System and method for network based policy enforcement of intelligent-client features
DC CAFCFirst Claim
1. A method for controlling a plurality of services in packet-based networks, the method comprising:
- a network entity intercepting a signaling message associated with a call between a sender device of the message and an intended recipient device of the message, wherein the signaling message includes an indication of one type of the plurality of services which the signaling message is intended to invoke;
the network entity making a determination of whether either the sender device or the intended recipient device is authorized to invoke the type of service indicated in the signaling message based in part on a device profile maintained in part on a remote enforcement point, wherein the type of service comprises at least one of caller-ID, call waiting, multi-way calling, multi-line service, and codec specification; and
the network entity filtering the signaling message based on the determination such that the signaling message is transmitted to the intended recipient device if either the sender device or the intended recipient device is authorized to invoke the type of service indicated in the signaling message.
8 Assignments
Litigations
1 Petition
Accused Products
Abstract
A system and method for network based policy enforcement of intelligent-client features is provided. An operator of an IP telephony and/or IP multimedia network may enforce authorization or privileges of intelligent end-user clients to utilize or invoke services in the network. A network policy enforcement point is maintained in the network by elements that are under control of the network operator. The network policy enforcement point controls access to, and invocation of, features and services that may otherwise be delivered to subscribers without the knowledge or authorization of the network. The network policy enforcement point receives messages, associates the message with a known service, makes a determination as to whether a beneficiary of the service is authorized to invoke the service, and then filters the messages based on the determination.
47 Citations
25 Claims
-
1. A method for controlling a plurality of services in packet-based networks, the method comprising:
-
a network entity intercepting a signaling message associated with a call between a sender device of the message and an intended recipient device of the message, wherein the signaling message includes an indication of one type of the plurality of services which the signaling message is intended to invoke; the network entity making a determination of whether either the sender device or the intended recipient device is authorized to invoke the type of service indicated in the signaling message based in part on a device profile maintained in part on a remote enforcement point, wherein the type of service comprises at least one of caller-ID, call waiting, multi-way calling, multi-line service, and codec specification; and the network entity filtering the signaling message based on the determination such that the signaling message is transmitted to the intended recipient device if either the sender device or the intended recipient device is authorized to invoke the type of service indicated in the signaling message. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for controlling a plurality of services in packet-based networks, the method comprising:
-
a network entity intercepting a message associated with a call between a sender of the message and an intended recipient of the message; the network entity recognizing that the message includes at least part of an indication of at least one of the plurality of services; the network entity determining whether any beneficiary of the at least one of the plurality of services is authorized to invoke or receive the at least one of the plurality of services based on a beneficiary profile stored in part on a remote enforcement point, wherein the plurality of services comprise at least two of caller-ID, call waiting, multi-way calling, multi-line service, and codec specification; and the network entity processing the message based on whether the beneficiary of the at least one of the plurality of services is authorized to invoke or receive the at least one of the plurality of services. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for controlling a plurality of services in packet-based networks, the method comprising:
-
a network entity intercepting a message associated with establishing an Internet Protocol (IP) telephony call between a sender of the message and an intended recipient of the message, the message configured according to a protocol; the network entity requesting a user profile of a user associated with the message, wherein the user profile specifies which of a plurality of services the user is authorized to use, including IP telephony services; the network entity determining from the user profile whether the user is authorized to invoke or receive the IP telephone services, wherein the IP telephone services comprise at least two of caller-ID, call waiting, multi-way calling, multi-line service, and codec specification; and the network entity filtering the message based on whether the user is authorized to invoke or receive the IP telephone services. - View Dependent Claims (19, 20, 21, 22)
-
-
23. A system for controlling a plurality of services in packet-based networks, the system comprising:
-
an interface that is in a communications path of signaling messages between a first end device and a second end device, wherein the interface receives messages according to a protocol; a processor; data storage; and program logic stored in the data storage and executable by the processor to intercept at least one message associated with a call between the first end device and the second end device, to associate the at least one message with at least one known service of a plurality of services that are defined within the protocol, to determine whether either of the first end device and the second end device is authorized to invoke or receive the at least one known service of the plurality of services according to a user profile maintained on a remote enforcement point, wherein the type of service comprises at least one of caller-ID, call waiting, multi-way calling, multi-line service, and codec specification, and to filter the at least one message based on whether at least one of the first end device and the second end device is authorized to invoke or receive the at least one known service of the plurality of services.
-
-
24. A system comprising:
-
a border element being in a communications path of session initiation protocol (SIP) signaling messages associated with a call between end devices, wherein the SIP signaling messages include an indication of at least one service of a plurality of services, and wherein the border element is to filter the SIP signaling messages based on authorized services of either of the end devices, wherein an SIP signaling message is transmitted if either of the end devices associated with that SIP signaling message is authorized for a service indicated in that SIP signaling message, wherein the service comprises at least one of caller-ID, call waiting, multi-way calling, multi-line service, and codec specification; and a proxy server for receiving a request from the border element for a user profile of at least one of the end devices the user profile maintained on a storage device, and in response, for sending the user profile to the border element, wherein the user profile specifies which services of the plurality of services the at least one of the end devices is authorized to use. - View Dependent Claims (25)
-
Specification