公开(公告)号：US20090232015A1

公开(公告)日：2009-09-17

申请号：US12320449

申请日：2009-01-27

申请人： Peter Domschitz ,  Ralf Klotsche ,  Karsten Oberle

发明人： Peter Domschitz ,  Ralf Klotsche ,  Karsten Oberle

IPC分类号： H04J1/16 ,  H04W72/00 ,  H04L12/56

CPC分类号： H04L47/824 ,  H04L41/5022 ,  H04L47/11 ,  H04L47/70 ,  H04L47/805

摘要： A traffic control device (50) for a Quality of Service-aware packet-based network (10) comprises detection means (52) for detecting packet flows in a packet stream (46) by preferably repeatedly performing a data packet inspection on the packet stream (46), the data packet inspection being neither based on signaling information nor on application awareness, determining means (54) for determining a flow parameter, in particular a flow rate, of at least one of the detected packet flows, assignment means (56) for generating assignment information assigning a resource of the packet-based network (10) to the at least one detected packet flow in dependence of the detected flow parameter, and sending means (58) for sending the assignment information to a resource control device (44) for causing the resource control device (44) to allocate the assigned resource. In such a way, reliable and cost-efficient quality of service management in a packet-based network (10) is facilitated.

摘要翻译： 一种用于基于服务质量的基于分组的网络（10）的业务控制设备（50）包括检测装置（52），用于通过优选地重复地对分组流重复执行数据分组检查来检测分组流（46）中的分组流 （46），所述数据分组检查既不基于信令信息也不基于应用感知，确定装置（54）用于确定检测到的分组流中的至少一个的流参数，特别是流速，分配装置（56） ），用于根据检测到的流量参数，生成将基于分组的网络（10）的资源分配给所述至少一个检测到的分组流的分配信息;以及发送装置（58），用于将分配信息发送到资源控制装置 44），用于使资源控制设备（44）分配所分配的资源。 以这种方式，促进了基于分组的网络（10）中可靠且具有成本效益的服务质量管理。

公开(公告)号：US08646065B2

公开(公告)日：2014-02-04

申请号：US11233116

申请日：2005-09-23

申请人： Karsten Oberle ,  Peter Domschitz

发明人： Karsten Oberle ,  Peter Domschitz

IPC分类号： G06F9/00

CPC分类号： H04L63/029

摘要： The invention relates to a method for routing a bi-directional end-to-end connection between an end subscriber and the domain of a service provider by means of a signalling protocol via an interposed firewall with address transformation device, wherein by means of a security and tunnel device, located in the end-to-end connection between the end subscriber and the firewall with address transformation device in the domain of the end subscriber, and a session border controller, located in the end-to-end connection in the domain of the service provider, a tunnel is set up between the security and tunnel device and the session border controller and a bi-directional data exchange takes place via the tunnel between the end subscriber and the domain of the service provider in the area between the security and tunnel device and the session border controller by means of a tunnel protocol, and also a telecommunication network and a security and tunnel device for this.

摘要翻译： 本发明涉及一种用于通过信令协议在终端用户和服务提供商的域之间路由双向端到端连接的方法，该方法经由具有地址转换设备的插入式防火墙，其中借助于安全性 和隧道设备，位于最终用户和防火墙之间的终端到终端的连接中，与终端用户的域中的地址转换设备，以及位于域中的端到端连接中的会话边界控制器 在安全和隧道设备和会话边界控制器之间建立隧道，双向数据交换通过终端用户与服务提供商的域之间的隧道在安全性之间的区域中进行 隧道设备和会话边界控制器，还有一个电信网络和一个安全和隧道设备。

