User equipment validation in an IP network

US 8,191,116 B1
Filed: 10/17/2005
Issued: 05/29/2012
Est. Priority Date: 08/29/2005
Status: Active Grant

First Claim

Patent Images

1. A system that facilitates validation of a mobile user, comprising:

a memory;

at least one processor communicatively coupled to the memory that facilitates execution of computer-executable instructions to at least;

facilitate authenticated registration of the mobile user in response to Internet protocol security not being enabled at user equipment associated with the mobile user;

store registered contact information to the memory, wherein the registered contact information includes a registered Internet protocol address allocated by a gateway general packet radio service support node,receive a request and validate the request based at least in part upon a comparison between the registered contact information and contact information associated with the mobile user included in the request,determine, in response to the Internet protocol security not being enabled at the user equipment, that a trusted network is to be requested to validate the request,determine that the trusted network exists in response to the trusted network being requested, andrefuse the request in response to the trusted network not existing.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication and validation architecture utilizing a P-CSCF (proxy-call session control function) service to validate a source IP address against a registered contact IP address upon receiving an initial request for a dialog or a standalone request (except REGISTER) from a registered user. This provides a security measure to prevent IMS (IP multiemdia subsytem) identity spoofing, when SIP security (IPsec) access security is not enabled, or not used, between the user equipment (UE) and P-CSCF service.

Citations

21 Claims

1. A system that facilitates validation of a mobile user, comprising:
- a memory;
  
  at least one processor communicatively coupled to the memory that facilitates execution of computer-executable instructions to at least;
  
  facilitate authenticated registration of the mobile user in response to Internet protocol security not being enabled at user equipment associated with the mobile user;
  
  store registered contact information to the memory, wherein the registered contact information includes a registered Internet protocol address allocated by a gateway general packet radio service support node,receive a request and validate the request based at least in part upon a comparison between the registered contact information and contact information associated with the mobile user included in the request,determine, in response to the Internet protocol security not being enabled at the user equipment, that a trusted network is to be requested to validate the request,determine that the trusted network exists in response to the trusted network being requested, andrefuse the request in response to the trusted network not existing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the authenticated registration utilizes authentication and key agreement registration.
  - 3. The system of claim 1, wherein the validation component is a proxy-call session control function server.
  - 4. The system of claim 1, wherein the at least one processor further facilitates the execution of the computer-executable instructions to register an Internet protocol multimedia subsystem with the user equipment associated with the mobile user.
  - 5. The system of claim 1, wherein the contact information associated with the mobile user is a contact Internet protocol address, and the at least one processor further facilitates the execution of the computer-executable instructions to compare the contact Internet protocol address to the registered Internet protocol address in order to validate the request.
  - 6. The system of claim 1, wherein the contact information associated with the mobile user is a contact public user identity associated with a contact Internet protocol address, and the at least one processor further facilitates the execution of the computer-executable instructions to compare the contact public user identity to a registered public user identity that is associated with the registered Internet protocol address during authenticated registration.
  - 7. The system of claim 5, wherein the at least one processor further facilitates the execution of the computer-executable instructions to service the request in response to the contact information associated with the mobile user matching the registered contact information.
  - 8. The system of claim 5, wherein the at least one processor further facilitates the execution of the computer-executable instructions to reject the request by way of an error response in response to the contact information associated with the mobile user failing to match the registered contact information.
  - 9. The system of claim 1, wherein at least some of the computer-executable instructions are associated with an Internet protocol multimedia subsystem.
  - 10. The system of claim 1, wherein the registered contact information further includes a registered public user identity that is associated with the registered Internet protocol address during the authenticated registration.

11. A computer-implemented method of validating user equipment, comprising:
- performing, by a system including at least one processor, authentication registration of user equipment in response to Internet protocol security not being enabled at the user equipment;
  
  receiving a registered Internet protocol address allocated by a gateway general packet radio service support node;
  
  storing registered contact information in a network server;
  
  receiving a request for a network service;
  
  comparing contact information associated with the request to the registered contact information to obtain validation results;
  
  determining, in response to Internet protocol securing not being enabled at the user equipment, whether a trusted network is required for the validation results;
  
  determining, in response to the trusted network being required, whether the trusted network exists;
  
  including in the validation results an indication to refuse the request in response to the trusted network not existing; and
  
  processing the request based upon the validation results.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, further comprising serving the request in response to the validation results being affirmative.
  - 13. The method of claim 11, wherein the receiving the request includes receiving a dialog request.
  - 14. The method of claim 11, further comprising rejecting the request in response to the validation results being negative.
  - 15. The method of claim 14, wherein the processing the request includes rejecting the request by way of an error message.
  - 16. The method of claim 11, wherein the storing the registered contact information in the network server includes storing the registered contact information in a proxy-call session control function server.
  - 17. The method of claim 11, further comprising:
    - determining that the user equipment does not support Internet protocol security;
      
      determining that a trusted network is required;
      
      determining that a network is not trusted; and
      
      refusing the request for the network service.
  - 18. The method of claim 11, further comprising associating the registered Internet protocol address to a registered public user identity during the authentication registration.

19. A non-transitory computer readable storage medium comprising computer executable instructions that, in response to execution by a computing system, cause the computing system to perform operations, comprising:
- registering information associated with user equipment in response to Internet protocol security not being enabled at user equipment, wherein registered information includes a public user identity and is based upon an assignment of a registered Internet protocol address by a gateway general packet radio service support node prior to or during a registration authentication procedure;
  
  employing a computer memory for storing the registered information;
  
  receiving a request from the user equipment; and
  
  validating the request including;
  
  comparing the registered information with contact information associated with the request,determining whether a trusted network is required in response to Internet protocol securing not being enabled at the user equipment;
  
  determining whether the trusted network exists in response to the trusted network being required; and
  
  refusing the request in response to the trusted network being undetected.
- View Dependent Claims (20, 21)
- - 20. The computer readable storage medium of claim 19, wherein the storing the registered information includes storing the registered information in a proxy-call session control function server.
  - 21. The computer readable storage medium of claim 19, wherein the registering of the information associated with user equipment comprises authenticating the registration by way of authentication and key agreement.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cingular Wireless II LLC (AT&T, Inc.)
Original Assignee
AT&T Mobility II LLC (AT&T, Inc.)
Inventors
Gazzard, Daryl
Primary Examiner(s)
Henning, Matthew

Application Number

US11/252,077
Time in Patent Office

2,416 Days
Field of Search

None
US Class Current

726/4
CPC Class Codes

H04L 63/08 for authentication of entit...

H04W 12/069 using certificates or pre-s...

User equipment validation in an IP network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

User equipment validation in an IP network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links