1. Syed Hashmi Founder and CEO AdvOSS Farhan Zaidi Co-Founder & CTO AdvOSS Fawad Pasha VP Sales AdvOSS

2. Agenda 1. Quick overview of AAA 2. Authentication use cases 3. Authorization use cases 4. Accounting use cases Focus: To signify the demands on AAA Applications to realize new use cases

3. Bridge between Service Delivery & Core

4. AAA Applications Authentication handles ‘who’ intends to use the service Authorization handles ‘what’ service they want to use Accounting handles ‘how much’ of the service was used

5. AAA Applications Each AAA request is now handled by a respective ‘AAA Application’ that interfaces with different functions in core network over multiple interfaces.

6. Authentication Previously main use case was identification of users.

7. Authentication: New Use Cases Automatic Authentication Exclusivity of devices Control of Mobility Identity Theft Prevention Account Sharing Prevention Load Sharing among VLANs

8. Authentication: New Use Cases Lawful intercept Virtual Operators IP Address Allocation CPE sharing Unsubscribed Users Roaming

9. Automatic Authentication Used for automated login of user Technology used: Reverse IP Lookup Interface to HSS

10. Exclusivity of Devices Operator may want to exclude devices or CPEs not issued by it. Tech Features: Certificate based authentication (EAP-TLS)

11. Control of Mobility For Business or Regulatory reasons, the operator may like the users not to be able to connect beyond a given geographical area of access Tech used: Hunt Groups Access Control Lists

12. Identify Theft Protection Users should not be able to login using stolen IDs or devices. Two factor or multi-factor authentication needs to be supported Tech Used: EAP-TTLS

13. Account Sharing Prevention Operator for its business, regulatory or other needs, may not want more than one user to share a single account. Tech Used: Concurrency Check EAP-TTLS Interface to HSS

14. Load Sharing among VLANs For larger networks, operator may need to distribute subscribers across multiple VLANs Tech Used: Subscriber Zoning VLAN management Load Balancing Algorithms

15. Lawful Intercept AAA is usually an appropriate layer to comply with Lawful Intercept requirements of Real-Time and Near Real-Time monitoring of Signalling and/or media streams Available technologies: Forking Proxies AAA based routing Rule based engines

16. Virtual Operators Support for multiple virtual operators sharing access network Tech Used: Realm Hunt Group based Zoning Rule Based Engine Forking proxies

17. IP Address Allocation Maintenance of IP addresses and subnets Tech Used: IP repository IP Pools zoning

18. Allowing device Sharing Allowing multiple users to share a single device Tech Used: Combination of EAP-TLS and UserName/Password authentication

19. Unsubscribed Users Unsubscribed users should be able to get access on the fly using their PINs Tech Used: Interfaces to Voucher Management Interface to HSS or other Subscriber Management Interface to Provisioning Engine EAP-TTLS

20. Roaming Roaming allows home users to get access from visited networks and vice versa. Technologies used: Realm based routing Origin zoning in Policy

21. Authentication Responses Replying with network entry parameters Mixing pre-paid and post-paid subscribers Policy Enforcement and Bearer Binding

22. Network Entry Parameters In response of Authentication, the AAA gives the complete enforcement profile to the enforcement function. This is a detailed response on ‘how’ is the service to be delivered. Bandwidth, QoS, allowed features etc. are all part of this response

23. Pre-Paid behavior identification Based on Authentication, the type of user is identified to enforce Pre-paid behavior. For strictly pre-paid or PAYG (Pay As You Go) users, continuous authorizations or re- authorizations may be initiated.

24. Bearer Binding Depending on the nature of enforcement point, some information may have to be sent to Bearer Binding functions

25. Authorization Initial Authorization Re-Authorizations

26. Subscription Authorization Checking if Subscription is available for the asked Service and if it is valid at the time of request Tech Used: HSS Subscription Manager

27. Pre-paid Quota Authorization Application needs to keep counts of authorized quotas of both usage, duration and events and have arrangements to consume or refund them as needed. Tech Used Session Management Quota Management Charging Application