公开(公告)号：US20060269058A1

公开(公告)日：2006-11-30

申请号：US11430892

申请日：2006-05-10

申请人： Marcus Kessler ,  Marco Tomsu ,  Peter Domschitz ,  Karsten Oberle

发明人： Marcus Kessler ,  Marco Tomsu ,  Peter Domschitz ,  Karsten Oberle

IPC分类号： H04N7/167 ,  H04L9/00

CPC分类号： H04L63/0442 ,  H04L63/0823 ,  H04L2463/101

摘要： The invention relates to a network node (R2, D2), a module therefor and a distribution method. The network node comprises: receiving means (RB) for receiving a data stream (CDS) from a content source, in particular a content server (CS), of the network (NET), encryption means (EM) for individually encrypting said data stream to a subscriber data stream (SDS1, SDS2, SDS3), the encryption being specific to a subscriber terminal (T1, T2, T3) being coupled or able to be coupled with the network, and sending means (SM) for sending the subscriber data stream (SDS1, SDS2, SDS3) to the terminal.

摘要翻译： 本发明涉及网络节点（R 2，D 2），其模块和分配方法。 网络节点包括：用于从网络（NET）的内容源特别是内容服务器（CS）接收数据流（CD）的接收装置（RB），用于单独加密所述数据流的加密装置 对于订户数据流（SDS 1，SDS 2，SDS 3），特定于用户终端（T 1，T 2，T 3）的加密被耦合或能够与网络耦合，以及发送装置 ）用于将用户数据流（SDS 1，SDS 2，SDS 3）发送到终端。

公开(公告)号：US20070195806A1

公开(公告)日：2007-08-23

申请号：US11675626

申请日：2007-02-15

申请人： Marco Tomsu ,  Peter Domschitz ,  Karsten Oberle ,  Marcus Kessler

发明人： Marco Tomsu ,  Peter Domschitz ,  Karsten Oberle ,  Marcus Kessler

IPC分类号： H04L12/56

CPC分类号： H04L67/10 ,  H04L65/1016 ,  H04L65/1026 ,  H04L65/1036 ,  H04L67/327

摘要： The invention concerns a method of managing real-time services in a packet-based telecommunications network (1) of a plurality of coequal nodes (10 to 14) and a telecommunications network (1) for executing this method. A rule base for each node (10 to 14) is defined in consideration of the capabilities of each node (10 to 14) and/or the capabilities of all other nodes (10 to 14). After receiving information about an event requiring action, one or more of said nodes (10 to 14) determine node-specific action in consideration of said rule base and node-specific aggregated data as reaction to said event. Media data and/or signaling data associated with said real-time services are routed based on the determined action.

摘要翻译： 本发明涉及一种管理多个等同节点（10至14）和用于执行该方法的电信网络（1）的基于分组的电信网络（1）中的实时业务的方法。 考虑到每个节点（10到14）的能力和/或所有其他节点（10到14）的能力来定义每个节点（10到14）的规则库。 在接收到关于需要动作的事件的信息之后，考虑到所述规则库和特定于节点的聚合数据，所述节点（10至14）中的一个或多个确定特定于节点的动作，作为对所述事件的反应。 基于所确定的动作路由与所述实时业务相关联的媒体数据和/或信令数据。

公开(公告)号：US20060020847A1

公开(公告)日：2006-01-26

申请号：US11168419

申请日：2005-06-29

申请人： Karsten Oberle ,  Marcus Kessler ,  Peter Domschitz ,  Marco Tomsu

发明人： Karsten Oberle ,  Marcus Kessler ,  Peter Domschitz ,  Marco Tomsu

IPC分类号： G06F11/00

CPC分类号： H04M3/42 ,  H04M7/12 ,  H04Q3/0054

摘要： The invention relates to a method for performing a service or application in a network environment with network elements, which network environment contains a telecommunication network that has at least two network nodes for performing services or applications, all these nodes being equipped with a common layer for service support, wherein, if a particular network node is not equipped such that it can perform a particular service or application, this network node checks with the help of the service support layer whether another network node can perform this service or application and if the other network node can perform this service or application, the first network node passes on the task of performing this service or application to the other network node, which then performs this service or application, as well as a telecommunication network and network nodes for this.

