SIP signaling without constant re-authentication

US 8,689,301 B2
Filed: 09/30/2008
Issued: 04/01/2014
Est. Priority Date: 09/30/2008
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating SIP signaling comprising:

in response to a first request of a client on a communication connection to initiate a voice call over the communication connection, authenticating the client and associating the client, in a record, with a first identifier for the connection included in the first request;

in response to at least one second request of the client on the connection and subsequent to the first request, forbearing from authenticating the client, wherein forbearing from authenticating the client comprises determining, based on the record, whether a second identifier for the connection included in the second request matches the first identifier and forbearing from authenticating the client in response to determining that the second identifier matches the first identifier; and

in response to a third request of the client on the connection and subsequent to the at least one second request, authenticating the client, wherein authenticating the client comprises determining, based on the record, whether a third identifier for the connection in the third request does not match the first identifier and authenticating the client in response to determining that the third identifier does not match the first identifier.

View all claims

23 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A proxy server causes an authentication authority to authenticate a client in response to a first Session Initiation Protocol (SIP) request of the client on a connection. It does not cause the client to be authenticated in response subsequent requests on the connection as long as the underlying connection is not broken, the subsequent requests are on behalf of the same client, the client has not been removed from the system, the client'"'"'s password has not changed, a “safety net” timer has not expired, or any other policy that the server chooses to enforce. This eliminates the overhead of constant re-authentication in response to each SIP request.

Citations

32 Claims

1. A method of authenticating SIP signaling comprising:
- in response to a first request of a client on a communication connection to initiate a voice call over the communication connection, authenticating the client and associating the client, in a record, with a first identifier for the connection included in the first request;
  
  in response to at least one second request of the client on the connection and subsequent to the first request, forbearing from authenticating the client, wherein forbearing from authenticating the client comprises determining, based on the record, whether a second identifier for the connection included in the second request matches the first identifier and forbearing from authenticating the client in response to determining that the second identifier matches the first identifier; and
  
  in response to a third request of the client on the connection and subsequent to the at least one second request, authenticating the client, wherein authenticating the client comprises determining, based on the record, whether a third identifier for the connection in the third request does not match the first identifier and authenticating the client in response to determining that the third identifier does not match the first identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15)
- - 2. The method of claim 1 further comprising:
    - in response to successfully authenticating the client, complying with the request; and
      
      in response to unsuccessfully authenticating the client, forbearing from complying with the request.
  - 3. The method of claim 2 further comprising:
    - in response to unsuccessfully authenticating the client, tearing down the connection.
  - 4. The method of claim 1 wherein:
    - the first, the at least one second, and the third request are made via a TCP/IP model application-layer protocol.
  - 5. The method of claim 4 wherein:
    - the protocol is SIP.
  - 6. The method of claim 5 wherein:
    - the first request comprises a first SIP invite, the second request comprises a second SIP invite, and the third request comprises a third SIP invite.
  - 7. The method of claim 4 wherein the transport layer protocol is a secure protocol.
  - 8. The method of claim 1 wherein:
    - forbearing from authenticating the client further comprisesin response to determining that the second identifier matches the first identifier, determining whether the authentication of the client has expired, andin response to determining that the authentication of the client has not expired, forbearing from authenticating the client;
      
      whereinthe method further comprisesin response to determining that the authentication of the client has expired, authenticating the client.
  - 9. The method of claim 1 wherein:
    - forbearing from authenticating the client further comprisesin response to determining that the second identifier does not match the first identifier, authenticating the client.
  - 10. The method of claim 1 wherein:
    - forbearing from authenticating the client comprisesin response to determining that the second identifier matches the first identifier, determining whether either (a) either an identifier of the client has changed from the first request or (b) the authentication of the client has expired, andin response to determining that both (a) the identifier of the client has not changed and (b) the authentication of the client has not expired, forbearing from authenticating the client;
      
