CA2275687A1 - Virtual private network service provider for asynchronous transfer mode network - Google Patents

Virtual private network service provider for asynchronous transfer mode network Download PDF

Info

Publication number
CA2275687A1
CA2275687A1 CA002275687A CA2275687A CA2275687A1 CA 2275687 A1 CA2275687 A1 CA 2275687A1 CA 002275687 A CA002275687 A CA 002275687A CA 2275687 A CA2275687 A CA 2275687A CA 2275687 A1 CA2275687 A1 CA 2275687A1
Authority
CA
Canada
Prior art keywords
user
password
virtual private
data
private network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
CA002275687A
Other languages
French (fr)
Inventor
Antonio G. Tello
Margaret Hui
Kim Holmes
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nortel Networks Ltd
Original Assignee
Northern Telecom Limited
Antonio G. Tello
Margaret Hui
Kim Holmes
Nortel Networks Corporation
Nortel Networks Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northern Telecom Limited, Antonio G. Tello, Margaret Hui, Kim Holmes, Nortel Networks Corporation, Nortel Networks Limited filed Critical Northern Telecom Limited
Publication of CA2275687A1 publication Critical patent/CA2275687A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/102Bill distribution or payments
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1403Architecture for metering, charging or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1453Methods or systems for payment or settlement of the charges for data transmission involving significant interaction with the data transmission network
    • H04L12/1471Methods or systems for payment or settlement of the charges for data transmission involving significant interaction with the data transmission network splitting of costs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1485Tariff-related aspects
    • H04L12/1492Tariff-related aspects negotiation of tariff
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/08Metering calls to called party, i.e. B-party charged for the communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/04Selecting arrangements for multiplex systems for time-division multiplexing
    • H04Q11/0428Integrated services digital network, i.e. systems for transmission of different types of digitised signals, e.g. speech, data, telecentral, television signals
    • H04Q11/0478Provisions for broadband connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/54Store-and-forward switching systems 
    • H04L12/56Packet switching systems
    • H04L12/5601Transfer mode dependent, e.g. ATM
    • H04L2012/5614User Network Interface
    • H04L2012/5615Network termination, e.g. NT1, NT2, PBX
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/54Store-and-forward switching systems 
    • H04L12/56Packet switching systems
    • H04L12/5601Transfer mode dependent, e.g. ATM
    • H04L2012/5614User Network Interface
    • H04L2012/5616Terminal equipment, e.g. codecs, synch.
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/54Store-and-forward switching systems 
    • H04L12/56Packet switching systems
    • H04L12/5601Transfer mode dependent, e.g. ATM
    • H04L2012/5619Network Node Interface, e.g. tandem connections, transit switching
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/54Store-and-forward switching systems 
    • H04L12/56Packet switching systems
    • H04L12/5601Transfer mode dependent, e.g. ATM
    • H04L2012/5638Services, e.g. multimedia, GOS, QOS
    • H04L2012/5639Tariffs or charging
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/54Store-and-forward switching systems 
    • H04L12/56Packet switching systems
    • H04L12/5601Transfer mode dependent, e.g. ATM
    • H04L2012/5672Multiplexing, e.g. coding, scrambling
    • H04L2012/5673Coding or scrambling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/62Called party billing, e.g. reverse billing, freephone, collect call, 0800 or 0900

Abstract

A virtual private network service provider is used to transfer data over a data network to a final destination, with third-party billing. The method comprises the steps of: prompting the user at a data terminal to select a destination, password, and call type; sending a set-up message to the data network; selecting a virtual private network provider through the data network; the virtual private network provider giving an encryption key to the user, and then prompting the user for a password and a user identification;
encrypting the password, and sending the user identification and the encrypted password to the virtual private network provider; the virtual private network provider decrypting the encrypted password, and verifying the password; the virtual private network provider providing an authorization code; and the data terminal transferring the data through the data network to the final destination, using the authorization code.

Description

n t.-n.n ...n.W 1\I.1..W:~.11\ ~ n\. . ...
DOCkllN0.111y1.6 CA 02275687 1999-06-i8 VIRTUAL PR3YATE NET'VfORK SERVdCE PAO~~IDER
FOR ASYIrTCHRO!VOUS TRANSFER MODE NETWORK
Technical Field The invention relate3 generally to asynchronous transfer mode ("ATM") netu; orks and W rtual private network:. (''YPN"), such as those offered by '~TCI
and Sprint, and, more particularly, to a method of using a VPN to transfer data over a data network, with third-party billing.
Background of the Invention "An Architecture for Broadband Virtual Networks Llnder Customer Control", Mun Choon Chan, Hisaya Hadama, golf Stadter, IEEE Netv~~ork Operation and Manamement Symposium, volume Ir, Apxil 15, 1996) pages 135-1~ provides general background infornzatiun.
Telephone service prow ders offer th:ra-p:~rty billing. For axample, local and long distance telephone companies of~E'er calling cArds for third party billing.
