In a communications service provider (CSP) network an Online Charging System (OCS) is a core network element which performs real-time charging for services. An OCS authorizes subscribers' sessions subject to available credit on account and decrements account balance as services are consumed. When a subscriber's account balance is depleted authorization may be withdrawn and ongoing session(s) terminated.

SigScale OCS includes a 3GPP AAA server function for authentication, authorization and accounting (AAA) of subscribers using DIAMETER or RADIUS protocols. TM Forum Open APIs for prepay balance management and product catalog management are supported with a web components front end.

A web front end built with Google Polymer web components for material design provides simple guided management of clients and subscribers. Supports provisioning common authorization attributes as well as viewing usage and access logs.

The GUI provides a comfortable interface for simple administration however for use at scale you'll want to integrate your Operations & Business Support Systems (OSS/BSS) using a machine-to-machine API.

Most aspects of provisioning and operations may be performed through integration using an HTTP RESTful interface. Where applicable TM Forum Open APIs are supported.

All aspects of provisioning, operations and maintenance may be performed using the Erlang public API, either manually on the command line shell, or through custom Erlang module development.

The OCS acts as an authentication, authorization and accounting (AAA) server for network access servers (NAS) using the RADIUS and DIAMETER protocols. The DIAMETER Ro interface (3GPP 32.299) supports Session Charging with Unit Reservation (SCUR).

A wireless local area network (WLAN/Wi-Fi) access point (AP) acts as a NAS using RADIUS/DIAMETER protocol to request authentication from the OCS (AAA server) for subscribers attempting to associate. The OCS may authorize access and provide specific service authorization information (i.e. data rate, class, session expiry).

A wireless AP (NAS) may send accounting requests to the OCS (AAA server) at the end of a session and optionally at intervals during an ongoing session. The OCS logs usage records for offline billing and reporting and performs real-time credit management, updating subscriber account balances. The OCS may send a disconnect request to an AP (NAS) when an interim update depletes all available balance or when a subscriber has been disabled.

The Extensible Authentication Protocol (EAP) is an authentication framework which supports multiple authentication methods. In a WLAN (Wi-Fi) use case an EAP peer (supplicant) in a device (e.g. laptop or smartphone) tunnels EAP over LAN (EAPoL) to the AP (NAS) which tunnels the EAP over RADIUS to the OCS (AAA server). An EAP authentication method (e.g. PWD, TTLS) is negotiated and the peer authenticates directly with the OCS.

The PWD method authenticates using only a username and a password. This method addresses the problem of password-based authenticated key exchange using a (possibly weak) password for authentication to derive an authenticated and cryptographically strong shared secret. The implementation in OCS uses Elliptic Curve Cryptography (ECC).

The TTLS method uses Transport Layer Security (TLS) protocol that provides for client authentication of a server, as well as secure ciphersuite negotiation and key exchange. The secure connection may then be used to allow the server to authenticate the client using existing, widely deployed methods such as PAP which is used in OCS.

The Internet Protocol (IP) Detail Record (IPDR) is an industry standard exchange format for usage records within the Internet Service Provider (ISP) ecosystem. OCS generates IPDR format usage logs which may be transfered with SFTP/SCP for offline processing.