The network of switching nodes and transmission facilities forming the backbone of the traditional telecommunications industry has undergone extraordinary changes to adapt to the communications requirements arising from the telecommunications revolution. Not only has the need for more and faster communications grown at breakneck speed, but multiple entrants into the field of telecommunications service providers and the explosive demand for data communications (e.g., connectivity with and through the Internet) has prompted significant changes to provide commercially and governmentally mandated access to network facilities and capabilities.
Prior to enactment of recent regulatory changes affecting the telecommunications industry, the incumbent local exchange carrier (LEC) had virtually exclusive access to the elements and facilities comprising its network. In most cases, neighboring LECs and inter-exchange carriers interfaced with the incumbent LEC's network pursuant to Standards promulgated by organizations such as the American National Standards Institute (ANSI) and Requirements developed and set by organizations such as Bellcore, (now Telcordia Technologies.) Independent carriers were also subject to such Standards, but were not subject to the Requirements. Because of the clout of ILECs however, their vendors' equipment confirmed to requirements, as well. However, with recent regulatory reform and technological advancements “opening up” the network and resulting in the creation of competitive local exchange carriers (CLECs) and other types of carriers, the incumbent LEC requires ways and means to interface with and among these new and varied networks. Often, these new networks are structured differently from and/or use different messaging, signaling standards, protocols and procedures than the public switched telephone network (PSTN) deployed by the incumbent LEC, thus creating additional interface problems. Even when they attempt to sue the same messaging, standards and protocols, they often do so using equipment with differing capabilities and requirements.
The need to interface with and accommodate varied network architectures and protocols has been further heightened by the rapid expansion of data communications requirements to accommodate users of the Internet. Typically, the LEC provides end terminus connectivity between the user's computer or local area network (LAN) and a central facility operated by an Internet Service Provider (ISP), termed a Point of Presence (POP). It is often desirable or necessary to provide the ISP with, not only communications access with the end user (i.e., payload data traditionally carried by a switched voice network), but also some limited form of access to signaling and control messaging transported by, for example, the LEC's common channel signaling (CCS) network, typically implemented as Signaling System 7 (SS7).
SS7 is a standard established and maintained by the American National Standards Institute (ANSI) defining procedures and protocols used by network elements of PSTNs to exchange data for call setup, routing and control (e.g., ISUP messages) and for the exchange of non-circuit related information between signaling points (e.g., transactional TCAP messages). SS7 messages are transmitted between network elements, known as signaling points (SP) using 56 or 64 kbps bidirectional channels called signaling links. SPs include Service Switching Points (SSPs), Signal Transfer Points (STPs), and Service Control Points (SCPs). SSPs are the switches that originate, terminate, or route (i.e., “tandem”) calls. SCPs provide centralized databases and support other centralized call processing functions required by special services (e.g., 800 numbers, enhanced call forwarding services, etc.) SCPs may be queried by an SSP using TCAP to obtain call routing and call handling information. The STPs route these network control messages over the SS7 network between and among the SSPs and SCPs as necessary. A complete description of such an SS7 system and supported Advanced Intelligent Network (AIN) supported by the system can be found, for example, in U.S. Pat. No. 5,572,583, incorporated herein in its entirety by reference.
Prior to the advent of competing carriers and network facilities, the connection between SS7 systems of incumbent LECs and IXCs relied on well defined and consistent interfaces. Typically, each carrier isolated its switched network from its SS7 network so that the latter was not accessible except at defined points of interconnection. Simple mechanisms were implemented which allowed restrictions to be placed on the types of signaling traffic that would be accepted from other networks.
With the advent of a liberalized interconnection environment, necessitated by an open network architecture, the interfaces between networks have been identified as points of vulnerability through which network impairing problems can be introduced. Such problems may be caused by unintentionally misdirected or erroneous messaging being introduced into a LEC's SS7 network at a point of interconnection or nefariously introduced messaging used to obtain unauthorized access to network facilities or to undermine network operations. To prevent improper and unauthorized access to the SS7 system, LECs have instituted specialized interfaces with other networks. These interfaces are commonly known as signaling mediation points, gateway screening systems or signaling system gatekeepers.
Telcordia Technologies (previously Bellcore) Generic Requirements document number GR-82-CORE provides requirements for STPs, used within signaling networks to connect network SPs to each other and to SPs in other networks. Traditional Gateway screening, defined in GR-82-CORE, facilitates the specification of specific messages that will be permitted into the network, based on message structure and the linkset on which the messages arrive. This screening is typically implemented using custom static tables created by the network operator. For example, traditional Gateway screening can be used to allow the transmission of all Transfer Prohibit (TFP) messages from a given Originating Point Code (OPC), addressed to a given Destination Point Code (DPC), and concerning a predesignated third Point Code (PC) into the network. These requirements were used by STP vendors to implement Gateway Screening between interconnected SS7 networks. Subsequently, various manufacturers have produced interface products known as SS7/IP Signaling Gateways (SGs) to interconnect SS7 signaling protocol with Internet Protocol (IP) based networks, such as the Internet. Commercially available equipment includes the MicroLegend SS7/IP Signaling Gateway, Ascend Signaling Gateway (ASG), Nuvo AIN platform SS7 Signaling Gateway by Mockingbird Networks, SGX2000 SS7 Signaling Gateway by Sonus Technologies, and others. In addition to performing protocol conversion between SS7 (and other CCs variants) and IP signaling, these Gateways may include a gateway screening function. Gateway screening, sometimes referred to as mediation, includes the selective control of signaling messages passed between networks based on parameters such as message origination and destination point codes, called and calling party addresses, etc. Thus, message header information may be examined to check whether a message is appropriate prior to routing.
