WO2017127268A1 - Network service access control - Google Patents
Network service access control Download PDFInfo
- Publication number
- WO2017127268A1 WO2017127268A1 PCT/US2017/013010 US2017013010W WO2017127268A1 WO 2017127268 A1 WO2017127268 A1 WO 2017127268A1 US 2017013010 W US2017013010 W US 2017013010W WO 2017127268 A1 WO2017127268 A1 WO 2017127268A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- session
- service
- session attribute
- information
- network
- Prior art date
Links
- 238000004891 communication Methods 0.000 claims abstract description 95
- 238000013475 authorization Methods 0.000 claims abstract description 82
- 238000004873 anchoring Methods 0.000 claims abstract description 32
- 230000004044 response Effects 0.000 claims abstract description 26
- 238000000034 method Methods 0.000 claims description 28
- 238000012546 transfer Methods 0.000 claims description 17
- 230000001413 cellular effect Effects 0.000 description 17
- 230000001276 controlling effect Effects 0.000 description 14
- 230000006870 function Effects 0.000 description 14
- 238000005516 engineering process Methods 0.000 description 11
- 238000012545 processing Methods 0.000 description 10
- 230000011664 signaling Effects 0.000 description 10
- 230000000977 initiatory effect Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000032258 transport Effects 0.000 description 6
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 241000282414 Homo sapiens Species 0.000 description 2
- 241000700605 Viruses Species 0.000 description 2
- 238000003491 array Methods 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- RGNPBRKPHBKNKX-UHFFFAOYSA-N hexaflumuron Chemical compound C1=C(Cl)C(OC(F)(F)C(F)F)=C(Cl)C=C1NC(=O)NC(=O)C1=C(F)C=CC=C1F RGNPBRKPHBKNKX-UHFFFAOYSA-N 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 239000013598 vector Substances 0.000 description 2
- 241000278713 Theora Species 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000002401 inhibitory effect Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 239000004984 smart glass Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1101—Session protocols
- H04L65/1104—Session initiation protocol [SIP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/1016—IP multimedia subsystem [IMS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1069—Session establishment or de-establishment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1083—In-session procedures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1083—In-session procedures
- H04L65/1094—Inter-user-equipment sessions transfer or sharing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1096—Supplementary features, e.g. call forwarding or call holding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
- H04L65/403—Arrangements for multi-party communication, e.g. for conferences
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0654—Management of faults, events, alarms or notifications using network fault recovery
- H04L41/0668—Management of faults, events, alarms or notifications using network fault recovery by dynamic selection of recovery network elements, e.g. replacement by the most appropriate element after failure
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/12—Setup of transport tunnels
Definitions
- Many computing devices configured for telecommunications are capable of processing various types and encodings of media and interacting with various network services in addition to, e.g., two-party voice telephone calls. Examples of such media or services can include video calling or multi-party conferencing.
- Cellular and other portable communications devices may connect with networks of varying capability either within a communication session or between communication sessions.
- FIG. 1 is a block diagram illustrating a system for implementing network service access control according to some implementations.
- FIG. 2 illustrates an example telecommunications network, including components used to perform service-access control of a communication session.
- FIG. 3 is a block diagram illustrating a system for implementing service- access control according to some implementations.
- FIG. 4 shows an example call flow illustrating downgrade of requested services.
- FIG. 5 shows an example call flow illustrating disallowing of requested services.
- FIG. 6 illustrates an example process for controlling access to network services in a communication session according to some implementations.
- FIG. 7 illustrates an example process for controlling access to network services in a communication session according to some implementations.
- Some example systems and techniques described herein permit making effective use of available network bandwidth by controlling which services are provided over which networks to which computing devices. Some example systems and techniques described herein permit improving security of telecommunications networks and of users' telecommunication devices by preventing malicious software, e.g., smartphone viruses or other malware, from communicating with other telecommunication devices. This can reduce or inhibit the spread of malware.
- malicious software e.g., smartphone viruses or other malware
- the terms "user equipment,” “UE,” and “terminal” may be used interchangeably herein to describe any communication or computing device capable of performing techniques described herein, e.g., with respect to computing devices 102 and 104, FIG. 1, or computing device 302 or server 304, FIG. 3.
- Computing devices as described herein can be configured to perform techniques described herein with respect to, e.g., application server(s) 106 or authorization server(s) 122, FIG. 1.
- the term "session” as used herein includes a communications path for bidirectional exchange of data among two or more terminals.
- Example sessions include voice and video calls, e.g., by which human beings converse, a data communication session, e.g., between two electronic systems or between an electronic system and a human being, or a Rich Communication Suite (RCS, also known as JOYN) session.
- RCS Rich Communication Suite
- Example networks carrying sessions include second-generation (2G) cellular networks such as the Global System for Mobile Communications (GSM) and third-generation (3G) cellular networks such as the Universal Mobile Telecommunications System (UMTS).
- Other example networks include fourth-generation (4G) cellular networks, such as LTE carrying VoLTE sessions using Session Initiation Protocol (SIP) signaling, the public switched telephone network (PSTN) using Signaling System 7 (SS7) signaling, and data networks, such as Institute of Electrical and Electronics Engineers (IEEE) 802.11 (WIFI) networks carrying voice over Internet Protocol (VoIP) calls or other over-the-top (OTT) sessions encapsulating, e.g., voice or video data in a way transparent to an underlying packet transport.
- SIP Session Initiation Protocol
- PSTN public switched telephone network
- SS7 Signaling System 7
- WIFI Institute of Electrical and Electronics Engineers
- OTT over-the-top
- GSM and the PSTN are examples of circuit-switched (CS)
- cognities refers to data types, encodings, formats, bit rates, application protocols, underlying protocols, compression techniques, profiles, or coding/ decoding procedure (codecs) that are supported by a terminal, or that are requested by a user or terminal and supported by other device(s) involved in a session, for the exchange of data with other computing devices, e.g., in a session.
- Example capabilities can include particular audio codecs (supported by a terminal) or call forking (requested by a user or terminal; supported by a core network device).
- a "party" is a terminal or a user employing a terminal. Sessions can include the transfer of messages between parties. Systems and techniques herein can permit controlling bandwidth usage and security by controlling which capabilities can be used on particular communication sessions. In some examples, the control is facilitated transparently to the intercommunicating computing devices.
- a message described as "associated with" a data item can include that data item, or can include information that, alone or in combination with other information, permits retrieval that data item.
- a message can be associated with a destination network address, e.g., by including the destination network address or by including a destination hostname that can be used to retrieve a corresponding destination network address from a database (e.g., the Internet Domain Name System, DNS).
- DNS Internet Domain Name System
- LTE Long Term Evolution
- VoIP voice over LTE
- VoIP Voice calls over VoLTE are generally encoded and decoded using an adaptive multi-rate (AMR) codec.
- AMR adaptive multi-rate
- NB-AMR Narrowband AMR
- the PSTN generally carries uncompressed audio in the 400 Hz-3400 Hz band formatted according to the International Telecommunications Union (ITU) G.711 standard as uncompressed, 8-bit pulse code modulated (PCM) logarithmically-quantized samples.
- ITU International Telecommunications Union
- G.711 standard as uncompressed, 8-bit pulse code modulated (PCM) logarithmically-quantized samples.
- a voice call between a VoLTE device and a PSTN device therefore requires transcoding between NB-AMR and G.711 , in this example, or requires the VoLTE device to encode audio data using G.711 rather than NB-AMR.
- voice calls between terminals may require transcoding, protocol conversion, or specific codec or protocol selection if one terminal or network supports a codec or protocol, such as AMR, that the other terminal or network does not.
- transcoding or protocol conversion may be required for interworking with environments such as personal computers (PCs), which can use codecs such as Vorbis, e.g., in an Ogg container, or Opus, used in the WebRTC (Web Real-Time Communication) protocol.
- PCs personal computers
- codecs such as Vorbis, e.g., in an Ogg container, or Opus, used in the WebRTC (Web Real-Time Communication) protocol.
- Codecs are also used for video.
- Example codecs used in LTE networks include ITU H.263, Moving Picture Experts Group (MPEG) standards such as MPEG- 4 part 2, and H.264/MPEG-4 part 10.
- MPEG Moving Picture Experts Group
- many other video codecs are used in other environments, e.g., Theora, QUICKTIME, VP6, and VP8 in PC environments, and MPEG-1 and MPEG-2 in older PCs or telecommunication systems. Audio or video communications between devices with different codec capabilities may require transcoding or specific codec selection.
- Video transcoding in particular, can be computationally expensive.
- a "session attribute" is a type, identity, capability, or party of a communication session determined by or at the request of a party of the communication session, or determined in response to a message from a party of the communication session.
- the session attributes can include Alice as the originator, Bob as the recipient, and a video codec (e.g., H.263) that Alice and Bob's respective terminals are using to encode and decode the exchanged video.
- a text message from Dennis to Ken can include Dennis as the sender, Ken as the recipient, and a protocol identifier indicating whether the text message is being carried via the Short Message Service (SMS) protocol or the RCS Message Session Relay Protocol (MSRP).
- SMS Short Message Service
- MSRP RCS Message Session Relay Protocol
- a transfer of a party to a session Alfred can call Peter. During the conversation, Peter may want to transfer Alfred to Brian.
- the session attributes when the transfer is initiated can include Alfred as the originating party, Peter as the terminating party, and Brian as the referred-to party.
- presence detection Linus may wish to determine whether Alan is online. Linus 's terminal may transmit a request for Alan's presence information to a presence server.
- the session attributes can include Linus as the originating party, Alan as the target party, and "presence request" as the type of communication session.
- Grace and Ada may wish to stream audio of a symphonic performance.
- the session attributes can include Grace, Ada, and the symphony's server as parties, Advanced Audio Coding (AAC) as an audio-codec capability, and a quality of service (QoS) level indicating a required bandwidth of 320 kbit/s for the audio stream.
