IMS network identity management
First Claim
1. A method of providing secure communication session set-up between a user of a UE (user equipment) associated with a home domain configured according to an IMS (IP (Internet Protocol) Multimedia System) architecture and a third party service that is not associated with the home domain, the method comprising:
- receiving, in an identity server associated with the home domain, a control message relating to the secure communication session;
determining that an identity translation of the control message is necessary;
performing the identity translation of the control message by;
removing, if a control message target is an entity associated with the third party service, a user identifier identifying the user of the UE and adding a domain identifier identifying the home domain of the UE such that an identity of the user of the UE will be masked from the third party service; and
removing, if the control message target is the UE, a domain identifier identifying the home domain of the UE and adding a user identifier identifying the user of the UE;
adding an identity token to the control message; and
sending the identity translated control message to the control message target.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus for enabling secure communications between a UE (user equipment) device operating though a packet-switched network and a 3rd party service outside of the user'"'"'s home domain. The packet-switched network may be, for example, configured according and IMS architecture and use SIP control signaling. An identity server in the user'"'"'s home domain is coupled with a proxy server or gateway and receives control messages, on which the identity server effects identity translation if needed. Translating messages targeted for the third party serve includes stripping user identifying information and adding a domain identifier to the message. It may also include adding an identity token. Where an identity token is not added, it may be provided upon request to a 3rd party service entity. Translating messages targeted for the UE includes adding a user identifier for home domain routing.
30 Citations
17 Claims
-
1. A method of providing secure communication session set-up between a user of a UE (user equipment) associated with a home domain configured according to an IMS (IP (Internet Protocol) Multimedia System) architecture and a third party service that is not associated with the home domain, the method comprising:
-
receiving, in an identity server associated with the home domain, a control message relating to the secure communication session; determining that an identity translation of the control message is necessary; performing the identity translation of the control message by; removing, if a control message target is an entity associated with the third party service, a user identifier identifying the user of the UE and adding a domain identifier identifying the home domain of the UE such that an identity of the user of the UE will be masked from the third party service; and removing, if the control message target is the UE, a domain identifier identifying the home domain of the UE and adding a user identifier identifying the user of the UE; adding an identity token to the control message; and sending the identity translated control message to the control message target. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An identity server, having a microprocessor and an associated non-transitory memory, for securing communications between a user of a UE (user equipment) and a third party service, the identity server being resident on a node in an IMS (IP (Internet Protocol) Multimedia Subsystem) network, the identity server comprising:
-
a network interface for receiving a control message and for sending translated control messages; a determiner coupled to the network interface for determining identity translation of the control message is necessary; and a translator for performing identity translation of the control message, when identity translation is determined to be necessary by the determiner, by; removing, if a control message target is an entity associated with the third party service, a user identifier identifying the user of the UE and adding a domain identifier identifying a home domain of the UE such that an identity of the user of the UE will be masked from the third party service; removing, if the control message target is the UE, a domain identifier identifying the home domain of the UE and adding a user identifier identifying the user of the UE; and adding an identity token to the control message. - View Dependent Claims (17)
-
Specification