This present invention relates generally to systems for supporting authorization based phone calls, and more particularly to a distributed authorization based phone call system used in Voice Over IP networks.
Packet switched networks route voice traffic using a Voice Over Internet Protocol (VoIP). VoIP allows telephone calls to be carried over an Internet Protocol (IP) network between two telephones or computers.
Authorization systems verify user authorization to particular phone services before allowing the phone network to connect the call. The authorization system usually exchanges certain parameters between a Network Access Server (NAS) that receives inputs from a user and an authorization server that has access to a user database containing authorization information for valid users.
Credit based authorization is one type of authorization based phone call. With credit based authorization, the user sets up a debit account with a telephone company prior to making phone calls. The debit account often takes the form of a preapproved calling card. When the user wishes to make a phone call, the authorization system verifies that the user has sufficient credit on the calling card account before connecting the phone call. As the call continues, the authorization system continuously tracks the cost of additional time of the call and subtracts the additional cost from the remaining credit in the calling card account. The authorization system notifies the user when the credit limit is about to run out on the calling card. If the user continues to talk past the remaining credit limit, the authorization system terminates the phone call.
In VoIP networks, a call is established through the packet switched network via a local gateway. A central authorization server in another part of the network tracks state information regarding the authorization based call. State information includes account identification information associated with the call, the rate for the current call, the elapsed time of the current call, the amount of credit remaining on the prepaid calling card, etc.
The authorization server keeps state information for all open authorization based calls that go through the same authorization system. This centralized authorization system does not scale well. This is because all open authorization based calls are managed by the same authorization server. There is also a reliability (robustness) problem with a centralized authorization server. If the authorization server crashes, all open authorization based calls could be disconnected. State information for all the open authorization based calls can also be lost when the authorization server crashes, creating accounting errors.
Another problem exists with tracking authorization based call states from a central authorization server. The gateways that establish the call connections between two different endpoints are typically not prepared to respond to signals sent asynchronously from the authorization server. Thus, if the authorization server identifies a call exceeding a user""s credit authorization, the gateway may not be able to disconnect the call in a timely manner.
Thus, the need remains for improving the scalability and reliability of authorization based telephone systems.
A call authorization system moves authorization based state maintenance from a central authorization server to multiple gateways in a packet switched network. A simple authorization session protocol is used between the authorization server and the gateways that minimizes network traffic and also releases the authorization server from maintaining call states for open authorization based phone calls.
The gateway receives an account identifier and an authorization request for establishing a phone call with an endpoint in the packet-switched network. The gateway sends an authorization request message to the authorization server including the account identifier and the authorization request. The authorization server uses the account identifier as an index for matching a user record in a user database.
The authorization server sends back a response message accepting the authorization request if a user record verifies the authorization request. The gateway connects the call when the authorization request is accepted and then maintains call authorization states for the connected call. If the authorization request is rejected by the authorization server, the gateway terminates the authorization request.
Scaling of the authorization system is improved since the authorization server is freed from maintaining call states for all open authorization based calls. Robustness is also improved because the authorization server can crash and come back up during a credit based call without disconnecting or losing call state information for open calls. Because call state maintenance is distributed to multiple gateways, any one gateway can crash, and not affect credit based calls established through other gateways.
The authorization session between the authorization server and the gateway is used for a variety of different types of authorization based phone calls. For example, the invention is used for credit based call authorization such as required for prepaid calling cards. The invention allows the gateway to effectively xe2x80x9cescrowxe2x80x9d funds from the user account while the call is in progress, with a timer ticking down the escrow amount. The authorization server takes the entire escrowed amount out of the user""s debit account. If the call terminates before the escrowed amount held at the gateway is used up, the remaining escrowed amount is xe2x80x9cre-creditedxe2x80x9d to the user""s account maintained by the authorization server. Thus, instead of maintaining and conducting all authorization state processing in the authorization server, the escrowed amount is held and maintained by the gateway and returned to the authorization server at the end of the call.
The invention is also used for destination based call authorization where a particular call account is authorized to make calls only to prespecified phone numbers. In another application, the authorization session is used for class of service based call or quality of service authorization where call accounts are authorized for particular call services, such as video conference calls.
The foregoing and other objects, features and advantages of the invention will become more readily apparent from the following detailed description of a preferred embodiment of the invention which proceeds with reference to the accompanying drawings.