有线电视网络终端网管建设研究与设计

本文基于广电网络业务特征的分析,阐述了为什么要进行终端网管系统建设.双向终端作为广电业务的主体,成为广电业务不可或缺的重要组成部分.为了更好的对终端设备可管可控、对用户行为可感知要求,终端网管系统将利用广电双向网络将其状态数据、管理控制信息及用户行为等数据进行上传,并对其进行分析、统计和呈现安全可信.     

可信在网络安全中的应用研究

文章以可信计算平台为基础,借鉴TCG的可信网络连接技术规范,将活性标签、安全隔离、不对等访问控制、自适应的应用代理技术,应用到安全组网的设计方案中,初步设计出可信网络模型,以实现将终端建立的可信传递到网络,建立用户、平台与网络三者之间的信任关系,以及不同安全等级终端或网络区域之间的可信互连.     

江苏有线南京分公司核心网堡垒机系统建设

堡垒机主要用来保障内部网络环境、数据不受外来和内部用户的入侵和破坏,同时运用各种技术手段监测运维过程中每个状态、安全事件,最终达到保障网络、系统安全的目的。随着近些年广电网络双向业务的发展,信息安全已经刻不容缓,通过核心网堡垒机项目建设,达到广电网络核心网络以及业务系统可管可控、问题可追溯的目的,构建起一张安全可信的网络。     

浅谈噪声隔离开关在HFC网络中的应用

目前大部分有线电视网络公司都已全面地开展了宽带上网业务、交互点播和电视购物等双向业务。随着双向用户的不断增多,采用CMTS技术方式的HFC网络中噪声汇聚问题越来越突出。为了确保网络安全稳定的运行,解决哚声已经成为各网络公司维护工作中较为繁重的工作,网络运行维护投入了大量的人力和物力,仍然无法很好地解决问题。     

双向网络环境下CAS的发展

本文探讨了在双向网络环境TCAS如何应对新的挑战,如CW共享,无卡CA等,并通过对基于软件和基于智能卡的终端安全进行比较分析,得出了在双向网络环境下智能卡仍是目前最安全的终端保护方案的结论。同时在双向网络环境TCAS也需要根据用户需求,增加双向功能,尤其是对双向增值业务的保护,为用户提供更好的服务．     

异构无线网络可信接入设计及实现

异构无线网络互连后的安全问题是当前网络安全研究的一个热点问题,为了解决异构网络互连后产生的接入安全问题,提出了一种基于信任模型的可信接入框架,该框架建立了异构无线网络间的信任评价体系,对接入异构无线网络用户除了进行身份验证,还必须进行用户信任度的验证,既拒绝了恶意节点接入,又确保了合法节点的安全接入,从而保证异构无线网络互连接入的安全和可信。     

算力网络业务分级模型与指标体系研究

本文基于目前行业应用对算力网络的需求，结合东数西算、数智化转型等需求研究算力网络业务分级方案和指标体系，对算力网络业务SLA指标进行分类归纳，对算力网络业务分级进行了建模，提出了算力网络业务指标的ERG模型，从资源可供、安全可信和系统可用3个维度描述算力网络业务指标模型，并形成了算力网络业务需求SLA分级编排器。最后，给出了算力时代的业务应用部署策略。     

下一代互联网安全演进部署策略研究

根据不同阶段网络的特性,对网络过渡阶段和IPv6网络所面临的安全威胁进行了全面分析,构建了IPv6网络演进的安全技术体系框架,从网络、用户、业务3个方面提出了安全解决方案,根据骨干网、城域网和接入网升级后的特点,提出了相应的安全机制,针对IPv6网络中用户和常用业务可能存在的安全问题,提出了安全防护建议。     

园区网络下的可信网络框架设计与研究

由于当前终端接入园区网络,并在园区网络内与其他终端建立通信的模式已无法满足目前的安全要求。文中提出了基于园区网络的可信网络框架设计与研究,设计了一种园区网络的可信网络连接[1]框架的安全接入认证协议,建立可信安全通信通道的验证方法。通过安全分析表明,该方案能够确保终端自身的完整性和安全性,安全可信地接入可信网络,并在可信网络上完成与目标主机之间建立安全可信的通信通道,保证整个园区网络办公环境的安全。     