- AAC Advanced Audio Coding
- QoS quality of service
- an anchoring network device e.g., an application server (AS) is communicatively connectable with cellular user equipment (UE) or another computing device or terminal.
- the anchoring network device can be configured to receive, from a first party of a communication session, a service message including information of a first session attribute and associated with identification information of a party of the communication session.
- the anchoring network device can retrieve, from an authorization registry, authorization information corresponding to the identification information.
- the anchoring network device can determine a status message based at least in part on the service message, and transmit the status message via a communications interface.
- IFCs initial filter criteria
- PVNI P-Visited-Network-ID
- PVNI may be included only in registration requests (RFC 3455, sec. 4.3.2), so PVNI is not necessarily available for use by IFCs in all SIP messages initiating communication sessions. Moreover, IFCs cannot route based on information transferred by non-SIP protocols such as Lightweight Directory Access Protocol (LDAP), Simple Object Access Protocol (SOAP) over Hypertext Transfer Protocol (HTTP), or Diameter. Also, IFCs are only applied when a session is initiated and are not useful for session attributes that may change during the course of a session.
- LDAP Lightweight Directory Access Protocol
- SOAP Simple Object Access Protocol
- HTTP Hypertext Transfer Protocol
- Diameter Diameter
- FIG. 1 is a block diagram illustrating a telecommunication system 100 according to some examples.
- the system includes computing devices 102 and 104, e.g., user equipment or other mobile phones or communications devices or terminals.
- the computing devices 102 and 104 can be operated, e.g., by a user and a first user respectively (not shown).
- the computing devices 102 and 104 are communicatively connected to one or more application server(s) 106, e.g., via respective access networks 108 and 110.
- the application server(s) 106 can include, e.g., a telephony application server (TAS) of an Internet Protocol (IP) Multimedia Subsystem (IMS) in a VoLTE-capable network.
- TAS telephony application server
- IMS Internet Multimedia Subsystem
- the computing devices 102 and 104 may be implemented as any suitable mobile computing devices configured to communicate over a wireless and/or wireline network, including, without limitation, a mobile phone (e.g., a smart phone), a tablet computer, a laptop computer, a portable digital assistant (PDA), a wearable computer (e.g., electronic/smart glasses, a smart watch, fitness trackers, etc.), a networked digital camera, and/or similar mobile devices.
- a mobile phone e.g., a smart phone
- PDA portable digital assistant
- a wearable computer e.g., electronic/smart glasses, a smart watch, fitness trackers, etc.
- a networked digital camera e.g., a networked digital camera, and/or similar mobile devices.
- computing devices 102 and 104 may represent various types of communication devices that are generally stationary as well, such as televisions, desktop computers, game consoles, set top boxes, and the like.
- User equipment can include user cellular equipment or other telecommunications or computing devices communicatively connectable with other computing devices via one or more application server(s) 106.
- Mobile phones and copper-loop landline phones can be examples of user equipment.
- the computing device 102 When the first user desires to place a call to the second user, the computing device 102, e.g., in response to actuation by the first user of a "Send" control 112, transmits an initiation request.
- the initiation request is an example of a service message 114 of a communication session.
- Service message 114 can also be transmitted during a communication session, e.g., to transfer a file or switch between audio and video calling.
- the illustrated service message 1 14 also includes information 118 of a first session attribute, e.g., one or more media capabilities of the computing device 102 or protocol types of the communication session.
- the information 118 of the first session attribute is also referred to as an "offer.”
- the service message 1 14 includes a SIP INVITE message having a Session Description Protocol (SDP) body including a session description, e.g., the information 118 of the session attribute.
- SDP Session Description Protocol
- the session description specifies whether voice or video calling is desired.
- the application server(s) 106 receive from the computing device 102 the service message 114 and perform authorization processing 120, described below with reference to FIGS. 2-7. As described below, in some examples, the application server(s) 106 interact with one or more authorization server(s) 122 to perform the authorization processing 120. In some examples, the authorization server(s) 122 include an Equipment Identity Register (EIR) or Enhanced EIR (EEIR) communicatively connected with the application server(s) 106.
- EIR Equipment Identity Register
- EEIR Enhanced EIR
- the authorization processing transmits a service-failure message 124 to the computing device 102.
- the service-failure message 124 indicating the session cannot be established, or the requested attribute is not supported. This can be an example of disallowing the first session attribute indicated by the information 1 18.
- the authorization processing 120 modifies the information 118 of the session attribute or otherwise determines information 126 of a second session attribute different than the session attribute in service message 114, e.g., based on an indication of a network to which computing device 102 is connected.
- the application server(s) 106 then transmits a second service message 128 including the information 126 of the second session attribute, e.g., to the computing device 104. This can be an example of modifying or downgrading a session attribute.
- the computing device 104 thus receives a service message 128 including modified information 126 of the session attribute.
- the computing device 104 can respond, e.g., by alerting the second user and transmitting a SIP 180 Ringing response to the computing device 102.
- the user of the computing device 104 can then indicate the call should be accepted, e.g., by operating a call-acceptance control 130 such as a touchscreen button.
- the computing device 104 can then accept the service message, e.g., by sending a SIP 200 OK response to the computing device 102.
- Call initiation can be performed, e.g., as defined in the Global System for Mobile (GSM) or Voice-over-Long Term Evolution (VoLTE) standards, and can include the exchange of additional messages (not shown) between the computing devices 102 and 104 and the application server(s) 106.
- Data of the session such as audio data or video data formatted as specified in the modified information 126, can be exchanged between computing devices 102 and 104 via a communications channel depicted as media path 132, which, as shown, can pass through application server(s) 106 or can bypass application server(s) 106.
- UE 102 is roaming in, or otherwise connected to, a visited network 134 while transmitting the first service message 114.
- the visited network 134 can include a visited public land mobile network (VPLMN).
- VPN visited public land mobile network
- application server(s) 106 or authorization server(s) 122 are located in or part of a home network 136.
- the visited network 134 can include a home public land mobile network (HPLMN).
- HPLMN home public land mobile network
- UE 102 is configured so that any network other than home network 136 is a visited network such as visited network 134.
- Various examples herein relate to home-routed services, in which application server(s) 106 of home network 136 anchor or control communication sessions of which UE 102 is a party, even when UE 102 is roaming in visited network 134.
- access network 110 can be part of visited network 134, home network 136, or another network.
- Various examples herein permit interworking advanced techniques with installed equipment not supporting those techniques. For example, various techniques herein permit interworking EVS codecs on a VoLTE network with non-EVS-capable VoLTE user equipment or CS user equipment. Various examples herein permit interworking between cellular and PC environments. Various examples herein permit removal or modification of session attributes that are applicable to the calling party's network, computing device, or environment, but not applicable to the called party's network, computing device, or environment (e.g., VoIP calls from a Web browser or IP AD application using Opus via a WebRTC gateway to an IMS subscriber, or vice versa).
- Such interworking can permit introducing new voice-enhanced codecs or other capabilities, e.g., in a home network, without causing compatibility problems with a visited network.
- Various examples herein permit removal or modification of session attributes that are applicable to a user's home network or environment, but not applicable to a network or environment in which a user is roaming.
- Various examples herein permit controlling bandwidth usage and network congestion by controlling which services are available to which parties on which networks.
- Various examples herein permit controlling service access based on, e.g., user, visited network and device type (or any combination of any of those).
- a user or terminal may be known to be either malicious or vulnerable.
- a zero-day vulnerability may be uncovered in an application running on a number of terminals, and those terminals may be subject to attack by malicious parties until the application is updated to fix the vulnerability.
- session attributes related to the vulnerable application may be downgraded or disallowed so that the vulnerable application is not invoked. This can remove opportunities for malicious parties to exploit the vulnerability.
- an application on a particular terminal is infected by malware, e.g., a virus or worm
- session attributes originated by that application on that terminal can be disallowed or downgraded to reduce the number of vectors available for the malware to infect other applications or terminals.
- call transfers to that terminal can be disallowed to reduce attack vectors from that terminal to other terminals.
- disallowing or downgrading session attributes can permit regulating bandwidth usage by subscribers or terminals.
- high-bandwidth services can be disallowed or downgraded on congested networks to maintain QoS levels.
- FIG. 2 illustrates an example telecommunications network 200.
- User equipment 202 communicates with access system 204 of the telecommunications network.
- Access system 204 can include a first access network of a first type (e.g., LTE) and a second access network, e.g., of a second, different type (e.g., WIFI).
- Each of the first access network and the second access network can be configured to selectively carry a communication session of user equipment 202.
- voice calls can be carried over the first access network using voice-over-LTE (VoLTE) and over the second access network using voice-over-WIFI (VoWIFI).
- VoIP voice-over-LTE
- VoWIFI voice-over-WIFI
- the first type is a PS cellular type and the second type is a PS local-area-network type.
- IMS 206 communicates with access system 204 and provides media-handling services, e.g., to route video or voice data or to maintain continuity of the communication session during handover of the communication session.
- access system 204 includes at least a mobility management entity (MME) 208 associated with a PS access network 210, a bridge 212 (or other packet relay) associated with a LAN-based access network 214, or a mobile switching center (MSC) server (MSS) 216 associated with a CS access network 218.
- MME mobility management entity
- bridge 212 or other packet relay
- MSS mobile switching center
- the PS access network 210 may include an eNodeB 220, e.g., a 4G base station or other access point, that provides connectivity to the PS access network 210.
- the LAN-based access network 214 e.g., a WIFI network
- the CS access network 218 may include a CS base station 224 that provides connectivity to the CS access network 218.
- the IMS 206 of the telecommunications network may include a number of nodes, such as a proxy call session control function (P-CSCF) 226, a home location register (HLR)/home subscriber server (HSS) 228, an interrogating call session control function (I-CSCF) 230, a serving call session control function (S-CSCF) 232, an application server (AS) 234, e.g., a TAS, and an authorization server 236.