      wherein the method further comprisesin response to determining that either (a) either the identifier of the client has changed or (b) the authentication of the client has expired, authenticating the client.
  - 11. The method of claim 1 wherein:
    - the first, the at least one second, and the third request are made via a TCP/IP model application-layer protocol.
  - 12. The method of claim 1 wherein:
    - the first, the at least one second, and the third request are made via SIP.
  - 13. The method of claim 1 wherein:
    - authenticating the client comprisesin response to an individual one of the first or the third request of the client, sending a request to an authentication authority for a challenge;
      
      in response to receiving a response to the challenge from the client, determining whether the response is correct;
      
      in response to determining that the response is correct, complying with the individual request; and
      
      in response to determining that the response is not correct, forbearing from complying with the individual request.
  - 15. A non-transitory computer storage medium storing computer-readable instructions which, when executed by the computer, perform the method of one of claims 1-14.

14. A method comprising:
- in response to a first SIP request of a client on a communication connection with a proxy server, authenticating the client and associating the client, in a record, with a first identifier for the connection included in the first SIP request;
  
  in response to at least a second SIP request of the client on the connection and subsequent to the first SIP request, forbearing from authenticating the client, wherein forbearing from authenticating the client comprises determining, based on the record, whether a second identifier for the connection included in the second SIP request matches the first identifier and forbearing from authenticating the client in response to determining that the second identifier matches the first identifier; and
  
  in response to at least a third SIP request of the client on the connection and subsequent to the at least one second SIP request, authenticating the client, wherein authenticating the client comprises determining, based on the record, whether a third identifier for the connection in the third SIP request does not match the first identifier and authenticating the client in response to determining that the third identifier does not match the first identifier.

16. A server comprising:
- means responsive to a first SIP invite of a client on a communication connection to initiate a voice call over the communication connection, for authenticating the client and associating the client, in a record, with a first identifier for the connection included in the first SIP invite;
  
  means responsive to at least one second SIP invite of the client on the connection and subsequent to the first SIP invite, for forbearing from authenticating the client, wherein forbearing from authenticating the client comprises determining, based on the record, whether a second identifier for the connection included in the second SIP invite matches the first identifier and forbearing from authenticating the client in response to determining that the second identifier matches the first identifier; and
  
  means responsive to a third SIP invite of the client on the connection and subsequent to the at least one second SIP invite, for authenticating the client, wherein authenticating the client comprises determining, based on the record, whether a third identifier for the connection in the third SIP invite does not match the first identifier and authenticating the client in response to determining that the third identifier does not match the first identifier.
- View Dependent Claims (17)
- - 17. The server of claim 16 wherein:
    - the server is a proxy server.

18. An apparatus comprising:
- a server adapted to respond to a first SIP invite of a client on a communication connection to initiate a voice call over the communication connection by authenticating the client and associating the client, in a record, with a first identifier for the connection included in the first SIP invite, adapted to respond to at least one second SIP invite of the client on the connection and subsequent to the first SIP invite by forbearing from authenticating the client, wherein forbearing from authenticating the client comprises determining, based on the record, whether a second identifier for the connection included in the second SIP invite matches the first identifier and forbearing from authenticating the client in response to determining that the second identifier matches the first identifier, and adapted to respond to a third SIP invite of the client on the connection and subsequent to the at least one second SIP invite by authenticating the client, wherein authenticating the client comprises determining, based on the record, whether a third identifier for the connection in the third SIP invite does not match the first identifier and authenticating the client in response to determining that the third identifier does not match the first identifier; and
  
  an authentication authority adapted to cooperate with the server to authenticate the client.

