1 / 59

New AAA Business Use Cases for Wi-Max and 4G Networks

New AAA Business Use Cases for Wi-Max and 4G Networks. Syed Hashmi Founder and CEO AdvOSS. Farhan Zaidi Co-Founder & CTO AdvOSS. Fawad Pasha VP Sales AdvOSS. Agenda. Quick overview of AAA Authentication use cases Authorization use cases Accounting use cases

gary
Download Presentation

New AAA Business Use Cases for Wi-Max and 4G Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. New AAA Business Use Casesfor Wi-Max and 4G Networks Syed Hashmi Founder and CEO AdvOSS Farhan Zaidi Co-Founder & CTO AdvOSS Fawad Pasha VP Sales AdvOSS

  2. Agenda • Quick overview of AAA • Authentication use cases • Authorization use cases • Accounting use cases Focus: To signify the demands on AAA Applications to realize new use cases

  3. Bridge between Service Delivery & Core

  4. AAA Applications • Authentication handles ‘who’ intends to use the service • Authorization handles ‘what’ service they want to use • Accounting handles ‘how much’ of the service was used

  5. AAA Applications Each AAA request is now handled by a respective ‘AAA Application’ that interfaces with different functions in core network over multiple interfaces.

  6. Authentication Previously main use case was identification of users.

  7. Authentication: New Use Cases • Automatic Authentication • Exclusivity of devices • Control of Mobility • Identity Theft Prevention • Account Sharing Prevention • Load Sharing among VLANs

  8. Authentication: New Use Cases • Lawful intercept • Virtual Operators • IP Address Allocation • CPE sharing • Unsubscribed Users • Roaming

  9. Automatic Authentication Used for automated login of user Technology used: • Reverse IP Lookup • Interface to HSS

  10. Exclusivity of Devices Operator may want to exclude devices or CPEs not issued by it. Tech Features: • Certificate based authentication (EAP-TLS)

  11. Control of Mobility For Business or Regulatory reasons, the operator may like the users not to be able to connect beyond a given geographical area of access Tech used: • Hunt Groups • Access Control Lists

  12. Identify Theft Protection Users should not be able to login using stolen IDs or devices. Two factor or multi-factor authentication needs to be supported Tech Used: • EAP-TTLS

  13. Account Sharing Prevention Operator for its business, regulatory or other needs, may not want more than one user to share a single account. Tech Used: • Concurrency Check • EAP-TTLS • Interface to HSS

  14. Load Sharing among VLANs For larger networks, operator may need to distribute subscribers across multiple VLANs Tech Used: • Subscriber Zoning • VLAN management • Load Balancing Algorithms

  15. Lawful Intercept AAA is usually an appropriate layer to comply with Lawful Intercept requirements of Real-Time and Near Real-Time monitoring of Signalling and/or media streams Available technologies: • Forking Proxies • AAA based routing • Rule based engines

  16. Virtual Operators Support for multiple virtual operators sharing access network Tech Used: • Realm • Hunt Group based Zoning • Rule Based Engine • Forking proxies

  17. IP Address Allocation Maintenance of IP addresses and subnets Tech Used: • IP repository • IP Pools zoning

  18. Allowing device Sharing Allowing multiple users to share a single device Tech Used: • Combination of EAP-TLS and UserName/Password authentication

  19. Unsubscribed Users Unsubscribed users should be able to get access on the fly using their PINs Tech Used: • Interfaces to Voucher Management • Interface to HSS or other Subscriber Management • Interface to Provisioning Engine • EAP-TTLS

  20. Roaming Roaming allows home users to get access from visited networks and vice versa. Technologies used: • Realm based routing • Origin zoning in Policy

  21. Authentication Responses • Replying with network entry parameters • Mixing pre-paid and post-paid subscribers • Policy Enforcement and Bearer Binding

  22. Network Entry Parameters In response of Authentication, the AAA gives the complete enforcement profile to the enforcement function. This is a detailed response on ‘how’ is the service to be delivered. Bandwidth, QoS, allowed features etc. are all part of this response

  23. Pre-Paid behavior identification Based on Authentication, the type of user is identified to enforce Pre-paid behavior. For strictly pre-paid or PAYG (Pay As You Go) users, continuous authorizations or re-authorizations may be initiated.