- the authorization server 236 can alternatively be located outside the IMS 206 and be communicatively connected with the IMS 206.
- the authorization server 236 can be or include, e.g., an HSS, an equipment identity register (EIR), an enhanced EIR (EEIR), a DNS server, or an E.164 Number Mapping (ENUM) server.
- the telecommunications network may also include a number of devices or nodes not illustrated in FIG. 2.
- Such devices or nodes may include an access transfer control function (ATCF), an access transfer gateway (ATGW), a visitor location register (VLR), a serving general packet radio service (GPRS) support node (SGSN), a gateway GPRS support node (GGSN), a policy control rules function (PCRF) node, a serving gateway (S-GW), a session border controller (SBC), or a media gateway.
- IMS 206 may further include a number of devices or nodes not illustrated in FIG. 2, such as a presence server and one or more additional CSCFs.
- a core network of the telecommunications network may be a GPRS core network or an evolved packet core (EPC) network, or may include elements from both types of core networks.
- the telecommunications network may provide a variety of services to user equipment 202, such as synchronous communication routing across a public switched telephone network (PSTN). Further services may include call control, switching, authentication, billing, etc.
- IMS 206 functions and devices communicate using specific services provided by the access system 204 or elements thereof, but are not directly tied to those specific services. For example, IMS 206 devices can intercommunicate using an EPC network, a GSM network, a SONET network, or an Ethernet network.
- the user equipment 202 may register the communication session with the IMS 206 of the telecommunications network. To do this, the user equipment 202 sends an initiation SIP REGISTER request to the IMS 206 via an access network, e.g., via the eNodeB 220 and MME 208 of the PS access network 210.
- the P-CSCF 226 of the IMS 206 may receive the SIP REGISTER request.
- P-CSCF 226 may forward the REGISTER request directly to S-CSCF 232, or may forward the request to I-CSCF 230, which can locate an appropriate S-CSCF 232, e.g., using stored database information, and forward the REGISTER request to the located S-CSCF 232.
- the P-CSCF 226 is located in a visited network of UE 202 and the I-CSCF 230 and S-CSCF 232 are located in a home network of UE 202.
- the S-CSCF 232 or other components (omitted for brevity) of the IMS 206 can store information about the user equipment 202 in the HLR/HSS 228 and then send a SIP response to the user equipment 202 to complete the IMS registration of the communication session.
- a signaling path ("SIG") of the communication session passes through P-CSCF 226, S-CSCF 232, and AS 234, as indicated by the dash-dot arrow.
- SIG signaling path
- the example SIP signaling path passes back through S-CSCF 232 to a peer (not shown).
- the peer can be, e.g., an S-CSCF corresponding to a terminating (MT) UE (omitted for brevity).
- the signaling path does not reach the authorization server 236.
- the AS 234 is an anchoring network device and proxies signaling traffic for the communication session, e.g., operating as a SIP proxy or back-to-back user agent (B2BUA).
- the MSS 216 can be the anchoring network device and can proxy signaling traffic for the communication session, e.g., GSM or SS7 signaling traffic.
- the anchoring network device can include an IP-Short Message (SM) Gateway AS or a Rich Communications Services (RCS) AS.
- the anchoring network device can be included in or integrated with a TAS or other core network device.
- an anchoring network device can include a Telephony Application Server (TAS) or Rich Communication Suite (RCS) anchoring network device.
- TAS Telephony Application Server
- RCS Rich Communication Suite
- the AS 234 (or other anchoring network device, and likewise throughout) can provide session-control services to UE 202.
- the AS 234 is configured to communicate with authorization server 236, e.g., an HSS, EIR, or EEIR, via the Diameter protocol, e.g., over the LTE Sh interface or other appropriate interfaces. Examples of AS 234 functions are described in more detail below with reference to FIGS. 3-7.
- the AS 234 or the authorization server 236 can include a memory, e.g., a computer-readable memory, storing a mapping between identification information and authorization information.
- the AS 234 or authorization server 236 can be configured to receive a modification instruction and modify the mapping in response to the modification instruction. This can permit dynamically updating the authorization information, increasing flexibility of the telecommunications network.
- Session attributes can be indicated, e.g., in a header or body of a SIP request or response, such as a Session Description Protocol (SDP) body.
- the session attributes can include at least an access-network type of the communication session, a device type of user equipment 202 participating in the communication session, a media capability of the user equipment 202 (e.g., whether or not the UE 202 supports video, or which codecs the UE 202 supports), a virtual -network identifier of the user equipment (e.g., identification of a mobile virtual network operator, MVNO, of UE 202), or an authentication type of the user equipment (e.g., SIM-based or other).
- SDP Session Description Protocol
- the anchoring network device can receive an indication of user equipment 202, e.g., from MSS 216.
- the anchoring network device can transmit a request for registration information corresponding to the user equipment.
- the request can be transmitted, e.g., to HLR/HSS 228.
- the anchoring network device can, in response to the transmitted request, receive a message, e.g., a Diameter message, indicating session attributes of communication sessions in which UE 202 may participate. This can permit providing capability-specific session-control services even to terminals that are not transmitting SIP signaling.
- the devices and networks illustrated in FIG. 2 can be examples of the devices and networks illustrated in FIG. 1 and described above.
- UE 202 can represent computing device 102 or 104
- any of PS access network 210, LAN-based access network 214, or CS access network 218 can represent access network 108 or 110
- application server 234 can represent application server(s) 106
- authorization server 236 can represent authorization server(s) 122.
- the eNodeB 220 can be an access point for the PS access network 210
- the CS base station 224 can be a base station for the CS access network 218. Accordingly, the descriptions of the devices and networks of FIG. 1 apply to the devices and networks of FIG. 2.
- the devices and networks of FIG. 2 may cooperate to accomplish session control, e.g., as shown in FIG. 1 and described herein. They may also cooperate to accomplish the initialization of a communication session of user equipment 202.
- FIG. 3 is a block diagram illustrating a system 300 permitting authorization processing based on session attributes according to some implementations.
- the system 300 includes a computing device 302, e.g., a wireless phone or other user equipment such as computing device 102 or 104, FIG. 1, coupled to a server 304 via a network 306.
- the server 304 can represent the application server(s) 106, FIG. 1 or the AS 234, FIG. 2, e.g., a TAS, an RCS AS, a short message service center (SMSC), a presence server, or a conferencing server.
- a TAS e.g., a TAS, an RCS AS, a short message service center (SMSC), a presence server, or a conferencing server.
- SMSC short message service center
- the network 306 can include one or more networks, such as a cellular network 308 and a data network 310.
- the network 306 can include one or more core network(s) connected to user equipment via one or more access network(s).
- Example access networks include LTE, WIFI, GSM EDGE Radio Access Network (GERAN), UMTS Terrestrial Radio Access Network (UTRAN), and other cellular access networks.
- Service access control as described herein can be performed, e.g., for services provided via 2G, 3G, 4G, WIFI, or other networks. Service access control can be performed with respect to any party known to the network, e.g., any party registered in an IMS.
- the cellular network 308 can provide wide-area wireless coverage using a technology such as GSM, Code Division Multiple Access (CDMA), UMTS, LTE, or the like.
- Example networks include Time Division Multiple Access (TDMA), Evolution-Data Optimized (EVDO), Advanced LTE (LTE+), Generic Access Network (GAN), Unlicensed Mobile Access (UMA), Orthogonal Frequency Division Multiple Access (OFDM), General Packet Radio Service (GPRS), Enhanced Data GSM Environment (EDGE), Advanced Mobile Phone System (AMPS), High Speed Packet Access (HSPA), evolved HSPA (HSPA+), VoIP, VoLTE, IEEE 802.
- TDMA Time Division Multiple Access
- EVDO Evolution-Data Optimized
- LTE+ Generic Access Network
- GAN Generic Access Network
- UMA Unlicensed Mobile Access
- OFDM Orthogonal Frequency Division Multiple Access
- GPRS General Packet Radio Service
- EDGE Enhanced Data GSM Environment
- AMPS Advanced Mobile Phone System
- Communications between the server 304 and computing devices such as the computing device 302 can additionally or alternatively be performed using other technologies, such as wired (Plain Old Telephone Service, POTS, or PSTN lines), optical (e.g., Synchronous Optical NETwork, SONET) technologies, and the like.
- wired Pull Old Telephone Service, POTS, or PSTN lines
- optical e.g., Synchronous Optical NETwork, SONET
- the data network 310 can include various types of networks for transmitting and receiving data (e.g., data packets), including networks using technologies such as WIFI, IEEE 802.15.1 ("Bluetooth"), Asynchronous Transfer Mode (ATM), WIMAX, and other network technologies, e.g., configured to transport Internet Protocol (IP) packets.
- the server 304 includes or is communicatively connected with an interworking function (IWF) or other device bridging networks, e.g., LTE, third-generation cellular (3G), and POTS networks.
- IWF interworking function
- LTE Long Term Evolution
- 3G third-generation cellular
- POTS third-generation cellular
- the server 304 can bridge SS7 traffic from the PSTN into the network 306, e.g., permitting PSTN customers to place calls to cellular customers and vice versa.
- the cellular network 308 and the data network 310 can carry voice or data.
- the data network 310 can carry voice traffic using Voice over Internet Protocol (VoIP) or other technologies as well as data traffic, or the cellular network 308 can carry data packets using High Speed Packet Access (HSPA), LTE, or other technologies as well as voice traffic.
- VoIP Voice over Internet Protocol
- HSPA High Speed Packet Access
- Some cellular networks 308 carry both data and voice in a PS format.
- many LTE networks carry voice traffic in data packets according to the voice-over-LTE (VoLTE) standard.
- VoIP Voice over Internet Protocol
- HSPA High Speed Packet Access
- Various examples herein provide origination and termination of, e.g., carrier-grade voice calls on, e.g., networks 306 using CS transports or mixed VoLTE/3G transports, or on computing devices 302 including original equipment manufacturer (OEM) handsets and non-OEM handsets.
