WO2019096368A1 - Network entities, system and methods for agreement management and access control for services in a communication system - Google Patents

Network entities, system and methods for agreement management and access control for services in a communication system Download PDF

Info

Publication number
WO2019096368A1
WO2019096368A1 PCT/EP2017/079166 EP2017079166W WO2019096368A1 WO 2019096368 A1 WO2019096368 A1 WO 2019096368A1 EP 2017079166 W EP2017079166 W EP 2017079166W WO 2019096368 A1 WO2019096368 A1 WO 2019096368A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
request
information
operator network
network
Prior art date
Application number
PCT/EP2017/079166
Other languages
French (fr)
Inventor
Osama Abboud
Ishan Vaishnavi
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Priority to PCT/EP2017/079166 priority Critical patent/WO2019096368A1/en
Publication of WO2019096368A1 publication Critical patent/WO2019096368A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/40Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5003Managing SLA; Interaction between SLA and QoS
    • H04L41/5009Determining service level performance parameters or violations of service level contracts, e.g. violations of agreed response time or mean time between failures [MTBF]
    • H04L41/5012Determining service level performance parameters or violations of service level contracts, e.g. violations of agreed response time or mean time between failures [MTBF] determining service availability, e.g. which services are available at a certain point in time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5003Managing SLA; Interaction between SLA and QoS
    • H04L41/5019Ensuring fulfilment of SLA
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5003Managing SLA; Interaction between SLA and QoS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5003Managing SLA; Interaction between SLA and QoS
    • H04L41/5006Creating or negotiating SLA contracts, guarantees or penalties
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5003Managing SLA; Interaction between SLA and QoS
    • H04L41/5009Determining service level performance parameters or violations of service level contracts, e.g. violations of agreed response time or mean time between failures [MTBF]

