New AAA Business Use Cases for WiMax and

New AAA Business Use Cases for Wi-Max and 4 G Networks Syed Hashmi Founder and CEO Adv. OSS Farhan Zaidi Co-Founder & CTO Adv. OSS Fawad Pasha VP Sales Adv. OSS

Agenda 1. 2. 3. 4. Quick overview of AAA Authentication use cases Authorization use cases Accounting use cases Focus: To signify the demands on AAA Applications to realize new use cases

Bridge between Service Delivery & Core

AAA Applications �Authentication handles ‘who’ intends to use the service �Authorization handles ‘what’ service they want to use �Accounting handles ‘how much’ of the service was used

AAA Applications Each AAA request is now handled by a respective ‘AAA Application’ that interfaces with different functions in core network over multiple interfaces.

Authentication Previously main use case was identification of users.

Authentication: New Use Cases �Automatic Authentication �Exclusivity of devices �Control of Mobility �Identity Theft Prevention �Account Sharing Prevention �Load Sharing among VLANs

Authentication: New Use Cases �Lawful intercept �Virtual Operators �IP Address Allocation �CPE sharing �Unsubscribed Users �Roaming

Automatic Authentication Used for automated login of user Technology used: �Reverse IP Lookup �Interface to HSS

Exclusivity of Devices Operator may want to exclude devices or CPEs not issued by it. Tech Features: �Certificate based authentication (EAP-TLS)

Control of Mobility For Business or Regulatory reasons, the operator may like the users not to be able to connect beyond a given geographical area of access Tech used: �Hunt Groups �Access Control Lists

Identify Theft Protection Users should not be able to login using stolen IDs or devices. Two factor or multi-factor authentication needs to be supported Tech Used: �EAP-TTLS

Account Sharing Prevention Operator for its business, regulatory or other needs, may not want more than one user to share a single account. Tech Used: �Concurrency Check �EAP-TTLS �Interface to HSS

Load Sharing among VLANs For larger networks, operator may need to distribute subscribers across multiple VLANs Tech Used: �Subscriber Zoning �VLAN management �Load Balancing Algorithms

Lawful Intercept AAA is usually an appropriate layer to comply with Lawful Intercept requirements of Real-Time and Near Real-Time monitoring of Signalling and/or media streams Available technologies: �Forking Proxies �AAA based routing �Rule based engines

Virtual Operators Support for multiple virtual operators sharing access network Tech Used: �Realm �Hunt Group based Zoning �Rule Based Engine �Forking proxies

IP Address Allocation Maintenance of IP addresses and subnets Tech Used: �IP repository �IP Pools zoning

Allowing device Sharing Allowing multiple users to share a single device Tech Used: �Combination of EAP-TLS and User. Name/Password authentication

Unsubscribed Users Unsubscribed users should be able to get access on the fly using their PINs Tech Used: �Interfaces to Voucher Management �Interface to HSS or other Subscriber Management �Interface to Provisioning Engine �EAP-TTLS

Roaming allows home users to get access from visited networks and vice versa. Technologies used: �Realm based routing �Origin zoning in Policy

Authentication Responses �Replying with network entry parameters �Mixing pre-paid and post-paid subscribers �Policy Enforcement and Bearer Binding

Network Entry Parameters In response of Authentication, the AAA gives the complete enforcement profile to the enforcement function. This is a detailed response on ‘how’ is the service to be delivered. Bandwidth, Qo. S, allowed features etc. are all part of this response

Pre-Paid behavior identification Based on Authentication, the type of user is identified to enforce Pre-paid behavior. For strictly pre-paid or PAYG (Pay As You Go) users, continuous authorizations or re-authorizations may be initiated.

Bearer Binding Depending on the nature of enforcement point, some information may have to be sent to Bearer Binding functions

Authorization �Initial Authorization �Re-Authorizations

Subscription Authorization Checking if Subscription is available for the asked Service and if it is valid at the time of request Tech Used: �HSS Subscription Manager

Pre-paid Quota Authorization Application needs to keep counts of authorized quotas of both usage, duration and events and have arrangements to consume or refund them as needed. Tech Used �Session Management �Quota Management �Charging Application

Pre-Paid Credit Authorizes enough credit for the Session Tech Used: �Charging Application �Rating Engine

Concurrency Enforcing concurrency limits on individual subscribers Tech Used: �Session Management �Profiles from HSS