VPNs exist to provide the sen.9e of a private network among a corspany's locations. The linesltrunks of a VP'h' are actually shared among several companies, to reduce costs, yet to each company the VPN appears to be that company's own private network. However, a user at a remote data Terminal, such. as a portable computer in a hotel room, can not immediately charge his company for the access time to a data net, such as the Internet. instead, his access time is charged to his hotel room, and so he must pay the inflated rates that hotels charge for phone service.
What is needed is a VPN service provider that offers remcte acce3s for users belonging to a VPN, user authorizations to pxevent delinquent access into the
2 ~ VPN, and convenient third-party billing.
Summary of the Invention T'he present invention, accordingly, provides a system and method for using a VPN service provider to transfer data over a data network to a final destination, with third-party billing. The method comprise3 the steps of prompting the user at a data terminal to qelect a destination, password, and call type; selecting a VPN through the data network; giving an encryption key lA
~r..,ya s D ED SHEET
, .. . ._ r P
~~~ EAIc DockCt,Np, ~?j;'j,6 CA 02275687 1999-06-18 to the user, and then prompting the user for a password and a user identification; verifying the password, and providing an authorization code to the user; and alio~zng the user to transfer the c:ata through the data eetwork to the anal destination, using the authorization code.
In another feature of the invention, the method farther comprises nenotiat:ng for more bandtt~idth far the user, rind incl~,:ding within the authorization code a ,pant of additional bhndtsidtl:.
In another featmre of tizF inter tic~n, the method farther compri:~es encn.-Fting the users password, and sending the user identification and the IO encr~cpted password to the VPN service provider.
In another feature of the inc ention, the method further comprises a step of sending a set-up message to the data networ>i.
In another feature of the ins ention, the method further comprises a step of the VPhT service. Frovider decrypting the encrypted password.
I ~ A technical advantage achieved with the invention is that it shifts or defers costs from an end user to a bulk purchaser of data lietR-ork services. Anathrr technical advantage achieved tvi+.,h the invention is that it. permits end users mobility while attaining a virtual apFearance on a corporate intranet Brie$ Description of the Drawings '_' 0 Fig. 1 is a system block diagrram of a ~TPN sel-szce provider of the pxesent inv ention.
Fig. 2 is a flow chart depicting the method of the present invention, as irnpler.~ented by application saftcs ~rE on a user terr,~inal.
Wig. 3 is the initial screen display of the user interface of the application ?5 softtsare.
Figs. 4A and 4B are call flow dine ams) illustrating the preferred sequence of steps of the method of the present iri.~ention.
l~gs. ;;A, 5B; 5C, 5D, 5E; and 5F comprise a flow chart depicting the metliod of the present invention, as implemented by switching control point sofl~tt~are.
Description of the Preferred Ennbodiment _ ., ., w ~ ::! _, ~ H ~.'c~T' :~;i =P

Docket Yo. 12171.6 CA 02275687 1999-06-18 in Fin. 1, the VPI~~ sert~ice provider system of the present invention is designated generally by a reference numeral 10. The VPN sen-ice provider system 10 includes fi VPN 12. The VPN 12 may be a corporate, government, association, or other organization's telephone/data line ' network. The VPN
service provider system 10 also includes access lines 13 from the ~IPN 12 tc~
a data network 14, such as the Internet, or an ATIYI necworl;. The ~'PN service provider s3~atem 10 also includes access lines lE from tha data network 14 to a long distance phone company 1$, such as AT&T, '~iCI, or Sprint. The VFN
service proz-ider system 10 also includes access lines 20 from the data aietwork 1 U 14 to a called party Z2, such as, fox example, American. Ezpress reservations aervice. The YPN service provider system 1a also includes access lines 24 from the data network 14 to a remote user terminal 2S, such as a portable computer in a hotel room. Tha user terminal 26 includes user application software 28, ~~hich provides the interface for the user to enter the nu:ziber to be called, the 15 user identification number, and the user's authorization code. The VPN
service provider system 10 also includes VPN service provider software 30) located in a svvitching control point (SCP) device 32, which, in the preferred embodiment ma~~ be physically located anyw here. The SCP 32 connects to the data network 14 via arxess lines 36. Cne possible physical location for the SCP 32 is on the U premises of a local phone company central switch building 34. However, even when located within the building 34, the SCP 32 connects to the Local phone .~omg~my switxhes t~ia the data network 14. The local phone company switches connect to the data network 14 via access limes 38.
In an alternate embodiment, the VPN ser~~ice provider software :i0 and the 2~ 5CP device 32 may be lo~ated on the premises of an independent provider of local phone service, or on the premises of an independent VPN service pro~zder.
Referring now to Fig. 2, the application software 28 begins the data transfer process in step 50. in step 52, the user is presented with a screen display.