19. An apparatus for authenticating SIP signaling comprising:
- a store for storing instructions; and
  
  a processor for executing the instructions;
  
  wherein the store and the processor together form a server adapted to respond to a first request of a client on a communication connection to initiate a voice call over the communication connection by authenticating the client and associating the client, in a record, with a first identifier for the connection included in the first request, to respond to at least one second request of the client on the connection and subsequent to the first request by forbearing from authenticating the client, wherein forbearing from authenticating the client comprises determining, based on the record, whether a second identifier for the connection included in the second request matches the first identifier and forbearing from authenticating the client in response to determining that the second identifier matches the first identifier, and to respond to a third request of the client on the connection and subsequent to the at least one second request by authenticating the client, wherein authenticating the client comprises determining, based on the record, whether a third identifier for the connection in the third request does not match the first identifier and authenticating the client in response to determining that the third identifier does not match the first identifier.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 20. The apparatus of claim 19 wherein:
    - the server is further adapted to respond to successfully authenticating the client by complying with the request, and to respond to unsuccessfully authenticating the client by forbearing from complying with the request.
  - 21. The apparatus of claim 20 wherein:
    - the server is further adapted to respond to unsuccessfully authenticating the client by tearing down the connection.
  - 22. The apparatus of claim 19 wherein:
    - the server is adapted to receive the first, the at least one second, and the third request via a TCP/IP model application-layer protocol.
  - 23. The apparatus of claim 22 wherein:
    - the protocol is SIP.
  - 24. The apparatus of claim 23 wherein:
    - the first request comprises a first SIP invite, the second request comprises a second SIP invite, and the third request comprises a third SIP invite.
  - 25. The apparatus of claim 22 wherein:
    - the transport layer protocol is a secure protocol.
  - 26. The apparatus of claim 19 wherein:
    - the server is adapted to forbear from authenticating the client by (a) in response to determining that the second identifier matches the first identifier, determining whether the authentication of the client has expired, and (b) in response to determining that the authentication of the client has not expired, forbearing from authenticating the client; and
      
      whereinthe server is further adapted to respond to determining that the authentication of the client has expired, by authenticating the client.
  - 27. The apparatus of claim 19 wherein:
    - the server is further adapted to respond to determining that the second identifier does not match the first identifier, by authenticating the client.
  - 28. The apparatus of claim 19 wherein:
    - the server is adapted to forbear from authenticating the client by (a) in response to determining that the second identifier matches the first identifier, determining whether either (1) either an identifier of the client has changed from the first request or (2) the authentication of the client has expired, and (b) in response to determining that both (1) the identifier of the client has not changed and (2) the authentication of the client has not expired, by forbearing from authenticating the client; and
      
      whereinthe server is further adapted to respond to determining that either (1) either the identifier of the client has changed or (2) the authentication of the client has expired, by authenticating the client.
  - 29. The apparatus of claim 19 wherein:
    - the server is adapted to receive the first, the at least one second, and the third request via a TCP/IP model application-layer protocol.
  - 30. The apparatus of claim 19 wherein:
    - the server is adapted to receive the first, the at least one second, and the third request via SIP.
  - 31. The apparatus of claim 19 wherein:
    - the server is adapted to authenticate the client by (a) in response to an individual one of the first or the third request of the client, sending a request to an authentication authority for a challenge, (b) in response to receiving a response to the challenge from the client, forwarding the response to the authentication authority for determining whether the response is correct;
      
      (c) and whereinthe server is further adapted to respond to a determination that the response is correct by complying with the individual request, and to respond to a determination that the response is not correct by forbearing from complying with the individual request.
  - 32. The apparatus of claim 19 wherein:
    - the server comprises a proxy server;
      
      the first request is a first SIP request of a client on a communication connection with a proxy server;
      
      the at least one second request is at least one second SIP request of the client on the connection and subsequent to the first SIP request; and
      
      the third request is a third SIP request of the client on the connection and subsequent to the at least one second SIP request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arlington Technologies, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
Avaya Incorporated
Inventors
Boyle, Frank J., Brunson, Gordon, Chavez, David, Durney, Stephen, Weber, Gregory
Primary Examiner(s)
Vaughan, Michael R

Application Number

US12/242,105
Publication Number

US 20100082977A1
Time in Patent Office

2,009 Days
Field of Search

None
US Class Current

726/7
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

SIP signaling without constant re-authentication

First Claim

23 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

SIP signaling without constant re-authentication

First Claim

23 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links