System and method for network based policy enforcement of intelligent-client features

DC CAFC

US 8,539,552 B1
Filed: 09/25/2003
Issued: 09/17/2013
Est. Priority Date: 09/25/2003
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. A method for controlling a plurality of services in packet-based networks, the method comprising:

a network entity intercepting a signaling message associated with a call between a sender device of the message and an intended recipient device of the message, wherein the signaling message includes an indication of one type of the plurality of services which the signaling message is intended to invoke;

the network entity making a determination of whether either the sender device or the intended recipient device is authorized to invoke the type of service indicated in the signaling message based in part on a device profile maintained in part on a remote enforcement point, wherein the type of service comprises at least one of caller-ID, call waiting, multi-way calling, multi-line service, and codec specification; and

the network entity filtering the signaling message based on the determination such that the signaling message is transmitted to the intended recipient device if either the sender device or the intended recipient device is authorized to invoke the type of service indicated in the signaling message.

View all claims

8 Assignments

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

A system and method for network based policy enforcement of intelligent-client features is provided. An operator of an IP telephony and/or IP multimedia network may enforce authorization or privileges of intelligent end-user clients to utilize or invoke services in the network. A network policy enforcement point is maintained in the network by elements that are under control of the network operator. The network policy enforcement point controls access to, and invocation of, features and services that may otherwise be delivered to subscribers without the knowledge or authorization of the network. The network policy enforcement point receives messages, associates the message with a known service, makes a determination as to whether a beneficiary of the service is authorized to invoke the service, and then filters the messages based on the determination.

47 Citations

View as Search Results

25 Claims

1. A method for controlling a plurality of services in packet-based networks, the method comprising:
- a network entity intercepting a signaling message associated with a call between a sender device of the message and an intended recipient device of the message, wherein the signaling message includes an indication of one type of the plurality of services which the signaling message is intended to invoke;
  
  the network entity making a determination of whether either the sender device or the intended recipient device is authorized to invoke the type of service indicated in the signaling message based in part on a device profile maintained in part on a remote enforcement point, wherein the type of service comprises at least one of caller-ID, call waiting, multi-way calling, multi-line service, and codec specification; and
  
  the network entity filtering the signaling message based on the determination such that the signaling message is transmitted to the intended recipient device if either the sender device or the intended recipient device is authorized to invoke the type of service indicated in the signaling message.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein filtering the signaling message comprises altering the signaling message based on the authorized services of the sender device or the intended recipient device.
  - 3. The method of claim 2, wherein altering the signaling message comprises modifying the signaling message so that the indication of the type of service is within authorized limits.
  - 4. The method of claim 1, wherein filtering the signaling message comprises discarding the signaling message having an indication of services which the sender device or the intended recipient devices is unauthorized to use.
  - 5. The method of claim 1, further comprising the network entity communicating with one or more other network entities responsible for monitoring media data flow associated with the call between the sender device and the intended recipient device to ensure compliance with the authorized services and an authorized amount of bandwidth.

6. A method for controlling a plurality of services in packet-based networks, the method comprising:
- a network entity intercepting a message associated with a call between a sender of the message and an intended recipient of the message;
  
  the network entity recognizing that the message includes at least part of an indication of at least one of the plurality of services;
  
  the network entity determining whether any beneficiary of the at least one of the plurality of services is authorized to invoke or receive the at least one of the plurality of services based on a beneficiary profile stored in part on a remote enforcement point, wherein the plurality of services comprise at least two of caller-ID, call waiting, multi-way calling, multi-line service, and codec specification; and
  
  the network entity processing the message based on whether the beneficiary of the at least one of the plurality of services is authorized to invoke or receive the at least one of the plurality of services.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 7. The method of claim 6, wherein recognizing that the message includes at least part of the indication of the at least one of the plurality of services comprises:
    - accessing a database including information indicating implementations of services; and
      
      comparing the indication of the at least one of the plurality of services to the information in the database.
  - 8. The method of claim 6, wherein the beneficiary is the sender of the message.
  - 9. The method of claim 6, wherein the beneficiary is the intended recipient of the message.
  - 10. The method of claim 6, wherein determining whether the beneficiary of the service is authorized to invoke or receive the at least one of the plurality of services comprises:
    - receiving from an authentication server a user profile of the beneficiary that specifies which of the plurality of services the beneficiary is authorized to invoke or receive; and
      