Referring now to I~g. 3, a screen display 100 displays the following 30 information requests: whether the call i$ a direct call 1~J2 or a VPN call 104, the number the user desires to call 106, the VpI~T user ID 108, and the user AMENDED ~H_EE~ ~~
IPEA/~P~

1'.t ~S.~t'.i v~w~n.m r.:. a ...r.
hoCkel:~n.11177.6 CA 02275687 1999-06-18 password 11U. The user i.~ alst~ presented W th the option to make the call 112, ar to quit 114.
Referring back to F'ig. 2) in step 54 the u.9er terminal sends to the SCP 82 the information captuxed through the graphical user interface (vGL'1"') in step 52 within a user network interface ("UNI") setup message. In step 56 the user terminal 26 w alts for a connect nregsaQe r: o:n the SCP 32. In step 58 the user terminal 26 determines if a connection was made. If no co_~rrection was made, thøn in step fi0 the user application $oftw are 28 displays an error rnesaage to the user, and retu.ras to step 50 to begin again the data transfer process.
i 0 If a connection eras made; then in step G2 the user terminal 26 sends the VPN user ID tn the SCP 32. In step 64 the user terminal 26 waits for an encryption key from the SCP 32. In step 6fi, having received the encryption keys fr~~m the SCP 32) the user application software 28 encrypts the user's password, and sends it to the SCP 32. In step 68 the user terminal 26 waits 1 ~ for authentication of the user. In step 70 the user application software determines if the SGP 32 authorize. the user to makE the call.
If the user is not authorized, then in step 72 the user terminal 26 displays a.rr error message, terFninates the connection, blanks the screen di3play 100, and re turns to step 5U to begin again the data transfer process. If the user is authorized, then in step 74 the VPN service provider softATare 30 sets up the billing, and authorizes it. In step s 6 the user terminal 26 sends a "release", mean; ~ to terminat.2 or disconnect the cor>xection) to the SCP 32. In step 78 tine user terminal 26 sends a setup message ir.o the atunber listed by the user as the "number to call", drat is, to the firxa.l destination. In step 80 the user =~ terminal 26 waiLS for a connection. In step 82 the user terminal 28 determines if a connection was made.
If a connection to the final destination was aot mada, then the user application software 28 returns to step '72, ir~ which step the user terminal displays an error message, t~rrninates the connection, blanks the screen display i; 1U0, snd returns to step 50 to be' n again the data transfer process. I~ a connection to the final destination aas made, then in step 84 the user terminal AMENDED SHEET
IFc:~/~.:

11. I.~'.'1%I'.f'()~'(~I:fi hl,I~iVVl.llv ~m-- I .,n,.
DOCkdl~o.13.171.6 CA 02275687 1999-06-18 ~6 exchanges user data, services, and/or value added or user specific applications with the computer at the address, that is, the telephone number, of the final destination. In step 86 the user selects the option presented t,o him to release, or terminate, the call. In step 88 the user terminal 26 sends a release message to the final destination. In step 90 the data network 14 sends billing information to the SCP 32. In step 92 the application software 28 ends the data txan3fer proeess.
Wig. 4A and FSig. 4B are call flow diagrams) showing the sequence of massages in the method of the preferred embodiment. These diagrams present the same method as the flow chart of ~5ig. 2. The horizontal arrows represent the messages sent and received. The vertical lines represent the variou$
devices involved in sending and receiving the messages. For example, the top 1 eft arrow in Fig. 4A represents a mess age sent rrom the user terminal 26, labeled "Macintosh'° in F~g.4A, to an interface with a public network.
The user terminal 26 can be any brand of a work station computer) a desktop computer, a laptop computer, or even a notebook computex. The interface could be any interface, but in the example of Fig. 4A and Fig. 4B, the interface is imagined to be at a hotel, where a business traveler is using the method of the present invention. Thus, the interface is labeled "Hotel ATM Interface", which is not ~U shown in b'~ig. 1. The vertical line labeled "Public ATM Netw ork" is the same as the data network 14 in Fig. 1. The vertical line labeled "~Vioe's VPN
Service"
represents the VPN service provider software 3Q within the SCP 32. The vertical line labeled "Travel ATM Interface" is not shown in Fig. l, but is located between the called party 22 and the data netw ark 14. The vertical line labeled "Travel Service" is one example of the called party 22 shows in Fig.
1.
In the example of Fig. 4A and Fig, 4B, the business txaveler is imagined to be using the method of the present invention to contact a travel service to make reservations for his next airline flight. In Figs. 4A and 4B the designation "Acll" represents "acknowledge", and the desienation "Cmp" represents ? a "complete".
