Mediation of open advanced intelligent network in SS7 protocol open access environment
First Claim
1. A method for preventing unauthorized transmission of data packet messages between a service provider service control point (SP-SCP) and an intelligent switched telephone network, said network including a plurality of digital data communications channels among a plurality of intelligent switched network elements including at least one signal transfer point (STP) and at least one mediated access service control point (MA-SCP), said MA-SCP being connected to said STP, comprising the steps of:
- receiving a message in said STP;
transmitting said message from said STP to said MA-SCP; and
mediating said message in said MA-SCP, wherein said MA-SCP includes at least one database containing customer records, wherein said message comprises a first transaction number, and wherein said step of mediating said message in said MA-SCP comprises;
storing a transaction identifier for said message in said database;
generating a second transaction number for said message;
associating said second transaction number with said first transaction identifier in said database;
removing said first transaction number from said message; and
adding said second transaction number to said message.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of mediation of data packet traffic across an interface between the Advanced Intelligent Network (AIN) operated by a local exchange carrier and a non-local exchange carrier service provider is disclosed. The interface is defined between a service provider'"'"'s network device, such as a service control point (SCP), that has access to the AIN through SS7 protocol data links connected to a local exchange carrier device, such as a service transfer point (STP). Gateway screening at the STP is used to perform certain mediation steps with respect to data packets that originate with non-local exchange carrier network elements. An invalid data packet is rejected, but a valid data packet is passed for further mediation steps to a mediated access SCP. Prior to further routing of the data packet (other than rejection), the mediated access SCP removes information from the data packet regarding the source of the data packet. The mediated access SCP stores this removed information, generates substitute information, correlates the removed information with the substitute information, and replaces the removed information in the data packet with substitute information. The mediated access SCP examines the responsive data packet upon receipt for inclusion of the substitute information. If the responsive data packet does not include this substitute information, the data packet is rejected. If the responsive data packet includes the substitute information, and is otherwise valid, mediated access SCP correlates the substitute information to the removed information, and uses the removed information to further route the data packet.
-
Citations
46 Claims
-
1. A method for preventing unauthorized transmission of data packet messages between a service provider service control point (SP-SCP) and an intelligent switched telephone network, said network including a plurality of digital data communications channels among a plurality of intelligent switched network elements including at least one signal transfer point (STP) and at least one mediated access service control point (MA-SCP), said MA-SCP being connected to said STP, comprising the steps of:
-
receiving a message in said STP; transmitting said message from said STP to said MA-SCP; and mediating said message in said MA-SCP, wherein said MA-SCP includes at least one database containing customer records, wherein said message comprises a first transaction number, and wherein said step of mediating said message in said MA-SCP comprises; storing a transaction identifier for said message in said database; generating a second transaction number for said message; associating said second transaction number with said first transaction identifier in said database; removing said first transaction number from said message; and adding said second transaction number to said message. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for preventing unauthorized transmission of data packet messages between a service provider service control point (SP-SCP) and an intelligent switched telephone network, said network including a plurality of elements including at least one signal transfer point (STP) and at least one mediated access service control point (MA-SCP), said MA-SCP being connected to said STP, comprising the steps of:
-
receiving a message in said STP; transmitting said message from said STP to said MA-SCP; and mediating said message in said MA-SCP, wherein said MA-SCP includes at least one database containing customer records, and wherein said step of mediating said message in said MA-SCP comprises; determining whether said message includes a transaction number; if said message includes said transaction number, comparing said transaction number for correspondence to a list of active transaction numbers stored in said database; and rejecting said message if said transaction number fails to correspond to an entry in said list of active transaction numbers. - View Dependent Claims (8)
-
-
9. A method for preventing unauthorized transmission of data packet messages between a service provider service control point (SP-SCP) and an intelligent switched telephone network, said network including a plurality of digital data communications channels among a plurality of intelligent switched network elements including at least one signal transfer point (STP) and at least one mediated access service control point (MA-SCP), said MA-SCP being connected to said STP, comprising the steps of:
-
receiving a message in said STP; transmitting said message from said STP to said MA-SCP; and mediating said message in said MA-SCP, wherein said message is a response message received from said SP-SCP in response to a query message, and wherein said step of mediating said message in said MA-SCP comprises; determining whether said response message includes an originating point code; if said response message includes said originating point code, tempting said originating point code for correspondence to a destination point code associated with said query message; and rejecting said message if said originating point code fails to correspond to said destination point code.
