GB2492777A

GB2492777A - SIP invite messages with call IDs encrypted at application gateways

Info

Publication number: GB2492777A
Application number: GB1111862.7A
Authority: GB
Inventors: Oliver James Carter
Original assignee: Metaswitch Networks Ltd
Current assignee: Metaswitch Networks Ltd
Priority date: 2011-07-11
Filing date: 2011-07-11
Publication date: 2013-01-16
Anticipated expiration: 2031-07-11
Also published as: GB2492777B; GB201111862D0; US9521203B2; US20130177011A1; US20160072897A1; US20130188649A1; US9160608B2

Abstract

A telecommunication network comprises endpoints E1/E2, application gateways including session border controllers SBC1/2 and softswitch 120. The softswitch may be a media gateway controller (MGC) or call agent and the system may provide packet based telephony (eg. VoIP (Voice over Internet Protocol)). VoIP sessions are set up using SIP (session initiation protocol) invite messages which specify call/session IDâ s. These call IDâ s may include the IP addresses of the endpoints, which may be secure addresses on private networks. In order to hide any private addresses the invention encrypts the call ID in invite 2a at the SBC and uses the ciphertext in the call ID of invite 2b sent to the softswitch. The softswitch stores the encrypted call IDâ s and can reference them for collecting call quality statistics.

Description

Communication Session Processing

Technical Field

The present invention relates to proccssing communication sessions in a telecommunications network.

Background

Packet-based telecommunications networks typically include application gateway devices deployed at the boundaries between nctworks. For example, a Session Border Controller (SBC) is deployed at the border of a Voice Over Internet Protocol (V0IP) network and protects the network by policing communication sessions such as voice calls (or VoIP calls') flowing into or out of that network.

Communication sessions such as voice calls arc commonly set up using the Session Initiation Protocol (SIP). Such communication sessions have a signalling path spanning a plurality of devices including one or more intermediate network devices, such as SBCs and softswitches, and at least two endpoint devices, such as user terminals. The signalling path comprises a plurality of signalling segments, each segment being bctween two devices in the plurality of devices.

An SBC can employ network address translation (NAT) to hide the IP addresses of devices in one network from devices in another network, when communicating via a signalling segment. This typically involves the SBC replacing network addresses of signalling messages, and storing a network address lookup table for translating between the network addresses. In the case of SIP signalling messages, such network addresses can be Internet Protocol (IP addresses) contained in session or associated identifiers.

Various different references used in signalling messages refer to the correct communication session or associated identifiers. In the case of SIP signalling messages, there are many SIP extension functions, some of which, such as call transfer, may reference a session while it is still in existence, and others of which, such as voice quality reporting, may reference the communication session whilst it is still in existence and also after it has terminated. Such SIP extension functions are continually being developed.

There is therefore a need to provide improved methods for processing session identifiers in a signalling segment for a communications session.

Summary

In accordance with some embodiments, there is provided a method of processing communication sessions in a telecommunications network, each communication session having a signalling path spanning a plurality of devices including one or more intermediate network devices and at least two endpoint devices, the signalling path comprising a plurality of signalling segments, each segment being between two devices in the plurality of devices, the method comprising: receiving, via a first signalling segment for a communication session, a first signalling message comprising a first identifier associated with the communication session; transforming at least part of the first identifier using a deterministic encryption algorithm to generate a second identifier; and transmitting, via a second signalling segment for the communication session, a second signalling message comprising the second identifier to associate the second identifier with the communication session.

Hence, some embodiments provide efficient network address hiding in session identifiers without the need to store network address translation lookup tables.

Employing a deterministic, encrypted mapping allows devices with the necessary encryption/decryption keys to correctly transform the identifiers wherever they are referred to in subsequent signalling messages sent via the same signalling segment, regardless of whether the original communication session is still in progress.

In embodiments of the invention, the transformation is carried out by a device transmitting the second signalling message via the signalling segment. The device receiving the second signalling message via the signalling segment need not perform inverse translation of the received second identifier. In some embodiments, the device receiving the second signalling message via the signalling segment does not perform inverse translation of the received second identifier, nor indeed of any other identifiers relating to the same session. Since the transformation is deterministic, and the same value is used for the transformation, the same identifier is received by the receiving device. Hence, the transformation may be performed independently of knowledge, at the receiving end, of the transformation having been applied. Hence, these devices may be standardised devices which interoperate according to predetermined standards, such as the SIP standard. Hence, in embodiments in which the transformation is applied in a particular device, for example in an SBC, standardised receiving devices may be used, for example standardised softswitches and standardised user terminals implementing standard protocols. Moreover, encryption keys need not be exchanged between the devices for the purpose of network address hiding as the receiving device need not perform decryption of session 1 0 or associated identifiers.

In some embodiments, the first signalling mcssage comprises a first communication session setup signalling message for the communication session and the second signalling message compriscs a sccond communication session sctup signalling message for the communication session. Hence, some embodiments provide efficient network address hiding during the communication session setup phase.

In some embodiments, the method comprises receiving a third signalling message comprising the first identifier, transforming at least part of the first identifier from the third signalling message using the deterministic encryption algorithm to generate the second identifier associated with the communication session, and transmitting a fourth signalling message comprising the second identifier generated by the transformation of at least part of the first identifier from the third signalling message. The third signalling message may comprise a first quality reporting signalling message for the communication session and may be received via the first signalling segment, and the fourth signalling message may comprise a second quality reporting signalling message and be transmitted via the second signalling segment.

Hence, some embodiments provide efficient network address hiding afler the communication session setup phase by using the same encryption transformation applied during the communication session setup phase, for example in relation to communication session quality reporting.

In some embodiments, the first identifier is received at an intermediate network device, and the method comprises determining that the received first identifier does not comprise at least a portion identifying the intermediate network device, wherein the transforming of at least part of the first identifier is canied out in response to the determination. Hence, a decision to apply an encryption transformation of the identifier can be taken.

In some embodiments, the method comprises receiving a third signalling message comprising the second identifier, transforming at least part of the second identifier from the third signalling message using an inverse of the deterministic encryption algorithm to generate the first identifier associated with the communication session, and transmitting a fourth signalling message comprising the 1 0 first identifier generated from the transformation of at least part of the second identifier from the third signalling message. The third signalling message may comprise a first quality reporting signalling message for the communication session and be received via the second signalling segment, and the fourth signalling message may comprise a second quality reporting signalling message and be transmitted via the first signalling segment. Hence, some embodiments provide efficient network address hiding after the communication session setup phase by using an inverse of the encryption transformation applied during the communication session setup phase, for example in relation to communication session quality reporting.

