1. Field of the Invention
The present invention generally relates to telecommunication networks, and more particularly to a system and method for providing a robust network having enhanced security and integrity.
2. Discussion of the Related Art
Presently there is a need for enhanced security and integrity in a telecommunications network, while at the same time promoting and maintaining a flexible and robust telecommunications network.
In recent years, there has been a proliferation in digital telecommunication systems, and frequently, high capacity users define the endpoints of a telecommunications network. Service providers, local area networks (LANs), and private branch exchanges (PBXs), are all examples of such high capacity users. Typically, the incoming/outgoing network link connected to such high capacity users includes a high capacity trunk line, such as a T1, T3, E3, OC3, DS, or DSL line, which may interconnect with various other users, through, for example, a point-to-point connection or a frame relay network. As is known, such networks provide for high capacity throughput.
There are, however, various shortcomings in the present state of the art, including the handling of fault detection, security, and prioritization. Mechanisms are well known for identifying and notifying a user of a line interruption or other fault condition existing in the link between endpoints. However, endpoint equipment often responds by rerouting all data on a particular line, as opposed to on the affected network data path. For example, suppose one endpoint of a telecommunications network interfaces to a LAN (e.g. a corporate network) and the telecommunications link communicating with the endpoint is a high capacity T1 line. If the endpoint detects a fault or breakage in any channel(s) of the T1 line, present systems operate to reroute the entirety of the data traffic across that T1 line through another port, whether that be a secondary T1 line or an alternative backup link. However, fractional or partial line faults are often encountered, making such a global rerouting of data wasteful and unnecessary. For example, data transmitted across a frame relay network (e.g., packet-switched data) often suffers only a partial fault, or a network breakage at some intermediate point across which only a portion of the data to the ultimate endpoint traverses.
Another shortcoming noted in present state of the art systems relates to security. In keeping with the previous example of a telecommunications network endpoint being connected to a LAN, there is a tremendous need for providing secured entry from any remote caller outside the LAN to access the network by way of, for example, a dial-up connection. Frequently security issues, such as this one, are handled by password protection. In such systems, dial-up users are required to provide a password for access to the network. The inherent problem with this type of security implementation is that passwords can be compromised by unauthorized outsiders, who misuse the compromised password to disrupt or corrupt the system (i.e., the LAN).
Yet a further shortcoming of present systems relates to the prioritization of network access requests, particularly in bandwidth limited network systems. For example, in a plain old telephone system (POTS) or a basic rate interface integrated services digital network (ISDN-BRI). Access to the network is defined by a relatively narrow bandwidth, insofar as a large number of users might be concerned. In applications or systems such as these, it is important to provide a mechanism that allows incoming network access requests of higher priority to be accepted. Of course, this may require the termination of existing connections, but more importantly, requires the ability to detect the priority of an incoming access request in relation to an existing connection, which is presently a need that is largely not addressed by known systems.
There is, therefore, a need in the industry for a method and apparatus for addressing these and other related problems.
Certain objects, advantages and novel features of the invention will be set forth in part in the description that follows and in part will become apparent to those skilled in the art upon examination of the following or may be learned with the practice of the invention. The objects and advantages of the invention may be realized and obtained by means of the instrumentalities and combinations particularly pointed out in the appended claims.
To achieve the advantages and novel features, the present invention is generally directed to an apparatus for establishing a backup communications link for rerouting data in a telecommunications network. In accordance with one aspect of the invention the apparatus establishes a primary network link between a calling party and a called party, and examines connection setup information at the called party location to identify the calling party. Thereafter, the apparatus stores identification information related to the calling party. Upon identification of a fault condition in the network link between the calling party and the called party, the apparatus retrieves the stored identification information of the calling party from the called party and uses the retrieved identification information to establish a backup network link. Alternatively, the apparatus can use the identification information of the calling party to identify a backup link path different from the original link path.
In accordance with the invention, the primary network link may be a T1 link, an ISDN link, or a POTS link. The link may be a point-to-point link, a permanent virtual circuit, a packet-switched frame relay circuit, or other similar network link. Preferably, the apparatus utilizes a lookup table or other database to store party profile information, which may include security information or priority data. Identification information related to the calling party is used to access/index such a table or database.
In accordance with another aspect of the present invention, the apparatus establishes a secured data link between a calling party and a called party. In accordance with this aspect of the invention, the apparatus receives a network access request from a remote user, obtains the calling party identification information, and uses the calling party identification information to access a lookup table. The apparatus determines whether a profile exists in the lookup table that corresponds to the calling party. If so, the apparatus further confirms from information provided in the lookup table, whether that user is entitled to access the system. If so, the apparatus directs the system to establish the connection with the remote user. In a preferred embodiment, the system may provide an added level of security by requiring the remote user to enter a password, as well.
Preferably, this aspect of the invention receives a signal from a calling party requesting a network link, and examines link setup information within the received signal for the called party to identify the calling party. The apparatus then accesses a memory storage area using the identification information associated with the calling party to retrieve information related to the calling party, and evaluates security data within the retrieved information. If the security data permits the establishment of a connection, then the apparatus directs the system to establish a network link with the calling party.
In accordance with yet another aspect of the present invention, the apparatus provides for prioritizing the establishment and maintenance of network links. In accordance with this inventive aspect, the apparatus establishes a first network link with a first calling party and receiving a signal from a second calling party that is requesting the establishment of a second network link. Upon receiving the signal, the apparatus examines the link setup information for the calling party to identify the second calling party. The apparatus accesses a memory storage area using the identification information related to the second calling party for use in evaluating user priority, and allocates resources in accordance with the evaluated information.
In a preferred embodiment, the apparatus allocates resources by assessing the priority of the calling party with respect to user(s) utilizing established network connections. More specifically, the apparatus may terminate the first network connection if the second calling party has a higher priority and system resources are unable to support the maintenance of both network links simultaneously.
In accordance with yet a further aspect of the present invention, the apparatus controllably establishes a network connection with remote equipment associated with a calling party. The apparatus includes receiving means for receiving a signal from a calling party seeking the establishment of a network link, and examining means for examining connection setup information included in the received signal, the network setup information including the caller identification information, the Internet protocol (IP) address, or data-link connection identifiers (DLCIs) associated with the calling party. The apparatus further includes a memory storage area for storing calling party information, and means for accessing and evaluating information stored in the memory storage area.