IMS network identity management

US 8,499,340 B2
Filed: 05/21/2008
Issued: 07/30/2013
Est. Priority Date: 05/29/2007
Status: Active Grant

First Claim

Patent Images

1. A method of providing secure communication session set-up between a user of a UE (user equipment) associated with a home domain configured according to an IMS (IP (Internet Protocol) Multimedia System) architecture and a third party service that is not associated with the home domain, the method comprising:

receiving, in an identity server associated with the home domain, a control message relating to the secure communication session;

determining that an identity translation of the control message is necessary;

performing the identity translation of the control message by;

removing, if a control message target is an entity associated with the third party service, a user identifier identifying the user of the UE and adding a domain identifier identifying the home domain of the UE such that an identity of the user of the UE will be masked from the third party service; and

removing, if the control message target is the UE, a domain identifier identifying the home domain of the UE and adding a user identifier identifying the user of the UE;

adding an identity token to the control message; and

sending the identity translated control message to the control message target.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for enabling secure communications between a UE (user equipment) device operating though a packet-switched network and a 3^rdparty service outside of the user'"'"'s home domain. The packet-switched network may be, for example, configured according and IMS architecture and use SIP control signaling. An identity server in the user'"'"'s home domain is coupled with a proxy server or gateway and receives control messages, on which the identity server effects identity translation if needed. Translating messages targeted for the third party serve includes stripping user identifying information and adding a domain identifier to the message. It may also include adding an identity token. Where an identity token is not added, it may be provided upon request to a 3^rdparty service entity. Translating messages targeted for the UE includes adding a user identifier for home domain routing.

30 Citations

View as Search Results

17 Claims

1. A method of providing secure communication session set-up between a user of a UE (user equipment) associated with a home domain configured according to an IMS (IP (Internet Protocol) Multimedia System) architecture and a third party service that is not associated with the home domain, the method comprising:
- receiving, in an identity server associated with the home domain, a control message relating to the secure communication session;
  
  determining that an identity translation of the control message is necessary;
  
  performing the identity translation of the control message by;
  
  removing, if a control message target is an entity associated with the third party service, a user identifier identifying the user of the UE and adding a domain identifier identifying the home domain of the UE such that an identity of the user of the UE will be masked from the third party service; and
  
  removing, if the control message target is the UE, a domain identifier identifying the home domain of the UE and adding a user identifier identifying the user of the UE;
  
  adding an identity token to the control message; and
  
  sending the identity translated control message to the control message target.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method according to claim 1, wherein the control message is an SIP (Session Initiation Protocol) message.
  - 3. The method according to claim 2, wherein the control message is an INVITE message.
  - 4. The method according to claim 1, further comprising receiving a request for an identity token from a requesting entity associated with the third party service.
  - 5. The method according to claim 4, wherein the requesting entity is a CSCF (call session control function) server.
  - 6. The method according to claim 4, wherein the requesting entity is an AS (application server).
  - 7. The method according to claim 6, wherein the control-message target is the AS.
  - 8. The method according to claim 1, wherein the identity server receives the control message from a home domain proxy server.
  - 9. The method according to claim 8, wherein the identity server sends the identity translated control message to the home domain proxy server.
  - 10. The method according to claim 8, wherein the identity server sends the identity translated control message to a server associated with the third party service.
  - 11. The method according to claim 1, wherein the identity server receives the control message from an outgoing GW (gateway).
  - 12. The method according to claim 1, wherein the identity server receives the control message from a server associated with the third party service.
  - 13. The method according to claim 12, wherein the identity server sends the identity translated control message to a home domain server.
  - 14. The method according to claim 1, wherein the identity server receives the control message from a home domain server.
  - 15. The method according to claim 1, wherein the identity server receives the control message from a home domain incoming gateway.

16. An identity server, having a microprocessor and an associated non-transitory memory, for securing communications between a user of a UE (user equipment) and a third party service, the identity server being resident on a node in an IMS (IP (Internet Protocol) Multimedia Subsystem) network, the identity server comprising:
- a network interface for receiving a control message and for sending translated control messages;
  
  a determiner coupled to the network interface for determining identity translation of the control message is necessary; and
  
  a translator for performing identity translation of the control message, when identity translation is determined to be necessary by the determiner, by;
  
  removing, if a control message target is an entity associated with the third party service, a user identifier identifying the user of the UE and adding a domain identifier identifying a home domain of the UE such that an identity of the user of the UE will be masked from the third party service;
  
  removing, if the control message target is the UE, a domain identifier identifying the home domain of the UE and adding a user identifier identifying the user of the UE; and
  
  adding an identity token to the control message.
- View Dependent Claims (17)
- - 17. The identity server according to claim 16, wherein the network interface is adapted for receiving SIP (Session Initiation Protocol) control messages.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Lindholm, Fredrik, Valenzuela, Carolina Canales
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US12/124,510
Publication Number

US 20080301787A1
Time in Patent Office

1,896 Days
Field of Search

726/5, 726/3
US Class Current

726/5
CPC Class Codes

H04L 2101/395   Internet protocol multimedi...

H04L 61/2596   Translation of addresses of...

H04L 61/30   Managing network names, e.g...

H04L 61/301   Name conversion

IMS network identity management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

IMS network identity management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links