System and method for applying authentication and security policies in a SIP environment

US 9,191,447 B2
Filed: 08/07/2014
Issued: 11/17/2015
Est. Priority Date: 04/05/2011
Status: Active Grant

First Claim

Patent Images

1. A SIP (Session Initiation Protocol) server comprising a processor connected to a memory, the processor configured to:

establish a persistent connection between a user agent (UA) and the SIP server;

initiate an idle connection timeout countdown timer subsequent to establishing the persistent connection;

initiate authentication of an initial REGISTER request using a first level of authentication subsequent to initiating the idle connection timeout countdown timer;

terminate the persistent connection when the initial REGISTER request is not authenticated before expiry of the idle connection timeout countdown timer; and

store a new binding for the UA in a registration repository when the initial REGISTER request is authenticated and remove the new binding when the persistent connection is dropped.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure provides a system and method for applying authentication and security policies in a SIP environment. In accordance with one embodiment, there is provided a method for use on a SIP server, comprising: establishing a persistent connection with a user agent (UA); initiating an idle connection timeout countdown timer; performing authentication of an initial REGISTER request using a first level of authentication; and terminating the persistent connection when the initial REGISTER request is not validated before expiry of the idle connection timeout countdown timer.

Citations

17 Claims

1. A SIP (Session Initiation Protocol) server comprising a processor connected to a memory, the processor configured to:
- establish a persistent connection between a user agent (UA) and the SIP server;
  
  initiate an idle connection timeout countdown timer subsequent to establishing the persistent connection;
  
  initiate authentication of an initial REGISTER request using a first level of authentication subsequent to initiating the idle connection timeout countdown timer;
  
  terminate the persistent connection when the initial REGISTER request is not authenticated before expiry of the idle connection timeout countdown timer; and
  
  store a new binding for the UA in a registration repository when the initial REGISTER request is authenticated and remove the new binding when the persistent connection is dropped.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The SIP server of claim 1, wherein the processor is further configured to:
    - receive a subsequent request from the UA over the persistent connection; and
      
      perform authentication of the subsequent request using a second level of authentication, wherein the second level of authentication is lower than the first level of authentication.
  - 3. The SIP server of claim 2, wherein the second level of authentication comprises minor validation.
  - 4. The SIP server of claim 3, wherein the minor validation comprises validating at least one of the user name, password, and parameters in the subsequent request.
  - 5. The SIP server of claim 2, wherein the second level of authentication comprises no authentication.
  - 6. The SIP server of claim 2 wherein the processor is further configured to:
    - process the subsequent request when the subsequent request is authenticated.
  - 7. The SIP server of claim 6 wherein the processor is further configured to:
    - reject the subsequent request when the subsequent request is not authenticated.

8. A SIP (Session Initiation Protocol) server comprising a processor connected to a memory, the processor configured to:
- establish a persistent connection between a user agent (UA) and the SIP server;
  
  initiate an idle connection timeout countdown timer subsequent to establishing the persistent connection;
  
  initiate authentication of an initial REGISTER request using a first level of authentication subsequent to initiating the idle connection timeout countdown timer;
  
  terminate the persistent connection when an initial REGISTER request is not authenticated before expiry of the idle connection timeout countdown timer;
  
  store a new binding for the UA in a registration repository when the initial REGISTER request is authenticated; and
  
  initiate a keep alive procedure for the persistent connection.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The SIP server of claim 8, wherein the processor is further configured to:
    - receive a subsequent request from the UA over the persistent connection; and
      
      perform authentication of the subsequent request using a second level of authentication, wherein the second level of authentication is lower than the first level of authentication.
  - 10. The SIP server of claim 9, wherein the second level of authentication comprises minor validation.
  - 11. The SIP server of claim 10, wherein the minor validation comprises validating at least one of the user name, password, and parameters in the subsequent request.
  - 12. The SIP server of claim 9, wherein the second level of authentication comprises no authentication.
  - 13. The SIP server of claim 9 wherein the processor is further configured to:
    - process the subsequent request when the subsequent request is authenticated.
  - 14. The SIP server of claim 13 wherein the processor is further configured to:
    - reject the subsequent request when the subsequent request is not authenticated.
  - 15. The SIP server of claim 8 wherein the processor is further configured to:
    - remove the new binding when the persistent connection is dropped.

16. A non-transitory computer-readable medium storing program instructions that when executed by a processor cause the processor to perform a method for authenticating requests by a SIP (Session Initiation Protocol) server, the method comprising:
- establishing a persistent connection between a user agent (UA) and the SIP server;
  
  initiating an idle connection timeout countdown timer subsequent to establishing the persistent connection;
  
  initiating authentication of an initial REGISTER request using a first level of authentication subsequent to initiating the idle connection timeout countdown timer;
  
  terminating the persistent connection when an initial REGISTER request is not authenticated before expiry of the idle connection timeout countdown timer; and
  
  storing a new binding for the UA in a registration repository when the initial REGISTER request is authenticated and removing the new binding when the persistent connection is dropped.

17. A non-transitory computer-readable medium storing program instructions that when executed by a processor cause the processor to perform a method for authenticating requests by a SIP (Session Initiation Protocol) server, the method comprising:
- establishing a persistent connection between a user agent (UA) and the SIP server;
  
  initiating an idle connection timeout countdown timer subsequent to establishing the persistent connection;
  
  initiating authentication of an initial REGISTER request using a first level of authentication subsequent to initiating the idle connection timeout countdown timer;
  
  terminating the persistent connection when an initial REGISTER request is not authenticated before expiry of the idle connection timeout countdown timer;
  
  storing a new binding for the UA in a registration repository when the initial REGISTER request is authenticated; and
  
  initiating a keep alive procedure for the persistent connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Kramarenko, Valentina Iqorevna, Rozinov, Boris, John Chuan, Mee Tchin Jane, Pang, Swee Tuan
Primary Examiner(s)
McNally, Michael S

Application Number

US14/454,004
Publication Number

US 20140351449A1
Time in Patent Office

467 Days
Field of Search

726/3
US Class Current

1/1
CPC Class Codes

H04L 2101/30   Types of network names

H04L 2101/385   Uniform resource identifier...

H04L 61/2575   using address mapping retri...

H04L 61/4535   using an address exchange p...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/108   when the policy decisions a...

H04L 63/1458   Denial of Service

H04L 63/20   for managing network securi...

H04L 65/1073   Registration or de-registra...

H04L 65/1104   Session initiation protocol...

H04L 67/143   Termination or inactivation...

H04L 67/147   Signalling methods or messa...

System and method for applying authentication and security policies in a SIP environment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for applying authentication and security policies in a SIP environment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links