Network service access control

US 10,334,440 B2
Filed: 05/30/2018
Issued: 06/25/2019
Est. Priority Date: 01/19/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising, under control of a processor:

receiving, from a first party associated with a first communication session, a first service message including information of a first session attribute and associated with first identification information of the first party of the first communication session, the first identification information comprising an identifier of an access network connected to a terminal associated with the first party;

retrieving, from an authorization registry, first authorization information corresponding to the first identification information, the first authorization information indicating the first party lacks permission to utilize the first session attribute when the terminal associated with the first party is connected to the access network;

in response to the first authorization information indicating the first session attribute is not permitted;

determining a second session attribute different from the first session attribute based at least in part on downgrade information associated with the first session attribute;

determining a first status message based at least in part on the first service message, the first status message comprising information of the second session attribute; and

transmitting the first status message via a communications interface to a second party of the communication session;

receiving, from a third party associated with a second communication session, a second service message including information of a third session attribute and associated with second identification information of the third party of the second communication session, the third session attribute comprising a media capability of a terminal associated with the third party;

retrieving, from the authorization registry, second authorization information corresponding to the second identification information;

in response to the second authorization information indicating the third party is not permitted to use the media capability;

determining a second status message comprising a service-failure message based at least in part on the second service message, the service-failure message comprising an indication that the third party is disallowed from utilizing the media capability; and

transmitting the second status message via the communications interface to the third party.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some implementations, a telecommunications network can include an anchoring network device. The anchoring network device can receive, from a first party of a communication session, a service message including information of a first session attribute and associated with identification information of a party of the communication session. The anchoring network device can retrieve, from an authorization registry, authorization information corresponding to the identification information. In response to the authorization information indicating the first session attribute is not permitted, the anchoring network device can determine a status message based at least in part on the service message and transmit the status message via a communications interface. The status message can include a service-failure message or a second service message including information of a second, different session attribute.

Citations

18 Claims

1. A computer-implemented method comprising, under control of a processor:
- receiving, from a first party associated with a first communication session, a first service message including information of a first session attribute and associated with first identification information of the first party of the first communication session, the first identification information comprising an identifier of an access network connected to a terminal associated with the first party;
  
  retrieving, from an authorization registry, first authorization information corresponding to the first identification information, the first authorization information indicating the first party lacks permission to utilize the first session attribute when the terminal associated with the first party is connected to the access network;
  
  in response to the first authorization information indicating the first session attribute is not permitted;
  
  determining a second session attribute different from the first session attribute based at least in part on downgrade information associated with the first session attribute;
  
  determining a first status message based at least in part on the first service message, the first status message comprising information of the second session attribute; and
  
  transmitting the first status message via a communications interface to a second party of the communication session;
  
  receiving, from a third party associated with a second communication session, a second service message including information of a third session attribute and associated with second identification information of the third party of the second communication session, the third session attribute comprising a media capability of a terminal associated with the third party;
  
  retrieving, from the authorization registry, second authorization information corresponding to the second identification information;
  
  in response to the second authorization information indicating the third party is not permitted to use the media capability;
  
  determining a second status message comprising a service-failure message based at least in part on the second service message, the service-failure message comprising an indication that the third party is disallowed from utilizing the media capability; and
  
  transmitting the second status message via the communications interface to the third party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, wherein the first session attribute is a video capability and the second session attribute is an audio capability.
  - 3. The computer-implemented method of claim 1, wherein at least one of:
    - the first identification information comprises at least a terminal identifier, user identifier, a user address, or a country code;
      
      orthe second identification information comprises at least a terminal identifier, user identifier, a network identifier, a user address, or a country code.
  - 4. The computer-implemented method of claim 1, wherein:
    - the third session attribute comprises a referred-to party of a call transfer; and
      
      the method comprises determining the service-failure message including an indication that transfer to the referred-to party is prohibited.
  - 5. The computer-implemented method of claim 1, wherein:
    - the third session attribute comprises presence information; and
      
      the method comprises determining the service-failure message including an indication that the presence information may not be published.
  - 6. The computer-implemented method of claim 1, wherein:
    - the third session attribute comprises a presence-query session type; and
      
      the method comprises determining the service-failure message including an indication that presence information may not be retrieved.
  - 7. The computer-implemented method of claim 1, further comprising:
    - receiving, from a profile server, service-access information associated with the third party; and
      
      transmitting the second status message comprising the service-failure message in response to the service-access information indicating the third party is not authorized to use the first session attribute.
  - 8. The computer-implemented method of claim 1, wherein the access network is a visited network, the first authorization information indicating the first party lacks permission to utilize the first session attribute when the terminal associated with the first party is roaming in the visited network.
  - 9. The computer-implemented method of claim 1, wherein the service-failure message comprises a Session Initiation Protocol (SIP) 488 Not Supported response.

