Managing hierarchically organized subscriber profiles

US 7,843,813 B2
Filed: 08/30/2008
Issued: 11/30/2010
Est. Priority Date: 11/18/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A virtual router (VR) based telecommunications system comprising:

a virtual interface of a VR of a plurality of VRs operable within the VR-based telecommunications system operable to (i) define a connection between the VR and the subscriber computer, (ii) receive a data packet from a subscriber computer, (iii) request information regarding one or more operations to be performed on the data packet and (iv) configure the connection for the one or more operations; and

a policy engine of the VR to receive a request from the virtual interface for the information regarding the one or more operations to be performed on the data packet, the policy engine including,a virtual interface database having stored therein a first-level profile identifier associated with the virtual interface;

a profile identifier database having stored therein an intermediate profile identifier associated with the first-level profile identifier, wherein the intermediate profile identifier indirectly indicates the one or more operations to be performed on the data packet;

wherein each of a plurality of service contexts available to subscribers of a service provider are defined in terms of one or more profile identifiers of a plurality of profile identifiers each of which is representative of a particular subscriber service supported by the service provider;

wherein a memory requirement of the virtual interface database and the profile identifier database is dependent upon a number of available service contexts as a result of a hierarchical organization of the plurality of profile identifiers as intermediate profile identifiers and leaf profile identifiers, wherein the leaf profile identifiers explicitly define subscriber services and the intermediate profile identifiers indirectly represent sets of one or more subscriber services, which are defined by way of the intermediate profile identifiers'"'"' associations with one or more lower-level identifiers including zero or more of the leaf profile identifiers and zero or more of the intermediate profile identifiers;

wherein the virtual interface database and the profile identifier database are distributed between an authentication system of the service provider and a plurality of virtual routers (VRs), wherein a first portion of the virtual interface database is stored within the authentication system, the first portion including information indicative of associations among the subscribers and corresponding first-level profile identifiers representing a subset of the intermediate profile identifiers and a second portion of the profile identifier database is stored within a profile manager operable within each of the plurality of VRs, the second portion including information indicative of the associations among the subset of intermediate profile identifiers and the one or more lower-level identifiers; and

wherein requesting information regarding the one or more operations to be performed on data packet includes requesting, from the first portion, the first-level profile identifier and requesting, from the second portion, the one or more lower-level profile identifiers associated with the first level profile identifier.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus are provided for managing hierarchically organized subscriber profiles. According to one embodiment, a router includes multiple virtual interfaces and a policy engine. The virtual interfaces define connections between the router and corresponding subscribers of a service provider. A first virtual interface is operable to receive packets from a first subscriber and to process the packets in accordance with a first-level profile identifier. The policy engine is coupled with the virtual interfaces and operable to de-reference subscriber profiles of the subscribers on behalf of the virtual interfaces based on a database of hierarchically organized profile identifiers. The database includes multiple lower-level profile identifiers, which explicitly define subscriber services, and multiple first-level profile identifiers, which define service contexts representing combinations of services available to subscribers when connected to the service provider by (i) explicitly defining the subscriber services or (ii) referring to one or more of the lower-level profile identifiers.

204 Citations

11 Claims

1. A virtual router (VR) based telecommunications system comprising:
- a virtual interface of a VR of a plurality of VRs operable within the VR-based telecommunications system operable to (i) define a connection between the VR and the subscriber computer, (ii) receive a data packet from a subscriber computer, (iii) request information regarding one or more operations to be performed on the data packet and (iv) configure the connection for the one or more operations; and
  
  a policy engine of the VR to receive a request from the virtual interface for the information regarding the one or more operations to be performed on the data packet, the policy engine including,a virtual interface database having stored therein a first-level profile identifier associated with the virtual interface;
  
  a profile identifier database having stored therein an intermediate profile identifier associated with the first-level profile identifier, wherein the intermediate profile identifier indirectly indicates the one or more operations to be performed on the data packet;
  
  wherein each of a plurality of service contexts available to subscribers of a service provider are defined in terms of one or more profile identifiers of a plurality of profile identifiers each of which is representative of a particular subscriber service supported by the service provider;
  
  wherein a memory requirement of the virtual interface database and the profile identifier database is dependent upon a number of available service contexts as a result of a hierarchical organization of the plurality of profile identifiers as intermediate profile identifiers and leaf profile identifiers, wherein the leaf profile identifiers explicitly define subscriber services and the intermediate profile identifiers indirectly represent sets of one or more subscriber services, which are defined by way of the intermediate profile identifiers'"'"' associations with one or more lower-level identifiers including zero or more of the leaf profile identifiers and zero or more of the intermediate profile identifiers;
  