In some embodiments, the second identifier is received at an intermediate network device, and the method comprises determining that the received second identifier comprises at least a portion identiiing the intermediate network device, wherein the transforming of at least part of the second identifier is carried out in response to the determination. Hence, a decision to apply a decryption transformation of the identifier can be taken.

In some embodiments, the first quality reporting signalling message is received during the communication session. In some embodiments, the first quality reporting signalling message is received after termination of the communication session. Hence, some embodiments provide processing of quality reports without the need to store network address translation lookup tables during the communication session or maintain such network address translation lookup tables after termination of the communication session.

In some embodiments, the first signalling message comprises a first quality reporting signalling message for the communication session and the second signalling message comprises a second quality reporting signalling message for the communication session. Hence, the network address hiding can function in relation to communication session quality reporting functionality.

In some embodiments, the method comprises detecting that the first signalling message is of a communication session quality reporting type, wherein the transformation is carried out in response to the detection. Hence, if monitoring of the type of signalling messages indicates a quality reporting type, a device can accurately 1 0 detect that appropriate transformation of the identifier should be carried out such that downstream devices in the signalling path can recognise the correct communication session to which the quality reporting signalling messages relate.

In some embodiments, the first identifier includes a portion comprising a network address for at least one device in the signalling path of the communication session. Hence, a network address of the at least one device can be hidden from other devices in the signalling path for the communication session.

In some embodiments at least one device comprises an endpoint device, and the first signalling message is generated by the endpoint device, whereas in other embodiments, the at least one device comprises a soflswitch, and the first signalling message is generated by the soflswitch. Hence, access to an identifier for a device can be prevented. This may for example be useful in preventing an address for an endpoint device which is only valid in a private network from being made available externally to the network. This may also be useful in preventing hacking of an intermediate network device such as a softswitch acting as a quality reporting collector entity by one or more endpoint devices.

In some embodiments, the communication session comprises a Session Initiation Protocol (SIP) communication session, the first and second signalling messages comprise first and second SIP signalling messages, and the first and second identifiers are session identifiers contained in respective session identifier fields of the first and second SIP signalling messages. Hence, in a SIP environment IP addresses of devices in the signalling path for a session can be hidden when referenced in session identifier fields used in a message sent along the a particular signalling segment.

In some embodiments, the first and second signalling messages comprise one or more of SIP INVITE messages, SIP SUBSCRIBE messages, and SIP REFER messages. In other embodiments, the first and second signalling messages comprise one or more of SIP NOTIFY messages, and SIP PUBLISH messages. Hence, the described techniques can be employed in relation to a number of different types of SIP setup and reporting signalling messages.

In some embodiments, the communication session comprises a Voice over Internet Protocol (V0IP) or Communications over Internet Protocol (C0IP) call.

In some embodiments, the transformation of the first identifier is carried out by a session border controller located between the first and second signalling segments, the transformation is applied to the entire contents of the first identifier and the result of the transformation is added as a prefix to a network address of the session border controller to form the second identifier. Hence, a session border controller is able to make a decision as to whether an encryption or decryption transformation is applied to the identifier which allows association of the signalling message to the correct communication session by a downstream device in the signalling path for the session.

In accordance with some embodiments, there is provided a method of processing communication sessions in a telecommunications network, each communication session having a signalling path spanning a plurality of devices including one or more intermediate network devices and at least two endpoint devices, the signalling path comprising a plurality of signalling segments, each the segment being between two devices in the plurality of devices, the method comprising: receiving, via a first signalling segment for a communication session, a first communication session setup signalling message comprising a first identifier associated with the communication session; transforming at least part of the first identifier using a deterministic encryption algorithm to generate a second identifier; transmitting, via a second signalling segment for the communication session, a second communication session setup signalling message comprising the second identifier to associate the second identifier with the communication session; receiving, via the second signalling segment, a first quality reporting signalling message for the communication session, the first quality reporting signalling message comprising the second identifier; transforming at least part of the second identifier from the first quality reporting signalling message using an inverse of the deterministic encryption algorithm to generate the first identifier associated with the communication session; and transmitting, via the first signalling segment, a second quality reporting signalling message comprising the first identifier generated from the transforming.

In accordance with some embodiments, there is provided a method of processing communication sessions in a telecommunications network, each communication session having a signalling path spanning a plurality of devices including one or more intermediate network devices and at least two endpoint devices, the signalling path comprising a plurality of signalling segments, each the segment being between two devices in the plurality of devices, the method comprising: receiving, via a first signalling segment for a communication session, a first communication session setup signalling message comprising a first identifier associated with the communication session; transforming at least part of the first identifier using a deterministic encryption algorithm to generate a second identifier; transmitting, via a second signalling segment for the communication session, a second communication session setup signalling message comprising the second identifier to associate the second identifier with the communication session; receiving, via the first signalling segment, a first quality reporting signalling message for the communication session, the first quality reporting signalling message comprising the first identifier; further transforming at least part of the first identifier from the first quality reporting signalling message using the deterministic encryption algorithm to generate the second identifier associated with the communication session; and transmitting, via the second signalling segment, a second quality reporting signalling message comprising the second identifier generated from the further transforming.

In accordance with some embodiments, there is provided apparatus adapted to perform the methods of the various different embodiments described herein.

In accordance with some embodiments, there is provided a session border controller for processing communication sessions in a telecommunications network, each communication session having a signalling path spanning a plurality of devices including one or more session border controllers, a softswitch and at least two endpoint devices, the signalling path comprising a first signalling segment located between one of the endpoint devices and the session border controller, and a second signalling segment located between the session border controller and the softswiteh, the session border controller comprising: a first interface configured to receive, via the first signalling segment for a communication session, a first signalling message comprising a first identifier associated with the communication session; a processor configured to transform at least part of the first identifier using a deterministic encryption algorithm to generate a second identifier; and a second interface configured to transmit, via the second signalling segment for the communication session, a second signalling message comprising the second identifier to associate the second identifier with the communication session.

In accordance with some embodiments, there is provided computer software adapted to perform the methods of the various different embodiments described herein.

