VoIP denial-of-service protection mechanisms from attack
First Claim
Patent Images
1. A system for providing communications services in a communications network comprising:
- servers providing the communications services to mobile units in the communications network, the communications services including an instant two-way half-duplex voice call within a group of the mobile units comprising a Push-to-Talk-over-Cellular (PoC) call session;
wherein at least one of the servers interfaces to an Internet Protocol (IP) network to perform the communications services for the mobile units in the IP network and is configured to;
set up a pre-established session with a mobile unit of the mobile units by reserving a media port for receiving media traffic for the PoC call session from the mobile unit, the pre-established session being established for a media path between the mobile unit and the at least one of the servers prior to setup of a call for the PoC session;
authorize the mobile unit to temporarily communicate authentication messages with the at least one of the servers over the reserved media port in response to setting up the pre-established session, wherein the at least one of the servers is further configured to compare an incoming message to a black-list that identifies known bad addresses;
authenticate with the mobile unit in response to receiving the authentication messages from the mobile unit;
add the mobile unit to a white list in response to authenticating with the mobile unit; and
after adding the mobile unit to the white list, receiving the media traffic from the mobile unit over the reserved media port when the mobile unit is participating in the call for the PoC call session;
wherein the at least one of the servers responsible for handing the media traffic transmitted by the mobile unit reserves the reserved media port for the media traffic and authorizes the media traffic to flow through the reserved media port for a configured duration;
before the configured duration elapses, the at least one of the servers receives authentication credentials from the mobile unit via the reserved media port;
upon successful authentication of the mobile unit the IP address of the mobile unit is associated with the reserved media port, so that only the mobile unit is authorized to transmit media traffic to the at least one of the servers through the reserved media port; and
the IP address of the mobile unit is dis-associated with the reserved media port when a dialog between the at least one of the servers and the mobile unit is terminated by the at least one of the servers or the mobile unit.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing advanced voice services in a wireless communications network. The system also interfaces to an Internet Protocol (IP) network to perform the advanced voice services for mobile units in the IP network and includes a protection mechanism against Voice-over-IP (VoiP) Denial-of-Service (DoS) attacks utilizing Advanced Group Services (AGS).
212 Citations
19 Claims
-
1. A system for providing communications services in a communications network comprising:
-
servers providing the communications services to mobile units in the communications network, the communications services including an instant two-way half-duplex voice call within a group of the mobile units comprising a Push-to-Talk-over-Cellular (PoC) call session; wherein at least one of the servers interfaces to an Internet Protocol (IP) network to perform the communications services for the mobile units in the IP network and is configured to; set up a pre-established session with a mobile unit of the mobile units by reserving a media port for receiving media traffic for the PoC call session from the mobile unit, the pre-established session being established for a media path between the mobile unit and the at least one of the servers prior to setup of a call for the PoC session; authorize the mobile unit to temporarily communicate authentication messages with the at least one of the servers over the reserved media port in response to setting up the pre-established session, wherein the at least one of the servers is further configured to compare an incoming message to a black-list that identifies known bad addresses; authenticate with the mobile unit in response to receiving the authentication messages from the mobile unit; add the mobile unit to a white list in response to authenticating with the mobile unit; and after adding the mobile unit to the white list, receiving the media traffic from the mobile unit over the reserved media port when the mobile unit is participating in the call for the PoC call session; wherein the at least one of the servers responsible for handing the media traffic transmitted by the mobile unit reserves the reserved media port for the media traffic and authorizes the media traffic to flow through the reserved media port for a configured duration; before the configured duration elapses, the at least one of the servers receives authentication credentials from the mobile unit via the reserved media port; upon successful authentication of the mobile unit the IP address of the mobile unit is associated with the reserved media port, so that only the mobile unit is authorized to transmit media traffic to the at least one of the servers through the reserved media port; and the IP address of the mobile unit is dis-associated with the reserved media port when a dialog between the at least one of the servers and the mobile unit is terminated by the at least one of the servers or the mobile unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method, for providing communications services in a communications network, the method comprising:
-
by at least one server of a plurality of servers, wherein the at least one of the plurality of servers is configured to compare an incoming message to a black-list that identifies known bad addresses; setting up a pre-established session with a mobile unit by reserving a media port for receiving media traffic for a Push-to-Talk-over-Cellular (PoC) call session from the mobile unit, the pre-established session being established for a media path between the mobile unit and the at least one of the plurality of servers prior to setup of a call for the PoC call session; authorizing the mobile unit to temporarily communicate authentication messages with the at least one of the plurality of servers over the reserved media port in response to setting up the pre-established session; authenticating with the mobile unit in response to receiving the authentication messages from the mobile unit; adding the mobile unit to a white list in response to authenticating with the mobile unit; and after adding the mobile unit to the white list, receiving the media traffic from the mobile unit over the reserved media port when the mobile unit is participating in the call for the PoC call session; wherein the at least one of the plurality of servers responsible for handing the media traffic transmitted by the mobile unit reserves the reserved media port for the media traffic and authorizes the media traffic to flow through the reserved media port for a configured duration; before the configured duration elapses, the at least one of the plurality of servers receives authentication credentials from the mobile unit via the reserved media port; upon successful authentication of the mobile unit the IP address of the mobile unit is associated with the reserved media port, so that only the mobile unit is authorized to transmit media traffic to the at least one of the plurality of servers through the reserved media port; and the IP address of the mobile unit is dis-associated with the reserved media port when a dialog between the at least one of the plurality of servers and the mobile unit is terminated by the at least one of the plurality of servers or the mobile unit. - View Dependent Claims (17, 18, 19)
-
Specification