User equipment validation in an IP network
First Claim
Patent Images
1. A system that facilitates validation of a mobile user, comprising:
- a memory;
at least one processor communicatively coupled to the memory that facilitates execution of computer-executable instructions to at least;
facilitate authenticated registration of the mobile user in response to Internet protocol security not being enabled at user equipment associated with the mobile user;
store registered contact information to the memory, wherein the registered contact information includes a registered Internet protocol address allocated by a gateway general packet radio service support node,receive a request and validate the request based at least in part upon a comparison between the registered contact information and contact information associated with the mobile user included in the request,determine, in response to the Internet protocol security not being enabled at the user equipment, that a trusted network is to be requested to validate the request,determine that the trusted network exists in response to the trusted network being requested, andrefuse the request in response to the trusted network not existing.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication and validation architecture utilizing a P-CSCF (proxy-call session control function) service to validate a source IP address against a registered contact IP address upon receiving an initial request for a dialog or a standalone request (except REGISTER) from a registered user. This provides a security measure to prevent IMS (IP multiemdia subsytem) identity spoofing, when SIP security (IPsec) access security is not enabled, or not used, between the user equipment (UE) and P-CSCF service.
-
Citations
21 Claims
-
1. A system that facilitates validation of a mobile user, comprising:
-
a memory; at least one processor communicatively coupled to the memory that facilitates execution of computer-executable instructions to at least; facilitate authenticated registration of the mobile user in response to Internet protocol security not being enabled at user equipment associated with the mobile user; store registered contact information to the memory, wherein the registered contact information includes a registered Internet protocol address allocated by a gateway general packet radio service support node, receive a request and validate the request based at least in part upon a comparison between the registered contact information and contact information associated with the mobile user included in the request, determine, in response to the Internet protocol security not being enabled at the user equipment, that a trusted network is to be requested to validate the request, determine that the trusted network exists in response to the trusted network being requested, and refuse the request in response to the trusted network not existing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method of validating user equipment, comprising:
-
performing, by a system including at least one processor, authentication registration of user equipment in response to Internet protocol security not being enabled at the user equipment; receiving a registered Internet protocol address allocated by a gateway general packet radio service support node; storing registered contact information in a network server; receiving a request for a network service; comparing contact information associated with the request to the registered contact information to obtain validation results; determining, in response to Internet protocol securing not being enabled at the user equipment, whether a trusted network is required for the validation results; determining, in response to the trusted network being required, whether the trusted network exists; including in the validation results an indication to refuse the request in response to the trusted network not existing; and processing the request based upon the validation results. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer readable storage medium comprising computer executable instructions that, in response to execution by a computing system, cause the computing system to perform operations, comprising:
-
registering information associated with user equipment in response to Internet protocol security not being enabled at user equipment, wherein registered information includes a public user identity and is based upon an assignment of a registered Internet protocol address by a gateway general packet radio service support node prior to or during a registration authentication procedure; employing a computer memory for storing the registered information; receiving a request from the user equipment; and validating the request including; comparing the registered information with contact information associated with the request, determining whether a trusted network is required in response to Internet protocol securing not being enabled at the user equipment; determining whether the trusted network exists in response to the trusted network being required; and refusing the request in response to the trusted network being undetected. - View Dependent Claims (20, 21)
-
Specification