In accordance with some embodiments, there is provided a computer program product comprising a non-transitory computer-readable storage medium having computer readable instructions stored thereon, the computer readable instructions being executable by a computerized device to cause the computerized device to perform a method for processing communication sessions in a telecommunications network, each communication session having a signalling path spanning a plurality of devices including one or more intermediate network devices and at least two endpoint devices, the signalling path comprising a plurality of signalling segments, each the segment being between two devices in the plurality of devices, the method comprising: receiving, via a first signalling segment for a communication session, a first signalling message comprising a first identifier associated with the communication session; transforming at least part of the first identifier using a deterministic encryption algorithm to generate a second identifier; and transmitting, via a second signalling segment for the communication session, a second signalling message comprising the second identifier to associate the second identifier with the communication session.

Further features and advantages of embodiments will become apparent from the following description of some embodiments, given by way of example only, which is made with reference to the accompanying drawings.

Brief Description of the Drawings

Figure 1 is a system diagram according to some embodiments.

Figure 2 is a signalling message flow diagram according to some embodiments.

Figure 3 is a block diagram showing components of an application gateway according to some embodiments.

Detailed Description

Figure 1 is a system diagram according to some embodiments. Figure 1 illustrates an example telecommunications network 1 that includes endpoint devices El and E2 and a plurality of intermediate network devices. In this case, the plurality of intermediate network devices includes application gateway 102, application gateway 108 and softswitch 120. Telecommunications network I may contain more endpoint devices and more intermediate network devices (not shown).

Endpoint device El is connected to application gateway 102 (denoted as SBC 1' in Figure 1) which is in turn connected to network 106. Endpoint device El may be located in a private Local Area Network (LAN) with SBC 1 located at the border between the LAN and network 106. Network 106 may comprise one or more packet-switched networks such as the Internet and/or circuit-switched networks such as a Public Switched Telephone Network (PSTN). Endpoint device E2 is connected to application gateway 108 (denoted as SBC 2' in Figure 1) which is in turn connected to network 106. Endpoint device E2 may be located in a private LAN with SBC 2 located at the border between the LAN and network 106. Application gateways 102 and 108 have access to databases 104 arid 110 respectively.

Softswitch 120 is responsible for routeing communication sessions such as voice calls to and from a number of endpoint devices including El and E2.

Softswitch 120 has access to database 116. A softswitch is an entity or cluster of entities, also known as a Media Gateway Controllers (MGCs) or call agent. A softswitch provides the intelligence that controls packet-based telephony services, including the ability to select processes that can be applied to a communication session, routeing for a communication session within the network based on signalling and subscriber database information, the ability to transfer control of the communication session to another network element and management functions such as provisioning, fault detection and billing. A softswitch also provide the architecture for enabling conversion between signalling protocols such as the Signalling System #7 (SS7) and the Session Initiation Protocol (SIP). Softswitch 120 acts as a collector network entity in relation to communication session quality reporting frmnctionality, such functionality being described in more detail below.

Endpoint devices El and E2 are capable of communicating with each other in communication sessions and could for example comprise VoIP telephones, or computing devices such as personal computers configured to conduct communications sessions. Each application gateway 102, 108 could for example take the form of a Session Border Controller (SBC), a computer server that includes hardware and/or software implementing a SIP proxy server, or other forms of application gateway.

An application gateway will typically (but not always) be located on the boundary between two different domains or parts of a telecommunications network, for example on the boundary between a private LAN and the Internet, with the application gateway being responsible for policing communication sessions in and out of the private LAN.

In the following example embodiments, the user of El initiates a communication session such as a voice call with the user of E2 such that a communication session between endpoint devices El and E2 is established, i.e. endpoint device El is an originating endpoint device and endpoint device E2 is a terminating endpoint device. The communications session will have a media path for transfer of media data between endpoint devices El and E2 and a signalling path for transfer of signalling information for setup and control of the communication session.

In embodiments, the signalling path for the communication session spans endpoint devices El and E2 and intermediate network devices SBC 1, SBC 2 and softswitch 120. The signalling path for the communication session comprises a plurality of signalling segments, with each signalling segment bcing between two devices. The signalling path between endpoint device El and SBC I forms a first signalling segmcnt, thc signalling path bctween SBC I and softswitch 120 forms a second signalling segment, the signalling path between softswitch 120 and SBC 2 forms a third signalling segment and the signalling path between SBC 2 and endpoint device E2 forms a fourth signalling segment.

Endpoint device El has a network address in the form of an IP address, in this case 100.1.1.1. Similarly, endpoint device E2 has an IP address of 100.1.1.2 and softswitch 120 has an IP address of 172.19.3.3. SBC I has a network address in the form of a domain address @sbcl ss.com and SBC 2 has a network address in the form of a domain address @sbc2pbx2.com.

Figure 2 is a signalling message flow diagram according to some embodiments. In these embodiments, processing of SIP signalling messages for a communication session conducted between endpoint devices El and E2 is described.

Figure 2 shows a number of SIP signalling messages being transmitted via different segments of a communication session; the type of SIP message and message sequence identifier (2a, 2b, 2c etc) is given above the arrow between the respective devices of a segment and a call identifier associated with the communication session is given below the arrow.

A session identifier (which is placed in a session identifier field denoted Call-ID' in a SIP header of a SIP message; and may be placed in other session identifier fields denoted in various other manners, such as "CaI1ID"; SessionlD; etc. within a SIP body of a SIP message) is a unique identifier for a communication session, typically generated by the combination of a random string and a hostname or IP address of the device generating the call identifier.

In embodiments, an application gateway device which is located in the signalling path for a communication session may modify an identifier contained in a signalling message transmitted along the signalling path for the communication session in order to hide a network address relating to one or more devices in the signalling path from other devices in the signalling path. Some embodiments provide methods and apparatus by which a device in the signalling path of the communication 1 0 session may correctly reference an identifier associated with a communication session, such as a call identifier, when is it referred to in a subsequent signalling message for the communication session. To this aim, some embodiments employ a deterministic encryption algorithm to transform identifiers such as call identifiers contained in signalling messages. Identifiers in subsequent signalling messages can be similarly transformed allowing referencing to the correct communication session by other devices.

Use of a transformation algorithm with encryption capabilities ensures hiding of network addresses to downstream devices in the signalling path. Use of a transformation algorithm with deterministic qualities ensures that the process is repeatable for subsequent signalling messages such that downstream devices in the signalling path can associate the identifiers in subsequently transformed signalling messages with the correct communication session. Use of a reversible encryption algorithm, instead of for example a one-way hash algorithm, ensures that the reverse transformation can also be achieved in subsequent signalling messages flowing in the opposite direction. Some embodiments achieve efficient network address hiding without the need for application gateway devices to store and maintain network address translation lookup tables for communication sessions.