- OFEM original equipment manufacturer
- the computing device 302 can be or include a wireless phone, a wired phone, a tablet computer, a laptop computer, a wristwatch, or other type of computing device.
- the computing device 302 can include one or more processors 312, e.g., one or more processor devices such as microprocessors, microcontrollers, field- programmable gate arrays (FPGAs), application-specific integrated circuits (ASICs), programmable logic devices (PLDs), programmable logic arrays (PLAs), programmable array logic devices (PALs), or digital signal processors (DSPs), and one or more computer readable media 314, such as memory (e.g., random access memory (RAM), solid state drives (SSDs), or the like), disk drives (e.g., platter-based hard drives), another type of computer-readable media, or any combination thereof.
- processors 312 e.g., one or more processor devices such as microprocessors, microcontrollers, field- programmable gate arrays (FPGAs), application-
- the computing device 302 can further include a user interface (UI) 316, e.g., including an electronic display device 318, a speaker, a vibration unit, a touchscreen, or other devices for presenting information to a user and receiving commands from the user.
- UI user interface
- the user interface 316 can include a session-initiating user interface control 112, e.g., a touchscreen button, to indicate a communication session should be initiated.
- the user interface 316 or components thereof, e.g., the display 318 can be separate from the computing device 302 or integrated (e.g., as illustrated in FIG. 1) with the computing device 302.
- the computing device 302 can further include one or more radio(s) 320 configured to selectively communicate wirelessly via the network 306, e.g., via an access network 108 or 110, or one or more transceivers (not shown) configured to selectively communicate using wired connections via the network 306.
- radio(s) 320 configured to selectively communicate wirelessly via the network 306, e.g., via an access network 108 or 110, or one or more transceivers (not shown) configured to selectively communicate using wired connections via the network 306.
- the computer readable media 314 can be used to store data and to store instructions that are executable by the processors 312 to perform various functions as described herein.
- the computer readable media 314 can store various types of instructions and data, such as an operating system, device drivers, etc.
- the processor- executable instructions can be executed by the processors 312 to perform the various functions described herein.
- the computer readable media 314 can be or include computer-readable storage media.
- Computer-readable storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other tangible, non- transitory medium which can be used to store the desired information and which can be accessed by the processors 312.
- Tangible computer-readable media can include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data.
- the computer readable media 314 can store information 322 of one or more capabilities or preferred or available session attributes of the computing device 302.
- the information 322 can include, e.g., indications of voice or video codecs supported by the computing device 302.
- the computer readable media 314 can additionally or alternatively store credentials (omitted for brevity) used for access, e.g., to IMS or RCS services.
- the computer readable media 314 can include processor-executable instructions of a client application 324.
- the client application 324 e.g., a native or other dialer, can permit a user to originate and terminate communication sessions associated with the computing device 302, e.g., a wireless phone.
- the client application 324 can additionally or alternatively include an SMS, RCS, or presence client, or a client of another telephony service offered by the server 304.
- the client application 324 can include computer instructions executable to cause the computing device 302 to transmit the service message 114 indicating the destination 1 16 and the information 118 of the session attribute to the server 304.
- the server 304 can receive from the computing device 302 or other user equipment the service message 114 of a communication session, e.g., as discussed above with reference to FIG. 1.
- the server 304 can include one or more processors 326 and one or more computer readable media 328.
- the computer readable media 328 can be used to store processor-executable instructions of an authorization-processing module 330.
- the processor-executable instructions can be executed by the processors 326 to perform various functions described herein.
- the computer readable media 328 or another component of the server 304 also stores an authorization registry, discussed below.
- the server 304 is communicatively connected with an authorization registry 332 separate from the server 304.
- the server can retrieve information from the authorization registry via, e.g., a SIP MESSAGE request, a SIP NOTIFY request (and corresponding SIP 200 OK response from the queried registry) or an HTTP request such as a GET to a Web Services or Representational State Transfer (REST) application programming interface (API) endpoint.
- server 304 can communicate with computing device 302, authorization registry 332, or other devices via one or more communications interface(s) 334, e.g., network transceivers for wired or wireless networks, or memory interfaces.
- Example communications interface(s) 334 can include ETHERNET or FIBRE CHANNEL transceivers, WIFI radios, or DDR memory-bus controllers (e.g., for DMA transfers to a network card installed in a physical server 304).
- the authorization registry 332 (or an authorization registry internal to server 304, and likewise throughout) can include a database storing authorization information, such as information of permitted or forbidden session attributes.
- the information in the authorization registry 332 can be stored in association with, or keyed by, identification information of one or more parties of a communication session.
- the server 304 can thus be configured to (e.g., by executing instructions stored in computer- readable media 328) retrieve from the authorization registry 332 authorization information corresponding to the identification information.
- the authorization information can specify one or more session attributes that are prohibited, e.g., one or more codecs or RCS services.
- the server 304 in response to the first service message 114 associated with a communication session, new or existing, can retrieve authorization information, e.g., from authorization registry 332.
- the authorization information can correspond to identification information of one or more parties of the communication session, e.g., computing device 302 or a user thereof.
- the identification information can includes at least one of a terminal identifier such as an international mobile equipment identity (IMEI), a user identifier such as an international mobile subscriber identity (IMSI), a network identifier such as a mobile country code (MCC) and a mobile network code (MNC), a user address such as an E.164 international-dialing-plan telephone number, mobile station international subscriber directory number (MSISDN), or network address, such as an Internet IPv4 or IPv6 address, or a country code, e.g., indicating a country in which computing device 302 is located.
- IMEI international mobile equipment identity
- IMSI international mobile subscriber identity
- MCC mobile country code
- MNC mobile network code
- MSC mobile country code
- MNC mobile network code
- a user address such as an E.164 international-dialing-plan telephone number, mobile station international subscriber directory number (MSISDN), or network address, such as an Internet IPv4 or IPv6 address, or a country code, e.g.
- the server 304 can, using the authorization information, determine whether the first session attribute is permitted in the communication session. In some examples, server 304 can look up the identification information, the first session attribute, or a combination thereof in in authentication registry 332 to determine whether the first session attribute is permitted in the communication session. In some examples, server 304 can receive, from a profile server such as HSS 228, service-access information associated with a user of computing device 302 or other user equipment that transmitted the first service message 114. Server 304 can then look up at least the identification information or the first session attribute in the service-access information to determine whether the user is authorized to use the first session attribute, e.g., to participate in communication sessions having that session attribute. If the user is not authorized, the session attribute is not permitted in the communication session, at least with respect to that user.
- a profile server such as HSS 228, service-access information associated with a user of computing device 302 or other user equipment that transmitted the first service message 114.
- Server 304 can then look up at least the identification information or the first session attribute in
- the server 304 can determine a second session attribute different from the first session attribute based at least in part on the first session attribute.
- the second session attribute can include a "downgraded," e.g., less capable, attribute corresponding to the first session attribute. Examples are discussed below with reference to FIG. 4.
- the server 304 can retrieve the second session attribute from a downgrade-information table or other data store.
- the downgrade information can be stored or transmitted with or within the authorization information.
- the downgrade information can include the second session attribute associated with a requested first session attribute.
- downgrade information can be stored on computer- readable media 328 or other computer-readable media, e.g., on server 304 or communicatively connected to server 304.
- the server 304 can transmit a second service message including information 126 of the second session attribute, e.g., to computing device 302, computing device 104 (user equipment; indicated by a dashed arrow), or in general to one or more parties of the telecommunication session.
- the user equipment e.g., computing device 302
- the one or more parties can include a second party different from the first party.
- computing device 302 can be an originating terminal of the communication session, a terminating terminal of the communication session, or a participating terminal, e.g., involved in a multiparty conference session.
- the first session attribute and the second session attribute can include respective capabilities.
- the first session attribute is a video capability and the second session attribute is an audio capability.
- the authorization information indicate the first session attribute, e.g., video calling, is not permitted, the second attribute can be determined to be audio calling. This can permit communications between parties even if a particular requested form of communication is not authorized.
- the first session attribute comprises a first set of one or more parties.
- some telecommunications networks support "call forking," in which a single call placed to a user's telephone number causes multiple devices to ring. This can permit, e.g., one number to ring on both a user's home and work phones and the user's assistant's phone, e.g., substantially simultaneously, or sequentially as part of a hunt group.
- the second session attribute comprises a second set of one or more parties including fewer than all of the parties in the first set of one or more parties.
- the server 304 can determine that forking should occur to fewer than all of the numbers in the first set. This can, e.g., permit reducing network congestion by prohibiting forking to terminals connected via low-bandwidth or highly-congested access networks.
- the first session attribute and the second session attribute comprise respective protocols, e.g., respective, different protocols.
- the first session attribute can specify that messages be sent via MSRP. If RCS is not available or preferred, the server 304 can determine the second session attribute as SMS or multimedia message service (MMS). This can permit users to exchange messages even when the preferred RCS functionality is not available, and can permit carriers to control bandwidth usage by controlling when RCS is available.
- the first session attribute can specify that an LTE transport be used for IP packets. If the LTE core is inaccessible, e.g., due to maintenance or an outage, the server 304 can determine the second session attribute specifying that GPRS or HSPA be used to carry the packets. This can reduce user wait times and radio congestion by removing time and channel occupancy that computing device 302 or a peer computing device such as UE 104 might otherwise spend attempting unsuccessfully to communicate via LTE.
- the first session attribute can specify that SMS messages be sent via a PS data network. If a packet network is not available or reliable, the server 304 can determine the second session attribute indicating the SMS messages should be sent via a CS network using, e.g., a CS retry.
- the server 304 can transmit a service-failure message to computing device 302 indicating that the requested attribute is not available, e.g., as discussed below with reference to FIG. 5.
- the first session attribute can include a referred-to party of a call transfer.
- the server 304 can determine the service- failure message including an indication that transfer to the referred-to party is prohibited. This can, e.g., reduce spam calls initiated by malware.