28. Pre-Paid Credit Authorizes enough credit for the Session Tech Used: Charging Application Rating Engine

29. Concurrency Enforcing concurrency limits on individual subscribers Tech Used: Session Management Profiles from HSS

30. Destination Control For ‘Destination’ based services, the requested resource may need to be authorized. Tech Used: Request Authorization Request Zoning Policy Management

31. Capacity & QoE Taking care of capacity issues on ingress and egress and with vendors Tech Used: Policy Server Request Zoning Session Management

32. QoS Asked QoS capability is matched with subscription information to allow/disallow request Tech used Capability Matching Flow based authorization Interface to HSS

33. Time of Day restrictions Service may be restricted based on time of day or other temporal criteria Tech Used: Policy Server Interface with Rating Engine

34. Access Method Control and Charging If operator supports multiple access methods (Fiber, Cable, Copper, Wi-Max, Wi-Fi), they may like to restrict users not to be able to access using other methods or they may like to be able to charge them separately. Technology: IP Address Zoning Policy Server

35. Routing Least Cost Routing or Policy Based Routing for termination of session Tech Used: LCR (Least Cost Routing) Capacity Management Policy Server

36. Authorization of Multiple Services AAA can authorize multiple services for the same user Tech Used Service Manager Service Offering Manager Interface to HSS

37. Subscription Add-Ons Add-on based profiles Tech Used: HSS User Profile Manager

38. Personalization Personalization allows users to change default behaviour as per their own preferences. Tech used: ID based profiles User Profiles

39. Re-Authorization Prepaid Quota Reservation Changed QoS including VAS

40. Authorization Responses If all authorizations are passed, authorization may respond with the following: Allowed Duration or Usage before Re-Authorization will be needed or session is disconnected Suggested Routing information if AAA is also doing the Routing towards terminators or vendors

41. Accounting Start Accounting Interim Accounting Stop Accounting

42. Start Accounting Hot lining Session Management Service Management

43. Hot-Lining Subscriber is re-directed to a Hot-Lining Application such as a captive portal to perform some remedial action before resuming service usage Technologies used: Accounting application Policy Server CRM (self-care portal)

44. Session Management Sessions are inserted, modified and deleted for real-time monitoring, business intelligence and several types of reporting Technologies used: Accounting application Management GUI

45. Interim Accounting Real-Time Charging Time based pricing Time based quotas Fair-Usage Policies Time based restrictions Hot-Lining Service Management Alerting

46. Real-Time Charging Online charging based on time, volume or events Technologies used: Accounting Application Rating & Charging engine

47. Time based Pricing Price is modified based on service used in different time slots of the day. Technologies used: Accounting Application Rating & Charging Policy Server

48. Time-based Quotas Service quotas are allocated to subscribers based on different time slots in the day Technologies used: Accounting Application Quota Manager Policy Server

49. Fair-Usage policies Subscribers on unlimited plans are gradually reduced the level of service if they consume service units too soon as per Service Provider policy Technologies used: Accounting Application Policy Server HSS

50. Alerting Bill Day Alerts Bill Shock Alerts Grace period Alerts Technologies used: Accounting Application Alerting application

51. Stop Accounting Revenue Assurance QoS Monitoring OTT (over the top) Applications

52. Revenue Assurance CDR writing on multiple points in the network

53. Near Real-Time QoS Monitoring Quality of service for different routes, destination, origins, access methods etc. is monitored in real-time. They include ASR, ACD, PDD, QoS etc. Tech Used: Interface to QoS monitoring application.

54. General Purpose Use Cases Real-Time Monitoring Service Assurance OTT (Over the Top) and Flow Based Accounting

55. Service Assurance Bypassing different interfaces to assure service continuity in case of system and network failures

56. Service Management Service experience and usability is modified based on policy rules, subscriber life cycle events and subscriber’s monetary credit etc. Technologies used: Accounting Application Policy Server HSS

57. AdvOSS Solution Radius / Diameter Server Policy Server PCRF Compliant HSS SDP AAA Applications Hot-lining / Captive Portal

58. Optional Products: Quota Manager Charging Engine Billing Engine Voucher Management System Provisioning Engine Mediation

59. Thank You For any further query and business with us please feel free to contact us at sales@advoss.com http://advoss.com Suite 120, 10691 Shellbridge Way Richmond, BC V6X 2W8, Canada Tel: +1 (604) 800 0269