Definitions

  • the present invention generally relates to the field of telecommunications network technology, in particular to the 5G multi-domain application field.
  • the present invention relates to a network entity for controlling agreement information for services in a communication system, and a network entity for controlling access to an operator network. Further, the invention relates to a method for controlling agreement information for services in a communication system, and an operator management system.
  • 5G 5th Generation mobile technology
  • OSS/BSS systems should offer more efficient procedures and functions regarding life cycle management of services to the customer and operators when managing such services or slices.
  • offering such new technical possibilities challenges access security and end to end management procedures for the new services.
  • 5G fifth generation
  • network services can be customized based on the requirements, thereby increasing the network operation efficiency.
  • An object of the present invention is to improve the network architecture and operational procedures for controlling access and managing agreements with end customers or operators.
  • it is a further object of the invention to improve procedures for slice negotiation, for slice instantiation control, for slice activation control and slice modification control.
  • the invention relates to network entity for controlling agreement information for services in a communication system
  • the network entity is configured to receive, from a customer system, a request comprising requirements for a part of or complete service and contract information of the customer system regarding an operator network, evaluate if the request is within a given range of the contract information, and if the result of the evaluation is positive, send, to a management function of the operator network, a request for determining resources for the service, receive a request response comprising information regarding the determined resources for the service in the operator network and further requirements regarding further resources for the service in a different operator network, send, to the different operator network, the further requirements for the service for determining further resources for the service in the different operator network, receive, from the different operator network, a response comprising information regarding the determined further resources for the service in the different operator network and associated agreement information for the service of the different operator network, send, to the customer system , a request response comprising information regarding the associated agreement information for the service.
  • this entity ensures that the process of implementing new services across multiple operator networks is faster and more efficient. Furthermore, this entity also advantageously ensures that an operator can control the amount of resources that will be used for the service in a communication system by using this entity. It also inhibits abusing the operator's network or requesting too much resources.
  • Such a request can also be received from the different operator network.
  • a service in particular in a communication system, is defined as a managed entity offered by an operator or service provider including a service level agreement.
  • a service could include a 5G communication service, a slice, part of a slice, a network function, or an infrastructure.
  • This entity advantageously ensures that implementing services across multiple operators enables simpler workflows or work procedures.
  • the entity further advantageously ensures faster and much more efficient implementing of customer services for millions of devices by directly including (technical) requirements related to the services during service negotiation or service instantiation procedure.
  • the network entity is further configured to send, to the different operator network , a request for negotiating the service , the request comprising operator network information and access credentials for verifying access to the different operator network, receive, from the different operator network, a request response comprising an invitation for sending a request comprising requirements for a service, send the invitation to the customer system.
  • this configuration enables a faster and more efficient instantiation and activation of the service across multiple operator networks based on the customer's requirements.
  • the network entity is further configured to receive, from the customer system, a request for instantiating the service, wherein the request comprises information about the service and the associated agreement information, validate the agreement information and the request related to the agreement information, and if the result of the validation is positive, send, to the management function of the operator network, the request for instantiating the service, receive, from the management function of the operator network, a request response comprising information about the instantiating of the service in the operator network, send the request for instantiating the service to the different operator network, receive a response comprising information that about the instantiating of the service in the different operator network, send, to the customer system, a response comprising information about the instantiating of the service.
  • the customer receives directly information about instantiating of his service in the communication system.
  • the network entity is further configured to receive, from the customer system, a request for activating the service, wherein the request comprises information about the service and the associated agreement information, validate the agreement information and the request related to the agreement information, and if the result of the validation is positive, send, to the management function of the operator network, the request for activating the service, receive a request response comprising information about the activating of the service in the operator network, send the request for activating the service to the different operator network, receive a response comprising information that about the activating of the service in the different operator network, send, to the customer system, a response comprising information about the activating of the service.
  • the network entity is configured to receive, from the customer system, a request for modifying the service, wherein the request comprises information about the service, the associated agreement information and modified requirements for the service, validate the agreement information and evaluate if the modified requirements is within the given range of the contract information of the customer system, and if the result of the validation is positive then proceed with the next steps, if the result is negative then return a negative request response to the customer system, send, to the management function of the operator network, the request for modifying the service, receive a request response comprising information about the modifying of the service in the operator network, send the request for modifying the service to the different operator network, receive a request response comprising information about the modifying of the service in the different operator network, send, to the customer system, a response comprising information about the modifying of the service.
  • a requirement is specifying technical resources such as computing resources, storing resources and networking resources as defined in 3GPP TS 23.501 VI.4.0.
  • the requirement comprises a tuple or dataset comprising information regarding required compute resources, storage resources and networking resources for the service.
  • These different resources of an operator network are necessary to instantiate, create, activate, modify and delete a service in a communication system as defined above.
  • a resource can be a virtual machine (VM).
  • VM virtual machine
  • initial requirements related to the necessary technical resources are communicated by a customer system to an operator network.
  • the responsible operator management system determines the remaining necessary technical resources or further requirements.
  • the further requirements can be assigned to at least one different operator network. Further during the life-cycle of the service it might be necessary to modify the technical resources of the service in the communication system. In such a case modified requirements will be communicated.
  • the network entity advantageously supports the request for modifying for the service by simplifying the coordination across multiple operator networks.
  • the negative request response is an error message indicating that the modified requirements are out of the given range.
  • the network entity comprises a database, the database comprising contract information and agreement information of customer systems.
  • the network entity is further configured to add associated agreement information to the database.
  • the network entity is further configured to receive the request from the customer system via an entity for delegating a request message to a responsible entity within the operator management system.
  • the invention relates to a network entity for controlling access to an operator network, the network entity is configured to receive, from a customer system, an access request comprising access credentials for verifying the customer system, verify the access credentials, if the verification is positive proceed with the next step, and if the verification is negative then send an negative request response comprising information about denying the requested access, send an access request response comprising information about the authorizing of the requested access.
  • this network entity ensures by exploiting service specific request validation methods that operator networks are protected against Denial of Service attacks and furthermore, it ensures having methods to use policies to control large scale services and orchestration.
  • the network entity is further configured to receive the access request from the customer system via an entity for delegating a request message to a responsible entity within the operator management system.
  • the network entity comprises an interface for exchanging messages with the entity for delegating a request message to a responsible entity within the operator management system.
  • the interface ensures effective and efficient communication between the respective entities; ensuring the exchanging of messages between the entities for the different procedures of negotiation, instantiation, activation or modification of a service.
