Existing telecom operators can offer virtual wide area voice services to corporate customers in different cities without the limitation of the locations.

This is enabled by setting up CoMaster System at the data centers of the telecom operators and using the existing Internet and Telecom infrastructure.

Corporate customers with many branches in other cities can form an integrated virtual wide area network, using their existing Internet and Telecom network facilities.

Telecom operators can manage the virtual wide area network from the CoMaster System at their data centers, provided monthly billing based on the traffic of the corporate customers.

Corporate customers can manage their virtual wide area network from the web GUI of the CoMaster System at the data centers of the service providers, enjoy enhanced network security, achieve management and control for the corporate virtual area network, without installing a software at the corporate premises.

BACKGROUND OF THE INVENTION Current Problems of Telecom Network Telecommunication network is the most complicated and the most advanced communication network to meet the demands for telecommunications, especially voice communications. A complete serial of communication protocol and equipment have been developed and deployed worldwide to ensure the quality of services for telecommunication. Circuit switching mode has been adopted in the worldwide telecommunication

network to transfer voice signals due to its superior performance in quality of service for real-time voice communications.

Different from individual customers, corporate users have special requirements for their intra-branches communications. With the current telecommunication technologies, service operators can offer virtual local area network to corporate customers subject to that those corporate customers are within the coverage of one local telecom exchange. The virtual telecom network in local area is very useful for corporate customers with many branches in the area within the coverage of the same local telecom exchanges. The corporate customers can make intra-office calls based on flat rate and they can enjoy corporate package for outgoing calls.

This invention, CoMaster System, is to extend the coverage of virtual telecom network to wide area. This is achieved by using VOIP technology which can eventually remove the geographic limitation of the current telecom network and extend the coverage to anywhere in the world.

With CoMaster System, the branches of corporate customers can be linked to form a virtual wide area network using their existing Internet bandwidth and PBX system in their branches, and installing a customer premises equipment (CPE) at each of their corporate branches.

With CoMaster System, the corporate customers can make calls and receive calls as usual without changing their number plans and calling habits.

They can enjoy the enhanced security, management and control for the entire corporate group, and manage the corporate traffic from a user-friendly web GUI.

With CoMaster System, the telecom operators, including Internet service providers and broadband access providers can offer virtual wide area network services to their existing corporate customers and capture new corporate customers to achieve a stable and long term revenue.

The infrastructure of Internet has been improved greatly in recent years, and will be improved further in the coming years as the world economy is being recovered continuously, and 3G, WiFi and FTTH will gain popularities in major cities in the world. This creates a solid infrastructure basis for the

virtual wide area network, and benefits the service operators and corporate customers.

SUMMARY OF THE INVENTION This invention presents an approach to form virtual wide area networks using existing Internet and telecom infrastructure. This is achieved by installing VOIP CPEs at the premises of corporate customers and linking them to the CoMaster System Server at the data center of the service operators for centralized authentication, authorization and accounting (AAA) using Radius AAA standards The CoMaster System provides two levels of management interfaces.

The authorized staff of the service operators can register corporate customers and corporate VOIP CPE, assign rate tables, generate sub accounts, and provide on-line billing and reports for corporate customers under the operators.

The authorized staff of corporate customers can manage and control their corporate virtual wide area networks. They can enjoy enhanced network security, without installing and maintaining a software package at their premises.

BRIEF DESCRIPTION OF THE DRAWINGS Embodiments of the invention are described hereinafter with reference to the drawings.

Figure 1 shows a block diagram of the CoMaster System; Figure 2 shows the call setup process for intra-branch calls ; Figure 3 shows the call setup process for outgoing calls ; Figure 4 shows the call accounting process for intra-branches calls ; Figure 5 shows call accounting process for outgoing calls ; and Figure 6 shows the management process through web GUI.