SA
A~,~~~!~E~i ~HEc'i''~
;~- . .-DOC'fcetNo.::.l7.t.6 CA 02275687 1999-06-18 Referring novr to Fig. 5, the VPN service pre :-ider software 30 begins the data transfer process in step 300 by waiting for an event. The event it waits for is a setup message on a signaling port of t~-~e SCP 32, to be re:eived from the uer terminal 26. In step 302, having monitored the signaling ports, and the SCP 32 having received a setup message, the VPN service provider software 30 assigns a call condense block ;"CCB") to the setup message, based on a call reference number. The CCB is a software data structure for tracking resources as.4ociated tvith the ;,a11. The cal? refereme number is a number) intern al to the SC P, for tracking calls. In step a 04 the VPN s ervice provi der I0 softw are 30 compiles the connect message. In step 306 the VPN service prouder software 30 sends a correct message to the calling address, that is, the hotel room from v~hich the user is calling. In step 3G8 the VPN ten-ice provider softu~are 30 condenses, that is, it remains in a wait state for that cell.
Referring nou= to Fig. 5B) in step 310 the VPN sercdce provider software 30 1J V,'altS far an event by monitoring the signaling ports of the SCP 32.
.4fter the SCP 32 receives a connect acktxowledge message fxom the user terminal 26, then in step 312 the VPN service provider software 30 accesses the CCB, based on the call reference number. In step 314 the ~TPI'tT service provider software 30 condenses.
?0 Referring now to FYg. 5C, in step 316 the ~TPN ser~-ice provider software v~~aits for dialog on a data port of the SCP 32. for the SCP 32 receives a ~'PN
ID on a data port, the VPN service provider software 30 verifies the VPN ID in step 3I8. In step 320 the VPIf service provider software 30 determines if the VP~i ID is valid. If the 'VP1~' ID is not valid) then in step 322 the SCP 3l se:~ds ''S a reject. message over an assi.~ed switch ~zrtual circuit ("SVC"). The SVC
is a channel over the data network 14, In step 324 the VPN service provider software 3G waits for dialog. In step 326, because the VPN ID is valid, the VPN service provider software 30 assi,o~ art encr3-ption key to the user terminal 26, in step 328 sends the encryption key o~ er the assigned SVC to the 30 user terminal z6, and in step 330 waits for dialog.

AMENDS ~ ~ HEET
IPE.~..~--.., I\ !:I':lil:l'()i(: , .,eS(~l.Il~ :It> I ... ,.,;

Docket ~o,11171.6 Referring non to Fig. 5D, in step 332 the VPN service provider softu~are 30 w. its for dialog. «rhen the SCP 32 receivas the encrypted password firom the user terminal 2~i at a data port, then in step 334 the VPN service prow der Software 30 verifies the password, and determines in step 336 if the password is valid. If the password is not valid, then in step 338 the SCl' 32 sends a reject message over the assigned SVC to the user terminal, and in step 340 waits for dialog. If the password is aTalid, then is step 342 the VPN serczce provider software 30 assigns an authorization token to the user terminal 26, in step 344 sends the token o~~er an assigned SVC to the user terminal 26, and in step 346 waits for dialog.
Referring now to Wig. 5E, in step 348 the VPN senzce provider softarare 30 waits for an event. When the VpN service provider software 30 senses that the SCP 32 has received on a signaling port a release message from the user terminal 26, then in step S50 the VPN service provider softitfare 3 0 accesses the 1 i CCB, based. on the call reference number of the user terminal 26, in step compiles a release complete message, in step 354 sends a relaase complete message to the user terminaa 26, and in step 356 condenses.
Referring now to hag. 5F) in step 358 the ~'PN service provider software 30 w nits for an event. When the VP1V' service provider software 30 senses that the _'U SCP a2 has received on a signaling port a third-party billing setup message from the u9er terminal 28, then in step 360 the 'VPN service provider software 30 v orifice the token just received from the user termi.nel 26) to determine, in step 362, if it is the same token that the VPN service provider software 30 sent to the user terminal 26 in step 344. If the toker. is not valid, then in step ?5 the SCP 32 sends a release message to the terminal 26, and in step 366 condenses. If the token is valid, then in step 3fi8 the SCP 32 sends a modified third-party billing setup message to the data network I4) and in step 370 condenses.
Although an illustrative embodiment of the invention has been shown and 30 described, other irodifications) changes, and substitutions are intended in the M E rv ~' r ~. C' ~.. ~ ':=.T
_ . ":
E~_~.. ; _ .

, I \ . . t:l'~\'t~.r'm~mt:f; K I.I~;SS i, n;-I-;1;) : m: r t .
- _.:n ...» .~. . . , ._ Docker No. ?1171. b foregoing disclosure. accordingly, it is appropriate that the appended claims be construed broadly and in a manner consistent with the scope of the iwention.

AMEN~;__ . .__, IPEA/EP

Claims (20)

WHAT IS CLAIMED IS:
1. A computerized method of a virtual private network service provider with third party billing, using a virtual private network (12) to transfer data over a data network (14) to a final destination (22), the method characterized by the steps of:
a. prompting the user at a data terminal (52) to select a destination, password, and call type;
b. selecting a virtual private network (52, 316) through the data network;
c. giving an encryption key to the user (326, 328), and then prompting the user for a password and a user identification;
d. verifying the password (68, 70), and providing an authorization code (342, 344) to the user; and e. allowing the user to transfer the data through the data network to the final destination (84), using the authorization code.