      comparing the authorized services for the beneficiary to the at least one of the plurality of services indicated in the message.
  - 11. The method of claim 6, further comprising monitoring network resource usage to ensure that the user is only utilizing services that the user is authorized to use and is utilizing an authorized amount of bandwidth.
  - 12. The method of claim 6, wherein processing the message comprises forwarding the message to the beneficiary if the beneficiary is authorized to invoke or receive the at least one of the plurality of services.
  - 13. The method of claim 6, wherein processing the message comprises altering the message and then forwarding the message to the intended recipient.
  - 14. The method of claim 13, wherein altering the message comprises altering the message so as to disable the at least one of the plurality of services.
  - 15. The method of claim 6, wherein processing the message comprises discarding the message if the beneficiary is not authorized to invoke or receive the at least one of the plurality of services.
  - 16. The method of claim 15, further comprising the network entity returning an error indication message to the sender of the message.
  - 17. The method of claim 6, wherein if the beneficiary is not authorized to invoke or receive the at least one of the plurality of services, processing the message comprises:
    - returning an option message to the sender asking the sender if the sender wants to invoke or receive the at least one of the plurality of services.

18. A method for controlling a plurality of services in packet-based networks, the method comprising:
- a network entity intercepting a message associated with establishing an Internet Protocol (IP) telephony call between a sender of the message and an intended recipient of the message, the message configured according to a protocol;
  
  the network entity requesting a user profile of a user associated with the message, wherein the user profile specifies which of a plurality of services the user is authorized to use, including IP telephony services;
  
  the network entity determining from the user profile whether the user is authorized to invoke or receive the IP telephone services, wherein the IP telephone services comprise at least two of caller-ID, call waiting, multi-way calling, multi-line service, and codec specification; and
  
  the network entity filtering the message based on whether the user is authorized to invoke or receive the IP telephone services.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The method of claim 18, wherein the user is the sender of the message.
  - 20. The method of claim 18, wherein the user is the intended recipient of the message.
  - 21. The method of claim 18, wherein the message is a session initiation protocol (SIP) message.
  - 22. The method of claim 18, further comprising monitoring network resource usage to ensure that the user is only utilizing services that the user is authorized to use and is utilizing an authorized amount of bandwidth.

23. A system for controlling a plurality of services in packet-based networks, the system comprising:
- an interface that is in a communications path of signaling messages between a first end device and a second end device, wherein the interface receives messages according to a protocol;
  
  a processor;
  
  data storage; and
  
  program logic stored in the data storage and executable by the processor to intercept at least one message associated with a call between the first end device and the second end device, to associate the at least one message with at least one known service of a plurality of services that are defined within the protocol, to determine whether either of the first end device and the second end device is authorized to invoke or receive the at least one known service of the plurality of services according to a user profile maintained on a remote enforcement point, wherein the type of service comprises at least one of caller-ID, call waiting, multi-way calling, multi-line service, and codec specification, and to filter the at least one message based on whether at least one of the first end device and the second end device is authorized to invoke or receive the at least one known service of the plurality of services.

24. A system comprising:
- a border element being in a communications path of session initiation protocol (SIP) signaling messages associated with a call between end devices, wherein the SIP signaling messages include an indication of at least one service of a plurality of services, and wherein the border element is to filter the SIP signaling messages based on authorized services of either of the end devices, wherein an SIP signaling message is transmitted if either of the end devices associated with that SIP signaling message is authorized for a service indicated in that SIP signaling message, wherein the service comprises at least one of caller-ID, call waiting, multi-way calling, multi-line service, and codec specification; and
  
  a proxy server for receiving a request from the border element for a user profile of at least one of the end devices the user profile maintained on a storage device, and in response, for sending the user profile to the border element, wherein the user profile specifies which services of the plurality of services the at least one of the end devices is authorized to use.
- View Dependent Claims (25)
- - 25. The system of claim 24, wherein the border element is selected from the group consisting of a firewall, an application layer gateway (ALG), and a SIP-aware firewall.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Uniloc 2017 LLC (SoftBank Group Corp.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Grabelsky, David, Tripathi, Anoop, Homeier, Michael, Wang, Guanglu
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Tolentino, Roderick

Application Number

US10/671,375
Time in Patent Office

3,645 Days
Field of Search

713/166, 455/432.3, 455/433, 726/26, 379/201.01, 370/338, 370/332
US Class Current

726/4
CPC Class Codes

H04L 63/0892   by using authentication-aut...

H04L 65/1016   IP multimedia subsystem [IMS]

H04L 65/1073   Registration or de-registra...

H04L 65/1096   Supplementary features, e.g...

H04L 65/1104   Session initiation protocol...

System and method for network based policy enforcement of intelligent-client features

First Claim

8 Assignments

Litigations

1 Petition

Accused Products

Abstract

47 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for network based policy enforcement of intelligent-client features

First Claim

8 Assignments

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links