有线电视网络数据安全管理策略研究

随着大数据技术在有线电视网络业务运营、网络运维、用户营销等场景的广泛应用,数据安全相关的法律法规不断推出,数据的合规使用和安全处理成为行业的关注重点。通过对数据安全管理的研究可以为有线电视网络运营商的网络安全工作提供参考,确保数据在各个业务场景的安全使用。     

IEEE 802.21: Media independent handover: Features, applicability, and realization

Providing users of multi-interface devices the ability to roam between different access networks is becoming a key requirement for service providers. The availability of multiple mobile broadband access technologies, together with the increasing use of real-time multimedia applications, is creating strong demand for handover solutions that can seamlessly and securely transition user sessions across different access technologies. A key challenge to meeting this growing demand is to ensure handover performance, measured in terms of latency and loss. In addition, handover solutions must allow service providers, application providers, and other entities to implement handover policies based on a variety of operational and business requirements. Therefore, standards are required that can facilitate seamless handover between such heterogeneous access networks and that can work with multiple mobility management mechanisms. The IEEE 802.21 standard addresses this problem space by providing a media-independent framework and associated services to enable seamless handover between heterogeneous access technologies. In this article, we discuss how the IEEE 802.21 standard framework and services are addressing the challenges of seamless mobility for multi-interface devices. In addition, we describe and discuss design considerations for a proof-of-concept IEEE 802.21 implementation and share practical insights into how this standard can optimize handover performance.     

Preserving User Anonymity in Context‐Aware Location‐Based Services: A Proposed Framework

Protecting privacy is an important goal in designing location‐based services. Service providers want to verify legitimate users and allow permitted users to enjoy their services. Users, however, want to preserve their privacy and prevent tracking. In this paper, a new framework providing users with more privacy and anonymity in both the authentication process and the querying process is proposed. Unlike the designs proposed in previous works, our framework benefits from a combination of three important techniques: k‐anonymity, timed fuzzy logic, and a one‐way hash function. Modifying and adapting these existing schemes provides us with a simpler, less complex, yet more mature solution. During authentication, the one‐way hash function provides users with more privacy by using fingerprints of users' identities. To provide anonymous authentication, the concept of confidence level is adopted with timed fuzzy logic. Regarding location privacy, spatial k‐anonymity prevents the users' locations from being tracked. The experiment results and analysis show that our framework can strengthen the protection of anonymity and privacy of users by incurring a minimal implementation cost and can improve functionality.     

基于信任关系的IP网络安全框架研究

本文的基于信任关系的新型网络安全框架,主要目的是在IP承载网中引入信任关系,作为建立可信网络的基础,并对接入网络的所有数据包打上用户身份标识戳,既可实现数据包级别的安全认证又可简单实现计费等操作。并根据通信实体之间的信任度和业务类型灵活的制定安全策略,由承载控制层资源管理设备在全网统一协商,配合QoS策略动态的下发安全策略,从而实现将原来配置在网络边界安全设备上的静态安全策略变为动态的安全策略。     

Economic Tussles in the Public Mobile Access Market

The convergence of different wireless and fixed access systems into a common seamless access platform has accelerated the conflict of economic interests between players in traditionally separate market sectors. Whereas technology systems have predictable and desirable behaviour — and therefore evolution — the players in the converging market sectors have not. This paper argues that, in its original vision, the systems specifying the business interactions between mobile users and access providers (the business interface) have not been designed to take into account the unpredictability of the outcome of economic tussles. The mobile industry encoded in its designs the result of past contentions, not allowing for their variation. Because the market currently does not capture the business opportunities created by the convergence of heterogeneous access networks, the designs of the business interface should now be reconsidered to accommodate such convergence and allow for evolution. We have therefore formulated a set of principles for the design of the business interface. The application of these principles highlighted specific limitations of the current interface. On the basis of this study, we conclude that the future business interface should allow providers to disseminate their offers to customers (possibly not end users) in an automated way; and customers to select offers in an automated and intelligent way, and then dynamically establish ad hoc business relationships with providers. In addition, end users should be able to hold, at the same time, more than one business relationship with different providers, without experiencing any switching barriers. Finally, providers should be able to dynamically reconfigure their metering capabilities on visited networks' systems without having adjacent providers to necessarily support their charging capabilities. This revised version was published online in July 2006 with corrections to the Cover Date.     