The user of originating endpoint device El wishes to conduct a communication session with the user of terminating endpoint device E2. Initiation of the communication session begins with appropriate user input on El, for example selection of the user of E2 from an address book stored on El. El is configured to contact application gateway SBC I with all communication session requests, i.e. S BC I acts as a SIP back-to-back user agent for El. El therefore transmits a communication session setup signalling message in the form of a SIP Invite signalling message to SBC I via the signalling segment between El and SBC 1 in step 2a. The SIP Invite messagc of step 2a contains a first identifier associated with the communication session. In this example, the first identifier is a session identifier (denoted Call ID 1' in Figure 1), j jJ100.iJ.1, such being included in a Call-ID field in the SIP header of the SIP Invite message of step 2a. The session identifier here consists of a random string (1111) and an IP address (100.1.1.1) for endpoint device El.

When SBC 1 receives the communication session setup signalling message of step 2a it transforms at least a part of the first identifier contained in the communication session setup signalling message of step 2a using a deterministic encryption algorithm to generate a second identifier. In order to apply the deterministic encryption algorithm, SBC 1 consults database 104 to retrieve an encryption key 304 for the deterministic encryption algorithm stored therein.

SBC I transmits a communication session setup signalling message comprising the second identifier in the form of a SIP Invite signalling message to softswitch 120 via the signalling segment between SBC 1 and softswitch 120 to associate the second identifier with the communication session in step 2b. In this example, SBC 1 creates a call identifier (denoted Call ID 2' in Figure 1) by adding the result of the transformation (SFSDAB234DFGW) as a prefix to a network address ((cTijsbelss.eom) of SBC 1 to form the second identifier, 8[5DAB234DFGWcsbcIss.com, which is included in the Call-ID field of the SIP header of the SIP Invite message of step 2b.

Note that the first identifier will in general contain an 6' symbol for linking the random string to an address, whereas the second identifier generated from the transformation will typically not contain an (d' symbol.

The session identifier in the signalling message of step 2a generated by El and received by SBC 1 includes a portion (100.1.1.1') comprising a network address for endpoint device El which is located in the signalling path of the communication session. The session identifier in the signalling message of step 2b transmitted by intermediate network device SBC I does not include a portion comprising a network address for endpoint device El, so network address hiding with respect to El may be thus achieved. The network address of El is advantageously hidden from soflswitch 120.

When softswitch 120 receives the SIP Invite message of step 2b it stores the session identifier for the segment of the communication session between SBC 1 and softswitch 120 in database 116.

Softswitch 120 transmits a communication session setup signalling message in the form of a SIP Invite signalling message to SBC 2 via the signalling segment between softswitch 120 and SBC 2 in step 2c. The SIP Invite message of step 2c contains a third identifier associated with the communication session. In this example, the third identifier is a call identifier (denoted Call ID 3' in Figure 1), 2222:i72.19.3.3, which is included in the Call-ID field ofthe SIP header of the SIP Invite message of step 2c. The session identifier here consists of a random string (2222) and an IP address (172.19.3.3) for softswitch 120.

Softswitch 120 stores the session identifier for the segment of the communication session between soflswitch 1 20 and SBC 2 in database 11 6.

When SBC 2 receives the communication session setup signalling message of step 2c it transforms at least a part of the third identifier contained in the communication session setup signalling message of step 2e using a deterministic encryption algorithm to generate a fourth identifier. In order to apply the deterministic encryption algorithm, SBC 2 consults database 110 to retrieve an encryption key for the deterministic encryption algorithm stored therein.

SBC 2 transmits a communication session setup signalling message comprising the fourth identifier in the form of a SIP Invite signalling message to E2 via the signalling segment between SBC 2 and E2 to associate the fourth identifier with the communication session in step 2d. In this example, SBC 2 creates a call identifier (denoted Call ID 4' in Figure 1) by adding the result of the transformation (4DkYN8f'SsAyb5cx) as a prefix to a network address (4sbc2pbx2.com) of SBC 2 to form the fourth identifier, 4DkYIN8fSsi\yb5cx(itshc pbx2.com, which is included in the Call-ID field of the SIP header of the SIP Invite message of step 2d.

The session identifier in the signalling message of step 2c generated by intermediate network device softswitch 120 and received by SBC 2 includes a portion (172.19.3.3') comprising a network address for softswitch 120 which is located in the signalling path of the communication session. The session identifier in the signalling message of step 2d transmitted by SBC 2 does not include a portion comprising a network address for softswitch 1 20, so network address hiding with respect to softswitch 120 may thus be achieved. The network address of soflswitch 120 is advantageously hidden from endpoint device E2.

During setup of a communication session between endpoint device El and endpoint device E2, a SIP 200 OK message will be transmitted in response to the Invite message transmitted for each segment. A SIP ACK message will then be transmitted to acknowledge receipt of each SIP 200 OK message. Such SIP 200 OK and SIP ACK messages arc not depicted in Figure 2 for clarity purposes and are not described herein in any further detail as their use in relation to the embodiments described here will be clear to one skilled in the art.

After steps 2a to 2d have been carried out, the communication session has been established and the users of El and E2 may communicate with each other.

Media data for the communication session such as voice and!or video data is able to flow (not shown) between El and E2, possibly via one or more of SBC 1, SBC 2 and softswitch 120.

During, the communication session, endpoint device El may generate one or more statistics for the quality of communication in the communication session, for example relating to packet loss, jitter, round-trip delay time, etc. Such statistics can be reported to a collector network entity such as softswitch 120 to enable communication session quality reporting functionality.

With reference to Figure 2, endpoint device El generates a communication session quality report, see item 150, in relation to the communication session established in steps 2a to 2d and transmits a first quality reporting signalling message containing the generated quality report for the communication session to SBC 1 in step 2c. In this case, the first quality reporting signalling message is in the form of a SIP PUBLISH signalling message transmitted to SBC 1 via the signalling segment between El and SBCI. The SIP PUBLISH message of step 2e contains the first identifier associated with the communication session, in this case l111(âJOO.1.l.i, which is included in a session identifier field (denoted, for example, in this embodiment as Ca1IID) in a voice quality session report (VQSessionReport) in the SIP body of the SIP PUBLISH message of step 2e.