DETAILED DESCRIPTION OF THE INVENTION (i) Operation of the Invention CoMaster System consists a set of modules with features as follows : 1. It has a Radius Server with units for conduct authentication, authorization and accounting for VOIP calls. The authentication, authorization and accounting (AAA) units are also referred as AAA for telecom and VOIP communications. a) The unit for AAA functions are developed according to the international standard RADIUS protocol (RFC2865,2866, 2867, 2868 and 2869) and can interactive with major telecom and VOIP equipment vendors such as Cisco and Quintum. b) Unit for Authentication is to receive authentication requests from the access devices which are installed in the customer premises. It authenticates the validation of the requests based on the IP address of the devices, the user account and password, the pre-registered telephone number for caller identification, MAC address of the user PC, and the combination of the information as above. The data packet for the authentication process is encrypted to ensure the network security. c) Unit for Authorization is to deliver the contents or services order by customers. The contents or services can be the voice/fax/video calls to the destination numbers or the video contents for certain moves or concerts. The unit for Authorization decides whether to deliver the services or contents as requested according to the availability of the contents and services, and the account balance of the customers. d) Unit for Accounting is to record the transaction for the services and contents delivered to the customers, together with

information for the customers and price schedule for the contents and services.

2. It has a management unit. This is the core of this invention and information for service operators, corporate customers and individual users is inputted, collected, and classified accordingly. a) The service operators can define registered customers, defined rate for the contents or services provided, generated reports for the customers, and issue invoice for the customers, and issue login name and password for authorized staff of corporate customers, from the interface provided by CoMaster System. b) The authorized staff of corporate customers can login management interface of CoMaster System using standard web browser such as Internet Explorer. Upon successfully login, the authorized staff of the corporate customers can via the summary and details reports for the intra-branches calls for the virtual wide area network of the corporate customers, as well as outgoing to the telecom operators.

3. CoMaster System can be used to manage the traffic for prepaid calling card services. It can issue prepaid calling cards, assign the prepaid calling cards to sales agents, generate service rate for the different applications, and manage the status of the issued prepaid calling cards.

4. CoMaster System can be used to provide termination services for VOIP operation. The incoming traffic from down-stream carriers and the outgoing traffic to upper stream carriers will be real-time recorded and presented by CoMaster System.

5. CoMaster System can be used to provide callshop or voice bar services for selected customer groups.

6. CoMaster System can also be used for many other services which require the authentication, authorization and accounting facilities.

(ii) EMBODIMENTS The block diagram of the Software Switch is shown in Figure 1.

Internet (Shown in Figure 1) Internet refers to computer networks interconnected based on Internet Protocol, including public Internet, private Internet, Corporate LAN and wireless LAN and future network such as network based on 3G or 4G mobile infrastructure and IPv6 protocol.

Internet acts as the transmission media to carry voice packets to and from VOIP boxes, NetMeeting Clients and USB IP-phone, and carry signal traffic to gatekeeper and Radius Server for call setup and Authentication, Authorization and Account (AAA).

VOIP CPE (Shown in Figure 1) VOIP CPE refers to hardware box which can perform standard VOIP operation, such as to receive and transmit VOIP packets through Internet, convert voice signal from PSTN and other voice sources like sound cards into voice packets based on H. 323 or other standards, and set up calls through gatekeeper and Radius server. Without loss of generality, software such as NetMeeting Clients and USB IP-Phone or other similar modules can also be treated as software based VOIP CPE.

Radius AAA Server (Shown in Figure 1) Radius server refers to Remote Authentication Dial-In User Service and is a key component for telecom system, ISP platform and many applications. The Radius AAA server is specially developed to interactive with VOIP CPE from major VOIP vendors based on Radius protocol for authentication, authorization and accounting (AAA). The Radius server is further divided into authentication unit, authorization unit and accounting unit.

Operator VOIP Hub (Shown in Figure 1) Operator VOIP Hub is VOIP gateway and switch with high processing capability (typically more than 30 concurrent channels). It is usually installed at the data centre of the telecom operators, and provides interconnections for IP-Telephone, Telephone to Telephone, and IP to IP, based H. 323, ISDN PRI and other standards Authentication Unit (As shown in Figure 2 and Figure 3) Authentication Unit conducts authentications for the users or VOIP CPE to ensure the network security and provide real time accurate accounting. This is the base for telecom business, VOIP business and other time critical businesses.