A Decision-Theoretic Framework for Opportunistic Spectrum Access

Built on a hierarchical access structure with primary and secondary users, opportunistic spectrum access improves spectrum efficiency while maintaining compatibility with legacy wireless systems. The basic idea is to allow secondary users to exploit instantaneous spectrum availability while limiting the interference to primary users. In this article, we identify basic components, fundamental trade-offs, and practical constraints in opportunistic spectrum access. We introduce a decision-theoretic framework based on the theory of partially observable Markov decision processes. This framework allows us to systematically tackle the optimal integrated design and quantitatively characterize the interaction between signal processing for opportunity identification and networking for opportunity exploitation. A discussion of open problems, potential applications, and recent developments is also provided.     

Business Process Modelling and Design — A Formal Model and Methodology

This paper presents a formal framework for representing enterprise knowledge. The concepts of our framework (objectives and goals, roles and actors, actions and processes, responsibilities and constraints) allow business analysts to capture knowledge about an enterprise in a way that is both intuitive and mathematically formal. It also outlines the basic steps of a methodology that allows business analysts to go from high-level enterprise objectives, to detailed and formal specifications of business processes that can be enacted to realise these objectives. The formal language used means that the specifications can be verified as having certain correctness properties, e.g. that responsibilities assigned to roles are fulfilled, and constraints are maintained as a result of process execution.     

A framework for an evolutionary path toward 4G by means of cooperation of networks

Combining networks to form a composite network for joint operations in the current business context is desirable in order to limit capital and operational expenditures, but currently requires complying with existing value chains and business models. However, commonalities between the two most popular infrastructures, mobile cellular and TV broadcast, are such that a common framework for services and QoS management can be built, without the expense of starting from scratch in the design of a universal system able to connect users for communications and entertainment. This article describes such a framework that can potentially ally mobile cellular and TV broadcast platforms as one stepping stone toward 4G and the information society.     

Interoperable DRM Framework for Multiple Devices Environment

As networks increase and cross‐convergence occurs between various types of devices and communications, there is an increasing demand for interoperable service in the business environment and from end users. In this paper, we investigate interoperability issues in the digital rights management (DRM) and present a practical framework to support interoperability in environments with multiple devices. The proposed architecture enables end users to consume digital content on all their devices without awareness of the underlying DRM schemes or technologies. It also enables DRM service providers to achieve interoperability without costly modification of their DRM schemes.     

一种基于领域模型和构件组合的软件开发框架

 本文提出了一种基于领域模型和构件组合的软件开发框架,使用领域模型捕获系统业务静态需求,描述领域内业务对象之间的静态关系,通过领域应用框架描述系统的共性,并在框架中提供足够多的反映领域可变性的扩展点,在此扩展点上可以集成各种类型构件,创建新的应用系统,来满足领域内不同具体应用的特定需求.实验表明,该框架能够利用同一领域软件系统间的共性和变化性并实施有效的控制,促进了软件复用,提高软件生产效率和质量.     

TelecomI+D03: New Business Models: User Generated Services

One of the biggest challenges that the new Web 2.0 faces is finding an adequate business model that would allow service providers to obtain benefits without scaring clients away, since they aren't used to paying for Internet services. This paper exposes the business model adopted by OPUCE, an open platform for user-centric service creation and execution, which applies the principles behind Web 2.0 to the Telco world. OPUCE offers an acceptable solution for every actor, where the operator get revenues, the users can access certain services for free and the service providers are allowed to enter into the communications business. Moreover, the most active community members could even get some revenues (revenue sharing), encouraging their activity.