When SBC I receives the first quality reporting signalling message of step 2e it transforms at least a part of the first identifier contained in the communication session setup signalling message of step 2e using the deterministic encryption algorithm to generate the second identifier. In order to apply the deterministic encryption algorithm, SBC 1 consults database 104 to retrieve the encryption key for the deterministic encryption algorithm stored therein.

SBC 1 transmits a second quality reporting signalling message comprising the second identifier generated by the transformation of the first identifier contained in the communication session setup signalling message of step 2c in the form of a SIP PUBLISH signalling message to softswitch 120 via the signalling segment between SBC I and sofIswitch 120 in step 2 In this example, SBC I creates a session identifier by adding the result of the transformation (8F5DAB234DFGW) as a prefix to a network address (sbcl ss.com) of SBC 1 to form the second identifier, 8F5DAB234DFGW(ä.?sbci ss.com, the whole of which, or at least the first string of which (preceding the (â' symbol) is included in the CaIIID field in a voice quality session report (VQSessionReport) in the SIP body of the SIP PUBLJSH message of step 2 The session identifier in the signalling message of step 2e generated by endpoint device El and received by intermediate network device SBC I includes a portion (100.1.1.1') comprising a network address for endpoint device El which is located in the signalling path of the communication session. The session identifier in the signalling message of step 2f transmitted by SBC 1 does not include a portion comprising a network address for endpoint device El, so network address hiding with respect to El may thus be achieved. The network address of El is advantageously hidden from sofiswitch 120.

When softswitch 120 receives the SIP PUBLISH message of step 2f it examines the CallID field to find a session identifier of 8F5DAJ3234DFGW(Zisbci ss.com. Softswitch 120 consults database 116 and recognises that this session ientifier relates to the communication session between endpoint device El and endpoint device E2, in particular the session identifier identified in the Call-ID field used in previous signalling for the segment between softswitch 120 and SBC 1. Softswitch 120 is thus able to react to the communication session quality report accordingly in relation to the correct communication session.

During, the communication session, endpoint device E2 may also generate one or more statistics for the quality of communication in the communication session.

Such statistics can be reported to a collector network entity such as soflswitch 120 to enable communication session quality reporting functionality.

With reference to Figure 2, endpoint device E2 generates a communication session quality report, see item 160, in relation to the communication session established in steps 2a to 2d and transmits a third quality reporting siialling message containing the quality report generated for the communication session to SBC 2 in step 2g. In this ease, the first quality reporting signalling message is in the form of a SIP PUBLISH signalling message transmitted to SBC 2 via the signalling segment between E2 and SBC 2. The SIP PUBLISH message of step 2g contains the fourth identifier associated with the communication session, in this case 4DkYi'XfSsAvb5cx(ãsbc2 phx2.com, the whole of which, or at least the first string of which (preceding the @ symbol) is included in the CaIIID field in a voice quality session report (VQSessionReport) in the SIP body the SIP PUBLISH message of step 2g.

Here, the Ca11ID includes a portion (sbc2_pbx2.com) comprising a network address for intermediate network device SBC 2 which is located in the signalling path of the communication session.

When SBC 2 receives the third quality reporting signalling message of step 2g it transforms at least a part of the fourth identifier contained in the communication session setup signalling message of step 2g using an inverse of the deterministic encryption algorithm to generate the third identifier associated with the communication session. In order to apply the inverse of the deterministic encryption algorithm, SBC 2 consults database 110 to retrieve a decryption key 306 for the inverse of the deterministic encryption algorithm stored therein.

In such embodiments, the deterministic encryption algorithm comprises a reversible deterministic encryption algorithm such that an inverse of the deterministic encryption algorithm exists. The inverse of the deterministic encryption algorithm can then be applied to implement decryption of an identifier in a signalling message transmitted in the opposite direction along the signalling path to which thc deterministic encryption algorithm was previously applied.

SBC 2 transmits a fourth quality reporting signalling message comprising the third identifier generated by the transformation of the fourth identifier contained in the communication session setup signalling message of step 2g in the form of a SIP PUBLISH signalling message to softswitch 120 via the signalling segment between SBC 2 and softswitch 120 in step 2h. In this example, SBC 2 creates a session identifier for a Ca1IID field of a voice quality session report (VQScssionReport) in the SIP body of the SIP PUBLISH message of step 2h using the result of the transformation of the fourth identifier, i.e. decryption of the fourth identifier results in the session identifier of 2222a1 72193.3 (which comprises a random string (2222) and an IP address (172.19.3.3) for softswitch 120).

When soflswitch 120 receives the SIP PUBLISH message of step 2h it examines the Ca11ID field in the voice quality session report (VQScssionReport) in the SIP body of the SIP PUBLISH message to find a session identifier of 2222(âi72I93.3. Softswitch 120 consults database 116 and recognises that this session idcntifcr relates to the communication session between endpoint device El and endpoint device E2, in particular the session identifier identified in the Call-ID field used in previous signalling for the segment between softswitch 120 and SBC 2.

Softswitch 120 is thus able to react to the communication session quality report accordingly in relation to the correct communication session.