2. The method of claim 1, wherein step (d) further comprises negotiating for mare bandwidth for the user, and including within the authorization code a grant of additional bandwidth.
3. The method of claim 2, wherein step (c) further comprises encrypting the user's password (66), and sending the user identification and the encrypted password to the virtual private network service provider (66).
4. The method of claim 3, futher comprising, after step (a), the step of sending a set-up message (54) to the data network.
5. The method of claim 4, further comprising, after step (c), the step of the virtual private network service provider decrypting the encrypted password (334).
6. An apparatus for providing a datalink connection from a user terminal (26) to a data network (14) and to a virtual private network (12), with third party billing, characterized by:
a. an interface (28) between the user terminal (26) and the data network (14);
b. a switching control point device (32) connected to the data network (14), the switching control point. davice (32) connected to a computer;
and c. a computer-readable medium encoded with a program (30) for using the virtual private network (12) and the data network (14), with third party billing, the computer-readable medium accessible by the computer.
7. The apparatus of claim 6, wherein the program negotiates for more bandwidth for the user, and includes within an authorization code a grant of additional trandwidth.
b. The apparatus of claim 7, wherein the interface (28) encrypts a user's passwoxd, and temporarily stores the user identification and the encrypted password.
9. The apparatus of claim 8, wherein the interface (28) sends a set-up message to the data network.
10. The apparatts of claim 9, wherein the program (30) decrypts the encrypted password.
11. A computer-readable medium encoded with a method of using a virtual private network (12), with third party billing, the method characterized by the steps of:
a. prompting the user (52) at a data terminal, to select a destination, password, and call type;
b. selecting a virtual private network (52, 316) through the data network;
c. giving an encryption key to the user (326, 328), and then prompting the user for a password and a user identification;
d. verifying the password (68, 70), and providing. an authorization code to the user (342, 344); and e. allowing the user to transfer the data through the data network to the final destination (84), using the authorization code.
12. The computer-readable medium of claim 11 wherein step (d) further comprises negotiating for more bandwidth for the user, and including within the authorization code a grant of additional bandwidth.
13. The computer-readable medium of claim 12 wherein step (c) further comprises encrypting the user's password (66), and sending the user identification and the encrypted password to the virtual private network service provider.
14. The computer-readable medium of claim 13 further comprising, after step (a), the step of sending a set-up message (54) to the data network.
15. The computer-readable medium of claim 14 further comprising, after step (c), the step of the virtual private network service provider decrypting the encrypted password (334).
16. An apparatus for providing a datalink connection from a user terminal (26) to a data network (14) and to a virtual private network (12), with ttird party billing, characterized by;
a. means for prompting a user (28) at the data terminal to select a destination, password, and call type;
b. means for selecting the virtual private network (28) through the data network;
c. means for giving an encryption key to the user (30), and then prompting the user for a password tend a user identification (28);
d. means for verifying the password (30), and providing an authorization code to the user; and e. means for allowing the user to transfer data through the data network to a final destination (32), using the authorization code.
17. The apparatus of claim 16, further comprising means for negotiating (30) for more bandwidth for the user, and including within the authorization code a grant of additional bandwidth.
18. The apparatus of claim 17, further comprising means for encrypting the user's password (28), and sending the user identification and the encrypted password to the virtual private network service provider.
