Methods and systems for distributed authentication and caching for internet protocol multimedia subsystem and other session initiation protocol systems

US 8,467,290 B2
Filed: 12/26/2006
Issued: 06/18/2013
Est. Priority Date: 12/26/2006
Status: Active Grant

First Claim

Patent Images

1. A method for distributing authentication in Internet Protocol Multimedia Subsystem and other Session Initiation Protocol systems, the method comprising the steps of:

loading a local database copy of user profiles in an edge element in a network from a remotely located master user database, wherein the edge element provides network access, and wherein the local database copy of the user profiles comprises one of a full copy of all user profiles known in a control entity and a partial copy of only user profiles known to access the edge element;

pre-authenticating Session Initiation Protocol requests by service requestors utilizing the local database copy of the user profiles at the edge element without involvement of the remotely located master user database, wherein the pre-authenticating comprises partial or full authentication of the Session Initiation Protocol requests, and wherein the pre-authenticating is performed by the edge element concurrently while the edge element provides the network access to the service requestors; and

providing services to the service requestors responsive to the Session Initiation Protocol requests;

wherein the edge element is configured to cache network resources comprising content and software responsive to the Session Initiation Protocol requests in a predictive manner.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network elements in IMS or other SIP systems are configured to pre-authenticate SIP requests either as proxy or by snooping. One or more of these network elements are pre-loaded with a local database copy of the user profiles as typically contained in the HSS inside of the IMS control structures. A master database, such as the one typically contained in the HSS, is distributed to all network elements using database distribution methods. Advantageously, pre-authentication solves bottleneck issues in the SIP mechanism by allowing an end user device to use fully authenticated SIP requests. This prevents the requirement to perform authentication, authorization, and accounting (AAA) all the way back to the core IMS network, alleviating lag and scaling issues. Additionally, network elements including can become aware of the services requested through SIP requests, and track these requests for optimization. Specifically, resources requested based upon SIP requests can be cached.

Citations

17 Claims

1. A method for distributing authentication in Internet Protocol Multimedia Subsystem and other Session Initiation Protocol systems, the method comprising the steps of:
- loading a local database copy of user profiles in an edge element in a network from a remotely located master user database, wherein the edge element provides network access, and wherein the local database copy of the user profiles comprises one of a full copy of all user profiles known in a control entity and a partial copy of only user profiles known to access the edge element;
  
  pre-authenticating Session Initiation Protocol requests by service requestors utilizing the local database copy of the user profiles at the edge element without involvement of the remotely located master user database, wherein the pre-authenticating comprises partial or full authentication of the Session Initiation Protocol requests, and wherein the pre-authenticating is performed by the edge element concurrently while the edge element provides the network access to the service requestors; and
  
  providing services to the service requestors responsive to the Session Initiation Protocol requests;
  
  wherein the edge element is configured to cache network resources comprising content and software responsive to the Session Initiation Protocol requests in a predictive manner.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising the steps of:
    - authorizing the Session Initiation Protocol requests utilizing the local database copy of the user profile; and
      
      accounting the Session Initiation Protocol requests utilizing the local database copy of the user profile.
  - 3. The method of claim 2, wherein the edge and switch elements have decryption keys to view the Session Initiation Protocol requests.
  - 4. The method of claim 3, wherein the keys comprise dynamic and pre-shared keys, and wherein the encryption is Internet Protocol Security (IPSec).
  - 5. The method of claim 1, further comprising the step of loading the local database copy of the user profiles in switch elements in the network.
  - 6. The method of claim 1, further comprising the step of updating the local database copy of the user profiles.
  - 7. The method of claim 1, wherein the local database utilizes a multi-stage cascaded distributed architecture.
  - 8. The method of claim 1, wherein the user profiles comprise substantially the same information as contained in the Home Subscriber System.
  - 9. The method of claim 1, wherein the local database copy comprises a partial copy of the user profiles corresponding to users of the network.
  - 10. The method of claim 1, further comprising the steps of pre-authenticating Extensible Mark-Up Language requests utilizing the local database copy of user profiles, wherein the pre-authenticating comprises partial or full authentication of the Extensible Mark-Up Language requests.

11. A method for resource caching in Internet Protocol Multimedia Subsystem and other Session Initiation Protocol systems, the method comprising the steps of:
- observing a user'"'"'s request for services at an edge node or switch node of a network, wherein a user generating the user'"'"'s request is known to access the edge node or switch node in advance, and wherein the user is pre-authenticated at the edge node or switch node without involvement of a Home Subscriber System, wherein the pre-authentication is perform at the edge node or the switch node while concurrently providing network access to the user;
  
  loading a caching mechanism and caching services comprising network resources comprising content and software responsive to the user'"'"'s request for services in a predictive manner, wherein the user'"'"'s request for services comprises a Session Initiation Protocol request or an Extensible Mark-up Language request; and
  
  providing the services to the user responsive to the user'"'"'s request for services.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11, further comprising the steps of:
    - observing the user'"'"'s vector through space and location; and
      
      loading the caching mechanism responsive to the user'"'"'s vector through space and location.
  - 13. The method of claim 11, wherein the caching mechanism is aware of the user, a service type, and a community of users, and wherein the caching mechanism performs caching responsive to the user, the service type, and the community of users.

14. An enterprise private network or service provider network utilizing Internet Protocol Multimedia Subsystem or Session Initiation Protocol comprising:
- a plurality of edge elements;
  
  a plurality of switch elements, wherein the plurality of edge elements and plurality of switch elements are interconnected; and
  
  a local database comprising user profiles, wherein the local database is pre-loaded on one or more of the plurality of edge elements from a remotely located master user database, and wherein the local database is a copy of a Home Subscriber Service database, and wherein the local database comprises one of a full copy of all user profiles known in a control entity and a partial copy of only user profiles known to access the one or more of the plurality of edge elements;
  
  wherein the one or more of the plurality of edge elements are configured to pre-authenticate, authorize, and account for Session Initiation Protocol requests utilizing the local database without involvement of the remotely located master user database, and wherein the pre-authenticating is performed by the one or more of the plurality edge elements concurrently while providing network access to service requestors associated with the requests; and
  
  wherein the edge element is configured to cache network resources comprising content and software responsive to the Session Initiation Protocol requests in a predictive manner.
- View Dependent Claims (15, 16, 17)
- - 15. The enterprise private network or service provider network of claim 14, wherein the local database is pre-loaded on the plurality of switch elements, and one or more of the plurality of switch elements are configured to pre-authenticate, authorize, and account Session Initiation Protocol requests utilizing the local database without involvement of the remotely located master user database.
  - 16. The enterprise private network or service provider network of claim 14, wherein the user profiles comprise substantially the same information as contained in the Home Subscriber System.
  - 17. The enterprise private network or service provider network of claim 14, wherein the local database is updated periodically with current user profile data through distributed database techniques.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ciena Corporation
Original Assignee
Ciena Corporation
Inventors
Gazier, Michael A., Ong, Lyndon Y., Duncan, Ian H.
Primary Examiner(s)
Rinehart, Mark
Assistant Examiner(s)
BROCKMAN, ANGEL T

Application Number

US11/645,458
Publication Number

US 20080155659A1
Time in Patent Office

2,366 Days
Field of Search

370/230, 370/260, 370/252
US Class Current

370/230
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0884   by delegation of authentica...

H04L 63/164   at the network layer

H04L 65/1016   IP multimedia subsystem [IMS]

Methods and systems for distributed authentication and caching for internet protocol multimedia subsystem and other session initiation protocol systems

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for distributed authentication and caching for internet protocol multimedia subsystem and other session initiation protocol systems

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links