-
-
10. A method for preventing unauthorized transmission of data packet messages between a service provider service control point (SP-SCP) and an intelligent switched telephone network, said network including a plurality of elements including at least one mediated access service control point (MA-SCP), comprising the steps of:
-
receiving a message in said MA-SCP; and mediating said message in said MA-SCP;
by;reading said message for message information from the Advanced Intelligent Network (AIN) potion of said message, comparing said message information from said AIN portion of said message for correspondence to at least one record in a database, and rejecting said message if said message information fails to correspond to said at least one record in said database.
-
-
11. A method for preventing unauthorized transmission of data packet messages between a service provider service control point (SP-SCP) and an intelligent switched telephone network, said network including a plurality of elements including at least one signal transfer point (STP) and at least one mediated access service control point (MA-SCP), said MA-SCP being connected to said STP, comprising the steps of:
-
receiving a message in said STP; transmitting said message from said STP to said MA-SCP; mediating said message in said MA-SCP; determining whether said message has passed mediation in said MA-SCP; if said message has passed mediation in said MA-SCP, determining whether said SP-SCP is out-of-service; and if said SP-SCP is out-of-service, then rejecting said message and providing said message with a default response. - View Dependent Claims (12, 13, 34, 35)
-
-
14. A method for preventing unauthorized transmission of data packet messages between a service provider service control point (SP-SCP) and an intelligent switched telephone network, said network including a plurality of digital data communications channels among a plurality of intelligent switched network elements including at least one signal transfer point (STP) and at least one mediated access service control point (MA-SCP), said MA-SCP being connected to said STP, comprising the steps of:
-
receiving a message in said STP, wherein said message comprises an originating point code and wherein said STP has a port identifier for each authorized provider of messages to said STP; determining whether said message originates with said SP-SCP; if said message originates with said SP-SCP, then initially mediating said message in said STP by comparing said originating point code for correspondence with at least one port identifier and rejecting said message if said originating point code fails to correspond to any of said port identifiers; transmitting said message from said STP to said MA-SCP; and mediating said message in said MA-SCP.
-
-
15. A method for preventing unauthorized transmission of data packet messages between a service provider service control point (SP-SCP) and an intelligent switched telephone network, said network including a plurality of digital data communications channels among a plurality of intelligent switched network elements including at least one signal transfer point (STP) and at least one mediated access service control point (MA-SCP), said MA-SCP being connected to said STP, comprising the steps of:
-
receiving a message in said STP, wherein said message comprises a destination code and wherein said STP has at least one authorized address designating an authorized destination for messages for each authorized provider of messages to said STP; determining whether said message originates with said SP-SCP; if said message originates with said SP-SCP, then initially mediating said message in said STP by comparing said destination code for correspondence with at least one authorized address and rejecting said message if said destination code fails to correspond to any of said authorized addresses; transmitting said message from said STP to said MA-SCP; and mediating said message in said MA-SCP. - View Dependent Claims (16)
-
-
17. A method for preventing unauthorized transmission of data packet messages between a service provider service control point (SP-SCP) and an intelligent switched telephone network, said network including a plurality of digital data communications channels among a plurality of intelligent switched network elements including at least one signal transfer point (STP) and at least one mediated access service control point (MA-SCP), said MA-SCP being connected to said STP, comprising the steps of:
-
receiving a message in said STP, wherein said message comprises a service indicator, and wherein said STP has at least one service indicator designating an authorized service for each authorized provider of messages to said STP; determining whether said message originates with said SP-SCP; if said message originates with said SP-SCP, then initially mediating said message in said STP by comparing said service indicator for correspondence with at least one authorized service indicator and rejecting said message if said service indicator fails to correspond to any of said authorized service indicators; transmitting said message from said STP to said MA-SCP; and mediating said message in said MA-SCP.