Destination Control For ‘Destination’ based services, the requested resource may need to be authorized. Tech Used: �Request Authorization �Request Zoning �Policy Management

Capacity & Qo. E Taking care of capacity issues on ingress and egress and with vendors Tech Used: �Policy Server �Request Zoning �Session Management

Qo. S Asked Qo. S capability is matched with subscription information to allow/disallow request Tech used �Capability Matching �Flow based authorization �Interface to HSS

Time of Day restrictions Service may be restricted based on time of day or other temporal criteria Tech Used: �Policy Server �Interface with Rating Engine

Access Method Control and Charging If operator supports multiple access methods (Fiber, Cable, Copper, Wi-Max, Wi-Fi), they may like to restrict users not to be able to access using other methods or they may like to be able to charge them separately. Technology: �IP Address Zoning �Policy Server

Routing Least Cost Routing or Policy Based Routing for termination of session Tech Used: �LCR (Least Cost Routing) �Capacity Management �Policy Server

Authorization of Multiple Services AAA can authorize multiple services for the same user Tech Used �Service Manager �Service Offering Manager �Interface to HSS

Subscription Add-Ons �Add-on based profiles Tech Used: �HSS User Profile Manager

Personalization allows users to change default behaviour as per their own preferences. Tech used: �ID based profiles �User Profiles

Re-Authorization �Prepaid �Quota Reservation �Changed Qo. S including VAS

Authorization Responses If all authorizations are passed, authorization may respond with the following: �Allowed Duration or Usage before Re-Authorization will be needed or session is disconnected �Suggested Routing information if AAA is also doing the Routing towards terminators or vendors

Accounting �Start Accounting �Interim Accounting �Stop Accounting

Start Accounting �Hot lining �Session Management �Service Management

Hot-Lining Subscriber is re-directed to a Hot-Lining Application such as a captive portal to perform some remedial action before resuming service usage Technologies used: �Accounting application �Policy Server �CRM (self-care portal)

Session Management Sessions are inserted, modified and deleted for realtime monitoring, business intelligence and several types of reporting Technologies used: �Accounting application �Management GUI

Interim Accounting �Real-Time Charging �Time based pricing �Time based quotas �Fair-Usage Policies �Time based restrictions �Hot-Lining �Service Management �Alerting

Real-Time Charging Online charging based on time, volume or events Technologies used: �Accounting Application �Rating & Charging engine

Time based Pricing Price is modified based on service used in different time slots of the day. Technologies used: �Accounting Application �Rating & Charging �Policy Server

Time-based Quotas Service quotas are allocated to subscribers based on different time slots in the day Technologies used: �Accounting Application �Quota Manager �Policy Server

Fair-Usage policies Subscribers on unlimited plans are gradually reduced the level of service if they consume service units too soon as per Service Provider policy Technologies used: �Accounting Application �Policy Server �HSS

Alerting �Bill Day Alerts �Bill Shock Alerts �Grace period Alerts Technologies used: �Accounting Application �Alerting application

Stop Accounting �Revenue Assurance �Qo. S Monitoring �OTT (over the top) Applications

Revenue Assurance �CDR writing on multiple points in the network

Near Real-Time Qo. S Monitoring Quality of service for different routes, destination, origins, access methods etc. is monitored in real-time. They include ASR, ACD, PDD, Qo. S etc. Tech Used: �Interface to Qo. S monitoring application.

General Purpose Use Cases �Real-Time Monitoring �Service Assurance �OTT (Over the Top) and Flow Based Accounting

Service Assurance �Bypassing different interfaces to assure service continuity in case of system and network failures

Service Management Service experience and usability is modified based on policy rules, subscriber life cycle events and subscriber’s monetary credit etc. Technologies used: �Accounting Application �Policy Server �HSS

Adv. OSS Solution �Radius / Diameter Server �Policy Server �PCRF Compliant �HSS �SDP �AAA Applications �Hot-lining / Captive Portal

Optional Products: �Quota Manager �Charging Engine �Billing Engine �Voucher Management System �Provisioning Engine �Mediation

Thank You For any further query and business with us please feel free to contact us at sales@advoss. com http: //advoss. com Suite 120, 10691 Shellbridge Way Richmond, BC V 6 X 2 W 8, Canada Tel: +1 (604) 800 0269