  • the invention relates to an operator management system, the operator management system comprising a network entity for controlling agreement information for services according to one of the implementations of the network entity according to the first aspect, and a network entity for controlling access to an operator network according to one of the implementations of the network entity according to the third aspect.
  • the system further comprises an entity for delegating a request message to a responsible entity within the operator management system, a first interface between the network entity for controlling agreement information for services and the entity for delegating a request message to a responsible entity within the operator management system, and a second interface between the entity for delegating a request message to a responsible entity within the operator management system and the network entity for controlling access to an operator network, each interface is configured to transfer messages between the entities of the operator management system.
  • the invention relates to a method, at a network entity, for controlling agreement information for services in a communication system, the method comprises the following steps of receiving, from a customer system, a request comprising requirements for a service and contract information of the customer system regarding an operator network, evaluating if the request is within a given range of the contract information, and if the result of the evaluation is positive, sending, to a management function of the operator network, a request for determining resources for the service, receiving a request response comprising information regarding resources for the service in the operator network and further requirements regarding further resources for the service in a different operator network, sending, to the different operator network, the further requirements for the service for determining further resources for the service in the different operator network, receiving, from the different operator network, a response comprising information regarding the further resources for the service in the different operator network and associated agreement information for the service of the different operator network, sending, to the customer system, a request response comprising information regarding the associated agreement information for the service.
  • this method ensures that the process of implementing new services in a communication system across multiple operator networks is faster and more efficient Furthermore, this method also advantageously ensures that a limited amount of maximum resources to be used by the customer are guaranteed. With the pre-set network-based support provided by the method customers can easily manage their own services together with the operators hosting those services. This method advantageously ensures that implementing services across multiple operators enables simpler workflows or work procedures. The method further advantageously ensures faster and much more efficient implementing of customer services for millions of devices by directly including (technical) requirements related to the services during service negotiation or service instantiation procedure.
  • the method comprises the following steps of sending, to the different operator network, a request for negotiating the service, the request comprising operator network information and access credentials for verifying access to the different operator network, receiving, from the different operator network, a request response comprising an invitation for sending a request comprising requirements for a service, sending the invitation to the customer system.
  • the method comprises the following steps of receiving, from the customer system, a request for instantiating the service, the request comprises information about the service and the associated agreement information, validating the agreement information and the request related to the agreement information, and if the result of the validation is positive, sending, to the management function of the operator network, the request for instantiating the service, receiving, from the management function of the operator network, a request response comprising information about the instantiating of the service in the operator network, sending the request for instantiating the service to the different operator network, receiving a response comprising information that about the instantiating of the service in the different operator network, sending, to the customer system, a response comprising information about the instantiating of the service.
  • the customer system receives directly information about instantiating of his service in the communication system.
  • the method advantageously simplifies the instantiating of a service across multiple network operators.
  • the method comprises the following steps of receiving, from the customer system, a request for activating the service, the request comprises information about the service and the associated agreement information, validating the agreement information and the request related to the agreement information, and if the result of the validation is positive, sending, to the management function of the operator network, the request for activating the service, receiving a request response comprising information about the activating of the service in the operator network, sending the request for activating the service to the different operator network, receiving a response comprising information that about the activating of the service in the different operator network, sending, to the customer system, a response comprising information about the activating of the service.
  • the method comprises the following steps of receiving, from the customer system, a request for modifying the service, the request comprises information about the service, the associated agreement information and modified requirements for the service, validating the agreement information and evaluate if the modified requirements is within the given range of the contract information of the customer system, and if the result of the validation is positive then proceed with the next steps, if the result is negative then return a negative request response to the customer system, sending, to the management function of the operator network, the request for modifying the service, receiving a request response comprising information about the modifying of the service in the operator network, sending the request for modifying the service to the different operator network, receive a request response comprising information about the modifying of the service in the different operator network, sending, to the customer system , a response comprising information about the modifying of the service.
  • this method advantageously support the request for modifying for the service by simplifying the coordination across multiple operator networks.
  • the negative request response is an error message indicating that the modified requirements are out of the given range.
  • the above apparatuses may be implemented based on a discrete hardware circuitry with discrete hardware components, integrated chips or arrangements of chip modules, or based on a signal processing device or chip controlled by a software routine or program stored in a memory, written on a computer-readable medium or downloaded from a network such as the internet.
  • Fig. 1 shows an operator management system according to an embodiment of the present invention
  • Fig. 2 shows a schematic flow diagram regarding network slice negotiation and instantiation according to an embodiment of the present invention
  • Fig. 3 shows a schematic flow diagram regarding network slice activation according to an embodiment of the present invention
  • Fig. 4a shows a schematic flow diagram regarding network slice modification according to an embodiment of the present invention.
  • Fig. 4b shows a schematic flow diagram regarding network slice modification according to an embodiment of the present invention.
  • Fig. 1 shows a customer system 110, an operator management system 100 and an operator network 180.
  • the operator management system 100 comprises an agreement manager 140, and access policy manager 130, a delegation entity 120 and slice management functions 150.
  • the operator management system 100 is linked to the customer system 110 and to the operator network 180 via a programmable interface 105.
  • the operator management system 100 comprises a first interface 145 between the agreement manager and the delegation entity with in the operator management system 100, second interface 135 between the delegation entity 120 and the access policy manager.
  • Each interface 125, 135, 145 is configured to transfer messages between the entity's 120, 130, 140, 150 with in the operator management system 100.
  • a customer system 110 can be for example a technical device or technical entity, e.g. a user equipment, a server unit, a computer, via which a user sends his request.
  • a technical device or technical entity e.g. a user equipment, a server unit, a computer, via which a user sends his request.
  • Fig. 2 shows a schematic flow diagram regarding network slice negotiation and instantiation according to an embodiment of the present invention:
  • step 201 the customer system 110 sends an initiate negotiation message comprising a customer identifier and access credentials to the delegation entity 120.
  • Access credentials comprise access related information for authorising access to the telecommunications network, in particular a customer identifier or an operator identifier.
  • the access related information comprises a password, a token, or a "public key encryption" key.
  • step 202 the delegation entity sends an access request comprising the customer ID and the access credentials to the access policy manager 130.
  • the access policy manager 130 verifies the received access credentials and checks the received customer ID against internal policies and returns an acknowledge message in step 203 to the delegation entity 120.
  • An internal policy is defined by the network operator.
  • the network operator defines who is allowed to access the network and to conduct transactions with the internal policy.
  • an internal policy comprises for example a white list, blacklist or similar.
  • the delegation entity 120 sends an initiate negotiation request comprising the customer ID to the agreement manager 140 in step 204.
  • the agreement manager 140 forwards the initiate negotiation request comprising an operator ID and the access credentials to a different operator network 180.
  • step 206 the different operator network 180 verifies if the operator ID and the access credentials are valid, the operator network 180 checks the operator ID against the internal policy of the different operator network and evaluates the access credentials of the received request. If the operator ID and the access credentials are valid, the different operator network 180 will confirm the request in step 207 to the agreement manager 140 and also ask for requirements for the service to be negotiated.
