network 12 of the firm in the same way as when using a work station in the office (arrows A12 and A13 in Fig. 2d). In practice, such a virtual connection may contain several nodes (not shown), via which information is transmitted between the virtual private network 12 of the firm and the user's data processing device 2.
The service to be provided for the connection can be divided into classes of service e.g. on the basis of the rate at which information is transmitted and the error rate guaranteed in the data transmission. The QoS classes which can be allocated for each user depend, for exam- pie, on the contract between the operator and the user. Furthermore, the QoS classes may be affected by the properties of the operator's own network and the way of routing the connection each time. However, in the routing of the connection, the aim is to take into account the QoS level requested for the connection at the stage of setting up the connection.
In this advantageous embodiment of the invention, the management server 5 is also used as a management station for connections. In the configuration of connections, the management server 5 uses manage- ment agents formed in connection with a device, such as a serving device 7, 8, a bridge, a router, etc., connected to the communication network 9. The management server 5 is also provided with a management database for maintaining information relating to the management of connections which are active at each time, such as user identifica- tions, data about the QoS levels, rules, or the like. The management server can communicate with the serving devices 7, 8 via said management agents. The management server s can request for status information about connections active in the serving device 7, 8, such as counter data, from the management agent. The counters can be used to maintain information, for example, about the quantity of packets transmitted in the connection and the payload information transmitted in them. When configuring the connection, the management server 5 transmits to the management agent of the serving device 7, 8 one or more configuration messages, in which a value of a resource of the management agent can be set to a desired value. The resource can be the data transmission rate corresponding to a specific QoS level requested for a service in the communication channel, the quantity of communication streams allocated for the connection, or the like. In a corresponding manner, when the connection is terminated, a configuration message is used to release resources allocated for the connection.
The user can use the data processing device 2, for example, to retrieve information from the communication network and to transmit information via the communication network, for example, to the virtual private network 8 of a firm. In the data processing device 2, the information to be transmitted is converted to a suitable format to be transferred in the communication system, and, in a corresponding manner when information is received from the communication system, the necessary conversions are made so that the information can be transferred to the use of an application, such as a browser program.
During the connection, the terminal server 3 monitors, preferably by means of its own management agent or in another way, the quantity of data to be transmitted between the user's data processing device 2 and the terminal server 3, by examining, for example, the quantity of infor- mation contained in the packets of the physical layer. For this purpose, the terminal server 3 can be provided with a management agent with a counter for each data transmission direction, or one counter which counts the quantity of data being transferred in both directions. If a separate counter is arranged for each data transmission direction, it is possible to take into account the data transmission direction in the pricing. However, when a common counter is used, the pricing of the data being transferred is irrespective of the data transmission direction. The serving devices 7, 8 are used to monitor the quantity of data transferred via the serving devices 7, 8, such as the quantity of data transferred through connections complying with different QoS levels, the quantity of data transferred in the virtual private network, and the quantity of data transferred in other services possibly used during the connection. The values of the respective counters are increased on the basis of the data transferred.
When the connection is terminated, the management server 5 detects the termination of the connection on the basis of the message traffic, after which the management server 5 makes a counter inquiry of the management agents of the terminal server 3 and the serving devices 7, 8, or arranges, in another way, the collection of service-specific traffic data from the devices 3, 7, 8 implementing the service (VPN, CoS, etc.). The terminal server 3 defines, for example, how much information has been transmitted between the system and the user's data processing device 2, and preferably transmits a Radius message to the management server 5. The message preferably contains the value of the counter which indicates the quantity of data transferred in the connection. As a response to the inquiry, the management agents of the serving devices 7, 8 transmit the current values of the counters monitoring each QoS level, respectively. These counters indicate how much certain services/QoS classes have been used in the connection. The terminal server 3 and the serving devices 7, 8 transmit the data from the counters to the management server 5 preferably as messages complying with the SNMP protocol, but it is obvious that other protocols can be used as well. On the basis of this information, the management server 5 forms a debiting transaction, separately for the use of the vir- tual private network tunnel and for each rule/QoS class. These transaction data are transmitted to the debiting system 13, from which the debiting can be performed. After the termination of the connection, the management server 5 deletes the data relating to the user's connection in the serving devices 7, 8 and resets the counters of the terminal server 3 relating to the connection. The present invention can be applied in dynamic data transmission connections, particularly in the debiting of such services, in which the debiting is based on the quantity of information to be transferred. In addition to the above-mentioned applications, some advantageous applications of the invention to be mentioned in this context include a firewall service and a web cache service intended to be used for browsing in the Internet.
It is obvious that the present invention is not limited solely to the above- presented embodiments, but it can be modified within the scope of the appended claims.