19. The apparatus of claim 18, further comprising means for sending (28) a set-up message to the data network (14).
20. The apparatus of claim 19, further comprising means for decrypting the encrypted password (30).
CA002275687A 1996-12-19 1997-12-12 Virtual private network service provider for asynchronous transfer mode network Abandoned CA2275687A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US08/769,649 1996-12-19
US08/769,649 US6032118A (en) 1996-12-19 1996-12-19 Virtual private network service provider for asynchronous transfer mode network
PCT/IB1997/001563 WO1998027783A1 (en) 1996-12-19 1997-12-12 Virtual private network service provider for asynchronous transfer mode network

Publications (1)

Publication Number Publication Date
CA2275687A1 true CA2275687A1 (en) 1998-06-25

Family

ID=25086113

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002275687A Abandoned CA2275687A1 (en) 1996-12-19 1997-12-12 Virtual private network service provider for asynchronous transfer mode network

Country Status (9)

Country Link
US (2) US6032118A (en)
EP (1) EP1008275A1 (en)
JP (1) JP2002514362A (en)
AU (1) AU727878B2 (en)
CA (1) CA2275687A1 (en)
DE (1) DE19782193D2 (en)
GB (1) GB2336511B (en)
SE (1) SE519297C2 (en)
WO (1) WO1998027783A1 (en)

Families Citing this family (60)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10361802B1 (en) 1999-02-01 2019-07-23 Blanding Hovenweep, Llc Adaptive pattern recognition based control system and method
US6236644B1 (en) * 1997-11-17 2001-05-22 Mci Communications Corporation Method of setting up a conference call
US7095740B1 (en) * 1998-06-30 2006-08-22 Nortel Networks Limited Method and apparatus for virtual overlay networks
KR100270216B1 (en) 1998-07-10 2000-10-16 김영환 How to Implement Wireless Virtual Private Networking in CDMA Systems
US6516417B1 (en) * 1998-08-07 2003-02-04 Nortel Networks, Limited Virtual private networks
US10511573B2 (en) 1998-10-30 2019-12-17 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
CA2349520C (en) 1998-10-30 2011-05-17 Science Applications International Corporation An agile network protocol for secure communications with assured system availability
US6839759B2 (en) 1998-10-30 2005-01-04 Science Applications International Corp. Method for establishing secure communication link between computers of virtual private network without user entering any cryptographic information
US7418504B2 (en) * 1998-10-30 2008-08-26 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US6502135B1 (en) 1998-10-30 2002-12-31 Science Applications International Corporation Agile network protocol for secure communications with assured system availability
US6453348B1 (en) 1998-11-06 2002-09-17 Ameritech Corporation Extranet architecture
US6614791B1 (en) * 1999-05-11 2003-09-02 Nortel Networks Limited System, device, and method for supporting virtual private networks
AU5298200A (en) * 1999-05-25 2000-12-12 Icall, Inc. Method and system for ip-based called party billing
SG85114A1 (en) * 1999-05-27 2001-12-19 Kent Ridge Digital Labs Communication network architecture
GB2352370B (en) * 1999-07-21 2003-09-03 Int Computers Ltd Migration from in-clear to encrypted working over a communications link
CA2384106C (en) * 1999-09-03 2006-08-22 Greg T. Reel Method and system for procuring, storing and distributing remotely accessed data gathered by logging devices
AU4500301A (en) * 1999-11-18 2001-06-12 Singapore Telecommunications Limited Virtual private network selection
JP3478218B2 (en) * 1999-12-27 2003-12-15 日本電気株式会社 Edge node exchanges and exchanges
EP1755307B1 (en) * 2000-04-26 2019-06-05 VirnetX Inc. Improvements to an agile network protocol for secure communications with assured system availability
US7069592B2 (en) 2000-04-26 2006-06-27 Ford Global Technologies, Llc Web-based document system
US7088720B1 (en) * 2000-08-07 2006-08-08 Sbc Technology Resources, Inc. Multiservice use of network connection capability under user-to-network interface signaling
US7307993B2 (en) * 2000-08-08 2007-12-11 At&T Labs, Inc. Controller based call control for ATM SVC signaling
US7984147B2 (en) * 2000-12-29 2011-07-19 Hewlett-Packard Development Company, L.P. Apparatus and method for identifying a requested level of service for a transaction
JP4839516B2 (en) * 2001-02-27 2011-12-21 ソニー株式会社 Authentication system and authentication method
US7181017B1 (en) 2001-03-23 2007-02-20 David Felsher System and method for secure three-party communications
US7788399B2 (en) 2001-03-26 2010-08-31 Salesforce.Com, Inc. System and method for mapping of services
US7516191B2 (en) * 2001-03-26 2009-04-07 Salesforce.Com, Inc. System and method for invocation of services
US9948644B2 (en) 2001-03-26 2018-04-17 Salesforce.Com, Inc. Routing messages between applications
US7689711B2 (en) 2001-03-26 2010-03-30 Salesforce.Com, Inc. System and method for routing messages between applications
US7305454B2 (en) * 2001-03-30 2007-12-04 Minor Ventures, Llc. Apparatus and methods for provisioning services
US20020165783A1 (en) * 2001-05-02 2002-11-07 Jean-Charles Gonthier Accounting in peer-to-peer data communication networks
FR2825874B1 (en) * 2001-06-11 2003-09-26 France Telecom DEVICE FOR AUTOMATIC PCV CALLING
US7136386B2 (en) * 2001-07-19 2006-11-14 Sbc Technology Resources, Inc. Virtual private network over asynchronous transfer mode
US7827278B2 (en) * 2001-07-23 2010-11-02 At&T Intellectual Property Ii, L.P. System for automated connection to virtual private networks related applications
US8239531B1 (en) 2001-07-23 2012-08-07 At&T Intellectual Property Ii, L.P. Method and apparatus for connection to virtual private networks for secure transactions
