Method and system for authorizing access to user information in a network

US 20050071679A1
Filed: 12/19/2003
Published: 03/31/2005
Est. Priority Date: 02/04/2003
Status: Active Grant

First Claim

Patent Images

1. A method for authorization to information of a user comprising:

receiving a request at a network entity from a source for information of a user;

verifying that the source is authorized to receive the information; and

generating a response authorizing the request if the source is authorized to receive the information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to a method and system for authorizing access to information of a user. The system includes a first network entity and a second network entity. The first network entity sends a request for information of a user to the second network entity. The second network entity receives the request for information of the user, verifies that the first network entity is authorized to receive the requested information, and generates a response authorizing the request if the first network entity is authorized to receive the information. The verifying may include comparing the first network entity against all non-barred public user identities of the user, comparing the first network entity against all network entities identified in a previous request, and comparing the first network entity against all application servers not belonging to third-party providers outside a network to which the user is connected.

Citations

20 Claims

1. A method for authorization to information of a user comprising:
- receiving a request at a network entity from a source for information of a user;
  
  verifying that the source is authorized to receive the information; and
  
  generating a response authorizing the request if the source is authorized to receive the information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method according to claim 1, wherein the information is registration information of the user.
  - 3. The method according to claim 1, further comprising verifying that the network entity is authorized to receive the information based on stored dynamic information at the network entity and information in the request.
  - 4. The method according to claim 1, wherein the request comprises a request for subscription to a registration state event package.
  - 5. The method according to claim 1, the verifying further comprising comparing the source of the request against all non-barred public user identities of the user.
  - 6. The method according to claim 1, the verifying further comprising comparing the source of the request against all network entities identified in a previous request.
  - 7. The method according to claim 6, the verifying further comprising comparing the source of the request against all network entities identified in a Path header contained in the previous request.
  - 8. The method according to claim 7, wherein the Path header field includes Proxy Call Session Control Function (P-CSCF) devices to which the user is attached.
  - 10. The method according to claim 1, the verifying further comprising comparing the source of the request against all application servers not belonging to third-party providers outside a network to which the user is connected.
  - 11. The method according to claim 10, the verifying further comprising comparing the source of the request against all application servers that match a user profile'"'"'s Filter Criteria for a Register event associated with the request.
  - 12. The method according to claim 1, wherein the response further comprises user registration expiration information.
  - 13. The method according to claim 12, the user registration expiration information comprising a same value or a decreased value of second user registration expiration information contained in the request.
  - 14. The method according to claim 13, the response further comprising an Expires header containing the user registration expiration information and a second Expires header contained in the request containing the second user registration expiration information.
  - 15. The method according to claim 1, the response further comprising a Contact header generated by the network entity, the Contact header comprising an identifier that helps correlate refreshes for the request.
  - 16. The method according to claim 1, further comprising performing registration state notification procedures by the network entity after the generating of the response.
  - 17. The method according to claim 1, wherein the network entity is a Serving Call Session Control Function (S-CSCF).

18. A network entity, the network entity performing:
- receiving a request at a network entity from a source for information of a user;
  
  verifying that the source is authorized to receive the information, the verifying comprising;
  
  comparing the source of the request against all non-barred public user identities of the user, comparing the source of the request against all network entities identified in a previous request, and comparing the source of the request against all application servers not belonging to third-party providers outside a network to which the user is connected; and
  
  generating a response authorizing the request if the source is authorized to receive the information.
- View Dependent Claims (19)
- - 19. The entity according to claim 18, wherein the network entity is a Serving Call Session Control Function (S-CSCF).

20. A system for authorizing access to information of a user comprising:
- a first network entity, the first network entity sending a request for information of a user; and
  
  a second network entity, the second network entity receiving the request for information of the user, verifying that the first network entity is authorized to receive the requested information, and generating a response authorizing the request if the first network entity is authorized to receive the information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Kiss, Krisztian, Tuohino, Markku, Westman, Ilkka

Granted Patent

US 7,627,894 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 65/1016   IP multimedia subsystem [IMS]

H04L 65/1104   Session initiation protocol...

H04L 67/535   Tracking the activity of th...

H04L 67/54   Presence management, e.g. m...

H04L 69/329   in the application layer [O...

Method and system for authorizing access to user information in a network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authorizing access to user information in a network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links