An example of a communication session quality reporting signalling message is given as follows: -_KI I OH s:cciiccccrIicxjmcle.cH S I P12.0 Viat: 010/2. 1/1l00 pc22.cxalLpic. org;branct=z0Lc4hK3343c7 ax-Fcr-wc rds: IC Ia: cci: p roxy0 exacic L a. arc> Htoii: A_icc <sip: aiice0exaapl a. cog>; cag-a3343cf32 C*r__-I0: iUPii460540 CSeq: 1331 0051 [3H Al -ow: IKVIIE, APP, (IANCHI, OIHIONS, lYE, REPEl, SIJSSCRI0E, YC!IIPY Ivant: vc-r Lcpxr Accept: app Hoc L on/cd>, iresacce/sip On _e FL> : a> p lion* L or'! vCl-r Lop x Cai:teoc-Loogtt: VQSee.sio:ri(cpcrt: C a_I IC rn CaIIID: 6dg37fl890463 focalIL: Alice <sip:alicc(iaxaarplc.crg> ?e:r,oLe IL: W 11 <cip:hiIl':Iexarnple.ne:.> IL: 2(11cc <sip: a] i cei9example.crcr> fcca1Crc::p: cxa:aclc-clio:re-55 671 Acccofcc cUp: exccpl e-gafcway-11 9871 facaladd=: 5=1 6.10.1.100 PLR15300 SSLC=1a3h5c7.j I ace 1 UiC: 63:11: ub: cc: 21: Cf 9sctcAd0r: IP-11. 1.1. 151 ?CP(15332 SSRC-l)x24CiIchcd lvi fOcAL: C3:25:CC:ilc:9S:C2 fcc alICe,:. I cc TIinee.tarnps:3IART 201/-C-1CT18:23:l3Z 370? 2364-11-31118:26:32 7, ScsslccCesc:P1=1% 99' 0/29 39 2635 192L' F023 F?P' 2 PPS cC civ r "S" acaexh-na" P1(2=? IlL =sn __erPufter:JPA=3 JPk=2 20\=4C 2RVI=,39 J?X=12C' Psccetlass:Nll( 3.1) J33=2 IlurstCapfcsc JLL1) 53 3 SEC 2. C 33 Sill) (9418=16 lelay II' )=2C 3 KSL=i 41 3019=2 311 IAJ=2 V 06=1 C Si qral.:Sf--21 NE--SC kH'.Sl,SS Qualityssf: FCC 93 9(20=9:. PXIRIFC3 103LC) 4.2340300,/J.3 C)OICSI.Alc=P.564 9.ec,o Pc Met: cc I i ce.eLai:,ps:3I191 2C3-0-16118:23:432 330? 2304-IC-Cl 119:26:32z SccclccCes 5: P1-CR 89-S 2 9 SFCBC3C 89-2(1 P0-23 FCP-2 PPFCC LIV P2 "acacxh as" P10=? IL 2=00 jr..er9ct-ei:2SA=3 JBFC2.FC4C 211-4=81 J?x= 2':) I'ccletloss:Nl9 3.0 Ji)Ilv2. C Curstoapfcsc 819-1) PFCC 0fC2. C SClv5Ll) SPIN-lb lalay: k' )=2C3 H:SL=i 1:) SOPS 2311 IAJ 2 VA31 C Siqcal:S1,=-21 NT,=-I S 9591=55 Qua ityEst:Rl3 93 R039: PC)ST3.3 343360 4.2300C1c/AI'j=P.56'] DIac'gIC: liI9346354ilL*alicc.cxr:plc. are; Lo-Lce=1447261; frcc-Lac=91 23633 1 In the above example, the quality reporting signalling message is a Voice Quality Metric (VQM) report. The CaI1ID field which is encrypted as it passes through an application gateway according to some embodiments is shown in bold.

In alternative embodiments, one or more of endpoint devices El and E2 generates statistics for the quality of communication in the communication session and reports such statistics to softswitch 120 after termination of the communication session. In the example of a SIP communication session, this could bc aftcr transmittal of one or morc SIP BYE signalling messagcs by onc or more devices in the signalling path for the communication session. SBC 1 and/or SBC 2 are able to handle processing of call identifiers for such final', i.e. post session termination, reports even after termination of the session in a similar manner to reports received whilst the communication session is still taking place. Some embodiments advantageously do not require any network address translation lookup tables to be stored by SBC I or SBC 2 during the communication session or maintained after termination of the communication session; SBC 1 and SBC 2 store and refer to an encryption key 304 and a deterministic encryption algorithm. SBC 2 stores and refers to a decryption key 306 and an inverse of the deterministic encryption algorithm. The encryption key 304 and the decryption key may be the same key, or may be different, related keys. The encryption key 304 and/or decryption key 306 carl be retrieved from the appropriate database 104 or 110.

When an intermediate network device such as SBC I or SBC 2 receives a signalling message, a decision needs to be taken as to whether to carry out decryption or decryption of an identifier for the communication session such as a call identifier contained within the signalling message. To make this decision, the intermediate network device examines appropriate identifiers within the signalling message looking for at least a portion which identifies the intermediate network device.

If the intermediate network device determines that the received identifier does not comprise at least a portion identifying the intermediate network device, then the intermediate network device knows that the received identifier should be transformed using a deterministic encryption algorithm, i.e. encryption is carried out. This situation applies to the decision taken by SBC 1 between steps 2a and 2b and also between steps 2c and 2f described above. This situation also applies to the decision taken by SBC 2 between steps 2c and 2d described above.

Conversely, if the intermediate network device determines that the received identifier does comprise at least a portion identifying the intermediate network device, then the intermediate network device knows that the received identifier should be transformed using an inverse of the deterministic encryption algorithm, i.e. decryption is carried out. This situation applies to the decision taken by SBC 2 between steps 2g and 2h described above.

In embodiments, the type of incoming signalling messages is monitored in order to identify which messages an encryption or decryption transformation should be applied to. If the monitoring detects that a signalling message is of a communication session setup type, then an encryption or decryption transformation should be applied to the appropriate identifier contained within the SEP header of the message, for example the Call-ID. Similarly, if the monitoring detects that a signalling message is of a communication session quality reporting type, then an encryption or decryption transformation should be applied to the appropriate identifier contained within a quality report in the SIP body of the message, for example the session identifier in the CaIIID field. If the monitoring detects other types of signalling messages, then no transformation of identifiers may be canied out.

In embodiments, the transformation of an identifier in a received signalling message is canied out by a session border controller located between signalling segments on the incoming and outgoing directions of the signalling path. The transformation is applied to the entire contents of the received identifier and the result of the transformation is added as a prefix to a network address of the session border controller to form the identifier in the transmitted signalling message.

Figure 3 is a block diagram showing components of an application gateway according to some embodiments. In these example embodiments, the application gateway comprises a session border controller, for example SBC I or SBC 2 described above, for processing communication sessions in a telecommunications network. Each communication session has a signalling path spanning a plurality of devices including one or more session border controllers, a soflswitch and at least two endpoint devices. The signalling path comprises a first signalling segment located between one of the endpoint devices and the session border controller, and a second signalling segment located between the session border controller and the soflswiteh.

The session border controller 102, 108 comprises a first interface, I/F 1, configured to receive, via the first signalling segment for a communication session, a first signalling message comprising a first identifier associated with the communication session. The session border controller 102, 108 comprises a processor 300 configured to transform at least part of the first identifier using a deterministic encryption algorithm to generate a second identifier. Further, the session border controller 102, 108 comprises a second interface, I/F 2 configured to transmit, via the second signalling segment for the communication session, a second signalling message comprising the second identifier to associate the second identifier with the communication session.