摘要翻译： 本发明涉及一种用于在具有网络元件的网络环境中执行服务或应用的方法，所述网络环境包含具有用于执行服务或应用的至少两个网络节点的电信网络，所有这些节点都配备有公共层 服务支持，其中，如果特定网络节点未配备以使得其可以执行特定服务或应用，则该网络节点在服务支持层的帮助下检查另一个网络节点是否可以执行该服务或应用，并且如果另一个 网络节点可以执行该服务或应用，第一个网络节点将执行该服务或应用的任务传递给另一个网络节点，然后该节点执行该服务或应用，以及电信网络和网络节点。

公开(公告)号：US20050273855A1

公开(公告)日：2005-12-08

申请号：US11111761

申请日：2005-04-22

申请人： Karsten Oberle ,  Marco Tomsu ,  Peter Domschitz ,  Jurgen Otterbach

发明人： Karsten Oberle ,  Marco Tomsu ,  Peter Domschitz ,  Jurgen Otterbach

IPC分类号： H04L9/00 ,  H04L12/24 ,  H04L29/06

CPC分类号： H04L63/0263 ,  H04L63/0209 ,  H04L63/1441

摘要： The invention refers to a method for preventing attacks on a network server within a call-based-services-environment, preferably a VoIP-environment. The environment comprises a network, the network server connected to the network, a number of user agents connected to the network and means for restricting access to the network server from the network. The call server comprises an attack-detection device for detecting and identifying attacks from the network on the network server. In order to allow fast and reliable protection of the network server against attacks it is suggested that characteristic parameters of the attacks identified are entered into a black-list, the content of the black-list is transmitted via a feedback-path to an attack-prevention-device for controlling the access restricting means, the attack-prevention-device inspects and analyzes traffic directed from the network to the network server and controls the access restricting means.

摘要翻译： 本发明涉及一种用于防止在基于呼叫的服务环境（优选为VoIP环境）内对网络服务器的攻击的方法。 环境包括网络，连接到网络的网络服务器，连接到网络的多个用户代理以及用于限制从网络访问网络服务器的装置。 呼叫服务器包括用于检测和识别来自网络服务器上的网络的攻击的攻击检测设备。 为了能够快速可靠地保护网络服务器免受攻击，建议将所识别攻击的特征参数输入黑名单，将黑名单的内容通过反馈路径发送给攻击者， 用于控制访问限制装置的预防装置，防攻击装置检查并分析从网络指向网络服务器的流量并控制访问限制装置。

公开(公告)号：US20070041380A1

公开(公告)日：2007-02-22

申请号：US11486043

申请日：2006-07-14

申请人： Thomas Voith ,  Rainer Munch ,  Karsten Oberle ,  Peter Domschitz

发明人： Thomas Voith ,  Rainer Munch ,  Karsten Oberle ,  Peter Domschitz

IPC分类号： H04L12/56

CPC分类号： H04Q3/0025 ,  H04Q3/0045

摘要： A method of forwarding signaling information within a communication network is described. The signaling information is based on a signaling protocol (e.g SIP). A message is generated by encapsulating the signaling information (e.g. I′) according to given definitions (e.g. D). Furthermore, non-signaling information (e.g. R) is added to the message.

摘要翻译： 描述了在通信网络内转发信令信息的方法。 信令信息基于信令协议（例如SIP）。 根据给定的定义（例如D）封装信令信息（例如I'）来生成消息。 此外，非信令信息（例如R）被添加到消息中。

公开(公告)号：US20060212591A1

公开(公告)日：2006-09-21

申请号：US11368387

申请日：2006-03-07

申请人： Karsten Oberle ,  Peter Domschitz ,  Marcus Kessler ,  Marco Tomsu

发明人： Karsten Oberle ,  Peter Domschitz ,  Marcus Kessler ,  Marco Tomsu

IPC分类号： G06F15/16

CPC分类号： H04W64/00 ,  H04W4/90 ,  H04W76/50

摘要： The invention relates to a method for providing location information relating to an emergency call, in which when there exists differing location information, a weighting is made of any available location information and that the location information with the highest ranking is provided for further use, as well as a telecommunications terminal, a server and a computer program product.