  wherein the virtual interface database and the profile identifier database are distributed between an authentication system of the service provider and a plurality of virtual routers (VRs), wherein a first portion of the virtual interface database is stored within the authentication system, the first portion including information indicative of associations among the subscribers and corresponding first-level profile identifiers representing a subset of the intermediate profile identifiers and a second portion of the profile identifier database is stored within a profile manager operable within each of the plurality of VRs, the second portion including information indicative of the associations among the subset of intermediate profile identifiers and the one or more lower-level identifiers; and
  
  wherein requesting information regarding the one or more operations to be performed on data packet includes requesting, from the first portion, the first-level profile identifier and requesting, from the second portion, the one or more lower-level profile identifiers associated with the first level profile identifier.
- View Dependent Claims (2, 3)
- - 2. The virtual router—
    - (VR) based telecommunications system of claim 1, wherein the one or more operations comprise a packet forwarding operation.
  - 3. The virtual router—
    - (VR) based telecommunications system of claim 2, wherein the one or more operations further comprise firewall operations, quality of service operations, tunneling operations, virtual private network operations or operations associated with virus protection.

4. A router comprising:
- a plurality of virtual interfaces defining connections between the router and corresponding subscribers of a plurality of subscribers, the plurality of virtual interfaces including a first virtual interface operable to receive packets from a first subscriber of the plurality of subscribers and to process the packets in accordance with a first-level profile identifier, of a plurality of first level profile identifiers assigned to the first subscriber and associated with an intermediate profile identifier; and
  
  a policy engine coupled in communication with the plurality of virtual interfaces and operable to de-reference subscriber profiles for a plurality of subscribers of a service provider on behalf of the plurality of virtual interfaces based on a scalable subscriber profile database in which a memory requirement for the scalable subscriber profile database is dependent upon a number of available service contexts as a result of a hierarchical organization of a plurality of profile identifiers as intermediate profile identifiers and leaf profile identifiers, wherein the leaf profile identifiers explicitly define subscriber services and the intermediate profile identifiers indirectly represent sets of one or more subscriber services, which are defined by way of the intermediate profile identifiers'"'"' associations with one or more lower-level identifiers including zero or more of the leaf profile identifiers and zero or more of the intermediate profile identifiers;
  
  wherein the scalable subscriber profile database is distributed between an authentication system of the service provider and a plurality of virtual routers (VRs), wherein a first portion of the scalable subscriber profile database is stored within the authentication system, the first portion including information indicative of associations among the subscribers and corresponding first-level profile identifiers representing a subset of the intermediate profile identifiers and a second portion of the scalable subscriber profile database is stored within a profile manager operable within each of the plurality of VRs, the second portion including information indicative of the associations among the subset of intermediate profile identifiers and the one or more lower-level identifiers;
  
  wherein each service context made available to subscribers of a service provider is defined in terms of one or more profile identifiers of the plurality of profile identifiers each of which is representative of a particular subscriber service supported by the service provider,wherein determining the first subscriber'"'"'s service context includes requesting, from the first portion of the scalable profile database, the first-level profile identifier and requesting, from the second portion of the scalable profile database, the one or more lower-level profile identifiers associated with the first level profile identifier and configuring the first virtual interface based on the first subscriber'"'"'s service context.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
- - 5. The router of claim 4, wherein the first virtual interface is configured to forward the packets as directed by the policy engine.
  - 6. The router of claim 5, wherein the first virtual interface is further configured to perform firewall operations on the packets as directed by the policy engine.
  - 7. The router of claim 5, wherein the first virtual interface is further configured to perform virus protection operations in relation to the packets as directed by the policy engine.
  - 8. The router of claim 5, wherein the first virtual interface is further configured to perform tunneling operations in relation to the packets as directed by the policy engine.
  - 9. The router of claim 5, wherein the first virtual interface is further configured to perform virtual private network operations in relation to the packets as directed by the policy engine.
  - 10. The router of claim 4, wherein the scalable subscriber profile database is populated at least in part based on information acquired from a Remote Authentication Dial-In User Service (RADIUS) server.
  - 11. The router of claim 4, wherein the first virtual interface is created and configured responsive to a connection request from the first subscriber.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
Balay, Rajesh I., Desai, Sachin S., Sargor, Chandramouli, Lemarchand, Francois, Khetawat, Amit K.
Primary Examiner(s)
Ryman; Daniel J
Assistant Examiner(s)
Divecha; Nishant B

Application Number

US12/202,224
Publication Number

US 20080317040A1
Time in Patent Office

822 Days
Field of Search

None
US Class Current

370/223
CPC Class Codes

H04L 47/2425   for supporting services spe...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 67/306   User profiles

H04L 67/61   taking into account QoS or ...

H04L 67/63   Routing a service request d...

Managing hierarchically organized subscriber profiles

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

204 Citations

11 Claims

Specification

Use Cases

Quick Links

Others

Managing hierarchically organized subscriber profiles

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

204 Citations

11 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others