-
-
18. A method of mediating traffic in packet messages in an intelligent switched telephone network that includes a plurality of digital data communications channels among a plurality of network elements, comprising the steps of:
-
causing a first one of said plurality of network elements that originates a new transaction capabilities application part (TCAP) message to generate a first transaction number for each said new TCAP message; causing said first network element to include said first transaction number said TCAP message prior to said first network element transmitting said TCAP message to a second one of said plurality of network elements; causing said second network element to create a unique transaction identifier for association with said TCAP message; causing said second network element to generate a second transaction number for said TCAP message; causing said second network element to delete said first transaction number from said TCAP message; causing said second network clement prior to said network element transmitting said TCAP message to another destination to include said second transaction number said TCAP message; and causing said network elements to thereafter reject other TCAP messages that effect the particular transaction associated with said TCAP message but that do not contain said second transaction number in said other TCAP messages. - View Dependent Claims (19, 20, 21, 22, 23)
-
-
24. A method of mediating traffic in packet messages between a service provider service control point (SP-SCP) and an intelligent switched telephone network that includes a plurality of digital data communications channels among a plurality of network elements including a plurality of service switching points, at least one mediated access service control point (MA-SCP) and at least one signal transfer point (STP), comprising the steps of:
-
causing said SP-SCP to generate a first transaction number for each new message that said SP-SCP originates; causing said SP-SCP to include said first transaction number in said message prior to said SP-SCP transmitting said message to one of said plurality of network elements; after said network element receives said message, causing said network element to create a unique transaction identifier for association with said message; causing said network element to generate a second transaction number for said message; causing said network element to store said second transaction number in association with said unique transaction identifier; causing said network element to delete said first transaction number from of said message; causing said network element to add said second transaction number to said message; and causing said SP-SCP and said network elements thereafter to include said second transaction number in other messages affecting the particular transaction associated with said message and to reject said other messages that do not include said second transaction number. - View Dependent Claims (25, 26, 27)
-
-
28. A method of mediating traffic in data packet messages between a service provider service control point (SP-SCP) and an intelligent switched telephone network including a signal transfer point (STP) and a mediated access service control point (MA-SCP), comprising the steps of:
-
providing that said SP-SCP be allowed to use only particular trunk group routings of said network with respect to use of said network by said SP-SCP; causing said MA-SCP to maintain a table of legal trunk group indices for said SP-SCP, said legal trunk group indices representing said particular trunk group routings which may be used by said SP-SCP; receiving a message associated with said SP-SCP in said STP; transmitting said message from said STP to said MA-SCP; in response to said MA-SCP receiving said message associated with said SP-SCP wherein said message includes a request for a trunk group routing, causing said MA-SCP to check said table for an entry corresponding to said trunk group routing; and causing said MA-SCP to reject said message if said trunk group routing fails to correspond to any entry in said table.
-
-
29. A method of mediating traffic in data packet messages between a service provider service control point (SP-SCP) and an intelligent switched telephone network including a mediated access service control point (MA-SCP), comprising the steps of:
-
providing that said SP-SCP has authorized access to a plurality of network elements of said network; causing said MA-SCP to maintain a table of authorized directory numbers of network elements for said SP-SCP, each of said authorized directory numbers representing a network element of said plurality of network elements to which said SP-SCP has said authorized access; receiving a message associated with said SP-SCP in said STP; transmitting said message from said STP to said MA-SCP; in response to said MA-SCP receiving said message associated with said SP-SCP wherein said message includes a request for access to a particular network element and includes a directory number for said particular network element, causing said MA-SCP to check said table for said directory number of said particular network element; and causing said MA-SCP to reject said message if said directory number of said particular network element fails to correspond to an entry in said table.
-
-
30. A method of mediating traffic in data packet messages between a service provider service control point (SP-SCP) and an intelligent switched telephone network including a mediated access service control point (MA-SCP), comprising the steps of:
-
causing said MA-SCP to maintain a permitted limited network resource occupancy number for said SP-SCP with respect to the use of limited network resources of said network, said limited network resources comprising audio connection devices; causing said MA-SCP to maintain a current count of each limited network resource occupied by said SP-SCP within a preselected period; receiving a message associated with said SP-SCP in said STP; transmitting said message from said STP to said MA-SCP; in response to said MA-SCP receiving said message associated with said SP-SCP wherein said message includes a request for use of a limited network resource, causing said MA-SCP to check said current count; and causing said MA-SCP to reject said message if said current count is equal to or greater than said permitted resource occupancy number.
-
-
31. A method of mediating traffic in data packet message between a service provider service control point (SP-SCP) and an intelligent switched telephone network including a mediated access service control point (MA-SCP), comprising the steps of:
-
causing said MA-SCP to maintain a current count of each default treatment provided within a preselected period by said MA-SCP with respect to messages directed to said SP-SCP; and if said current count is equal to or exceeds a preselected count of default treatment to be provided to messages directed to said SP-SCP, causing said MA-SCP to reduce the number of messages provided to said SP-SCP. - View Dependent Claims (32, 33)
-
-
36. A method of managing mediated traffic in data packet messages between an out-of-service service provider service control point (SP-SCP) and an intelligent switched telephone network including a mediated access service control point (MA-SCP), comprising the steps of:
-
classifying a SP-SCP as said out-of-service SP-SCP; causing said MA-SCP to send said out-of-service SP-SCP an Advanced Intelligent Network (AIN) test message; and if said out-of-service SP-SCP correctly responds to said AIN test message, causing said MA-SCP to classify said out-of-service SP-SCP as an in-service SP-SCP. - View Dependent Claims (37)
-
-
38. A method of managing mediated traffic in data packet messages between a service provider service control point (SP-SCP) and an intelligent switched telephone network including a mediated access service control point (MA-SCP), comprising the steps of:
-
causing said MA-SCP to recognize an auditable event with respect said mediated traffic in data packet messages between said SP-SCP and said MA-SCP wherein said auditable event comprises an invalid attempt to establish a transaction, an invalid attempt to access data or a change to a security process configuration; and causing said MA-SCP to create an audit trail for said auditable event.