US7827292B2 (en) * 2001-07-23 2010-11-02 At&T Intellectual Property Ii, L.P. Flexible automated connection to virtual private networks
US7187678B2 (en) * 2001-08-13 2007-03-06 At&T Labs, Inc. Authentication for use of high speed network resources
US20040029562A1 (en) * 2001-08-21 2004-02-12 Msafe Ltd. System and method for securing communications over cellular networks
US7337220B2 (en) * 2001-10-24 2008-02-26 At&T Labs, Inc. Unified interface for managing DSL services
KR20030089922A (en) * 2002-05-20 2003-11-28 전민희 Online accounting transmit-receive apparatus and method in communication processing system using a virtual private network
EP1404081A1 (en) * 2002-09-27 2004-03-31 Alcatel Method for establishing a connection between subscribers and service providers granted by an authentication server
US7602788B2 (en) 2002-11-04 2009-10-13 At&T Intellectual Property I, L.P. Peer to peer SVC-based DSL service
US7701953B2 (en) * 2002-11-04 2010-04-20 At&T Intellectual Property I, L.P. Client server SVC-based DSL service
US9818136B1 (en) 2003-02-05 2017-11-14 Steven M. Hoffberg System and method for determining contingent relevance
US7382785B2 (en) * 2003-02-21 2008-06-03 At&T Knowledge Ventures, L.P. Extended virtual user-to-network interface with ATM network
US7260833B1 (en) 2003-07-18 2007-08-21 The United States Of America As Represented By The Secretary Of The Navy One-way network transmission interface unit
US8453196B2 (en) 2003-10-14 2013-05-28 Salesforce.Com, Inc. Policy management in an interoperability network
US7904882B2 (en) 2003-10-16 2011-03-08 Salesforce.Com, Inc. Managing virtual business instances within a computer network
EP1571781A1 (en) * 2004-03-03 2005-09-07 France Telecom Sa Proccess and system for authenticating a client for access to a virtual network giving access to services.
US7739351B2 (en) 2004-03-23 2010-06-15 Salesforce.Com, Inc. Synchronous interface to asynchronous processes
US7590685B2 (en) * 2004-04-07 2009-09-15 Salesforce.Com Inc. Techniques for providing interoperability as a service
US7725605B2 (en) * 2004-08-06 2010-05-25 Salesforce.Com, Inc. Providing on-demand access to services in a wide area network
US9645712B2 (en) * 2004-10-01 2017-05-09 Grand Central Communications, Inc. Multiple stakeholders for a single business process
US7721328B2 (en) * 2004-10-01 2010-05-18 Salesforce.Com Inc. Application identity design
US7779461B1 (en) * 2004-11-16 2010-08-17 Juniper Networks, Inc. Point-to-multi-point/non-broadcasting multi-access VPN tunnels
US20060130135A1 (en) * 2004-12-10 2006-06-15 Alcatel Virtual private network connection methods and systems
US7822982B2 (en) * 2005-06-16 2010-10-26 Hewlett-Packard Development Company, L.P. Method and apparatus for automatic and secure distribution of a symmetric key security credential in a utility computing environment
US8874477B2 (en) 2005-10-04 2014-10-28 Steven Mark Hoffberg Multifactorial optimization system and method
US20110051913A1 (en) * 2009-09-03 2011-03-03 John Larsen Kesler Method and System for Consolidating Communication
US11843581B2 (en) 2021-08-15 2023-12-12 Netflow, UAB Clustering of virtual private network servers

Family Cites Families (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4268722A (en) * 1978-02-13 1981-05-19 Motorola, Inc. Radiotelephone communications system
US4604686A (en) * 1984-01-27 1986-08-05 Martin Marietta Corporation Associative data access method (ADAM) and its means of implementation
US4955047A (en) * 1984-03-26 1990-09-04 Dytel Corporation Automated attendant with direct inward system access
US5375161A (en) * 1984-09-14 1994-12-20 Accessline Technologies, Inc. Telephone control system with branch routing
US4609778A (en) * 1984-09-27 1986-09-02 Franklin Andrew D Trunk call processing services for host computer interconnections
US4756020A (en) * 1985-08-30 1988-07-05 American Telephone And Telegraph Company, At&T Bell Laboratories Method and apparatus for disallowing the extension of a call through a network
US4839802A (en) * 1986-11-19 1989-06-13 Extel Corporation Adaptation of computer to communication operation
US4935956A (en) * 1988-05-02 1990-06-19 Telequip Ventures, Inc. Automated public phone control for charge and collect billing
US5181236A (en) * 1990-09-25 1993-01-19 Rockwell International Corporation Automatic call returning method for call distributor with message record capability
CA2102077C (en) * 1992-12-21 1997-09-16 Steven Lloyd Greenspan Call billing and measurement methods for redirected calls
GB9311367D0 (en) * 1993-06-02 1993-07-21 Plessey Telecomm Virtual private networks
JPH0723138A (en) * 1993-06-30 1995-01-24 Mitsubishi Electric Corp Pbx charging system
US5600643A (en) * 1993-09-23 1997-02-04 Bell Communications Research, Inc. Broadband intelligent telecommunications network and method providing enhanced capabilities for customer premises equipment
US6434537B1 (en) * 1993-10-04 2002-08-13 Lucent Technologies Inc. Cellular telephone billing management system
US5537464A (en) * 1993-11-02 1996-07-16 Lewis; C. Alan Method and apparatus for the billing of value-added communication calls
US5504744A (en) * 1994-03-09 1996-04-02 British Telecommunications Public Limited Company Broadband switching network
US5703935A (en) * 1994-03-29 1997-12-30 Mci Communications Corporation Automated telephone operator services
US5509062A (en) * 1994-08-03 1996-04-16 At&T Corp. Intelligent terminal based selective call forwarding
US5661782A (en) * 1994-12-05 1997-08-26 Bell Atlantic Network Services, Inc. Voice mail communication with call blocking
NL9500339A (en) * 1995-02-22 1996-10-01 Nederland Ptt Device for remote participation in a virtual private network.