  • the different operator also defines its internal policy for the different operator network as described for the operator in step 202.
  • step 208 the agreement manager 140 confirms the request of the customer system 110 via the delegation entity 120 and also forwards the request for sending requirements for the service to be negotiated.
  • step 209 the customer system sends a request comprising requirements for a part or complete service and the contract information of the customer system to the agreement manager 140.
  • the request can be sent to the delegation entity 122 and the delegation entity 122 forwards the request to the agreement manager 140.
  • step 210 the agreement manager 140 evaluates if the request is within a given range of the contract information. If the result of the evaluation is positive the agreement manager 140 a request for determining resources for the service to a slice management function 150 with in the operator network.
  • a given range is defined by an interval between the smallest and largest value of an amount of computing, storage or networking resources as defined in 3GPP TS 23.501.
  • the contract information comprises information related to a contract of a customer with an operator, or a contract between two operators, particularly between the operator network and at least one different operator network.
  • this information comprises a contract identifier, an operator identifier or an identifier associated with a customer contract or operator agreement.
  • Requirements, further requirements or modified requirements regarding resources comprises general slice requirements related to computing, storage or networking resources as defined in 3GPP TS 23.501.
  • step 211 the slice management function 150 checks the availability of local resources against the received request in step 210. In case, the local resources does not fulfil the request completely, the slice management function 150 will send the request response comprising information regarding resources for the service in the operator network and further requirements regarding further resources for the service in a different operator network 180.
  • step 212 the agreement manager 140 sends the further requirements regarding resources for the service for determining further resources for the service in the different operator network 180.
  • step 213 the different operator network 180 performs an evaluation procedure according to steps 210 and 211.
  • the different operator network 180 will confirm the request with the message in step 214, the message comprising information regarding the further resources for the service in the different operator network 180 and associated agreement information for the service of the different operator network 180.
  • the message comprises a slice identifier related to the different operator network 180 and an agreement identifier.
  • step 215 the agreement manager 140 receives the message of step 214 and adds the information regarding the further resources for the service in the different operator network 180, in particular the slice identifier, and the associated agreement information for the service of the different operator network 180 to its database.
  • the operator can use this database for example to run queries to estimate the amount of required resources by its customer.
  • step 216 the agreement manager 140 sends a request response comprising information regarding the associated agreement information for the service to the customer system 110.
  • the request response of step 216 is forwarded by the delegation entity 122 the customer system 110.
  • the customer system 110 sends a request regarding instantiating the service via the delegation entity 122 the agreement manager 140.
  • the request comprises information about the service and the associated agreement information, in particular slice identifier and agreement identifier.
  • step 219 the agreement manager 140 validates the agreement information and the request related to the agreement information of the received request. If the result of the validation is positive, the agreement manager 140 sends the request for instantiating the service to the slice management function 150 within the operator network in step 220.
  • step 221 the slice management function 150 instantiates the service, in particular the respective resources of the service in the operator network based on the received slice identifier.
  • step 222 the slice management function 150 confirms the instantiation of the service to the agreement manager 140.
  • step 223 the agreement manager 140 sends the request for instantiating the service to the different operator network 180.
  • step 224 the operator network 180 validates the agreement information, in particular the agreement identifier, and instantiates the further resources of the service in the different operator network 180.
  • step 225 the different operator network 180 sends a confirmation message that the service is instantiated in the different operator network 180 the agreement manager 140.
  • step 226 the agreement manager sends the received confirmation messages from the slice management function 150 and from the different operator network to the customer system 110.
  • Fig. 3 shows a schematic flow diagram regarding network slice activation according to an embodiment of the present invention:
  • step 301 the customer system 110 sends a request for activating the service to the delegation entity 120.
  • This request comprises information about the service and the associated agreement information, in particular the agreement identifier, service identifier, customer identifier and access credentials.
  • step 302 the delegation entity 120 sends an access request comprising the access credentials for verifying the customer system 110 to the access policy manager 130.
  • step 303 the access policy manager 130 verifies the axis credentials against internal operator policies. If the verification is positive the access policy manager 130 will send an access request response comprising information about the authorising of the requested access to the delegation entity 120.
  • step 304 the delegation entity sends the request for activating the service as described in step 301 to the agreement manager 140.
  • step 305 the agreement manager 140 validates the agreement information and the request related to the agreement information. If the result of the validation is positive,
  • step 306 the agreement manager 140 sends the request for activating the service to the slice management function 150.
  • step 307 the slice management function validates the request and confirms the activation of the service to the agreement manager 140 by sending a request response in step 308. If further resources for the service to be activated the instantiated, the agreement manager 140 will also send a request for activating the service in step 308a to the different operator network 180.
  • step 309 the different operator network 180 validates the request and confirms the activation of the service by sending a request response to the agreement manager 140 in step
  • step 311 and 312 the agreement manager 140 sends a response comprising information about the activation of the service to the customer system 110.
  • Fig. 4a shows a schematic flow diagram regarding network slice modification according to an embodiment of the present invention:
  • step 401 the customer system 110 sends a request for modifying the service to the delegation entity 120.
  • This request comprises information about the service, the associated agreement information, in particular the agreement identifier, service identifier, customer identifier, access credentials and modified requirements for the service.
  • step 402 the delegation entity 120 sends an access request comprising the received access credentials for verifying the customer system 110 to the access policy manager 130.
  • step 403 the access policy manager 130 verifies the axis credentials against internal operator policies. If the verification is positive, the access policy manager 130 will send an access request response comprising information about the authorising of the requested access to the delegation entity 120 in step 404.
  • step 405 the delegation entity sends the request for modifying the service described above in step 401 to the agreement manager 140.
  • step 406 the agreement manager 140 validates the agreement information and evaluate if the modified requirements are within the given range of the contract information of the customer system. If the result of the validation is positive, in step 407 the agreement manager 140 sends the request for modifying the service to the slice management function 150.
  • step 408 the slice management function validates the request and confirms the activation of the service by sending a request response to the agreement manager 140 in step 409.
  • the request response comprises information about the modifying of the service in the operator network. If further resources for the service needs to be modified in a different operator network, the agreement manager 140 will also send a request for modifying the service to the different operator network 180 in step 410.
  • step 411 the different operator network 180 validates the request and confirms the modification by sending a response comprising information about the modifying of the service to the agreement manager 140 in step 411a.
  • step 412 and 413 the agreement manager 140 sends a response comprising information about the modification of the service to the customer system 110.
  • Fig. 4b shows a schematic flow diagram regarding network slice modification according to an embodiment of the present invention:
  • step 408 if the result of the evaluation is negative, which means the modified requirements are out of the given range of the contract information of the customer system 110.
  • the agreement manager 140 will skip steps 407 to 411 as described in Fig. 4a and returns a negative request response to the customer system 110 in step 412 and 413 to the customer system.
  • the negative request responds is an error message indicating that the modified requirements are out of the given range.
  • a computer program may be stored/distributed on a suitable medium, such as an optical storage medium or a solid-state medium supplied together with or as part of other hardware, but may also be distributed in other forms, such as via the Internet or other wired or wireless telecommunication systems.
  • a suitable medium such as an optical storage medium or a solid-state medium supplied together with or as part of other hardware, but may also be distributed in other forms, such as via the Internet or other wired or wireless telecommunication systems.