-
-
39. A method of managing mediated traffic in data packet messages between a service provider service control point (SP-SCP) and an intelligent switched telephone network including a mediated access service control point (MA-SCP), comprising the steps of:
-
causing said MA-SCP to recognize an auditable event with respect to said mediated traffic in data packet messages between said SP-SCP and said MA-SCP, wherein said auditable event involves a message, and causing said MA-SCP to create an audit trail for said auditable event, wherein said audit trail comprises the date, the time, the trigger type and the triggering destination number of said message and a copy of said message, and wherein said step of causing said MA-SCP to create an audit trail for said auditable event comprises causing said MA-SCP to create said audit trail including said data, said time, said trigger type and said triggering destination of said message and said copy of said message.
-
-
40. A method of managing mediated traffic in data packet messages between a service provider service control point (SP-SCP) and a plurality of network elements in an intelligent switched telephone network, comprising the steps of:
-
causing a mediated access service control point (MA-SCP) to attach a security audit request parameter to a message received from the SP-SCP; and in response to receipt of said message including said security audit request parameter at one of said plurality of network elements, causing said one of said plurality of said network elements to turn on a security parameter for said message. - View Dependent Claims (41)
-
-
42. A method for preventing unauthorized access of data packet messages from a service provider service control point (SP-SCP) to an intelligent switched telephone network, said network including a plurality of digital data communications channels among a plurality of intelligent switched network elements including at least one signal transfer point (STP) and at least one mediated access service control point MA-SCP), said MA-SCP being connected to said STP, comprising the steps of:
-
receiving a message in said STP from said SP-SCP; transmitting said message from said STP to said MA-SCP; and mediating said message in said MA-SCP by examination by said MA-SCP of the Advanced Intelligent Network (AIN) portion of said message, removing information from said AIN portion of said message, and adding substitute information to said AIN portion of said message.
-
-
43. In an intelligent switch telephone network, an apparatus for preventing unauthorized access of data packet messages from a service provider service control point (SP-SCP) in said network, said network including a plurality of digital data communication channels among a plurality of intelligent switched network elements including at least one signal transfer point (STP) and at least one mediated access service control point (MA-SCP), said MA-SCP being connected to said STP comprising:
-
a MA-SCP, said MA-SCP being operative to receive a message from said SP-SCP, said message including an Advanced Intelligent Network (AIN) portion, and prior to further routing of said message in said network, said MA-SCP being further operative to mediate said message by examination of said AIN portion, by removing information from said AIN portion and by adding substitute information to said AIN portion. - View Dependent Claims (44)
-
-
45. A method of managing mediated traffic in data packet messages between a service provider service control point (SP-SCP) and an intelligent switched telephone network including a mediated access service control point (MA-SCP), comprising the steps of:
-
causing said MA-SCP to recognize an auditable event with respect to said mediated traffic in data packet messages between said SP-SCP and said MA-SCP, wherein said auditable event involves a message, and causing said MA-SCP to create an audit trail for said auditable event, wherein said audit trail comprises the date, the time, and a copy of said message, and wherein said step of causing said MA-SCP to create an audit trail for said auditable event comprises causing said MA-SCP to create said audit trail including said date, said time, and said copy of said message.
-
-
46. A method for preventing unauthorized access of data packet messages from a service provider service control point (SP-SCP) to an intelligent switched telephone network, said network including a plurality of digital data communications channels among a plurality of intelligent switched network elements at least one signal transfer point (STP) and at least one mediated access service control point (MA-SCP), said MA-SCP being connected to said STP, comprising the steps of:
-
receiving a message in said STP from said SP-SCP; transmitting said message from said STP to said MA-SCP; and mediating said message in said MA-SCP by examination by said MA-SCP of the Advanced Intelligent Network (AIN) portion of said message, wherein said examination includes a determination as to whether said AIN portion of said message includes valid or invalid parameters with respect to access to said network by said SP-SCP, and by rejection by said MA-SCP of said message if said MA-SCP determines that said AIN portion of said message includes said invalid AIN parameters.
-
Specification