Usage authentication via intercept and challege for network services
First Claim
1. A security broker to authorize use of a secure IP service, comprising:
- intercepting a Session Initiation Protocol (SIP) or Secure Session Initiated Protocol (SIPS) transaction during session setup;
transmitting a network based security challenge to a secure SIP device attempting to access a IP service associated with said SIP transaction;
prompting said secure SIP application to return an authorized subscriber authentication credential in only SIPS format;
forcing a SIP client to switch between Session Initiation Protocol (SIP) to Secure Session Initiated Protocol (SIPS) transaction;
receiving a returned subscriber authentication credential in response to said prompting using SIPS when previous transaction was in SIP format; and
switching a SIPS transaction back to SIP if appropriate for the remainder of a SIP transaction. authorizing an associated network to permit completion of an associated SIP session if said returned subscriber authentication credential is valid.
1 Assignment
0 Petitions
Accused Products
Abstract
A security broker (SB) that provides network based authorization of secure VoIP services, triggered upon attempted user access. The security broker (SB) intercepts a SIP transaction during session setup to transmit a network based security challenge to a SIP application attempting to access (secure) IP based services. A network based security challenge is transmitted to a participating SIP application on both the origination and termination legs of a SIP transaction. The network based security challenge prompts a SIP application to return subscriber authorization/authentication credentials (e.g. a username/password combination). If credentials returned by the SIP application are valid, the security broker (SB) authorizes the network to permit session completion, and access to secure IP services is granted. Alternatively, if credentials returned by the VoIP application are invalid, the security broker (SB) terminates the corresponding session attempt, hence preventing unauthorized access to (secure) IP based services.
-
Citations
6 Claims
-
1. A security broker to authorize use of a secure IP service, comprising:
-
intercepting a Session Initiation Protocol (SIP) or Secure Session Initiated Protocol (SIPS) transaction during session setup; transmitting a network based security challenge to a secure SIP device attempting to access a IP service associated with said SIP transaction; prompting said secure SIP application to return an authorized subscriber authentication credential in only SIPS format; forcing a SIP client to switch between Session Initiation Protocol (SIP) to Secure Session Initiated Protocol (SIPS) transaction; receiving a returned subscriber authentication credential in response to said prompting using SIPS when previous transaction was in SIP format; and switching a SIPS transaction back to SIP if appropriate for the remainder of a SIP transaction. authorizing an associated network to permit completion of an associated SIP session if said returned subscriber authentication credential is valid. - View Dependent Claims (2, 3)
-
-
4. Apparatus to authorize use of a secure IP service, comprising:
-
means for intercepting a Session Initiation Protocol (SIP) or Secure Session Initiated Protocol (SIPS) transaction during session setup; means for transmitting a network based security challenge to a secure SIP device attempting to access a IP based service associated with said IP call; means for prompting said secure SIP application to return an authorized subscriber authentication credential in only SIPS format; means for forcing a SIP client to switch between Session Initiation Protocol (SIP) to Secure Session Initiated Protocol (SIPS) transaction; means for receiving a returned subscriber authentication credential in response to said prompting; and means for switching a SIPS transaction back to SIP if appropriate for the remainder of a SIP transaction. means for authorizing an associated network to permit completion of an associated SIP session if said returned subscriber authentication credential is valid. - View Dependent Claims (5, 6)
-
Specification
-
- Resources
-
Current AssigneeTeleCommunication Systems Inc (Comtech Telecommunications Corporation)
-
Original AssigneeTeleCommunication Systems Inc (Comtech Telecommunications Corporation)
-
InventorsMcFarland, Keith A., Kesser, Doug, Burton, Victor, Sathyanarayanan, Amar, Raman, Baby
-
Application NumberUS13/506,418Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current726/4CPC Class CodesH04L 63/08 for authentication of entit...H04L 65/1016 IP multimedia subsystem [IMS]H04L 65/104 in the networkH04L 65/1045 Proxies, e.g. for session i...H04L 65/1069 Session establishment or de...H04L 65/1104 Session initiation protocol...
