IMS NETWORK IDENTITY MANAGEMENT

US 20080301787A1
Filed: 05/21/2008
Published: 12/04/2008
Est. Priority Date: 05/29/2007
Status: Active Grant

First Claim

Patent Images

1. A method of providing secure communication session set-up between a user using a UE (user equipment) device associated with a home domain and a 3^rdparty service that is not associated of the home domain, said method comprising the steps of:

receiving, in an identity server associated with the home domain, a control message relating to the communication session;

determining whether identity translation of the control message is necessary;

performing identity translation with respect to the control message if it is determined to be necessary; and

sending the translated control message toward its target.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is disclosed a manner of enabling secure communications between a UE (user equipment) device operating though a packet-switched network and a 3^rdparty service outside of the user'"'"'s home domain. The packet-switched network may be, for example, configured according and IMS architecture and use SIP control signaling. An identity server in the user'"'"'s home domain is coupled with a proxy server or gateway and receives control messages, on which the identity server effects identity translation if needed. Translating messages targeted for the third party serve includes stripping user identifying information and adding a domain identifier to the message. It may also include adding an identity token. Where an identity token is not added, it may be provided upon request to a 3^rdparty service entity. Translating messages targeted for the UE includes adding a user identifier for home domain routing.

Citations

26 Claims

1. A method of providing secure communication session set-up between a user using a UE (user equipment) device associated with a home domain and a 3^rdparty service that is not associated of the home domain, said method comprising the steps of:
- receiving, in an identity server associated with the home domain, a control message relating to the communication session;
  
  determining whether identity translation of the control message is necessary;
  
  performing identity translation with respect to the control message if it is determined to be necessary; and
  
  sending the translated control message toward its target.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method according to claim 1, wherein the home domain is configured according to an IMS (IP (Internet protocol) multimedia subsystem) architecture.
  - 3. The method according to claim 2, wherein the control message is an SIP (session initiation protocol) message.
  - 4. The method according to claim 3, wherein the control message is an INVITE message.
  - 5. The method according to claim 3, wherein the control-message target is an entity associated with the 3^rdparty service.
  - 6. The method according to claim 5, wherein the identity translation comprises removing a user identifier and adding a domain identifier such that a subsequent recipient of the control message can identify the home domain.
  - 7. The method according to claim 6, wherein the identity translation further comprises adding an identity token to the control message.
  - 8. The method according to claim 6, further comprising a request for an identity token from a requesting entity associated with the 3^rdparty service.
  - 9. The method according to claim 8, wherein the requesting entity is a CSCF (call session control function) server.
  - 10. The method according to claim 8, wherein the requesting entity is an AS (application server).
  - 11. The method according to claim 10, wherein the control-message target is the AS.
  - 12. The method according to claim 5, wherein the identity server receives the control message from a home domain proxy server.
  - 13. The method according to claim 12, wherein the identity server sends the translated control message to the home domain proxy server.
  - 14. The method according to claim 12, wherein the identity server sends the translated control message to a server associated with the 3^rdparty service.
  - 15. The method according to claim 5, wherein the identity server receives the control message from an outgoing GW (gateway).
  - 16. The method according to claim 3, wherein the control message target is the UE.
  - 17. The method according to claim 16, wherein the identity translation comprises removing a domain identifier and adding a user identifier.
  - 18. The method according to claim 16, wherein the identity server receives the control message from a server associated with the 3^rdparty service.
  - 19. The method according to claim 18, wherein the identity server sends the translated control message to a home domain server.
  - 20. The method according to claim 16, wherein the identity server receives the control message from a home domain server.
  - 21. The method according to claim 16, wherein the identity server receives the control message from a home domain incoming gateway.

22. An identity server for securing communications between a user and a 3^rdparty service, comprising:
- a network interface for receiving control message and for sending translated control messages;
  
  a determiner coupled to the network interface for determining whether identity translation of the control message is necessary; and
  
  a translator for performing identity translation with respect to the control message if it is determined to be necessary by the determiner.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The identity server according to claim 22, wherein the identity server is resident on a node in an IMS network.
  - 24. The identity server according to claim 22, wherein the network interface is adapted for receiving SIP control messages.
  - 25. The identity server according to claim 22, wherein the identity translation comprises removing a user identifier and adding a domain identifier such that a subsequent recipient of the control message can identify the home domain.
  - 26. The identity server according to claim 25, wherein the identity translation further comprises adding an identity token to the control message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Lindholm, Fredrik, Canales Valenzuela, Carolina

Granted Patent

US 8,499,340 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 2101/395   Internet protocol multimedi...

H04L 61/2596   Translation of addresses of...

H04L 61/30   Managing network names, e.g...

H04L 61/301   Name conversion

IMS NETWORK IDENTITY MANAGEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

IMS NETWORK IDENTITY MANAGEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links