Claims

Claims:
1. A method for arranging debiting in a communication system (1) comprising at least one communication network (9), at least one termi- nal server (3) and at least one database server (6) which is in a data transmission connection with at least one authentication database (11) containing information for user authentication, in which method the user is authenticated in the authentication database (11), wherein if the user is authenticated, at least one dynamic data transmission connec- tion is set up for data transmission between a data processing device (2) and the communication network (9); at least one property is set up for the data transmission connection; and the data transmission connection is monitored for the determination of the value of at least one debiting parameter, characterized in that in the method, the data transmission between the terminal server (3) and the database server (6) is examined to determine the moments of setting up and termination of the connection, and the value of said at least one debiting parameter is determined substantially at the moments of setting up and termination of the connection, wherein the debiting is executed on the basis of the value of said at least one debiting parameter at the moments of setting up and termination of the connection.
2. The method according to claim 1 , characterized in that information is transmitted as messages between the terminal server (3) and the database server (6), the communication system (1) is provided with at least one management server (5) via which the data transmission between the terminal server (3) and the database server (6) is executed, wherein the moments of setting up and termination of the connection are determined in the management server (5) on the basis of the messages transmitted via the management server (5).
3. The method according to claim 1 or 2, characterized in that at least one property to be determined for the data transmission connection is a service to be debited according to the quantity of information to be transmitted, wherein at least one debiting parameter is determined on the basis of the quantity of information transmitted in the data transmission connection.
4. The method according to claim 3, characterized in that said service is a virtual private network.
5. The method according to claim 3, characterized in that said service is a firewall.
6. The method according to claim 3, characterized in that said service is a browsing cache.
7. The method according to claim 1, 2 or 3, characterized in that at least one property to be defined for the data transmission connection is the quality of service class.
8. The method according to claim 7, characterized in that in the method, at least two quality of service classes are determined, which have a different data transmission rate.
9. The method according to claim 7 or 8, characterized in that in the method, at least two quality of service classes are determined, which have a different error probability rate.
10. A communication system (1) comprising at least one communication network (9), at least one terminal server (3), and at least one data- base server (6) which is in a data transmission connection with at least one authentication database (11) containing information for user authentication; in which system a data processing device (2) is arranged to be connected to the terminal server (3) of the communication system (1); user authentication is arranged to be performed from the authentication database (11); wherein if the user has been authenticated, at least one data transmission connection is arranged to be set up for data transmission between the data processing device (2) and the communication network (9), for which data transmission connection at least one property is determined; and which system comprises means (3, 7, 8) for monitoring the data transmission connection to determine the value of at least one debiting parameter, characterized in that the system also comprises means (5) for examining the data transmission between the terminal server (3) and the database server (6) to determine the moments of setting up and termination of the connection; and means for determining the value of said at least one debiting parameter substantially at the moments of setting up and termina- tion of the connection; wherein the debiting is arranged to be executed on the basis of the value of said at least one debiting parameter at the moments of setting up and termination of the connection.
11. The system according to claim 10, characterized in that mes- sages are arranged to be used in the communication between the terminal server (3) and the database server (6); that the means (5) for examining the data transmission between the terminal server (3) and the database server (6) comprise at least one management server (5), through which the data transmission between the terminal server (3) and the database server (6) is arranged to be executed; wherein in the management server (5), the moments of setting up and termination of the connection are arranged to be determined on the basis of the messages transmitted via the management server (5).
PCT/FI2001/001066 2000-12-08 2001-12-07 A method for arranging accounting and a communication system WO2002046983A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002217172A AU2002217172A1 (en) 2000-12-08 2001-12-07 A method for arranging accounting and a communication system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20002694A FI20002694A (en) 2000-12-08 2000-12-08 Method of invoicing and communication system
FI20002694 2000-12-08

Publications (1)

Publication Number Publication Date
WO2002046983A1 true WO2002046983A1 (en) 2002-06-13