- the first session attribute comprises presence information of a user of computing device 302.
- the server 304 can be configured to determine the service-failure message including an indication that the presence information may not be published, e.g., in a presence registry. This can control bandwidth usage, e.g., by reducing visibility of users on low- bandwidth or congested networks and therefore reducing instant-message traffic sent to those users.
- the first session attribute can include a presence-query session type.
- the first service message 114 can include a SIP OPTIONS request, e.g., from the computing device to a user of interest.
- the server 304 can be configured to determine the service- failure message including an indication that presence information may not be retrieved.
- the server 304 can determine the service-failure message including a SIP 4xx, 5xx, or 6xx response other than a SIP 404, 408, 480, or 604 response.
- the server 304 can transmit the determined service- failure message 124 (FIG. 1), e.g., a SIP 488 Not Acceptable response, to the computing device 302 originating the communications session.
- the service-failure information can provide the computing device 302 information about the reason for the failure. This can permit the originating computing device 302 to retry the session initiation using a codec or other session attribute likely to correspond, or known to correspond, with the capability information of the terminating device or network.
- the service-failure message 124 can indicate one or more of the session attributes that are prohibited. This permits the originating computing device 302 to retry the service request without using a session attribute known to be disallowed.
- FIG. 4 shows a call flow 400 illustrating an example downgrade of a service request of a session.
- the illustrated session is from originating (MO) UE (e.g., computing device 102) to a terminating (MT) UE (e.g., computing device 104).
- MO originating
- MT terminating
- the terms "MO” and "MT” are used herein for brevity and do not require any device so identified be a mobile device.
- Several core network devices are shown, including an HSS 402, a telephony application server (TAS) 404, which is an example of an anchoring network device, and an authentication server 406, e.g., an EEIR. Not all core network devices are shown.
- TAS telephony application server
- TAS 404 which is communicatively connected with MO UE 102, can additionally or alternatively be performed with a terminating TAS communicatively connected with MT UE 104.
- both the originating TAS 404 and the terminating TAS can check authorization information and disallow or downgrade as described herein.
- the MO UE 102 sends a first service message, in this example a session-initiation request in the form of a SIP INVITE with an SDP message body.
- the TAS 404 receives, from the user equipment (MO UE 102), the first service message associated with the new communication session to be established.
- the first service message includes information of a first session attribute.
- the first service message can additionally or alternatively be associated with an existing communication session.
- the first service message can be transmitted in an existing communication session to add attributes to that session, e.g., to transfer a file or send an instant message.
- Any number of first service messages and corresponding status messages, e.g., service-failure messages 124 or second service messages 128, can be transmitted in a particular communication session.
- TAS 404 determines identification information of one or more parties of the communication session.
- the identification information can include a terminal identifier such as an IMEI, a user identifier such as an IMSI, a network identifier such as an MCC/MNC pair, a user address such as an E.164 or IP address, or a country code.
- the identification information can include an identifier of a Mobile virtual network operator (MVNO) determined from the IMSI of MO UE 102 or MT UE 104.
- MVNO Mobile virtual network operator
- TAS 404 can determine an IMEI of MO UE 102 and an IMEI of MT UE 104.
- TAS 404 can determine the identification information from the first service message.
- the first service message is accompanied by the IP address of MO UE 102.
- the first service message is a SIP message, e.g., a SIP REGISTER request or a SIP INVITE request, including a P- Access-Network-Info (PANI) header
- the cell global identity (CGI) of the cell e.g., the eNodeB 220
- the cgi-3gpp parameter can include the MCC, MNC, location area code (LAC), and cell identity (CI).
- TAS 404 can query the HSS 402 (or other servers, e.g., S-CSCF 232) and receive a response indicating identification information.
- TAS 404 can query HSS 402 with a Public User Identity specified in a SIP "From" header of the first service message, or an IP address of the MO UE 102, and receive an IMSI.
- the identification information can be determined to include an anonymous- party indicator, e.g., the URL ⁇ sip:anonymous@anonymous.invalid>.
- TAS 404 can retrieve authorization information corresponding to the identification information. For example, TAS 404 can retrieve the authorization from an internal database. In some examples, as shown, TAS 404 can retrieve the authorization information from authorization server 406. For example, TAS 404 can query an EIR using the Diameter protocol to determine the authorization information, e.g., corresponding to an IMEI of MO UE 102. In some examples, TAS 404 can query authorization server 406 for identification information of multiple parties, e.g., MO UE 102 and MT UE 104, in one or more queries. In some examples, TAS 404 can query authorization server 406 for authorization information or other information relating to supplementary services or customized logic for video call service authorization.
- TAS 404 can determine whether or not the authorization information indicates that the first session attribute is permitted.
- the authorization information can be specific to the first session attribute.
- the authorization information can indicate directly whether or not the first session attribute is permitted.
- the authorization information can include permissions for a variety of session attributes.
- TAS 404 can locate, in the authorization information, permissions corresponding to the first session attribute.
- the identification information includes a network identifier of visited network 134.
- the identification information can include information extracted or derived from the PVNI SIP header.
- the authorization information indicates, for the identified visited network 134, which session attributes are to be downgraded or are disallowed (FIG. 5).
- HSS 402 can include information about services that are allowed. For example, HSS 402 can store flags or initial filter criteria (IFCs) for various session attributes that are permitted for a particular user. The authorization information can indicate session attributes that are not permitted, notwithstanding the IFCs or other information received from the HSS 402. This can permit controlling access more precisely than using the IFCs alone, and with reduced computational load and storage requirements on HSS 402 or TAS 404.
- IFCs initial filter criteria
- TAS 404 can determine a second session attribute different from the first session attribute based at least in part on the first session attribute. TAS 404 can further determine a second service message including information of the second session attribute. TAS 404 can then transmit the second service message to one or more parties of the telecommunication session, e.g., MT UE 104, via communications interface 334.
- downgrade from video to audio can include, e.g., breaking out the terminating leg of the session to a CS network.
- FIG. 5 shows a call flow 500 illustrating an example of service-failure messages. This call flow is as shown in FIG. 4 except as noted. As in FIG. 4, the first service message requests a video call and (block 412) video calls are not permitted for the session.
- TAS 404 receives, from a profile server such as HSS 402, service-access information associated with a user of MO UE 102.
- Block 410 can be as described above with reference to FIG. 4.
- TAS 404 can determine whether the session attribute is permitted as described above with reference to block 412, FIG. 4. In some examples, at block 504, TAS 404 can additionally or alternatively determine that the session attribute is not permitted if the service-access information from HSS 402 indicates the user is not authorized to use the first session attribute. For example, HSS 402 can transmit information from one or more service profiles to TAS 404 (or an S-CSCF, or another anchoring network device, and likewise throughout). TAS 404 can determine, at block 504, that the session attribute is not permitted if the information from the service profiles does not include a profile covering or enabling that session attribute.
- TAS 404 can determine a service-failure message based at least in part on the first service message. TAS 404 can then transmit the service-failure message to MO UE 102 via communications interface 334.
- the service-failure message includes a SIP 488 Not Supported response.
- the service- failure message can additionally or alternatively include other SIP return codes, e.g., in the 4xx, 5xx, or 6xx series, or other error or warning messages defined in other protocols, e.g., MSRP.
- FIG. 6 illustrates an example process 600 for controlling a communication session.
- Process 600 can be performed, e.g., by a core network device, e.g., the server 304, communicatively connectable with user equipment, e.g., computing device 302, of a telecommunications network 306 (all FIG. 2).
- the core network device includes one or more processors (e.g., processor 326) configured to perform operations described below, e.g., in response to computer program instructions of the authorization-processing module 330. Operations shown in FIG. 6 and in FIG. 7, discussed below, can be performed in any order except when otherwise specified, or when data from an earlier step is used in a later step.
- FIGS. 1-3 can carry out or participate in the steps of the exemplary method, and to various operations and messages shown in FIGS. 4 and 5 that can occur while the exemplary method is carried out or as part of the exemplary method. It should be noted, however, that other components can be used; that is, exemplary method(s) shown in FIGS. 6 and 7 are not limited to being carried out by the identified components, and are not limited to including the identified operations or messages.
- the server 304 receives, from a first party of a communication session, a service message including information of a first session attribute and associated with identification information of a party of the communication session (e.g., the first party or another party). This can be done, e.g., as described above with reference to first service message 114, FIG. 1, or TAS 404, FIG. 4.
- the identification information can include an IMEI or other types of identification information described above, e.g., with reference to AS 234, server 304, or block 408.
- the server 304 retrieves, from an authorization registry (e.g., authorization server(s) 122 or authorization registry 332), authorization information corresponding to the identification information. This can be done, e.g., as described above with reference to block 410.
- an authorization registry e.g., authorization server(s) 122 or authorization registry 332
- the server 304 determines whether the first capability is permitted. This can be done, e.g., as described above with reference to blocks 412 or 504. If so, the session can continue as normal. For example, the server 304 can relay the service message including the information of the first session attribute to one or more other parties of the communication session.
- block 606 can be performed with respect to all of the authorization information provided by block 604, or with respect to less than all of the authorization information provided by block 604.
- any operation described herein can produce data not consumed by a subsequent operation.
- the server 304 can determine a status message based at least in part on the service message.
- status messages can include second service messages such as those described above with reference to FIG. 4 and service-failure messages such as those described above with reference to FIG. 5.
- the server 304 can transmit the status message via communications interface 334.
- server 304 can transmit a status message including a second service message to one or more parties of the communication session, or can transmit a status message including a service-failure message to the first party.
- FIG. 7 illustrates an example process 700 for establishing a communication session performed, e.g., by a core network device, e.g., the server 304, FIG. 2.
- Blocks 602, 604, 606, and 610 can be as discussed above with reference to FIG. 6.
- Block 606 can be followed by block 702.
- Block 702 can be an example of block 608, FIG. 6.