摘要翻译： 本发明涉及一种用于提供与紧急呼叫有关的位置信息的方法，其中当存在不同的位置信息时，对任何可用的位置信息进行加权，并且提供具有最高排名的位置信息用于进一步使用，如 以及电信终端，服务器和计算机程序产品。

公开(公告)号：US20070171895A1

公开(公告)日：2007-07-26

申请号：US11646375

申请日：2006-12-28

申请人： Karsten Oberle ,  Peter Domschitz ,  Marco Tomsu

发明人： Karsten Oberle ,  Peter Domschitz ,  Marco Tomsu

IPC分类号： H04L12/66

CPC分类号： H04L65/1016 ,  H04L65/1006 ,  H04L65/80 ,  H04W8/26 ,  H04W36/0033 ,  H04W40/00 ,  H04W80/10

摘要： A method for seamless handover of a multimedia stream session to a roaming terminal. In accordance with the proposed method, a first mediating network element is comprised in a communication path to the roaming terminal. Said first mediating network element first secures a session context of the multimedia stream session for to allow identification of the roaming terminal. Said first mediating network element then observes an address change of the roaming terminal on a media overlay level of the multimedia stream session and subsequently redirects the multimedia stream to the new address. Alternative mediating network elements for replacing the first mediating network element are determined on a control level of the network. In this way, a complete handover of the multimedia stream session is achieved in a seamless way for an end-user owing to a cross-layer approach, while bridging a timeframe between the event of changing the terminal address and an event of having completed re-registration and session redirection on the control level of the network.

摘要翻译： 一种用于将多媒体流会话无缝切换到漫游终端的方法。 根据所提出的方法，第一中介网元包括在到漫游终端的通信路径中。 所述第一中介网元首先确保多媒体流会话的会话上下文以允许识别漫游终端。 所述第一中介网元然后在多媒体流会话的媒体重叠级别上观察漫游终端的地址变化，并随后将多媒体流重定向到新地址。 在网络的控制级别上确定用于替换第一中介网元的替代中介网元。 以这种方式，由于跨层方法，为终端用户以无缝的方式实现多媒体流会话的完全切换，同时桥接改变终端地址的事件和完成重新启动的事件之间的时间帧 注册和会话重定向在网络的控制级别。

公开(公告)号：US20060075483A1

公开(公告)日：2006-04-06

申请号：US11233116

申请日：2005-09-23

申请人： Karsten Oberle ,  Peter Domschitz

发明人： Karsten Oberle ,  Peter Domschitz

IPC分类号： G06F15/16

CPC分类号： H04L63/029

摘要： The invention relates to a method for routing a bi-directional end-to-end connection between an end subscriber and the domain of a service provider by means of a signalling protocol via an interposed firewall with address transformation device, wherein by means of a security and tunnel device, located in the end-to-end connection between the end subscriber and the firewall with address transformation device in the domain of the end subscriber, and a session border controller, located in the end-to-end connection in the domain of the service provider, a tunnel is set up between the security and tunnel device and the session border controller and a bi-directional data exchange takes place via the tunnel between the end subscriber and the domain of the service provider in the area between the security and tunnel device and the session border controller by means of a tunnel protocol, and also a telecommunication network and a security and tunnel device for this.

摘要翻译： 本发明涉及一种用于通过信令协议在终端用户和服务提供商的域之间路由双向端到端连接的方法，该方法经由具有地址转换设备的插入式防火墙，其中借助于安全性 和隧道设备，位于最终用户和防火墙之间的终端到终端的连接中，与终端用户的域中的地址转换设备，以及位于域中的端到端连接中的会话边界控制器 在安全和隧道设备和会话边界控制器之间建立隧道，双向数据交换通过终端用户与服务提供商的域之间的隧道在安全性之间的区域中进行 隧道设备和会话边界控制器，还有一个电信网络和一个安全和隧道设备。