Family

ID=8559673

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2001/001066 WO2002046983A1 (en) 2000-12-08 2001-12-07 A method for arranging accounting and a communication system

Country Status (3)

Country Link
AU (1) AU2002217172A1 (en)
FI (1) FI20002694A (en)
WO (1) WO2002046983A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5889958A (en) * 1996-12-20 1999-03-30 Livingston Enterprises, Inc. Network access control system and process
WO1999027556A2 (en) * 1997-11-20 1999-06-03 Xacct Technologies, Inc. Network accounting and billing system and method
WO1999062036A1 (en) * 1998-05-26 1999-12-02 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for charging in a communications network
WO2000055779A1 (en) * 1999-03-17 2000-09-21 Rose, Edward, M. Billing package for web page utilization
WO2001001726A2 (en) * 1999-06-28 2001-01-04 Xacct Technologies, Inc. Method and apparatus for session reconstruction
WO2001039092A1 (en) * 1999-11-29 2001-05-31 Future Tv Technologies, Ltd. Flexible billing system and method for provider media system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5889958A (en) * 1996-12-20 1999-03-30 Livingston Enterprises, Inc. Network access control system and process
WO1999027556A2 (en) * 1997-11-20 1999-06-03 Xacct Technologies, Inc. Network accounting and billing system and method
WO1999062036A1 (en) * 1998-05-26 1999-12-02 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for charging in a communications network
WO2000055779A1 (en) * 1999-03-17 2000-09-21 Rose, Edward, M. Billing package for web page utilization
WO2001001726A2 (en) * 1999-06-28 2001-01-04 Xacct Technologies, Inc. Method and apparatus for session reconstruction
WO2001039092A1 (en) * 1999-11-29 2001-05-31 Future Tv Technologies, Ltd. Flexible billing system and method for provider media system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
REDMOND, C. ET AL.: "Dynamic charging for information services", IEEE COLLOQUIUM ON CHARGING FOR ATM - THE REALITY ARRIVES, 20 November 1997 (1997-11-20), IEEE, LONDON UK, pages 13/1 - 13/10, XP002950232 *

Also Published As

Publication number Publication date
FI20002694A (en) 2002-06-09
AU2002217172A1 (en) 2002-06-18
FI20002694A0 (en) 2000-12-08

Similar Documents

Publication Publication Date Title
CA2296213C (en) Distributed subscriber management
US7054843B2 (en) Method and apparatus in a telecommunications system
CA2500177C (en) Configuration of enterprise gateways
US6834341B1 (en) Authentication methods and systems for accessing networks, authentication methods and systems for accessing the internet
AU741703B2 (en) Implementation of access service
US7389534B1 (en) Method and apparatus for establishing virtual private network tunnels in a wireless network
EP1468540B1 (en) Method and system for secure handling of electronic business transactions on the internet
JP4741193B2 (en) User authentication method and system for network access when connected to the Internet
US20030206533A1 (en) Terminal and repository in a telecommunications system
JP2004505383A (en) System for distributed network authentication and access control
CA2304863A1 (en) Selectable packet-switched and circuit-switched services in a mobile communications network
US20040010713A1 (en) EAP telecommunication protocol extension
US7336941B1 (en) System and method for unified accounting for wireless communication networks
US20040059797A1 (en) System and method for enabling a web user to control network services
US20080155678A1 (en) Computer system for controlling communication to/from terminal
US7409704B1 (en) System and method for local policy enforcement for internet service providers
Ventura Diameter: Next generations AAA protocol
WO2002046983A1 (en) A method for arranging accounting and a communication system
Rensing et al. A survey on AAA mechanisms, protocols, and architectures and a policy-based approach beyond: Ax
FI110899B (en) Procedures and systems for data transmission
US20170222983A1 (en) Providing Communications Security to an End-to-End Communication Connection
US20230198862A1 (en) Method for processing a data packet in a communication network, method for processing a request to change the quality of service level of a connection, method for requesting to change the quality of service level of a connection, method for managing a quality of service, corresponding devices, system and computer programs
FI112137B (en) A system and method for allocating dynamic IP addresses
KR20020059640A (en) Systems and methods for providing dynamic network authorization, authentication and accounting
Metso Service Management in IP Networks

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ CZ DE DE DK DK DM DZ EC EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP