New AAA Business Use Casesfor Wi-Max and 4G Networks

Syed HashmiFounder and CEO

AdvOSS Farhan ZaidiCo-Founder &

CTOAdvOSS

Fawad Pasha

VP SalesAdvOSS

Agenda

1. Quick overview of AAA2. Authentication use cases3. Authorization use cases4. Accounting use cases

Focus: To signify the demands on AAA Applications to realize new use cases

Bridge between Service Delivery & Core

AAA ApplicationsAuthentication handles ‘who’ intends to use

the serviceAuthorization handles ‘what’ service they

want to useAccounting handles ‘how much’ of the service

was used

AAA ApplicationsEach AAA request is now handled by a respective ‘AAA Application’ that interfaces with different functions in core network over multiple interfaces.

AuthenticationPreviously main use case was identification of users.

Authentication: New Use CasesAutomatic AuthenticationExclusivity of devicesControl of MobilityIdentity Theft PreventionAccount Sharing PreventionLoad Sharing among VLANs

Authentication: New Use CasesLawful interceptVirtual OperatorsIP Address AllocationCPE sharingUnsubscribed UsersRoaming

Automatic AuthenticationUsed for automated login of userTechnology used:Reverse IP LookupInterface to HSS

Exclusivity of DevicesOperator may want to exclude devices or CPEs not issued by it.Tech Features:Certificate based authentication (EAP-TLS)

Control of MobilityFor Business or Regulatory reasons, the operator may like the users not to be able to connect beyond a given geographical area of accessTech used:Hunt GroupsAccess Control Lists

Identify Theft ProtectionUsers should not be able to login using stolen IDs or devices. Two factor or multi-factor authentication needs to be supportedTech Used:EAP-TTLS

Account Sharing PreventionOperator for its business, regulatory or other needs, may not want more than one user to share a single account.Tech Used:Concurrency CheckEAP-TTLSInterface to HSS

Load Sharing among VLANsFor larger networks, operator may need to distribute subscribers across multiple VLANsTech Used:Subscriber ZoningVLAN managementLoad Balancing Algorithms

Lawful InterceptAAA is usually an appropriate layer to comply with Lawful Intercept requirements of Real-Time and Near Real-Time monitoring of Signalling and/or media streamsAvailable technologies:Forking ProxiesAAA based routingRule based engines

Virtual OperatorsSupport for multiple virtual operators sharing access networkTech Used:RealmHunt Group based ZoningRule Based EngineForking proxies

IP Address AllocationMaintenance of IP addresses and subnetsTech Used:IP repositoryIP Pools zoning

Allowing device SharingAllowing multiple users to share a single device Tech Used:Combination of EAP-TLS and

UserName/Password authentication

Unsubscribed UsersUnsubscribed users should be able to get access on the fly using their PINsTech Used:Interfaces to Voucher

ManagementInterface to HSS or other

Subscriber ManagementInterface to Provisioning

EngineEAP-TTLS

RoamingRoaming allows home users to get access from visited networks and vice versa.Technologies used:Realm based routingOrigin zoning in Policy

Authentication ResponsesReplying with network entry parametersMixing pre-paid and post-paid subscribersPolicy Enforcement and Bearer Binding

Network Entry ParametersIn response of Authentication, the AAA gives the complete enforcement profile to the enforcement function.

This is a detailed response on ‘how’ is the service to be delivered. Bandwidth, QoS, allowed features etc. are all part of this response

Pre-Paid behavior identificationBased on Authentication, the type of user is identified to enforce Pre-paid behavior. For strictly pre-paid or PAYG (Pay As You Go) users, continuous authorizations or re-authorizations may be initiated.

Bearer BindingDepending on the nature of enforcement point, some information may have to be sent to Bearer Binding functions

AuthorizationInitial AuthorizationRe-Authorizations

Subscription AuthorizationChecking if Subscription is available for the asked Service and if it is valid at the time of requestTech Used:HSS Subscription Manager

Pre-paid QuotaAuthorization Application needs to keep counts of authorized quotas of both usage, duration and events and have arrangements to consume or refund them as needed.Tech UsedSession ManagementQuota ManagementCharging Application

Pre-Paid CreditAuthorizes enough credit for the SessionTech Used:Charging ApplicationRating Engine

ConcurrencyEnforcing concurrency limits on individual subscribersTech Used:Session ManagementProfiles from HSS