- Block 702 can include blocks 704, 706, 708, or 710.
- Block 702 can be followed by block 712, which can include blocks 714 or 716 and which can be an example of block 610, FIG. 6.
- server 304 can determine whether the first session attribute is entirely disallowed, or whether a downgrade (e.g., from video to audio) can be performed. If the first session attribute is disallowed, the next block can be block 706; otherwise, the next block can be block 708.
- a downgrade e.g., from video to audio
- server 304 can determine the status message including a service-failure message. This can be done, e.g., as discussed above with respect to block 506, FIG. 5. Block 706 can be followed by block 714.
- server 304 can determine a second session attribute different from the first session attribute based at least in part on downgrade information associated with the first session attribute. This can be done, e.g., as discussed above with reference to FIG. 4.
- the first session attribute can be a video capability and the second session attribute can be an audio capability
- server 304 can determine the status message including information of the second session attribute. This can be done, e.g., as discussed above with reference to FIG. 4 or block 608.
- the status message including the service-failure message can be transmitted to the first party.
- the service- failure message 124 can be, e.g., a SIP 488 response, as discussed above, e.g., with reference to FIG. 5.
- the service-failure message 124 can include an indication of the session attribute that was disallowed. This can permit, e.g., the MO UE 102, to retry, e.g., without a disallowed attribute. For example, the MO UE 102 can retry a video call as a voice call if the MT UE 104 or terminating network does not support video. Transmitting the service-failure message 124 can reduce load on the network and resource consumption of the application server or other core network device.
- the status message including the information of the second session attribute can be transmitted to a second party of the communication session, e.g., a party different from the first party. This can be done, e.g., as described above with reference to FIG. 4.
- Various aspects described above permit allowing, disallowing, or downgrading services, e.g., based on whether a terminal is in a home network or is roaming in a visited network.
- the home network can support IMS or other services such as VoLTE calling, RCS, SMS over IP, or Presence.
- access to some of these services may be restricted on visited networks. For example, access may be restricted based on the operator of the visited network, a combination of the operator and the user of the terminal, or a combination of the operator, the user, and the requested service.
- technical effects of various examples can include controlling bandwidth usage and inhibiting the spread of malware.
- Technical effects of various examples can include controlling service access while maintaining rapid call setup times compared to prior schemes using IFC-based control.
- Example data transmissions (parallelograms) in FIGS. 1 and 3, example data exchanges in the call flow diagrams of FIGS. 4 and 5, and example blocks in the process diagrams of FIGS. 6 and 7 represent one or more operations that can be implemented in hardware, software, or a combination thereof to transmit or receive described data or conduct described exchanges.
- the illustrated blocks and exchanges represent computer-executable instructions that, when executed by one or more processors, cause the processors to transmit or receive the recited data.
- computer-executable instructions e.g., stored in program modules that define operating logic, include routines, programs, objects, modules, components, data structures, and the like that perform particular functions or implement particular abstract data types.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
In some implementations, a telecommunications network can include an anchoring network device. The anchoring network device can receive, from a first party of a communication session, a service message including information of a first session attribute and associated with identification information of a party of the communication session. The anchoring network device can retrieve, from an authorization registry, authorization information corresponding to the identification information. In response to the authorization information indicating the first capability is not permitted, the anchoring network device can determine a status message based at least in part on the service message and transmit the status message via a communications interface. The status message can include a service-failure message or a second service message including information of a second, different session attribute.
Description
NETWORK SERVICE ACCESS CONTROL
CROSS REFERENCE TO RELATED APPLICATIONS
[0001] This patent application claims priority to U. S. Utility patent application with Serial No. 15/000,269, filed January 19, 2016. Application Serial No. 15/000,269 is fully incorporated herein by reference.
BACKGROUND
[0002] Many computing devices configured for telecommunications, such as smartphones, are capable of processing various types and encodings of media and interacting with various network services in addition to, e.g., two-party voice telephone calls. Examples of such media or services can include video calling or multi-party conferencing. Cellular and other portable communications devices may connect with networks of varying capability either within a communication session or between communication sessions.
BRIEF DESCRIPTION OF THE DRAWINGS
[0003] The detailed description is set forth with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The use of the same reference numbers in different figures indicates similar or identical items.
[0004] FIG. 1 is a block diagram illustrating a system for implementing network service access control according to some implementations.
[0005] FIG. 2 illustrates an example telecommunications network, including components used to perform service-access control of a communication session.
[0006] FIG. 3 is a block diagram illustrating a system for implementing service- access control according to some implementations.
[0007] FIG. 4 shows an example call flow illustrating downgrade of requested services.
[0008] FIG. 5 shows an example call flow illustrating disallowing of requested services.
[0009] FIG. 6 illustrates an example process for controlling access to network services in a communication session according to some implementations.
[0010] FIG. 7 illustrates an example process for controlling access to network services in a communication session according to some implementations.
DETAILED DESCRIPTION
[0011] Some example systems and techniques described herein permit making effective use of available network bandwidth by controlling which services are provided over which networks to which computing devices. Some example systems and techniques described herein permit improving security of telecommunications networks and of users' telecommunication devices by preventing malicious software, e.g., smartphone viruses or other malware, from communicating with other telecommunication devices. This can reduce or inhibit the spread of malware.
[0012] The terms "user equipment," "UE," and "terminal" may be used interchangeably herein to describe any communication or computing device capable of performing techniques described herein, e.g., with respect to computing devices 102 and 104, FIG. 1, or computing device 302 or server 304, FIG. 3. Computing devices as described herein can be configured to perform techniques described herein with respect to, e.g., application server(s) 106 or authorization server(s) 122, FIG. 1.
[0013] The term "session" as used herein includes a communications path for bidirectional exchange of data among two or more terminals. Example sessions include voice and video calls, e.g., by which human beings converse, a data communication session, e.g., between two electronic systems or between an electronic system and a human being, or a Rich Communication Suite (RCS, also known as JOYN) session.
[0014] Example networks carrying sessions include second-generation (2G) cellular networks such as the Global System for Mobile Communications (GSM) and third-generation (3G) cellular networks such as the Universal Mobile Telecommunications System (UMTS). Other example networks include fourth- generation (4G) cellular networks, such as LTE carrying VoLTE sessions using Session Initiation Protocol (SIP) signaling, the public switched telephone network (PSTN) using Signaling System 7 (SS7) signaling, and data networks, such as Institute of
Electrical and Electronics Engineers (IEEE) 802.11 (WIFI) networks carrying voice over Internet Protocol (VoIP) calls or other over-the-top (OTT) sessions encapsulating, e.g., voice or video data in a way transparent to an underlying packet transport. GSM and the PSTN are examples of circuit-switched (CS) networks; LTE and WIFI are examples of packet-switched (PS) networks.
[0015] As used herein, the term "capabilities" refers to data types, encodings, formats, bit rates, application protocols, underlying protocols, compression techniques, profiles, or coding/ decoding procedure (codecs) that are supported by a terminal, or that are requested by a user or terminal and supported by other device(s) involved in a session, for the exchange of data with other computing devices, e.g., in a session. Example capabilities can include particular audio codecs (supported by a terminal) or call forking (requested by a user or terminal; supported by a core network device).
[0016] As used herein, a "party" is a terminal or a user employing a terminal. Sessions can include the transfer of messages between parties. Systems and techniques herein can permit controlling bandwidth usage and security by controlling which capabilities can be used on particular communication sessions. In some examples, the control is facilitated transparently to the intercommunicating computing devices.
[0017] As used herein, a message described as "associated with" a data item can include that data item, or can include information that, alone or in combination with other information, permits retrieval that data item. For example, a message can be associated with a destination network address, e.g., by including the destination network address or by including a destination hostname that can be used to retrieve a corresponding destination network address from a database (e.g., the Internet Domain Name System, DNS).
[0018] Many networks are "heterogeneous networks," i.e., networks including devices or transport systems with various sets of capabilities. For example, many Long Term Evolution (LTE) cellular networks support voice over LTE (VoLTE) and also interconnect with the PSTN. Voice calls over VoLTE are generally encoded and decoded using an adaptive multi-rate (AMR) codec. Narrowband AMR (NB-AMR), for example, encodes audio data in the frequency range of approximately 300 Hz- 3400 Hz at a sampling rate of 8 kHz into compressed data at bit rates between 4.75 kbit/s and 12.2 kbit/s. By contrast, the PSTN generally carries uncompressed audio in the 400 Hz-3400 Hz band formatted according to the International
Telecommunications Union (ITU) G.711 standard as uncompressed, 8-bit pulse code modulated (PCM) logarithmically-quantized samples. A voice call between a VoLTE device and a PSTN device therefore requires transcoding between NB-AMR and G.711 , in this example, or requires the VoLTE device to encode audio data using G.711 rather than NB-AMR.
[0019] As new codecs and protocols are developed, voice calls between terminals may require transcoding, protocol conversion, or specific codec or protocol selection if one terminal or network supports a codec or protocol, such as AMR, that the other terminal or network does not. Similarly, transcoding or protocol conversion may be required for interworking with environments such as personal computers (PCs), which can use codecs such as Vorbis, e.g., in an Ogg container, or Opus, used in the WebRTC (Web Real-Time Communication) protocol.
[0020] Codecs are also used for video. Example codecs used in LTE networks include ITU H.263, Moving Picture Experts Group (MPEG) standards such as MPEG- 4 part 2, and H.264/MPEG-4 part 10. However, many other video codecs are used in other environments, e.g., Theora, QUICKTIME, VP6, and VP8 in PC environments, and MPEG-1 and MPEG-2 in older PCs or telecommunication systems. Audio or video communications between devices with different codec capabilities may require transcoding or specific codec selection. Video transcoding, in particular, can be computationally expensive. Some examples herein can permit controlling access to video services, which can reduce the network and processing load of communication sessions.