Thc scssion border controller 102, 108 has access to a databasc 104, 110, either located integrally or remotely from session border controller 102, 108. The transformation is carried out by processor 300 with reference to an encryptionldecryption module 302 which performs either an encryption of the input identifier by retrieving an encryption key 304 from database 104, 110 or a decryption of the input identifier by retricving a decryption key 306 from database 104, 110. In practice, session border controller 102, 108 will process signalling messages for a plurality of other endpoint or intermediate network devices (not shown) via a plurality of ports andior trunk connections.

In embodiment described above, the deterministic encryption algorithm could for example comprise AES (Advanced Encryption Standard) or RC4 (Rivest Cipher 4).

The deterministic encryption algorithm has been described in the above embodiments as being reversible. In other embodiments, a non-reversible deterministic encryption algorithm could be employed, for example in SBC 1 where decryption is not required (whereas decryption is required in SBC 2).

In the above embodiments, the output of the deterministic encryption algorithm does not change for the same input. 1-lowever, in alternative embodiments, the output of the encryption algorithm may altematively change in a deterministic manner, for example according to the time at which the algorithm is applied. The time could be based on the time given in an accompanying timestamp. In such embodiments which use a technique alternative to those described previously, the first identifier is encrypted using a given encryption algorithm, for example by SBC 1. A downstream device in the signalling path for the communication session, for example softswitch 120, which receives the second signalling message needs to be able to process the second identifier correctly. This can be achieved by implementing sharing of the given encryption algorithm, i.e. both SBC I and softswitch 120 have knowledge of how the given encryption algorithm operates, for example including how its output varies with time.

As an example, the shared algorithm could involve SBC 1 using a first encryption algorithm during evenly numbered hours of the day and using a second, different encryption algorithm using oddly numbered hours of the day. If softswitch has knowledge of the odd/even hour schedule by which SBC I decides which of the first and second encryption algorithms to use, then softswitch 120 will be able to process the two different identifiers received in signalling messages during such periods correctly and identify them as relating to the same session. Other forms of shared encryption algorithm could also be employed, similarly for the case of decryption.

The above embodiments are to be understood as illustrative examples. Further embodiments are envisaged.

In the embodiments described above, the session identifier is initially 1 0 generated by the combination of a random string and an I P address for the originating endpoint device. In alternative embodiments, the session identifier may be generated by the combination of a random string and a hostname for the originating endpoint device.

In embodiments described above, the signalling messages received by SBC I or SBC 2 are received via segments of the communication session from devices in the signalling path for the communication session. In alternative embodiments, one or more signaHing messages could be received from devices not in the signaHing path for the session. This could for example be the case in a law enforcement scenario in relation to legal media tapping of a communication session. In such a scenario, network sniffing' of signalling messages to/from an endpoint device or application gateway could be carried out by a law enforcement agency to ascertain a session identifier associated with a communication session. The session identifier could then be used in signalling messages sent to the application gateway, which would carry out the appropriate encryption/decryption of the session identifier, thus allowing the law enforcement agency to listen-in' on traffic for the communication session.

The embodiments depicted in Figure 2 involve endpoint devices El and E2 reporting communication session quality using SIP PUBLISH signalling messages. In other embodiments, one or more SIP NOTIFY signalling messages could be employed, or a combination thereof The embodiments depicted in Figure 2 involve endpoint devices El and E2 carrying out communication session setup processes using SIP 1NVITE messages. Iii other embodiments, one or more SIP SUBSCRIBE or SIP REFER signalling messages could be employed, or a combination thereof Some embodiments described above involve encryption/decryption of identifiers in relation to communication session quality reporting signalling. The techniques described herein can be applied to other processes where call references exist such as the replaces or target-dialog packages used in S[P call transfer operations.

Examples embodiments described above apply the techniques described herein in a SIP environment. The techniques described herein can also be applied in relation to other IP telephony or IP communication environments, for example in relation to International Telecommunication Union Telecommunication Standardization Sector (ITU-T) recommendation H.323, or the Media Gateway Control Protocol (MGCP), etc. The techniques described herein can be applied in relation to Voice over Internet Protocol (VoIP) communication sessions involving transfer of voice or other audio data between endpoint devices. The techniques described herein can also be applied in relation to Communications over Internet Protocol (CoIP) communication sessions, for example involving transfer of multimedia data including text, image, video and other forms of digital data in addition to or alternatively to voice or audio data.

It is to be understood that any feature described in relation to any one embodiment may be used alone, or in combination with other features described, and may also be used in combination with one or more features of any other of the embodiments, or any combination of any other of the embodiments. Furthermore, equivalents and modifications not described above may also be employed without departing from the scope of the invention, which is defined in the accompanying claims.

