New AAA Business Use Cases for WiMax and
New AAA Business Use Cases for Wi-Max and 4 G Networks Syed Hashmi Founder and CEO Adv. OSS Farhan Zaidi Co-Founder & CTO Adv. OSS Fawad Pasha VP Sales Adv. OSS
Agenda 1. 2. 3. 4. Quick overview of AAA Authentication use cases Authorization use cases Accounting use cases Focus: To signify the demands on AAA Applications to realize new use cases
Bridge between Service Delivery & Core
AAA Applications �Authentication handles ‘who’ intends to use the service �Authorization handles ‘what’ service they want to use �Accounting handles ‘how much’ of the service was used
AAA Applications Each AAA request is now handled by a respective ‘AAA Application’ that interfaces with different functions in core network over multiple interfaces.
Authentication Previously main use case was identification of users.
Authentication: New Use Cases �Automatic Authentication �Exclusivity of devices �Control of Mobility �Identity Theft Prevention �Account Sharing Prevention �Load Sharing among VLANs
Authentication: New Use Cases �Lawful intercept �Virtual Operators �IP Address Allocation �CPE sharing �Unsubscribed Users �Roaming
Automatic Authentication Used for automated login of user Technology used: �Reverse IP Lookup �Interface to HSS
Exclusivity of Devices Operator may want to exclude devices or CPEs not issued by it. Tech Features: �Certificate based authentication (EAP-TLS)
Control of Mobility For Business or Regulatory reasons, the operator may like the users not to be able to connect beyond a given geographical area of access Tech used: �Hunt Groups �Access Control Lists
Identify Theft Protection Users should not be able to login using stolen IDs or devices. Two factor or multi-factor authentication needs to be supported Tech Used: �EAP-TTLS
Account Sharing Prevention Operator for its business, regulatory or other needs, may not want more than one user to share a single account. Tech Used: �Concurrency Check �EAP-TTLS �Interface to HSS
Load Sharing among VLANs For larger networks, operator may need to distribute subscribers across multiple VLANs Tech Used: �Subscriber Zoning �VLAN management �Load Balancing Algorithms
Lawful Intercept AAA is usually an appropriate layer to comply with Lawful Intercept requirements of Real-Time and Near Real-Time monitoring of Signalling and/or media streams Available technologies: �Forking Proxies �AAA based routing �Rule based engines
Virtual Operators Support for multiple virtual operators sharing access network Tech Used: �Realm �Hunt Group based Zoning �Rule Based Engine �Forking proxies
IP Address Allocation Maintenance of IP addresses and subnets Tech Used: �IP repository �IP Pools zoning
Allowing device Sharing Allowing multiple users to share a single device Tech Used: �Combination of EAP-TLS and User. Name/Password authentication
Unsubscribed Users Unsubscribed users should be able to get access on the fly using their PINs Tech Used: �Interfaces to Voucher Management �Interface to HSS or other Subscriber Management �Interface to Provisioning Engine �EAP-TTLS
Roaming allows home users to get access from visited networks and vice versa. Technologies used: �Realm based routing �Origin zoning in Policy
Authentication Responses �Replying with network entry parameters �Mixing pre-paid and post-paid subscribers �Policy Enforcement and Bearer Binding
Network Entry Parameters In response of Authentication, the AAA gives the complete enforcement profile to the enforcement function. This is a detailed response on ‘how’ is the service to be delivered. Bandwidth, Qo. S, allowed features etc. are all part of this response
Pre-Paid behavior identification Based on Authentication, the type of user is identified to enforce Pre-paid behavior. For strictly pre-paid or PAYG (Pay As You Go) users, continuous authorizations or re-authorizations may be initiated.