Mediation is further described, for example, in Fikis et al., U.S. Pat. No. 5,953,404, incorporated herein by reference in its entirety. Fikis et al. describe a method and system for mediating signaling protocol dialogue between an internal signaling network operational domain operated by one network operator and an external signaling network operational domain operated by another network operator. SS7 traffic Message Signal Units (MSUs) arriving for mediation is divided into classes; some message classes are subject only to normal SS7 processing while others are further analyzed. MSUs requiring detailed analysis are routed to a mediation application process appropriate to that class. Alternatively, Signaling Connection Control Part (SCCP) address parameters are processed at a Signaling Mediation Point (SMP) so as to maintain normal SS7 message processing and routing functions while mediating individual messages. The disclosure further describes enabling the SMP to route a received MSU on toward its intended final destination based on information encoded in the Message Transfer Part (MTP) addresses contained in the MSU.
Fikis et al. further describe a Virtual Signaling Point (VSP) used to provide the SMP with information required to route a received MSU on toward its intended final destination using information contained in the MSU (OPC and DPC fields) together with a table maintained in the SMP. As described, an internal (external) SP perceives the VSP as its destination SP for the message rather than the intended external (internal) SP. Although the VSP does not exist as a separate Network Element, the internal and external SPs perceive it as an NE due to alterations made in MSUs by the SMP. Like an actual SP, a VSP is identified by its signaling point code. However, unlike an actual NE, the VSP signaling point code provides a unique mapping between the originating internal (external) SP and the true terminating external (internal) SP in addition to enabling routing of messages to the SMP.
Hetz et al., U.S. Pat. No. 5,835,583, assigned in common with the subject matter of the present invention, describe a central SMP in an AIN that stores call processing records for controlling call routing and other call processing functions. To provide short code access to information service providers, each information service provider operates an independent database storing additional call processing records. When an established subscriber dials the short code, e.g. an N111 code, the SMP identifies the information provider that the subscriber has previously selected from the subscriber's call processing record stored in the mediation point. The SMP communicates with that service provider's database to obtain call processing information. The SMP then validates the call processing information for compatibility with network operations and forwards validated call processing information to a node of the network to process the call in accord with the information from the provider's database.
Schwartz et al., U.S. Pat. No. 5,862,334, describe a network service access system and method for intelligent networks including an SMP between network SSPs and third party service provider SCP. The SMP is a gateway to the AIN network for the service provider SCPs. Each message from the SCP (Query, Conversation, Response, Unidirectional) is screened. For example, the global title address in the SCCP called party address field is screened against a list authorized SS7 nodes. The SMP may also perform other screening, for example, TCAP (Transaction Capabilities Application Part) and AIN message screening. After normal TCAP and AIN Message screening (both response and unsolicited messages), if an error is found the screening failure is pegged and the message is logged. The erroneous message is then discarded.
Weisser, J. et al., U.S. Pat. No. 5,430,719, describe a method of mediating traffic across an interface between an AIN operated by a LEC and an outside service provider. The interface is defined between an application by a non-local exchange carrier service provider for some form of enhanced telephone service requiring use of the AIN and a shared execution environment interpreter on the other side of the interface. Mediation is conducted by the shared execution interpreter that is run on a LEC operated SCP. The shared execution interpreter enforces sufficient rules so that the LEC does not require knowledge of the details of implementation of the service provider's application. Mediation includes testing of tables to determine whether a directory number referenced in a message request from a service provider application is a customer of the service provider, whether trunk group routing requests are valid for the service providers and whether any or particular levels of access to certain network elements are authorized for the requesting service provider.
While these systems and methods mediate between diverse remote networks and a LEC's SS7 network by checking information related to routing, the systems fail to provide a level of security that would protect the LEC's SS7 and the PSTN (of which it is a part) from properly formatted and addressed but otherwise improper messages. This message validity checking, according to the prior art, is further deficient in its inability to readily accommodate messages received from sources wherein message origination information may be difficult to verify, e.g. messages received from distant, non-contiguous LEC's, non-LEC service providers, etc. Considering that these messages may originate on and/or be transported by relatively insecure networks including, for example, the public Internet, the problem of providing access while limiting any resultant threat to the PSTN caused by spurious, erroneous, or malicious messages is made more difficult. Finally, the prior art is deficient in that it fails to examine the context in which a message is received. Messages which are appropriate at one point in a call or transaction may be inappropriate under other conditions, depending either on the state of the call or transaction, or on the specific data elements passed in prior stages of the call or transaction.