The network security is achieved by encrypting the access requests from the VOIP CPE using Radius Protocol (RFC 2865, RFC2866, RFC 2867, RFC2868 and RFC 2869). The users of the network can be identified by its user name and PIN, IP address of the VOIP CPE, the registered caller telephone number, as well as the combination of those identifications.

Authorization Unit (As shown in Figure 2 and Figure 3) Authorization Unit receives service requests from VOIP CPEs and checks the availability of the services as well as the account balance of the customers, and then decides to accept/reject the service requests based on the availability of the services and the account balance of the customers.

The call setup process for intra-branch calls are as follows (as shown in Figure 2): 1. The VOIP CPE sends an access request to the authentication unit of Radius Server through Internet. The access request includes information for the user name and password. The access request is encrypted to ensure network security.

2. The authentication unit of Radius Server receives the access requests and then responses to the VOIP CPE with

accept/reject based on the results of referring to the customer database for the user name and password.

3. If the authentication request is accepted by the authentication unit, the VOIP CPE then sends a service request to the authorization unit to request for certain contents and services. The service request includes the destination for VOIP calls, the name of video contents or other information related to the services.

4. The authorization unit receives the service request and then checks the availability of the contents and services. It responses the VOIP CPE with accept/reject based on the availability of the service and contents, as well as the account balance of the customers. The authorization unit sends an accepted packet to the VOIP CPE if the service is available and there is enough balance in the customer's account.

5. Upon receiving accept for the service request from the authorization request, the VOIP CPE then sends out VOIP connection requests to the destination VOIP CPE. The destination VOIP CPE then decides to accept or reject this VOIP connection requests based on its configuration. If the connection is accepted by the destination VOIP CPE, the voice link between the VOIP CPE is then established.

The network security for incoming calls for the destination VOIP is achieved by referring the identification of the originating VOIP CPE to the gateway database in the CoMaster System. This can effectively prevent abuse of the VOIP CPE for non-authorized connections.

The call setup process for outgoing calls are as follows (as shown in Figure 3): a) The VOIP CPE sends an access request to the authentication unit of Radius Server through Internet. The access request

includes information for the user name and password. The access request is encrypted to ensure network security. b) The authentication unit of Radius Server receives the access requests and then responses to the VOIP CPE with accept/reject based on the results of referring to the customer database for the user name and password. c) If the authentication request is accepted by the authentication unit, the VOIP CPE then sends a service request to the authorization unit to request for certain contents and services.

The service request includes the destination for VOIP calls, the name of video contents or other information related to the services. d) The authorization unit receives the service request and then checks the availability of the contents and services. It responses the VOIP CPE with accept/reject based on the availability of the service and contents, as well as the account balance of the customers. The authorization unit sends an accept packet to the VOIP CPE if the service is available and there is enough balance in the customer's account. e) Upon receiving accept for the service request from the authorization request, the VOIP CPE then sends out VOIP connection requests to the operator VOIP Hub. The operator VOIP hub then decides to accept or reject this VOIP connection requests based on its configuration. If the connection is accepted by the operator VOIP Hub, the voice link between the VOIP CPE and operator VOIP Hub is then established.

Accounting Unit (as shown in Figure 1) Accounting Unit of Radius Server records the transactions for service delivered. In the case of VOIP operation, the VOIP CPE or the operator VOIP Hub sends the records for the service delivered to the Accounting Unit. The

Accounting Unit then updates the database of the transaction. This is the base for the real time accounting and billing.

Call Accounting Process for Intra-Branches calls is as follows (as shown in Figure 4): 1. Upon the call is completed successfully, the originating VOIP CPE sends the call accounting request with information for caller, call duration, data and time and destination number as well as IP addresses for originating and destination VOIP CPE to the Account Unit. The Accounting Unit of the Radius Server receives the call requests from the originating VOIP CPE and then updates the transaction records in the customer database as the outgoing calls for the originating VOIP CPE.

2. Upon the call is completed successfully, the destination VOIP CPE then sends the call accounting request with information for caller, call duration, data and time and destination number as well as IP addresses for originating and destination VOIP CPE to the Account Unit. The Accounting Unit of the Radius Server receives the call accounting requests from the destination VOIP CPE and then updates the transaction records in the customer database as the incoming calls for the destination VOIP CPE.