  24. Bearer Binding Depending on the nature of enforcement point, some information may have to be sent to Bearer Binding functions

  25. Authorization • Initial Authorization • Re-Authorizations

  26. Subscription Authorization Checking if Subscription is available for the asked Service and if it is valid at the time of request Tech Used: • HSS Subscription Manager

  27. Pre-paid Quota Authorization Application needs to keep counts of authorized quotas of both usage, duration and events and have arrangements to consume or refund them as needed. Tech Used • Session Management • Quota Management • Charging Application

  28. Pre-Paid Credit Authorizes enough credit for the Session Tech Used: • Charging Application • Rating Engine

  29. Concurrency Enforcing concurrency limits on individual subscribers Tech Used: • Session Management • Profiles from HSS

  30. Destination Control For ‘Destination’ based services, the requested resource may need to be authorized. Tech Used: • Request Authorization • Request Zoning • Policy Management

  31. Capacity & QoE Taking care of capacity issues on ingress and egress and with vendors Tech Used: • Policy Server • Request Zoning • Session Management

  32. QoS Asked QoS capability is matched with subscription information to allow/disallow request Tech used • Capability Matching • Flow based authorization • Interface to HSS

  33. Time of Day restrictions Service may be restricted based on time of day or other temporal criteria Tech Used: • Policy Server • Interface with Rating Engine

  34. Access Method Control and Charging If operator supports multiple access methods (Fiber, Cable, Copper, Wi-Max, Wi-Fi), they may like to restrict users not to be able to access using other methods or they may like to be able to charge them separately. Technology: • IP Address Zoning • Policy Server

  35. Routing Least Cost Routing or Policy Based Routing for termination of session Tech Used: • LCR (Least Cost Routing) • Capacity Management • Policy Server

  36. Authorization of Multiple Services AAA can authorize multiple services for the same user Tech Used • Service Manager • Service Offering Manager • Interface to HSS

  37. Subscription Add-Ons • Add-on based profiles Tech Used: • HSS User Profile Manager

  38. Personalization Personalization allows users to change default behaviour as per their own preferences. Tech used: • ID based profiles • User Profiles

  39. Re-Authorization • Prepaid • Quota Reservation • Changed QoS including VAS

  40. Authorization Responses If all authorizations are passed, authorization may respond with the following: • Allowed Duration or Usage before Re-Authorization will be needed or session is disconnected • Suggested Routing information if AAA is also doing the Routing towards terminators or vendors

  41. Accounting • Start Accounting • Interim Accounting • Stop Accounting

  42. Start Accounting • Hot lining • Session Management • Service Management

  43. Hot-Lining Subscriber is re-directed to a Hot-Lining Application such as a captive portal to perform some remedial action before resuming service usage Technologies used: • Accounting application • Policy Server • CRM (self-care portal)

  44. Session Management Sessions are inserted, modified and deleted for real-time monitoring, business intelligence and several types of reporting Technologies used: • Accounting application • Management GUI

  45. Interim Accounting • Real-Time Charging • Time based pricing • Time based quotas • Fair-Usage Policies • Time based restrictions • Hot-Lining • Service Management • Alerting

  46. Real-Time Charging Online charging based on time, volume or events Technologies used: • Accounting Application • Rating & Charging engine

  47. Time based Pricing Price is modified based on service used in different time slots of the day. Technologies used: • Accounting Application • Rating & Charging • Policy Server

  48. Time-based Quotas Service quotas are allocated to subscribers based on different time slots in the day Technologies used: • Accounting Application • Quota Manager • Policy Server

  49. Fair-Usage policies Subscribers on unlimited plans are gradually reduced the level of service if they consume service units too soon as per Service Provider policy Technologies used: • Accounting Application • Policy Server • HSS

  50. Alerting • Bill Day Alerts • Bill Shock Alerts • Grace period Alerts Technologies used: • Accounting Application • Alerting application

More Related