US5544161A (en) * 1995-03-28 1996-08-06 Bell Atlantic Network Services, Inc. ATM packet demultiplexer for use in full service network having distributed architecture
US5650994A (en) * 1995-05-16 1997-07-22 Bell Atlantic Network Services, Inc. Operation support system for service creation and network provisioning for video dial tone networks
US5638434A (en) * 1995-08-30 1997-06-10 Mci Corporation Conference system for dial-out telephone calls
US5724417A (en) * 1995-09-11 1998-03-03 Lucent Technologies Inc. Call forwarding techniques using smart cards
US5764639A (en) * 1995-11-15 1998-06-09 Staples; Leven E. System and method for providing a remote user with a virtual presence to an office
US5579308A (en) * 1995-11-22 1996-11-26 Samsung Electronics, Ltd. Crossbar/hub arrangement for multimedia network
US5729598A (en) * 1996-03-11 1998-03-17 Bell Atlantic Network Services, Inc. Telephone network with telecommuting features
US5768271A (en) * 1996-04-12 1998-06-16 Alcatel Data Networks Inc. Virtual private network
US5970477A (en) * 1996-07-15 1999-10-19 Bellsouth Intellectual Property Management Corporation Method and system for allocating costs in a distributed computing network
US6546003B1 (en) * 1996-11-21 2003-04-08 Verizon Services Corp. Telecommunications system

Also Published As

Publication number Publication date
SE9902261D0 (en) 1999-06-16
AU5131198A (en) 1998-07-15
SE519297C2 (en) 2003-02-11
US6032118A (en) 2000-02-29
AU727878B2 (en) 2001-01-04
JP2002514362A (en) 2002-05-14
GB2336511A (en) 1999-10-20
DE19782193D2 (en) 1999-11-25
GB9914256D0 (en) 1999-08-18
SE9902261L (en) 1999-06-16
WO1998027783A1 (en) 1998-06-25
GB2336511B (en) 2001-10-24
EP1008275A1 (en) 2000-06-14
US6584444B1 (en) 2003-06-24

Similar Documents

Publication Publication Date Title
CA2275687A1 (en) Virtual private network service provider for asynchronous transfer mode network
AU709790B2 (en) Interactive and information data services telephone billing system
AU779137B2 (en) Systems and methods for providing dynamic network authorization, authentication and accounting
KR100655017B1 (en) Method for authenticated access, data network, and access point
AU730689B2 (en) Implementation of charging in a telecommunications system
US6430407B1 (en) Method, apparatus, and arrangement for authenticating a user to an application in a first communications network by means of a mobile station communicating with the application through a second communications network
CA2193748C (en) Data network security system and method
US6912593B2 (en) Information switching platform
US5621729A (en) Receiver controlled communication system
JPH08297625A (en) Networked kiosk registered (trademark) structure
US20020162029A1 (en) Method and system for broadband network access
JP4086340B2 (en) Network authentication system
EP1075748B1 (en) Method, arrangement and apparatus for authentication
Rotenberg Communications privacy: Implications for network design
JP2000151811A (en) Internet connection device
US20020138435A1 (en) Method and system for content delivery control using a parallel network
US20050102408A1 (en) System and method for network connection
US20020143708A1 (en) System and method for conducting secure on-line transactions using a credit card
US6272152B1 (en) Use of two-way cable transmissions to augment the security of the secure electronic transaction protocol
US20010037383A1 (en) Methods and apparatus for providing high-speed internet access to a device consecutively accessible to different people at different times
AU770479B2 (en) System and method for local policy enforcement for internet service providers
JP3487245B2 (en) COMMUNICATION CONNECTION METHOD, EXCHANGE NETWORK CONTROL DEVICE, AND SYSTEM WITHOUT SPECIFYING ENDING TERMINAL
US20020080941A1 (en) Message card
JP2003244136A (en) Authentication method and data distributing method in computer network
JP2001144749A (en) Method and system for specifying user concerned and recording medium with user specifying program recorded thereon in network

Legal Events

Date Code Title Description
EEER Examination request
FZDE Discontinued