SIP Signaling Without Constant Re-Authentication

US 20100082977A1
Filed: 09/30/2008
Published: 04/01/2010
Est. Priority Date: 09/30/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

in response to a first request of a client on a communication connection, authenticating the client;

in response to at least one second request of the client on the connection and subsequent to the first request, forbearing from authenticating the client; and

in response to a third request of the client on the connection and subsequent to the at least one second request, authenticating the client.

View all claims

23 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A proxy server causes an authentication authority to authenticate a client in response to a first Session Initiation Protocol (SIP) request of the client on a connection. It does not cause the client to be authenticated in response subsequent requests on the connection as long as the underlying connection is not broken, the subsequent requests are on behalf of the same client, the client has not been removed from the system, the client'"'"'s password has not changed, a “safety net” timer has not expired, or any other policy that the server chooses to enforce. This eliminates the overhead of constant re-authentication in response to each SIP request.

Citations

32 Claims

1. A method comprising:
- in response to a first request of a client on a communication connection, authenticating the client;
  
  in response to at least one second request of the client on the connection and subsequent to the first request, forbearing from authenticating the client; and
  
  in response to a third request of the client on the connection and subsequent to the at least one second request, authenticating the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15)
- - 2. The method of claim 1 further comprising:
    - in response to successfully authenticating the client, complying with the request; and
      
      in response to unsuccessfully authenticating the client, forbearing from complying with the request.
  - 3. The method of claim 2 further comprising:
    - in response to unsuccessfully authenticating the client, tearing down the connection.
  - 4. The method of claim 1 wherein:
    - the first, the at least one second, and the third request are made via a TCP/IP model application-layer protocol.
  - 5. The method of claim 4 wherein:
    - the protocol is SIP.
  - 6. The method of claim 4 wherein:
    - the protocol normally requires authentication of the client in response to every request of the client on the connection.
  - 7. The method of claim 4 wherein:
    - a connection used to transmit the requests is secure.
  - 8. The method of claim 1 wherein:
    - forbearing from authenticating the client comprisesin response to the second request, determining whether the authentication of the client has expired, andin response to determining that the authentication of the client has not expired, forbearing from authenticating the client;
      
      whereinthe method further comprisesin response to determining that the authentication of the client has expired, authenticating the client.
  - 9. The method of claim 1 wherein:
    - forbearing from authenticating the client comprisesin response to the second request, determining whether a connection used to transmit the request has changed from the first request, andin response to determining that the connection has not changed, forbearing from authenticating the client;
      
      whereinthe method further comprisesin response to determining that the connection has changed, authenticating the client.
  - 10. The method of claim 1 wherein:
    - forbearing from authenticating the client comprisesin response to the second request, determining whether either (a) either an identifier of the client or an identifier of a connection used to transmit the request has changed from the first request or (b) the authentication of the client has expired, andin response to determining that both (a) the identifier of the client and the identifier of the connection have not changed and (b) the authentication of the client has not expired, forbearing from authenticating the client;
      
      wherein the method further comprisesin response to determining that either (a) either the identifier of the client or the identifier of the connection has changed or (b) the authentication of the client has expired, authenticating the client.
  - 11. The method of claim 1 wherein:
    - the first, the at least one second, and the third user request are made via a TCP/IP model application-layer protocol.
  - 12. The method of claim 1 wherein:
    - the first, the at least one second, and the third request are made via SIP.
  - 13. The method of claim 1 wherein:
    - authenticating the client comprisesin response to an individual one of the first or the third request of the client, sending a request to an authentication authority for a challenge;
      
      in response to receiving a response to the challenge from the client, determining whether the response is correct;
      
      in response to determining that the response is correct, complying with the individual request; and
      
      in response to determining that the response is not correct, forbearing from complying with the individual request.
  - 15. A computer storage medium storing computer-readable instructions which, when executed by the computer, perform the method of one of claims 1-14.

14. A method comprising:
- in response to a first SIP request of a client on a communication connection with a proxy server, authenticating the client;
  
  in response to at least a second SIP request of the client on the connection and subsequent to the first SIP request, forbearing from authenticating the client; and
  
  in response to at least a third SIP request of the client on the connection and subsequent to the at least one second SIP request, authenticating the client.

16. A server comprising:
- means responsive to a first request of a client on a communication connection, for authenticating the client;
  
  means responsive to at least one second request of the client on the connection and subsequent to the first request, for forbearing from authenticating the client; and
  
  means responsive to a third request of the client on the connection and subsequent to the at least one second request, for authenticating the client.
- View Dependent Claims (17)
- - 17. The server of claim 16 wherein:
    - the server is a proxy server.