Abstract

A network entity (140) is proposed for controlling agreement information for services in a communication system. The Network entity (140) is configured to receive, from a customer system, a request comprising requirements for a part of or complete service and contract information of the customer system regarding an operator network, evaluate if the request is within a given range of the contract information, and if the result of the evaluation is positive, send, to a management function (150) of the operator network, a request for determining resources for the service, receive a request response comprising information regarding the determined resources for the service in the operator network and further requirements regarding further resources for the service in a different operator network (180), send, to the different operator network (180), the further requirements for the service for determining further resources for the service in the different operator network (180), receive, from the different operator network (180), a response comprising information regarding the determined further resources for the service in the different operator network (180) and associated agreement information for the service of the different operator network (180), send, to the customer system, a request response comprising information regarding the associated agreement information for the service.

Description

TITLE
Network entities, system and methods for agreement management and access control for services in a communication system
TECHNICAL FIELD
The present invention generally relates to the field of telecommunications network technology, in particular to the 5G multi-domain application field. The present invention relates to a network entity for controlling agreement information for services in a communication system, and a network entity for controlling access to an operator network. Further, the invention relates to a method for controlling agreement information for services in a communication system, and an operator management system.
BACKGROUND
Towards 5th Generation mobile technology (5G) substantial efforts are being made in order to enable next generation communication systems. The 5G endeavor is driven by diversified use cases and scenarios. These range from high bandwidth, to ultra-low latency, and high reliability applications and use-cases. To support such cases it is essential that an operator provides new interfaces to customers and/or other operators to achieve new business models.
Further, OSS/BSS systems should offer more efficient procedures and functions regarding life cycle management of services to the customer and operators when managing such services or slices. However, offering such new technical possibilities challenges access security and end to end management procedures for the new services.
The concept of slicing or network slicing is introduced in fifth generation, 5G, communication systems in order to address the various requirements from multiple vertical industries assuming a shared network infrastructure. Correspondingly, network services can be customized based on the requirements, thereby increasing the network operation efficiency. SUMMARY
Having recognized the above-mentioned disadvantages and problems, the present invention aims to improve the state of the art. An object of the present invention is to improve the network architecture and operational procedures for controlling access and managing agreements with end customers or operators. In particular, it is a further object of the invention to improve procedures for slice negotiation, for slice instantiation control, for slice activation control and slice modification control.
The above-mentioned object is achieved by the features of the independent claims. Further embodiments of the invention are apparent from the dependent claims, the description and the figures.
According to a first aspect, the invention relates to network entity for controlling agreement information for services in a communication system, the network entity is configured to receive, from a customer system, a request comprising requirements for a part of or complete service and contract information of the customer system regarding an operator network, evaluate if the request is within a given range of the contract information, and if the result of the evaluation is positive, send, to a management function of the operator network, a request for determining resources for the service, receive a request response comprising information regarding the determined resources for the service in the operator network and further requirements regarding further resources for the service in a different operator network, send, to the different operator network, the further requirements for the service for determining further resources for the service in the different operator network, receive, from the different operator network, a response comprising information regarding the determined further resources for the service in the different operator network and associated agreement information for the service of the different operator network, send, to the customer system , a request response comprising information regarding the associated agreement information for the service.
Thereby, this entity ensures that the process of implementing new services across multiple operator networks is faster and more efficient. Furthermore, this entity also advantageously ensures that an operator can control the amount of resources that will be used for the service in a communication system by using this entity. It also inhibits abusing the operator's network or requesting too much resources.
Optionally such a request can also be received from the different operator network.
A service, in particular in a communication system, is defined as a managed entity offered by an operator or service provider including a service level agreement. A service could include a 5G communication service, a slice, part of a slice, a network function, or an infrastructure.
With the pre-set network-based support provided by the entity customers can easily manage their own services together with the operators hosting those services. This entity advantageously ensures that implementing services across multiple operators enables simpler workflows or work procedures. The entity further advantageously ensures faster and much more efficient implementing of customer services for millions of devices by directly including (technical) requirements related to the services during service negotiation or service instantiation procedure.
According to a first implementation of the network entity according to the first aspect, the network entity is further configured to send, to the different operator network , a request for negotiating the service , the request comprising operator network information and access credentials for verifying access to the different operator network, receive, from the different operator network, a request response comprising an invitation for sending a request comprising requirements for a service, send the invitation to the customer system.
Thereby, during the service negotiation phase this configuration enables a faster and more efficient instantiation and activation of the service across multiple operator networks based on the customer's requirements.
According to a second implementation of the network entity according to the first aspect, the network entity is further configured to receive, from the customer system, a request for instantiating the service, wherein the request comprises information about the service and the associated agreement information, validate the agreement information and the request related to the agreement information, and if the result of the validation is positive, send, to the management function of the operator network, the request for instantiating the service, receive, from the management function of the operator network, a request response comprising information about the instantiating of the service in the operator network, send the request for instantiating the service to the different operator network, receive a response comprising information that about the instantiating of the service in the different operator network, send, to the customer system, a response comprising information about the instantiating of the service.
Thereby, the customer receives directly information about instantiating of his service in the communication system.
According to a third implementation of the network entity according to the first aspect, the network entity is further configured to receive, from the customer system, a request for activating the service, wherein the request comprises information about the service and the associated agreement information, validate the agreement information and the request related to the agreement information, and if the result of the validation is positive, send, to the management function of the operator network, the request for activating the service, receive a request response comprising information about the activating of the service in the operator network, send the request for activating the service to the different operator network, receive a response comprising information that about the activating of the service in the different operator network, send, to the customer system, a response comprising information about the activating of the service.
According to a fourth implementation of the network entity according to the first aspect, the network entity is configured to receive, from the customer system, a request for modifying the service, wherein the request comprises information about the service, the associated agreement information and modified requirements for the service, validate the agreement information and evaluate if the modified requirements is within the given range of the contract information of the customer system, and if the result of the validation is positive then proceed with the next steps, if the result is negative then return a negative request response to the customer system, send, to the management function of the operator network, the request for modifying the service, receive a request response comprising information about the modifying of the service in the operator network, send the request for modifying the service to the different operator network, receive a request response comprising information about the modifying of the service in the different operator network, send, to the customer system, a response comprising information about the modifying of the service.
A requirement is specifying technical resources such as computing resources, storing resources and networking resources as defined in 3GPP TS 23.501 VI.4.0. In particular, the requirement comprises a tuple or dataset comprising information regarding required compute resources, storage resources and networking resources for the service. These different resources of an operator network are necessary to instantiate, create, activate, modify and delete a service in a communication system as defined above. For example, such a resource can be a virtual machine (VM). In particular, during an instantiation procedure initial requirements related to the necessary technical resources are communicated by a customer system to an operator network. In case the operator network is not able to fulfil the requested requirements the responsible operator management system determines the remaining necessary technical resources or further requirements. The further requirements can be assigned to at least one different operator network. Further during the life-cycle of the service it might be necessary to modify the technical resources of the service in the communication system. In such a case modified requirements will be communicated.
Thereby, the network entity advantageously supports the request for modifying for the service by simplifying the coordination across multiple operator networks.
According to a fifth implementation of the network entity according to the first aspect, the negative request response is an error message indicating that the modified requirements are out of the given range.
Thereby, a faster and direct feedback to the customer system is achieved.
According to a sixth implementation of the network entity according to the first aspect, the network entity comprises a database, the database comprising contract information and agreement information of customer systems. Thereby, this has the advantage that the operator can efficiently run queries to estimate the amount of required resources by its customer or customer system. It increases the speed and efficiency of the control process for negotiating, instantiating, activating and modifying the service because of faster access to the stored information.
According to a seventh implementation of the network entity according to the first aspect, the network entity is further configured to add associated agreement information to the database.
According to an eighth implementation of the network entity according to the first aspect, the network entity is further configured to receive the request from the customer system via an entity for delegating a request message to a responsible entity within the operator management system.