The call accounting for intra-branches calls provides the details call records for the incoming and outgoing calls from the VOIP CPE at the premises of the corporate customers as well as the network security to prevent abuse of the corporate virtual wide area network by non-authorized users. It acts as a powerful tool to manage and control of the corporate virtual wide area network to the corporate customers, without the trouble for them to install and maintain such unit at their premises.

Call Accounting Process for outgoing calls is as follows (as shown in Figure 5):

1. Upon the call is completed successfully, the originating VOIP CPE sends the call accounting request with information for caller, call duration, data and time and destination number as well as IP addresses for originating and operator VOIP Hub to the Account Unit. The Accounting Unit of the Radius Server receives the call requests from the originating VOIP CPE and then updates the transaction records in the customer database as the outgoing calls for the originating VOIP CPE.

2. Upon the call is completed successfully, the operator VOIP Hub then sends the call accounting request with information for caller, call duration, data and time and destination number as well as IP addresses for originating and operator VOIP Hub to the Account Unit. The Accounting Unit of the Radius Server receives the call accounting requests from the operator VOIP Hub and then updates the transaction records in the customer database as the incoming calls for the operator VOIP Hub.

Management Unit (as shown in Figure 6) Management Unit of CoMaster System is a web-based GUI for operators, corporate customers and service agents to manage their business, manage and control their virtual wide area networks.

Management Unit provides operators with many convenient functions as follows : 1. Register operator VOIP Hub installed at the data centers of the operators and VOIP CPE at customers premises.

2. Generate rate tables for corporate customers based on the service type and customer types 3. Register corporate customers, assign payment terms and rate tables for the corporate customers, and assign login account for corporate customers

4. Create sub accounts for the corporate customers 5. Generate reports and invoices for corporate customers 6. Generate reports for traffic to upstream carriers 7. Generate reports for down stream carriers Management Unit provides corporate customers with many convenient functions as follows : 1. Check the call details records made by sub accounts under the company for intra-branches calls as well as outgoing calls.

2. Check the incoming calls and outgoing call reports for the comparison with the call details records from local telecom operators 3. Check the on-line billing of the operator for outgoing calls and comparing it with the call details records from the local telecom operators.

4. Check the call reports for different VOIP CPE and different branch offices to increase the productivities of the entire corporate group.

The management interface of the Management Unit acts as a powerful tools for the corporate customers to manage and control the telecommunication for the entire corporate group without installing and maintaining such software at their premises. This is the special value added of CoMaster System to corporate customers.

(iii) EFFECTS OF INVENTION The CoMaster System presented in this invention is very powerful and very effective to form a virtual wide area network. It is a value added service for telecom operators to build. strong customer relationship with large corporate customers with many branches in different cities and even in different countries. It also provides a convenient and power tool to corporate customers to manage and control their virtual wide area networks, in addition

to the huge cost saving generated by converting the existing time-based IDD calls or local long distance calls between branches to the flat-rate calls.

The CoMaster System acts as a compact and effective solution for telecom service operators to start new services in different cities or even in other countries. By setting up the CoMaster System Server together with a centralized operator VOIP Hub (such as Quintum CMS240) in the data centre, the service operators is able to offer a full range of VOIP services such as prepaid calling card, postpaid calling card, postpaid service for registered telephone, corporate virtual wide area network service as well as VOIP termination services. The service operators can also provide VOIP roaming services by setting up VOIP CPE at different cities since the calls from those VOIP CPE are processed by the RADIUS AM server at the data centre of the services operators.

The CoMaster System is designed and developed to take the advantages of the global Internet and telecommunications infrastructure. It provides additional values for telecom operators to offer attractive services to their existing customers. This helps the service operators to obtain long term and stable revenue from corporate customers as well as make full use of their existing infrastructure and resources.

The CoMaster System is designed and developed to integrate with the existing infrastructure of corporate customers, such as normal PBX or key telephone systems and broadband Internet connections. The integration with the PBX and Internet connection in the corporate customers is seamless and the corporate customers can make calls as usual without changing their number plan and habits of calling.