[0021] As used herein, a "session attribute" is a type, identity, capability, or party of a communication session determined by or at the request of a party of the communication session, or determined in response to a message from a party of the communication session. For example, in a video call from Alice to Bob, the session attributes can include Alice as the originator, Bob as the recipient, and a video codec (e.g., H.263) that Alice and Bob's respective terminals are using to encode and decode the exchanged video. In another example, a text message from Dennis to Ken, the session attributes can include Dennis as the sender, Ken as the recipient, and a protocol identifier indicating whether the text message is being carried via the Short Message Service (SMS) protocol or the RCS Message Session Relay Protocol (MSRP). In still another example, a transfer of a party to a session, Alfred can call Peter. During the
conversation, Peter may want to transfer Alfred to Brian. The session attributes when the transfer is initiated can include Alfred as the originating party, Peter as the terminating party, and Brian as the referred-to party. In yet another example, presence detection, Linus may wish to determine whether Alan is online. Linus 's terminal may transmit a request for Alan's presence information to a presence server. The session attributes can include Linus as the originating party, Alan as the target party, and "presence request" as the type of communication session. In still another example, Grace and Ada may wish to stream audio of a symphonic performance. The session attributes can include Grace, Ada, and the symphony's server as parties, Advanced Audio Coding (AAC) as an audio-codec capability, and a quality of service (QoS) level indicating a required bandwidth of 320 kbit/s for the audio stream.
[0022] In some examples, an anchoring network device, e.g., an application server (AS), is communicatively connectable with cellular user equipment (UE) or another computing device or terminal. The anchoring network device can be configured to receive, from a first party of a communication session, a service message including information of a first session attribute and associated with identification information of a party of the communication session. The anchoring network device can retrieve, from an authorization registry, authorization information corresponding to the identification information. In response to the authorization information indicating the first capability is not permitted, the anchoring network device can determine a status message based at least in part on the service message, and transmit the status message via a communications interface.
[0023] Some prior schemes control access to services using initial filter criteria (IFCs). However, this is a very coarse level of control, restricted to determining service access based on explicitly-stated SIP header contents. For example, specific visited networks identified in the P-Visited-Network-ID (PVNI) header can be referenced by IFCs. However, even if per-visited-network service blocking could be implemented using IFCs, one IFC would be required per country, per operator. Any such set of IFCs would require large amounts of storage and large amounts of processing time on call setup, thus delaying the establishment of each and every communication session by a user having such a large set of IFCs.
[0024] Furthermore, PVNI may be included only in registration requests (RFC 3455, sec. 4.3.2), so PVNI is not necessarily available for use by IFCs in all SIP
messages initiating communication sessions. Moreover, IFCs cannot route based on information transferred by non-SIP protocols such as Lightweight Directory Access Protocol (LDAP), Simple Object Access Protocol (SOAP) over Hypertext Transfer Protocol (HTTP), or Diameter. Also, IFCs are only applied when a session is initiated and are not useful for session attributes that may change during the course of a session.
[0025] FIG. 1 is a block diagram illustrating a telecommunication system 100 according to some examples. The system includes computing devices 102 and 104, e.g., user equipment or other mobile phones or communications devices or terminals. The computing devices 102 and 104 can be operated, e.g., by a user and a first user respectively (not shown). The computing devices 102 and 104 are communicatively connected to one or more application server(s) 106, e.g., via respective access networks 108 and 110. The application server(s) 106 can include, e.g., a telephony application server (TAS) of an Internet Protocol (IP) Multimedia Subsystem (IMS) in a VoLTE-capable network.
[0026] The computing devices 102 and 104 may be implemented as any suitable mobile computing devices configured to communicate over a wireless and/or wireline network, including, without limitation, a mobile phone (e.g., a smart phone), a tablet computer, a laptop computer, a portable digital assistant (PDA), a wearable computer (e.g., electronic/smart glasses, a smart watch, fitness trackers, etc.), a networked digital camera, and/or similar mobile devices. Although this description predominantly describes the computing devices 102 and 104 as being "mobile" or "wireless," (e.g., configured to be carried and moved around), it is to be appreciated that the computing devices 102 and 104 may represent various types of communication devices that are generally stationary as well, such as televisions, desktop computers, game consoles, set top boxes, and the like. User equipment can include user cellular equipment or other telecommunications or computing devices communicatively connectable with other computing devices via one or more application server(s) 106. Mobile phones and copper-loop landline phones can be examples of user equipment.
[0027] When the first user desires to place a call to the second user, the computing device 102, e.g., in response to actuation by the first user of a "Send" control 112, transmits an initiation request. The initiation request is an example of a service message 114 of a communication session. Service message 114 can also be transmitted
during a communication session, e.g., to transfer a file or switch between audio and video calling.
[0028] The illustrated service message 1 14, e.g., an outgoing voice call, includes information of a destination 116, i. e., a computing device 104 with which computing device 102 is requesting a session be established. In this example, only one destination is shown, namely the computing device 104. However, the service message 1 14 can specify any number of destinations. The illustrated service message 1 14 also includes information 118 of a first session attribute, e.g., one or more media capabilities of the computing device 102 or protocol types of the communication session. The information 118 of the first session attribute is also referred to as an "offer." In an example, the service message 1 14 includes a SIP INVITE message having a Session Description Protocol (SDP) body including a session description, e.g., the information 118 of the session attribute. In an example, the session description specifies whether voice or video calling is desired.
[0029] The application server(s) 106 receive from the computing device 102 the service message 114 and perform authorization processing 120, described below with reference to FIGS. 2-7. As described below, in some examples, the application server(s) 106 interact with one or more authorization server(s) 122 to perform the authorization processing 120. In some examples, the authorization server(s) 122 include an Equipment Identity Register (EIR) or Enhanced EIR (EEIR) communicatively connected with the application server(s) 106.
[0030] In some examples, based, on the information 118 of the capabilities, the authorization processing transmits a service-failure message 124 to the computing device 102. The service-failure message 124 indicating the session cannot be established, or the requested attribute is not supported. This can be an example of disallowing the first session attribute indicated by the information 1 18.
[0031] In some examples, the authorization processing 120 modifies the information 118 of the session attribute or otherwise determines information 126 of a second session attribute different than the session attribute in service message 114, e.g., based on an indication of a network to which computing device 102 is connected. The application server(s) 106 then transmits a second service message 128 including the information 126 of the second session attribute, e.g., to the computing device 104. This can be an example of modifying or downgrading a session attribute.
[0032] The computing device 104 thus receives a service message 128 including modified information 126 of the session attribute. In the example of a session initiation message, the computing device 104 can respond, e.g., by alerting the second user and transmitting a SIP 180 Ringing response to the computing device 102. The user of the computing device 104 can then indicate the call should be accepted, e.g., by operating a call-acceptance control 130 such as a touchscreen button. The computing device 104 can then accept the service message, e.g., by sending a SIP 200 OK response to the computing device 102. Call initiation can be performed, e.g., as defined in the Global System for Mobile (GSM) or Voice-over-Long Term Evolution (VoLTE) standards, and can include the exchange of additional messages (not shown) between the computing devices 102 and 104 and the application server(s) 106. Data of the session, such as audio data or video data formatted as specified in the modified information 126, can be exchanged between computing devices 102 and 104 via a communications channel depicted as media path 132, which, as shown, can pass through application server(s) 106 or can bypass application server(s) 106.
[0033] In some examples, as represented by the bent dashed line, UE 102 is roaming in, or otherwise connected to, a visited network 134 while transmitting the first service message 114. The visited network 134 can include a visited public land mobile network (VPLMN). In some examples, application server(s) 106 or authorization server(s) 122 are located in or part of a home network 136. The visited network 134 can include a home public land mobile network (HPLMN). In some examples, UE 102 is configured so that any network other than home network 136 is a visited network such as visited network 134. Various examples herein relate to home-routed services, in which application server(s) 106 of home network 136 anchor or control communication sessions of which UE 102 is a party, even when UE 102 is roaming in visited network 134. In FIG. 1, access network 110 can be part of visited network 134, home network 136, or another network.
[0034] Various examples herein permit interworking advanced techniques with installed equipment not supporting those techniques. For example, various techniques herein permit interworking EVS codecs on a VoLTE network with non-EVS-capable VoLTE user equipment or CS user equipment. Various examples herein permit interworking between cellular and PC environments. Various examples herein permit removal or modification of session attributes that are applicable to the calling party's
network, computing device, or environment, but not applicable to the called party's network, computing device, or environment (e.g., VoIP calls from a Web browser or IP AD application using Opus via a WebRTC gateway to an IMS subscriber, or vice versa). Such interworking can permit introducing new voice-enhanced codecs or other capabilities, e.g., in a home network, without causing compatibility problems with a visited network. Various examples herein permit removal or modification of session attributes that are applicable to a user's home network or environment, but not applicable to a network or environment in which a user is roaming. Various examples herein permit controlling bandwidth usage and network congestion by controlling which services are available to which parties on which networks. Various examples herein permit controlling service access based on, e.g., user, visited network and device type (or any combination of any of those).
[0035] In some examples, a user or terminal may be known to be either malicious or vulnerable. For example, a zero-day vulnerability may be uncovered in an application running on a number of terminals, and those terminals may be subject to attack by malicious parties until the application is updated to fix the vulnerability. In some examples, session attributes related to the vulnerable application may be downgraded or disallowed so that the vulnerable application is not invoked. This can remove opportunities for malicious parties to exploit the vulnerability. In some examples, if an application on a particular terminal is infected by malware, e.g., a virus or worm, session attributes originated by that application on that terminal can be disallowed or downgraded to reduce the number of vectors available for the malware to infect other applications or terminals. In some examples, if a terminal is infected or malicious, call transfers to that terminal can be disallowed to reduce attack vectors from that terminal to other terminals.
[0036] In some examples, disallowing or downgrading session attributes can permit regulating bandwidth usage by subscribers or terminals. For example, high-bandwidth services can be disallowed or downgraded on congested networks to maintain QoS levels.