18. An apparatus comprising:
- a server adapted to respond to a first request of a client on a communication connection by authenticating the client, adapted to respond to at least one second request of the client on the connection and subsequent to the first request by forbearing from authenticating the client, and adapted to respond to a third request of the client on the connection and subsequent to the at least one second request by authenticating the client; and
  
  an authentication authority adapted to cooperate with the server to authenticate the client.

19. An apparatus comprising:
- a store for storing instructions; and
  
  a processor for executing the instructions;
  
  wherein the store and the processor together form a server adapted to respond to a first request of a client on a communication connection by authenticating the client, to respond to at least one second request of the client on the connection and subsequent to the first request by forbearing from authenticating the client, and to respond to a third request of the client on the connection and subsequent to the at least one second request by authenticating the client.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 20. The apparatus of claim 19 wherein:
    - the server is further adapted to respond to successfully authenticating the client by complying with the request, and to respond to unsuccessfully authenticating the client by forbearing from complying with the request.
  - 21. The apparatus of claim 20 wherein:
    - the server is further adapted to respond to unsuccessfully authenticating the client by tearing down the connection.
  - 22. The apparatus of claim 19 wherein:
    - the server is adapted to receive the first, the at least one second, and the third request via a TCP/IP model application-layer protocol.
  - 23. The apparatus of claim 22 wherein:
    - the protocol is SIP.
  - 24. The apparatus of claim 22 wherein:
    - the protocol normally requires the server to authenticate the client in response to every request of the client on the connection.
  - 25. The apparatus of claim 22 wherein:
    - a connection used by the server to receive the requests is secure.
  - 26. The apparatus of claim 19 wherein:
    - the server is adapted to forbear from authenticating the client by (a) in response to the second request, determining whether the authentication of the client has expired, and (b) in response to determining that the authentication of the client has not expired, forbearing from authenticating the client; and
      
      whereinthe server is further adapted to respond to determining that the authentication of the client has expired, by authenticating the client.
  - 27. The apparatus of claim 19 wherein:
    - the server is adapted to forbear from authenticating the client by (a) in response to the second request, determining whether a connection used to transmit the request has changed from the first request, and (b) in response to determining that the connection has not changed, forbearing from authenticating the client; and
      
      whereinthe server is further adapted to respond to determining that the connection has changed, by authenticating the client.
  - 28. The apparatus of claim 19 wherein:
    - the server is adapted to forbear from authenticating the client by (a) in response to the second request, determining whether either (1) either an identifier of the client or an identifier of a connection used to transmit the request has changed from the first request or (2) the authentication of the client has expired, and (b) in response to determining that both (1) the identifier of the client and the identifier of the connection have not changed and (2) the authentication of the client has not expired, by forbearing from authenticating the client; and
      
      whereinthe server is further adapted to respond to determining that either (1) either the identifier of the client or the identifier of the connection has changed or (2) the authentication of the client has expired, by authenticating the client.
  - 29. The apparatus of claim 19 wherein:
    - the server is adapted to receive the first, the at least one second, and the third user request via a TCP/IP model application-layer protocol.
  - 30. The apparatus of claim 19 wherein:
    - the server is adapted to receive the first, the at least one second, and the third request via SIP.
  - 31. The apparatus of claim 19 wherein:
    - the server is adapted to authenticate the client by (a) in response to an individual one of the first or the third request of the client, sending a request to an authentication authority for a challenge, (b) in response to receiving a response to the challenge from the client, forwarding the response to the authentication authority for determining whether the response is correct;
      
      (c) and whereinthe server is further adapted to respond to a determination that the response is correct by complying with the individual request, and to respond to a determination that the response is not correct by forbearing from complying with the individual request.
  - 32. The apparatus of claim 19 wherein:
    - the server comprises a proxy server;
      
      the first request is a first SIP request of a client on a communication connection with a proxy server;
      
      the at least one second request is at least one second SIP request of the client on the connection and subsequent to the first SIP request; and
      
      the third request is a third SIP request of the client on the connection and subsequent to the at least one second SIP request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arlington Technologies, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
Avaya Incorporated
Inventors
Durney, Stephen, Weber, Gregory, Brunson, Gordon, Boyle, Frank J., Chavez, David

Granted Patent

US 8,689,301 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/158
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

SIP Signaling Without Constant Re-Authentication

First Claim

23 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

SIP Signaling Without Constant Re-Authentication

First Claim

23 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links