Thereby, the effective communication within the operator management system is ensured.
According to a second aspect, the invention relates to a network entity for controlling access to an operator network, the network entity is configured to receive, from a customer system, an access request comprising access credentials for verifying the customer system, verify the access credentials, if the verification is positive proceed with the next step, and if the verification is negative then send an negative request response comprising information about denying the requested access, send an access request response comprising information about the authorizing of the requested access.
Thereby, this network entity ensures by exploiting service specific request validation methods that operator networks are protected against Denial of Service attacks and furthermore, it ensures having methods to use policies to control large scale services and orchestration.
According to a first implementation of the network entity according to the second aspect, the network entity is further configured to receive the access request from the customer system via an entity for delegating a request message to a responsible entity within the operator management system. According to a second implementation of the network entity according to the second aspect, the network entity comprises an interface for exchanging messages with the entity for delegating a request message to a responsible entity within the operator management system.
Thereby, the interface ensures effective and efficient communication between the respective entities; ensuring the exchanging of messages between the entities for the different procedures of negotiation, instantiation, activation or modification of a service.
According to third aspect, the invention relates to an operator management system, the operator management system comprising a network entity for controlling agreement information for services according to one of the implementations of the network entity according to the first aspect, and a network entity for controlling access to an operator network according to one of the implementations of the network entity according to the third aspect.
According to a first implementation of the system according to the third aspect,
the system further comprises an entity for delegating a request message to a responsible entity within the operator management system, a first interface between the network entity for controlling agreement information for services and the entity for delegating a request message to a responsible entity within the operator management system, and a second interface between the entity for delegating a request message to a responsible entity within the operator management system and the network entity for controlling access to an operator network, each interface is configured to transfer messages between the entities of the operator management system.
According to a fourth aspect, the invention relates to a method, at a network entity, for controlling agreement information for services in a communication system, the method comprises the following steps of receiving, from a customer system, a request comprising requirements for a service and contract information of the customer system regarding an operator network, evaluating if the request is within a given range of the contract information, and if the result of the evaluation is positive, sending, to a management function of the operator network, a request for determining resources for the service, receiving a request response comprising information regarding resources for the service in the operator network and further requirements regarding further resources for the service in a different operator network, sending, to the different operator network, the further requirements for the service for determining further resources for the service in the different operator network, receiving, from the different operator network, a response comprising information regarding the further resources for the service in the different operator network and associated agreement information for the service of the different operator network, sending, to the customer system, a request response comprising information regarding the associated agreement information for the service.
Thereby, this method ensures that the process of implementing new services in a communication system across multiple operator networks is faster and more efficient Furthermore, this method also advantageously ensures that a limited amount of maximum resources to be used by the customer are guaranteed. With the pre-set network-based support provided by the method customers can easily manage their own services together with the operators hosting those services. This method advantageously ensures that implementing services across multiple operators enables simpler workflows or work procedures. The method further advantageously ensures faster and much more efficient implementing of customer services for millions of devices by directly including (technical) requirements related to the services during service negotiation or service instantiation procedure.
According to a first implementation of the method according to the fourth aspect, the method comprises the following steps of sending, to the different operator network, a request for negotiating the service, the request comprising operator network information and access credentials for verifying access to the different operator network, receiving, from the different operator network, a request response comprising an invitation for sending a request comprising requirements for a service, sending the invitation to the customer system. Thereby, during the service negotiation phase this configuration enables a faster and more efficient instantiation and activation of the service across multiple operator networks based on the customer's requirements.
According to a second implementation of the method according to the fourth aspect, the method comprises the following steps of receiving, from the customer system, a request for instantiating the service, the request comprises information about the service and the associated agreement information, validating the agreement information and the request related to the agreement information, and if the result of the validation is positive, sending, to the management function of the operator network, the request for instantiating the service, receiving, from the management function of the operator network, a request response comprising information about the instantiating of the service in the operator network, sending the request for instantiating the service to the different operator network, receiving a response comprising information that about the instantiating of the service in the different operator network, sending, to the customer system, a response comprising information about the instantiating of the service.
Thereby, the customer system receives directly information about instantiating of his service in the communication system. The method advantageously simplifies the instantiating of a service across multiple network operators.
According to a third implementation of the method according to the fourth aspect, the method comprises the following steps of receiving, from the customer system, a request for activating the service, the request comprises information about the service and the associated agreement information, validating the agreement information and the request related to the agreement information, and if the result of the validation is positive, sending, to the management function of the operator network, the request for activating the service, receiving a request response comprising information about the activating of the service in the operator network, sending the request for activating the service to the different operator network, receiving a response comprising information that about the activating of the service in the different operator network, sending, to the customer system, a response comprising information about the activating of the service. According to a fourth implementation of the method according to the fourth aspect, the method comprises the following steps of receiving, from the customer system, a request for modifying the service, the request comprises information about the service, the associated agreement information and modified requirements for the service, validating the agreement information and evaluate if the modified requirements is within the given range of the contract information of the customer system, and if the result of the validation is positive then proceed with the next steps, if the result is negative then return a negative request response to the customer system, sending, to the management function of the operator network, the request for modifying the service, receiving a request response comprising information about the modifying of the service in the operator network, sending the request for modifying the service to the different operator network, receive a request response comprising information about the modifying of the service in the different operator network, sending, to the customer system , a response comprising information about the modifying of the service.
Thereby, this method advantageously support the request for modifying for the service by simplifying the coordination across multiple operator networks.
According to a fifth implementation of the method of the fourth aspect, the negative request response is an error message indicating that the modified requirements are out of the given range.
More specifically, it should be noted that the above apparatuses may be implemented based on a discrete hardware circuitry with discrete hardware components, integrated chips or arrangements of chip modules, or based on a signal processing device or chip controlled by a software routine or program stored in a memory, written on a computer-readable medium or downloaded from a network such as the internet.
It shall further be understood that a preferred embodiment of the invention can also be any combination of the dependent claims or above embodiments with the respective independent claim. These and other aspects of the invention will be apparent and elucidated with reference to the embodiments described hereinafter.
BRIEF DESCRIPTION OF THE DRAWINGS
The above aspects and implementation forms of the present invention will be explained in the following description of specific embodiments in relation to the enclosed drawings, in which
Fig. 1 shows an operator management system according to an embodiment of the present invention,
Fig. 2 shows a schematic flow diagram regarding network slice negotiation and instantiation according to an embodiment of the present invention,
Fig. 3 shows a schematic flow diagram regarding network slice activation according to an embodiment of the present invention,
Fig. 4a shows a schematic flow diagram regarding network slice modification according to an embodiment of the present invention, and
Fig. 4b shows a schematic flow diagram regarding network slice modification according to an embodiment of the present invention.
DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION
Fig. 1 shows a customer system 110, an operator management system 100 and an operator network 180. The operator management system 100 comprises an agreement manager 140, and access policy manager 130, a delegation entity 120 and slice management functions 150. The operator management system 100 is linked to the customer system 110 and to the operator network 180 via a programmable interface 105. The operator management system 100 comprises a first interface 145 between the agreement manager and the delegation entity with in the operator management system 100, second interface 135 between the delegation entity 120 and the access policy manager. There is a third interface 125 between the delegation entity 120 and the slice management functions 150 of the operator management system 100. Each interface 125, 135, 145 is configured to transfer messages between the entity's 120, 130, 140, 150 with in the operator management system 100.
A customer system 110 can be for example a technical device or technical entity, e.g. a user equipment, a server unit, a computer, via which a user sends his request.
Fig. 2 shows a schematic flow diagram regarding network slice negotiation and instantiation according to an embodiment of the present invention:
In step 201 the customer system 110 sends an initiate negotiation message comprising a customer identifier and access credentials to the delegation entity 120.
Access credentials comprise access related information for authorising access to the telecommunications network, in particular a customer identifier or an operator identifier.
The access related information comprises a password, a token, or a "public key encryption" key.
In step 202 the delegation entity sends an access request comprising the customer ID and the access credentials to the access policy manager 130. The access policy manager 130 verifies the received access credentials and checks the received customer ID against internal policies and returns an acknowledge message in step 203 to the delegation entity 120.