Destination ControlFor ‘Destination’ based services, the requested resource may need to be authorized.Tech Used:Request AuthorizationRequest ZoningPolicy Management

Capacity & QoETaking care of capacity issues on ingress and egress and with vendorsTech Used:Policy ServerRequest ZoningSession Management

QoSAsked QoS capability is matched with subscription information to allow/disallow requestTech usedCapability MatchingFlow based authorizationInterface to HSS

Time of Day restrictionsService may be restricted based on time of day or other temporal criteriaTech Used:Policy ServerInterface with Rating Engine

Access Method Control and ChargingIf operator supports multiple access methods (Fiber, Cable, Copper, Wi-Max, Wi-Fi), they may like to restrict users not to be able to access using other methods or they may like to be able to charge them separately.Technology:IP Address ZoningPolicy Server

RoutingLeast Cost Routing or Policy Based Routing for termination of sessionTech Used:LCR (Least Cost Routing)Capacity ManagementPolicy Server

Authorization of Multiple ServicesAAA can authorize multiple services for the same userTech UsedService ManagerService Offering ManagerInterface to HSS

Subscription Add-OnsAdd-on based profilesTech Used:HSS User Profile Manager

PersonalizationPersonalization allows users to change default behaviour as per their own preferences.Tech used:ID based profilesUser Profiles

Re-AuthorizationPrepaid

Quota ReservationChanged QoS including VAS

Authorization ResponsesIf all authorizations are passed, authorization may respond with the following:Allowed Duration or Usage before Re-

Authorization will be needed or session is disconnected

Suggested Routing information if AAA is also doing the Routing towards terminators or vendors

AccountingStart AccountingInterim AccountingStop Accounting

Start AccountingHot liningSession ManagementService Management

Hot-LiningSubscriber is re-directed to a Hot-Lining Application such as a captive portal to perform some remedial action before resuming service usageTechnologies used:

Accounting applicationPolicy ServerCRM (self-care portal)

Session ManagementSessions are inserted, modified and deleted for real-time monitoring, business intelligence and several types of reportingTechnologies used:

Accounting applicationManagement GUI

Interim AccountingReal-Time ChargingTime based pricingTime based quotasFair-Usage PoliciesTime based restrictionsHot-LiningService ManagementAlerting

Real-Time Charging

Online charging based on time, volume or eventsTechnologies used:

Accounting ApplicationRating & Charging engine

Time based Pricing

Price is modified based on service used in different time slots of the day.Technologies used:

Accounting ApplicationRating & ChargingPolicy Server

Time-based QuotasService quotas are allocated to subscribers based on different time slots in the dayTechnologies used:

Accounting ApplicationQuota ManagerPolicy Server

Fair-Usage policies

Subscribers on unlimited plans are gradually reduced the level of service if they consume service units too soon as per Service Provider policyTechnologies used:

Accounting ApplicationPolicy ServerHSS

AlertingBill Day AlertsBill Shock AlertsGrace period Alerts

Technologies used:Accounting

ApplicationAlerting

application

Stop AccountingRevenue AssuranceQoS MonitoringOTT (over the top) Applications

Revenue AssuranceCDR writing on multiple points in the

network

Near Real-Time QoS MonitoringQuality of service for different routes, destination, origins, access methods etc. is monitored in real-time. They include ASR, ACD, PDD, QoS etc.Tech Used:Interface to QoS monitoring application.

General Purpose Use CasesReal-Time MonitoringService AssuranceOTT (Over the Top) and Flow Based

Accounting

Service AssuranceBypassing different interfaces to assure

service continuity in case of system and network failures

Service ManagementService experience and usability is modified based on policy rules, subscriber life cycle events and subscriber’s monetary credit etc.Technologies used:

Accounting ApplicationPolicy ServerHSS

AdvOSS SolutionRadius / Diameter ServerPolicy Server

PCRF CompliantHSSSDP

AAA ApplicationsHot-lining / Captive Portal

Optional Products:Quota ManagerCharging EngineBilling EngineVoucher Management SystemProvisioning EngineMediation

Thank You

For any further query and business with us please feel free to contact us at

sales@advoss.comhttp://advoss.com

Suite 120, 10691 Shellbridge WayRichmond, BC V6X 2W8, Canada

Tel: +1 (604) 800 0269