Claims

<claim-text>Claims I. A method of processing communication sessions in a telecommunications network, each communication session having a signalling path spanning a plurality of devices including one or morc intermediate network devices and at least two endpoint devices, the signalling path comprising a plurality of signalling segments, each said segment being between two devices in said plurality of devices, said method comprising: receiving, via a first signalling segment for a communication session, a first signalling message comprising a first identifier associated with said communication session; transforming at least part of said first identifier using a deterministic encryption algorithm to generate a second identifier; and transmitting, via a second signalling segment for said communication session, a second signalling message comprising said second identifier to associate said second identifier with said communication session.</claim-text> <claim-text>2. A method according to claim 1, wherein said first signalling message comprises a first communication session setup signalling message for said communication session and said second signalling message comprises a second communication session setup signalling message for said communication session.</claim-text> <claim-text>3. A method according to claim 1 or 2, comprising: receiving a third signalling message comprising said first identifier; transforming at least part of said first identifier from said third signalling message using said deterministic encryption algorithm to generate said second identifier associated with said communication session; and transmitting a fourth signalling message comprising said second identifier generated by said transformation of at least part of said first identifier from said third signalling message.</claim-text> <claim-text>4. A method according to claim 3, wherein said third signalling message comprises a first quality reporting signalling message for said communication session and is received via said first signalling segment, and said fourth signalling message comprises a second quality reporting signalling message and is transmitted via said second signalling segment.</claim-text> <claim-text>5. A method according to any preceding claim, wherein said first identifier is received at an intermediate network device, said method comprising: determining that said received first identifier does not comprise at least a portion identifying said intermediate network device, wherein said transforming of at least part of said first identifier is carried out in response to said determination.</claim-text> <claim-text>6. A method according to claim 1 or 2, comprising: receiving a third signalling message comprising said second identifier; transforming at least part of said second identifier from said third signalling message using an inverse of said deterministic encryption algorithm to generate said first identifier associated with said communication session; and transmitting a fourth signalling message comprising said first identifier generated from said transformation of at least part of said second identifier from said third signalling message.</claim-text> <claim-text>7. A method according to claim 6, wherein said third signalling message comprises a first quality reporting signalling message for said communication session and is received via said second signalling segment, and said fourth signalling message comprises a second quality reporting signalling message and is transmitted via said first signalling segment.</claim-text> <claim-text>8. A method according to claim 6 or 7, wherein said second identifier is received at an intermediate network device, said method comprising: determining that said received second identifier comprises at least a portion identifying said intermediate network device, wherein said transforming of at least part of said second identifier is carried out in response to said determination.</claim-text> <claim-text>9. A method according to claim 4 or 7, wherein said first quality reporting signalling message is received during said communication session.</claim-text> <claim-text>10. A method according to claim 4 or 7, wherein said first quality reporting signalling message is received after termination of said communication session.</claim-text> <claim-text>11. A method according to claim 1, wherein said first signalling message comprises a first quality reporting signalling message for said communication session and said second signalling message comprises a second quality reporting signalling message for said communication session.</claim-text> <claim-text>12. A method according to claim 11, said method comprising detecting that said first signalling message is of a communication session quality reporting type, wherein said transformation is carried out in response to said detection.</claim-text> <claim-text>13. A method according to any preceding claim, wherein said first identifier includes a portion comprising a network address for at least one device in the signalling path of said communication session.</claim-text> <claim-text>14. A method according to claim 13, wherein said at least one device comprises an endpoint device, and said first signalling message is generated by said endpoint device.</claim-text> <claim-text>15. A method according to claim 13, wherein said at least one devicc comprises a softswitch, and said first signalling message is generated by said softswitch.</claim-text> <claim-text>16. A method according to any preceding claim, wherein said communication session comprises a Session Initiation Protocol (SIP) communication session, said first and second signalling messages comprise first and second SIP signalling messages, and said first and second identifiers are session identifiers contained in respective session identifier fields of said first and second SIP signalling messages.</claim-text> <claim-text>17. A method according to claim 16, wherein said wherein said first and 1 0 second signalling messages comprise one or more of: SIP 1NVITE messages, SIP SUBSCRIBE messages, and SIP REFER messages.</claim-text> <claim-text>18. A method according to claim 16, wherein said first and second signalling messages comprise one or more of: SIP NOTIFY messages, and SIP PUBLISI-1 messages.</claim-text> <claim-text>19. A method according to any preceding claim, wherein said communication session comprises a Voice over Internet Protocol (V0IP) or Communications over Internet Protocol (C0IP) call.</claim-text> <claim-text>20. A method according to any preceding claim, wherein the transformation of the first identifier is carried out by a session border controller located between said first and second signalling segments, said transformation is applied to the entire contents of the first identifier and the result of the transformation is added as a prefix to a network address of said session border controller to form said second identifier.</claim-text> <claim-text>21. A method of processing communication sessions in a telecommunications network, each communication session having a signalling path spanning a plurality of devices including one or more intermediate network devices and at least two endpoint devices, the signalling path comprising a plurality of signalling segments, each said segment being between two devices in said plurality of devices, said method comprising: receiving, via a first signaHing segment for a communication session, a first communication session setup signalling message comprising a first identifier associated with said communication session; transforming at least part of said first identifier using a deterministic encryption algorithm to generate a second identifier; 1 0 transmitting, via a second signalling segment for said communication session, a second communication session setup signalling message comprising said second identifier to associate said second identifier with said communication session; receiving, via said second signalling segment, a first quality reporting signalling message for said communication session, said first quality reporting signalling message comprising said second identifier; transforming at least part of said second identifier from said first quality reporting signaHing message using an inverse of said deterministic encryption algorithm to generate said first identifier associated with said communication session; and transmitting, via said first signalling segment, a second quality reporting signalling message comprising said first identifier generated from said transforming.</claim-text> <claim-text>22. A method of processing communication sessions in a telecommunications network, each communication session having a signalling path spanning a plurality of devices including one or more intermediate network devices and at least two endpoint devices, the signalling path comprising a plurality of signalling segments, each said segment being between two devices in said plurality of devices, said method comprising: receiving, via a first signalling segment for a communication session, a first communication session setup signalling message comprising a first identifier associated with said communication session; transforming at least part of said first identifier using a deterministic encryption algorithm to generate a second identifier; transmitting, via a second signalling segment for said communication session, a second communication session setup signalling message comprising said second identifier to associate said second identifier with said communication session; receiving, via said first signalling segment, a first quality reporting signalling message for said communication session, said first quality reporting signalling message comprising said first identifier; further transforming at least part of said first identifier from said first quality reporting signalling message using said deterministic encryption algorithm to generate said second identifier associated with said communication session; and transmitting, via said second signalling segment, a second quality reporting signalling message comprising said second identifier generated from said thither transforming.</claim-text> <claim-text>23. Apparatus adapted to perform the method of any preceding claim.</claim-text> <claim-text>24. A session border controller for processing communication sessions in a telecommunications network, each communication session having a signalling path spanning a plurality of devices including one or more session border controllers, a softswitch and at least two endpoint devices, the signalling path comprising a first signalling segment located between one of said endpoint devices and said session border controller, and a second signalling segment located between said session border controller and said softswitch, said session border controller comprising: a first interface configured to receive, via said first signalling segment for a communication session, a first signalling message comprising a first identifier associated with said communication session; a processor configured to transform at least part of said first identifier using a deterministic encryption algorithm to generate a second identifier; and a second interface configured to transmit, via said second signalling segment for said communication session, a second signalling message comprising said second identifier to associate said second identifier with said communication session.</claim-text> <claim-text>25. Computer software adapted to perform the method of any of claims 1 to 22.</claim-text> <claim-text>26. A computer program product comprising a non-transitory computer-readable storage medium having computer readable instructions stored thereon, the computer readable instructions being executable by a computerized device to cause the computerized device to perform a method for processing communication sessions in a telecommunications network, each communication session having a signalling path spanning a plurality of devices including one or more intermediate network devices and at least two endpoint devices, the signalling path comprising a plurality of signalling segments, each said segment being between two devices in said plurality of devices, said method comprising: receiving, via a first signalling scgmcnt for a communication session, a first signalling message comprising a first identifier associated with said communication session; transforming at least part of said first identifier using a deterministic encryption algorithm to generate a second identifier; and transmitting, via a second signalling segment for said communication session, a second signalling message comprising said second identifier to associate said second identifier with said communication session.</claim-text>