An internal policy is defined by the network operator. The network operator defines who is allowed to access the network and to conduct transactions with the internal policy. In particular, such an internal policy comprises for example a white list, blacklist or similar.
The delegation entity 120 sends an initiate negotiation request comprising the customer ID to the agreement manager 140 in step 204. In step 205 the agreement manager 140 forwards the initiate negotiation request comprising an operator ID and the access credentials to a different operator network 180.
In step 206 the different operator network 180 verifies if the operator ID and the access credentials are valid, the operator network 180 checks the operator ID against the internal policy of the different operator network and evaluates the access credentials of the received request. If the operator ID and the access credentials are valid, the different operator network 180 will confirm the request in step 207 to the agreement manager 140 and also ask for requirements for the service to be negotiated.
The different operator also defines its internal policy for the different operator network as described for the operator in step 202.
In step 208 the agreement manager 140 confirms the request of the customer system 110 via the delegation entity 120 and also forwards the request for sending requirements for the service to be negotiated.
In step 209 the customer system sends a request comprising requirements for a part or complete service and the contract information of the customer system to the agreement manager 140. Optionally, the request can be sent to the delegation entity 122 and the delegation entity 122 forwards the request to the agreement manager 140.
In step 210 the agreement manager 140 evaluates if the request is within a given range of the contract information. If the result of the evaluation is positive the agreement manager 140 a request for determining resources for the service to a slice management function 150 with in the operator network.
A given range is defined by an interval between the smallest and largest value of an amount of computing, storage or networking resources as defined in 3GPP TS 23.501.
The contract information comprises information related to a contract of a customer with an operator, or a contract between two operators, particularly between the operator network and at least one different operator network. In particular, this information comprises a contract identifier, an operator identifier or an identifier associated with a customer contract or operator agreement.
Requirements, further requirements or modified requirements regarding resources comprises general slice requirements related to computing, storage or networking resources as defined in 3GPP TS 23.501.
In step 211 the slice management function 150 checks the availability of local resources against the received request in step 210. In case, the local resources does not fulfil the request completely, the slice management function 150 will send the request response comprising information regarding resources for the service in the operator network and further requirements regarding further resources for the service in a different operator network 180.
In step 212 the agreement manager 140 sends the further requirements regarding resources for the service for determining further resources for the service in the different operator network 180.
In step 213 the different operator network 180 performs an evaluation procedure according to steps 210 and 211. In case the resources within the different operator network 180 fulfil the request related to the further requirements completely the different operator network 180 will confirm the request with the message in step 214, the message comprising information regarding the further resources for the service in the different operator network 180 and associated agreement information for the service of the different operator network 180. In particular, the message comprises a slice identifier related to the different operator network 180 and an agreement identifier.
In step 215 the agreement manager 140 receives the message of step 214 and adds the information regarding the further resources for the service in the different operator network 180, in particular the slice identifier, and the associated agreement information for the service of the different operator network 180 to its database. The operator can use this database for example to run queries to estimate the amount of required resources by its customer. In step 216 the agreement manager 140 sends a request response comprising information regarding the associated agreement information for the service to the customer system 110. The request response of step 216 is forwarded by the delegation entity 122 the customer system 110.
In steps 217 and 218 the customer system 110 sends a request regarding instantiating the service via the delegation entity 122 the agreement manager 140. The request comprises information about the service and the associated agreement information, in particular slice identifier and agreement identifier.
In step 219 the agreement manager 140 validates the agreement information and the request related to the agreement information of the received request. If the result of the validation is positive, the agreement manager 140 sends the request for instantiating the service to the slice management function 150 within the operator network in step 220.
In step 221 the slice management function 150 instantiates the service, in particular the respective resources of the service in the operator network based on the received slice identifier.
In step 222 the slice management function 150 confirms the instantiation of the service to the agreement manager 140.
In step 223 the agreement manager 140 sends the request for instantiating the service to the different operator network 180.
In step 224 the operator network 180 validates the agreement information, in particular the agreement identifier, and instantiates the further resources of the service in the different operator network 180.
In step 225 the different operator network 180 sends a confirmation message that the service is instantiated in the different operator network 180 the agreement manager 140. In step 226 the agreement manager sends the received confirmation messages from the slice management function 150 and from the different operator network to the customer system 110.
Fig. 3 shows a schematic flow diagram regarding network slice activation according to an embodiment of the present invention:
In step 301 the customer system 110 sends a request for activating the service to the delegation entity 120. This request comprises information about the service and the associated agreement information, in particular the agreement identifier, service identifier, customer identifier and access credentials.
In step 302 the delegation entity 120 sends an access request comprising the access credentials for verifying the customer system 110 to the access policy manager 130.
In step 303 the access policy manager 130 verifies the axis credentials against internal operator policies. If the verification is positive the access policy manager 130 will send an access request response comprising information about the authorising of the requested access to the delegation entity 120.
In step 304 the delegation entity sends the request for activating the service as described in step 301 to the agreement manager 140.
In step 305 the agreement manager 140 validates the agreement information and the request related to the agreement information. If the result of the validation is positive,
in step 306 the agreement manager 140 sends the request for activating the service to the slice management function 150.
In step 307 the slice management function validates the request and confirms the activation of the service to the agreement manager 140 by sending a request response in step 308. If further resources for the service to be activated the instantiated, the agreement manager 140 will also send a request for activating the service in step 308a to the different operator network 180.
In step 309 the different operator network 180 validates the request and confirms the activation of the service by sending a request response to the agreement manager 140 in step
310.
In step 311 and 312 the agreement manager 140 sends a response comprising information about the activation of the service to the customer system 110.
Fig. 4a shows a schematic flow diagram regarding network slice modification according to an embodiment of the present invention:
In step 401 the customer system 110 sends a request for modifying the service to the delegation entity 120. This request comprises information about the service, the associated agreement information, in particular the agreement identifier, service identifier, customer identifier, access credentials and modified requirements for the service.
In step 402 the delegation entity 120 sends an access request comprising the received access credentials for verifying the customer system 110 to the access policy manager 130.
In step 403 the access policy manager 130 verifies the axis credentials against internal operator policies. If the verification is positive, the access policy manager 130 will send an access request response comprising information about the authorising of the requested access to the delegation entity 120 in step 404.
In step 405 the delegation entity sends the request for modifying the service described above in step 401 to the agreement manager 140.
In step 406 the agreement manager 140 validates the agreement information and evaluate if the modified requirements are within the given range of the contract information of the customer system. If the result of the validation is positive, in step 407 the agreement manager 140 sends the request for modifying the service to the slice management function 150.
In step 408 the slice management function validates the request and confirms the activation of the service by sending a request response to the agreement manager 140 in step 409. The request response comprises information about the modifying of the service in the operator network. If further resources for the service needs to be modified in a different operator network, the agreement manager 140 will also send a request for modifying the service to the different operator network 180 in step 410.
In step 411 the different operator network 180 validates the request and confirms the modification by sending a response comprising information about the modifying of the service to the agreement manager 140 in step 411a.
In step 412 and 413 the agreement manager 140 sends a response comprising information about the modification of the service to the customer system 110.
Fig. 4b shows a schematic flow diagram regarding network slice modification according to an embodiment of the present invention:
The procedure depicted in fig. 4b comprises the same steps as already described for Fig. 4a. The only difference occurs in step 408: if the result of the evaluation is negative, which means the modified requirements are out of the given range of the contract information of the customer system 110.
The agreement manager 140 will skip steps 407 to 411 as described in Fig. 4a and returns a negative request response to the customer system 110 in step 412 and 413 to the customer system. The negative request responds is an error message indicating that the modified requirements are out of the given range.
While the invention has been illustrated and described in detail in the drawings and the foregoing description, such illustration and description are to be considered illustrative or exemplary and not restrictive. The invention is not limited to the disclosed embodiments. From reading the present disclosure, other modifications will be apparent to a person skilled in the art. Such modifications may involve other features, which are already known in the art and may be used instead of or in addition to features already described herein.
The invention has been described in conjunction with various embodiments herein. However, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed invention, from a study of the drawings, the disclosure and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the indefinite article "a" or "an" does not exclude a plurality. A single processor or other unit may fulfil the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage. A computer program may be stored/distributed on a suitable medium, such as an optical storage medium or a solid-state medium supplied together with or as part of other hardware, but may also be distributed in other forms, such as via the Internet or other wired or wireless telecommunication systems.
Although the present invention has been described with reference to specific features and embodiments thereof, it is evident that various modifications and combinations can be made thereto without departing from the spirit and scope of the invention. The specification and drawings are, accordingly, to be regarded simply as an illustration of the invention as defined by the appended claims, and are contemplated to cover any and all modifications, variations, combinations or equivalents that fall within the scope of the present invention.