10. A computer-implemented method comprising, under control of a processor:
- receiving, from a first party of a communication session, a service message including information of a first session attribute and associated with identification information of a party of the communication session, the identification information comprising an identifier of an access network connected to a terminal associated with the first party;
  
  retrieving, from an authorization registry, authorization information indicating the first party lacks permission to utilize the first session attribute when the terminal associated with the first party is connected to the access network;
  
  in response to the authorization information indicating the first session attribute is not permitted;
  
  determining a second session attribute different from the first session attribute based at least in part on downgrade information associated with the first session attribute; and
  
  determining a status message comprising information of the second session attribute based at least in part on the service message; and
  
  transmitting the status message to a second party of the communication session via a communications interface.
- View Dependent Claims (11, 12)
- - 11. The computer-implemented method of claim 10, wherein the first session attribute is a video capability and the second session attribute is an audio capability.
  - 12. The computer-implemented method of claim 10, wherein the identification information further includes at least a terminal identifier, user identifier, a user address, or a country code.

13. A telecommunications network, comprising:
- an anchoring network device communicatively connectable with a user equipment, wherein the anchoring network device is configured to;
  
  receive from the user equipment a first service message associated with a communication session, the first service message including information of a first session attribute, the first session attribute indicating a media capability of the user equipment;
  
  determine identification information of one or more parties of the communication session;
  
  retrieve authorization information corresponding to the identification information;
  
  in response to the authorization information indicating the user equipment is not permitted to use the media capability, determine a service-failure message based at least in part on the first service message, the service-failure message comprising an indication that the user equipment is disallowed from utilizing the media capability; and
  
  transmit the service-failure message to the user equipment via a communications interface.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The telecommunications network of claim 13, wherein the anchoring network device is further configured to retrieve the authorization information from an authorization server.
  - 15. The telecommunications network of claim 13, wherein:
    - the first session attribute comprises a referred-to party of a call transfer; and
      
      the anchoring network device is configured to determine the service-failure message including an indication that transfer to the referred-to party is prohibited.
  - 16. The telecommunications network of claim 13, wherein:
    - the first session attribute comprises presence information of a user of the user equipment; and
      
      the anchoring network device is configured to determine the service-failure message including an indication that the presence information may not be published.
  - 17. The telecommunications network of claim 13, wherein:
    - the first session attribute comprises a presence-query session type; and
      
      the anchoring network device is configured to determine the service-failure message including an indication that presence information may not be retrieved.
  - 18. The telecommunications network of claim 13, wherein the anchoring network device is further configured to:
    - receive, from a profile server, service-access information associated with a user of the user equipment; and
      
      transmit the service-failure message in response to the service-access information indicating the user is not authorized to use the first session attribute.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Original Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Inventors
Zaifuddin, Sabuhi Kiran, Mufti, Shujaur
Primary Examiner(s)
Taylor, Barry W

Application Number

US15/992,939
Publication Number

US 20180279128A1
Time in Patent Office

391 Days
Field of Search
US Class Current
CPC Class Codes

H04L 41/0668   by dynamic selection of rec...

H04L 65/1016   IP multimedia subsystem [IMS]

H04L 65/1069   Session establishment or de...

H04L 65/1083   In-session procedures

H04L 65/1094   Inter-user-equipment sessio...

H04L 65/1096   Supplementary features, e.g...

H04L 65/1104   Session initiation protocol...

H04L 65/403   Arrangements for multi-part...

H04W 12/033   of the user plane, e.g. use...

H04W 12/08   Access security

H04W 12/122   Counter-measures against at...

H04W 76/12   Setup of transport tunnels

Network service access control

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Network service access control

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links