Bearer Binding Depending on the nature of enforcement point, some information may have to be sent to Bearer Binding functions
Authorization �Initial Authorization �Re-Authorizations
Subscription Authorization Checking if Subscription is available for the asked Service and if it is valid at the time of request Tech Used: �HSS Subscription Manager
Pre-paid Quota Authorization Application needs to keep counts of authorized quotas of both usage, duration and events and have arrangements to consume or refund them as needed. Tech Used �Session Management �Quota Management �Charging Application
Pre-Paid Credit Authorizes enough credit for the Session Tech Used: �Charging Application �Rating Engine
Concurrency Enforcing concurrency limits on individual subscribers Tech Used: �Session Management �Profiles from HSS
Destination Control For ‘Destination’ based services, the requested resource may need to be authorized. Tech Used: �Request Authorization �Request Zoning �Policy Management
Capacity & Qo. E Taking care of capacity issues on ingress and egress and with vendors Tech Used: �Policy Server �Request Zoning �Session Management
Qo. S Asked Qo. S capability is matched with subscription information to allow/disallow request Tech used �Capability Matching �Flow based authorization �Interface to HSS
Time of Day restrictions Service may be restricted based on time of day or other temporal criteria Tech Used: �Policy Server �Interface with Rating Engine
Access Method Control and Charging If operator supports multiple access methods (Fiber, Cable, Copper, Wi-Max, Wi-Fi), they may like to restrict users not to be able to access using other methods or they may like to be able to charge them separately. Technology: �IP Address Zoning �Policy Server
Routing Least Cost Routing or Policy Based Routing for termination of session Tech Used: �LCR (Least Cost Routing) �Capacity Management �Policy Server
Authorization of Multiple Services AAA can authorize multiple services for the same user Tech Used �Service Manager �Service Offering Manager �Interface to HSS
Subscription Add-Ons �Add-on based profiles Tech Used: �HSS User Profile Manager
Personalization allows users to change default behaviour as per their own preferences. Tech used: �ID based profiles �User Profiles
Re-Authorization �Prepaid �Quota Reservation �Changed Qo. S including VAS
Authorization Responses If all authorizations are passed, authorization may respond with the following: �Allowed Duration or Usage before Re-Authorization will be needed or session is disconnected �Suggested Routing information if AAA is also doing the Routing towards terminators or vendors
Accounting �Start Accounting �Interim Accounting �Stop Accounting
Start Accounting �Hot lining �Session Management �Service Management
Hot-Lining Subscriber is re-directed to a Hot-Lining Application such as a captive portal to perform some remedial action before resuming service usage Technologies used: �Accounting application �Policy Server �CRM (self-care portal)
Session Management Sessions are inserted, modified and deleted for realtime monitoring, business intelligence and several types of reporting Technologies used: �Accounting application �Management GUI
Interim Accounting �Real-Time Charging �Time based pricing �Time based quotas �Fair-Usage Policies �Time based restrictions �Hot-Lining �Service Management �Alerting
Real-Time Charging Online charging based on time, volume or events Technologies used: �Accounting Application �Rating & Charging engine
Time based Pricing Price is modified based on service used in different time slots of the day. Technologies used: �Accounting Application �Rating & Charging �Policy Server
Time-based Quotas Service quotas are allocated to subscribers based on different time slots in the day Technologies used: �Accounting Application �Quota Manager �Policy Server
Fair-Usage policies Subscribers on unlimited plans are gradually reduced the level of service if they consume service units too soon as per Service Provider policy Technologies used: �Accounting Application �Policy Server �HSS
Alerting �Bill Day Alerts �Bill Shock Alerts �Grace period Alerts Technologies used: �Accounting Application �Alerting application
Stop Accounting �Revenue Assurance �Qo. S Monitoring �OTT (over the top) Applications
Revenue Assurance �CDR writing on multiple points in the network
Near Real-Time Qo. S Monitoring Quality of service for different routes, destination, origins, access methods etc. is monitored in real-time. They include ASR, ACD, PDD, Qo. S etc. Tech Used: �Interface to Qo. S monitoring application.
General Purpose Use Cases �Real-Time Monitoring �Service Assurance �OTT (Over the Top) and Flow Based Accounting
Service Assurance �Bypassing different interfaces to assure service continuity in case of system and network failures
Service Management Service experience and usability is modified based on policy rules, subscriber life cycle events and subscriber’s monetary credit etc. Technologies used: �Accounting Application �Policy Server �HSS
Adv. OSS Solution �Radius / Diameter Server �Policy Server �PCRF Compliant �HSS �SDP �AAA Applications �Hot-lining / Captive Portal
Optional Products: �Quota Manager �Charging Engine �Billing Engine �Voucher Management System �Provisioning Engine �Mediation
Thank You For any further query and business with us please feel free to contact us at sales@advoss. com http: //advoss. com Suite 120, 10691 Shellbridge Way Richmond, BC V 6 X 2 W 8, Canada Tel: +1 (604) 800 0269
- Slides: 59