Claims

1. Network entity (140) for controlling agreement information for services in a communication system,
wherein the network entity (140) is configured to:
- receive, from a customer system (110), a request comprising requirements for a part of or complete service and contract information of the customer system regarding an operator network,
- evaluate if the request is within a given range of the contract information, and if the result of the evaluation is positive,
- send, to a management function (150) of the operator network, a request for determining resources for the service,
- receive a request response comprising information regarding the
determined resources for the service in the operator network and further requirements regarding further resources for the service in a different operator network (180),
- send, to the different operator network (180), the further requirements for the service for determining further resources for the service in the different operator network (180),
- receive, from the different operator network (180), a response comprising information regarding the determined further resources for the service in the different operator network (180) and associated agreement information for the service of the different operator network (180),
- send, to the customer system, a request response comprising information regarding the associated agreement information for the service.
2. Network entity (140) according to claim 1,
wherein the network entity (140) is further configured to:
send, to the different operator network (180), a request for negotiating the service, the request comprising operator network information and access credentials for verifying access to the different operator network (180),
receive, from the different operator network (180), a request response comprising an invitation for sending a request comprising requirements for a service, send the invitation to the customer system (110).
3. Network entity (140) according to claim 1 or claim 2,
wherein the network entity (140) is further configured to:
receive, from the customer system (110), a request for instantiating the service, wherein the request comprises information about the service and the associated agreement information,
validate the agreement information and the request related to the agreement information, and if the result of the validation is positive,
send, to the management function (150) of the operator network, the request for instantiating the service,
receive, from the management function (150) of the operator network, a request response comprising information about the instantiating of the service in the operator network,
send the request for instantiating the service to the different operator network (180),
receive a response comprising information that about the instantiating of the service in the different operator network (180).
send, to the customer system (110), a response comprising information about the instantiating of the service.
4. Network entity (140) according to claim 3,
wherein the network entity is further configured to:
receive, from the customer system (110), a request for activating the service, wherein the request comprises information about the service and the associated agreement information,
validate the agreement information and the request related to the agreement information, and if the result of the validation is positive,
send, to the management function (150) of the operator network, the request for activating the service,
receive a request response comprising information about the activating of the service in the operator network, send the request for activating the service to the different operator network (180),
receive a response comprising information that about the activating of the service in the different operator network (180),
send, to the customer system (110), a response comprising information about the activating of the service.
5. Network entity (140) according to claim 4,
wherein the network entity is further configured to:
receive, from the customer system (110), a request for modifying the service, wherein the request comprises information about the service, the associated agreement information and modified requirements for the service,
validate the agreement information and evaluate if the modified requirements is within the given range of the contract information of the customer system (110), and if the result of the validation is positive then proceed with the next steps, if the result is negative then return a negative request response to the customer system (110), send, to the management function (150) of the operator network, the request for modifying the service,
receive a request response comprising information about the modifying of the service in the operator network,
send the request for modifying the service to the different operator network (180),
receive a request response comprising information about the modifying of the service in the different operator network (180),
send, to the customer system (110), a response comprising information about the modifying of the service.
6. Network entity (140) according to claim 5,
wherein the negative request response is an error message indicating that the modified requirements are out of the given range.
7. Network entity (140) according to one of the claims 1 to 6,
wherein the network entity (140) comprises a database, the database comprising contract information and agreement information of customer systems.
8. Network entity (140) according to claim 7,
wherein the network entity is further configured to:
add associated agreement information to the database.
9. Network entity (140) according to one of claims 1 to 5,
wherein the network entity (140) is further configured to receive the request from the customer system (110) via an entity (120) for delegating a request message to a responsible entity within the operator management system (100).
10. Network entity (130) for controlling access to an operator network,
wherein the network entity (130) is configured to:
receive, from a customer system (110), an access request comprising access credentials for verifying the customer system (110),
verify the access credentials, if the verification is positive proceed with the next step, and if the verification is negative then send an negative request response comprising information about denying the requested access,
send an access request response comprising information about the authorizing of the requested access.
11. Network entity (130) according to claim 10,
wherein the network entity (140) is further configured to receive the access request from the customer system (110) via an entity (120) for delegating a request message to a responsible entity within the operator management system (100).
12. Network entity (130) according to claim 11,
wherein the network entity (130) comprises an interface for exchanging messages with the entity (120) for delegating a request message to a responsible entity within the operator management system (100).
13. An operator management system (100) within an operator network,
the operator management system (100) comprising:
a network entity (140) for controlling agreement information for services according to one of claims 1 to 9, and
a network entity (130) for controlling access to an operator network according to one of claims 10 to 12.
14. System according to claim 13,
wherein the system further comprises
- an entity (120) for delegating a request message to a responsible entity within the operator management system (100),
- a first interface (145) between the network entity (140) for controlling agreement information for services and the entity (120) for delegating a request message to a responsible entity within the operator management system (100) , and
- a second interface (135) between the entity (120) for delegating a request message to a responsible entity within the operator management system (100) and the network entity (130) for controlling access to an operator network,
wherein each interface (135, 145) is configured to transfer messages between the entities (120, 130, 140) of the operator management system (100).
15. Method, at a network entity (140), for controlling agreement information for services in a communication system, comprising the following steps:
- receive, from a customer system (110), a request comprising requirements for a service and contract information of the customer system regarding an operator network,
- evaluate if the request is within a given range of the contract information, and if the result of the evaluation is positive,
- send, to a management function (150) of the operator network, a request for determining resources for the service, - receive a request response comprising information regarding resources for the service in the operator network and further requirements regarding further resources for the service in a different operator network (180),
- send, to the different operator network (180), the further requirements for the service for determining further resources for the service in the different operator network (180),
- receive, from the different operator network (180), a response comprising information regarding the further resources for the service in the different operator network (180) and associated agreement information for the service of the different operator network (180),
- send, to the customer system (110), a request response comprising information regarding the associated agreement information for the service.
16. Method according to claim 15, comprising the following steps:
send, to the different operator network (180), a request for negotiating the service, the request comprising operator network information and access credentials for verifying access to the different operator network (180),
receive, from the different operator network (180), a request response comprising an invitation for sending a request comprising requirements for a service,
send the invitation to the customer system (110).
17. Method according to claim 15 or claim 16, comprising the following steps:
receive, from the customer system (110), a request for instantiating the service, wherein the request comprises information about the service and the associated agreement information,
validate the agreement information and the request related to the agreement information, and if the result of the validation is positive,
send, to the management function (150) of the operator network, the request for instantiating the service,
receive, from the management function (150) of the operator network, a request response comprising information about the instantiating of the service in the operator network, send the request for instantiating the service to the different operator network (180),
receive a response comprising information that about the instantiating of the service in the different operator network (180).
send, to the customer system (110), a response comprising information about the instantiating of the service.
18. Method according to claim 17, comprising the following steps:
receive, from the customer system (110), a request for activating the service, wherein the request comprises information about the service and the associated agreement information,
validate the agreement information and the request related to the agreement information, and if the result of the validation is positive,
send, to the management function (150) of the operator network, the request for activating the service,
receive a request response comprising information about the activating of the service in the operator network,
send the request for activating the service to the different operator network (180),
receive a response comprising information that about the activating of the service in the different operator network (180),
send, to the customer system (110), a response comprising information about the activating of the service.
19. Method according to claim 18, comprising the following steps:
receive, from the customer system (110), a request for modifying the service, wherein the request comprises information about the service, the associated agreement information and modified requirements for the service,
validate the agreement information and evaluate if the modified requirements is within the given range of the contract information of the customer system (110), and if the result of the validation is positive then proceed with the next steps, if the result is negative then return a negative request response to the customer system (110), send, to the management function (150) of the operator network, the request for modifying the service,
receive a request response comprising information about the modifying of the service in the operator network,
- send the request for modifying the service to the different operator network
(180),
receive a request response comprising information about the modifying of the service in the different operator network (180),
send, to the customer system (110), a response comprising information about the modifying of the service.
20. Method according to claim 19,
wherein the negative request response is an error message indicating that the modified requirements are out of the given range.
PCT/EP2017/079166 2017-11-14 2017-11-14 Network entities, system and methods for agreement management and access control for services in a communication system WO2019096368A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2017/079166 WO2019096368A1 (en) 2017-11-14 2017-11-14 Network entities, system and methods for agreement management and access control for services in a communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2017/079166 WO2019096368A1 (en) 2017-11-14 2017-11-14 Network entities, system and methods for agreement management and access control for services in a communication system

Publications (1)

Publication Number Publication Date
WO2019096368A1 true WO2019096368A1 (en) 2019-05-23

Family

ID=60480284

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2017/079166 WO2019096368A1 (en) 2017-11-14 2017-11-14 Network entities, system and methods for agreement management and access control for services in a communication system

Country Status (1)

Country Link
WO (1) WO2019096368A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160353367A1 (en) * 2015-06-01 2016-12-01 Huawei Technologies Co., Ltd. System and Method for Virtualized Functions in Control and Data Planes
US20160352924A1 (en) * 2015-06-01 2016-12-01 Huawei Technologies Co., Ltd. Method and apparatus for customer service management for a wireless communication network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160353367A1 (en) * 2015-06-01 2016-12-01 Huawei Technologies Co., Ltd. System and Method for Virtualized Functions in Control and Data Planes
US20160352924A1 (en) * 2015-06-01 2016-12-01 Huawei Technologies Co., Ltd. Method and apparatus for customer service management for a wireless communication network

Similar Documents

Publication Publication Date Title
US11356440B2 (en) Automated IoT device registration
US10505929B2 (en) Management and authentication in hosted directory service
US20200067903A1 (en) Integration of Publish-Subscribe Messaging with Authentication Tokens
US8578448B2 (en) Identifying guests in web meetings
US9710664B2 (en) Security layer and methods for protecting tenant data in a cloud-mediated computing network
US8327441B2 (en) System and method for application attestation
US8738741B2 (en) Brokering network resources
US9276869B2 (en) Dynamically selecting an identity provider for a single sign-on request
US20110107411A1 (en) System and method for implementing a secure web application entitlement service
US10382213B1 (en) Certificate registration
US20120311663A1 (en) Identity management
US9462068B2 (en) Cross-domain inactivity tracking for integrated web applications
US10678906B1 (en) Multi-service and multi-protocol credential provider
US20170353495A1 (en) System, method, and recording medium for moving target defense
US20210036850A1 (en) Access controls for question delegation environments
CN110069909A (en) It is a kind of to exempt from the close method and device for logging in third party system
Domenech et al. An authentication and authorization infrastructure for the web of things
CN109088890A (en) A kind of identity identifying method, relevant apparatus and system
US20180309836A1 (en) Cookie based session timeout detection and management
WO2019096368A1 (en) Network entities, system and methods for agreement management and access control for services in a communication system
CN113381871B (en) Mobile edge service arrangement method, arrangement device and mobile edge computing system
US20240007463A1 (en) Authenticating commands issued through a cloud platform to execute changes to inventory of virtual objects deployed in a software-defined data center
US11265305B2 (en) Managing anonymous network connections
US11425168B2 (en) System and methods for facilitating secure computing device control and operation
Nath et al. An authorization mechanism for access control of resources in the web services paradigm

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17804834

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17804834

Country of ref document: EP

Kind code of ref document: A1