[0037] FIG. 2 illustrates an example telecommunications network 200. User equipment 202 communicates with access system 204 of the telecommunications network. Access system 204 can include a first access network of a first type (e.g., LTE) and a second access network, e.g., of a second, different type (e.g., WIFI). Each
of the first access network and the second access network can be configured to selectively carry a communication session of user equipment 202. For example, voice calls can be carried over the first access network using voice-over-LTE (VoLTE) and over the second access network using voice-over-WIFI (VoWIFI). In some examples, the first type is a PS cellular type and the second type is a PS local-area-network type. IMS 206 communicates with access system 204 and provides media-handling services, e.g., to route video or voice data or to maintain continuity of the communication session during handover of the communication session.
[0038] In the illustrated example, access system 204 includes at least a mobility management entity (MME) 208 associated with a PS access network 210, a bridge 212 (or other packet relay) associated with a LAN-based access network 214, or a mobile switching center (MSC) server (MSS) 216 associated with a CS access network 218.
[0039] The PS access network 210, e.g., an LTE access network, may include an eNodeB 220, e.g., a 4G base station or other access point, that provides connectivity to the PS access network 210. The LAN-based access network 214, e.g., a WIFI network, may include a wireless access point (WAP) 222, e.g., a WIFI WAP, that provides connectivity to the LAN-based access network 214. The CS access network 218 may include a CS base station 224 that provides connectivity to the CS access network 218. The IMS 206 of the telecommunications network may include a number of nodes, such as a proxy call session control function (P-CSCF) 226, a home location register (HLR)/home subscriber server (HSS) 228, an interrogating call session control function (I-CSCF) 230, a serving call session control function (S-CSCF) 232, an application server (AS) 234, e.g., a TAS, and an authorization server 236. The authorization server 236 can alternatively be located outside the IMS 206 and be communicatively connected with the IMS 206. The authorization server 236 can be or include, e.g., an HSS, an equipment identity register (EIR), an enhanced EIR (EEIR), a DNS server, or an E.164 Number Mapping (ENUM) server.
[0040] The telecommunications network may also include a number of devices or nodes not illustrated in FIG. 2. Such devices or nodes may include an access transfer control function (ATCF), an access transfer gateway (ATGW), a visitor location register (VLR), a serving general packet radio service (GPRS) support node (SGSN), a gateway GPRS support node (GGSN), a policy control rules function (PCRF) node, a serving gateway (S-GW), a session border controller (SBC), or a media gateway. IMS
206 may further include a number of devices or nodes not illustrated in FIG. 2, such as a presence server and one or more additional CSCFs. A core network of the telecommunications network may be a GPRS core network or an evolved packet core (EPC) network, or may include elements from both types of core networks.
[0041] The telecommunications network may provide a variety of services to user equipment 202, such as synchronous communication routing across a public switched telephone network (PSTN). Further services may include call control, switching, authentication, billing, etc. In at least one example, IMS 206 functions and devices communicate using specific services provided by the access system 204 or elements thereof, but are not directly tied to those specific services. For example, IMS 206 devices can intercommunicate using an EPC network, a GSM network, a SONET network, or an Ethernet network.
[0042] In initializing a communication session, the user equipment 202 may register the communication session with the IMS 206 of the telecommunications network. To do this, the user equipment 202 sends an initiation SIP REGISTER request to the IMS 206 via an access network, e.g., via the eNodeB 220 and MME 208 of the PS access network 210. The P-CSCF 226 of the IMS 206 may receive the SIP REGISTER request. P-CSCF 226 may forward the REGISTER request directly to S-CSCF 232, or may forward the request to I-CSCF 230, which can locate an appropriate S-CSCF 232, e.g., using stored database information, and forward the REGISTER request to the located S-CSCF 232. In some examples, the P-CSCF 226 is located in a visited network of UE 202 and the I-CSCF 230 and S-CSCF 232 are located in a home network of UE 202. The S-CSCF 232 or other components (omitted for brevity) of the IMS 206 can store information about the user equipment 202 in the HLR/HSS 228 and then send a SIP response to the user equipment 202 to complete the IMS registration of the communication session.
[0043] In an example of session-control services, a signaling path ("SIG") of the communication session passes through P-CSCF 226, S-CSCF 232, and AS 234, as indicated by the dash-dot arrow. After AS 234, the example SIP signaling path passes back through S-CSCF 232 to a peer (not shown). In an example in which UE 202 is an originating (MO) UE, the peer can be, e.g., an S-CSCF corresponding to a terminating (MT) UE (omitted for brevity). As shown, in this example, the signaling path does not reach the authorization server 236. In the illustrated example, the AS 234 is an
anchoring network device and proxies signaling traffic for the communication session, e.g., operating as a SIP proxy or back-to-back user agent (B2BUA). In another example, the MSS 216 can be the anchoring network device and can proxy signaling traffic for the communication session, e.g., GSM or SS7 signaling traffic. In some examples, the anchoring network device can include an IP-Short Message (SM) Gateway AS or a Rich Communications Services (RCS) AS. In some examples, the anchoring network device can be included in or integrated with a TAS or other core network device. In some examples, an anchoring network device can include a Telephony Application Server (TAS) or Rich Communication Suite (RCS) anchoring network device.
[0044] The AS 234 (or other anchoring network device, and likewise throughout) can provide session-control services to UE 202. In some examples, the AS 234 is configured to communicate with authorization server 236, e.g., an HSS, EIR, or EEIR, via the Diameter protocol, e.g., over the LTE Sh interface or other appropriate interfaces. Examples of AS 234 functions are described in more detail below with reference to FIGS. 3-7.
[0045] In some examples, the AS 234 or the authorization server 236 can include a memory, e.g., a computer-readable memory, storing a mapping between identification information and authorization information. The AS 234 or authorization server 236 can be configured to receive a modification instruction and modify the mapping in response to the modification instruction. This can permit dynamically updating the authorization information, increasing flexibility of the telecommunications network.
[0046] Session attributes can be indicated, e.g., in a header or body of a SIP request or response, such as a Session Description Protocol (SDP) body. The session attributes can include at least an access-network type of the communication session, a device type of user equipment 202 participating in the communication session, a media capability of the user equipment 202 (e.g., whether or not the UE 202 supports video, or which codecs the UE 202 supports), a virtual -network identifier of the user equipment (e.g., identification of a mobile virtual network operator, MVNO, of UE 202), or an authentication type of the user equipment (e.g., SIM-based or other).
[0047] In some examples, such as for IMS-capable users registering via a CS access network 218, the anchoring network device can receive an indication of user equipment 202, e.g., from MSS 216. The anchoring network device can transmit a
request for registration information corresponding to the user equipment. The request can be transmitted, e.g., to HLR/HSS 228. The anchoring network device can, in response to the transmitted request, receive a message, e.g., a Diameter message, indicating session attributes of communication sessions in which UE 202 may participate. This can permit providing capability-specific session-control services even to terminals that are not transmitting SIP signaling.
[0048] The devices and networks illustrated in FIG. 2 can be examples of the devices and networks illustrated in FIG. 1 and described above. For instance, UE 202 can represent computing device 102 or 104, any of PS access network 210, LAN-based access network 214, or CS access network 218 can represent access network 108 or 110, application server 234 can represent application server(s) 106, or authorization server 236 can represent authorization server(s) 122.
[0049] Also, the eNodeB 220 can be an access point for the PS access network 210, and the CS base station 224 can be a base station for the CS access network 218. Accordingly, the descriptions of the devices and networks of FIG. 1 apply to the devices and networks of FIG. 2. The devices and networks of FIG. 2 may cooperate to accomplish session control, e.g., as shown in FIG. 1 and described herein. They may also cooperate to accomplish the initialization of a communication session of user equipment 202.
[0050] FIG. 3 is a block diagram illustrating a system 300 permitting authorization processing based on session attributes according to some implementations. The system 300 includes a computing device 302, e.g., a wireless phone or other user equipment such as computing device 102 or 104, FIG. 1, coupled to a server 304 via a network 306. The server 304 can represent the application server(s) 106, FIG. 1 or the AS 234, FIG. 2, e.g., a TAS, an RCS AS, a short message service center (SMSC), a presence server, or a conferencing server.
[0051] The network 306 can include one or more networks, such as a cellular network 308 and a data network 310. The network 306 can include one or more core network(s) connected to user equipment via one or more access network(s). Example access networks include LTE, WIFI, GSM EDGE Radio Access Network (GERAN), UMTS Terrestrial Radio Access Network (UTRAN), and other cellular access networks. Service access control as described herein can be performed, e.g., for services provided via 2G, 3G, 4G, WIFI, or other networks. Service access control can
be performed with respect to any party known to the network, e.g., any party registered in an IMS.
[0052] The cellular network 308 can provide wide-area wireless coverage using a technology such as GSM, Code Division Multiple Access (CDMA), UMTS, LTE, or the like. Example networks include Time Division Multiple Access (TDMA), Evolution-Data Optimized (EVDO), Advanced LTE (LTE+), Generic Access Network (GAN), Unlicensed Mobile Access (UMA), Orthogonal Frequency Division Multiple Access (OFDM), General Packet Radio Service (GPRS), Enhanced Data GSM Environment (EDGE), Advanced Mobile Phone System (AMPS), High Speed Packet Access (HSPA), evolved HSPA (HSPA+), VoIP, VoLTE, IEEE 802. lx protocols, wireless microwave access (WIMAX), WIFI, and/or any future IP-based network technology or evolution of an existing IP-based network technology. Communications between the server 304 and computing devices such as the computing device 302 can additionally or alternatively be performed using other technologies, such as wired (Plain Old Telephone Service, POTS, or PSTN lines), optical (e.g., Synchronous Optical NETwork, SONET) technologies, and the like.
[0053] The data network 310 can include various types of networks for transmitting and receiving data (e.g., data packets), including networks using technologies such as WIFI, IEEE 802.15.1 ("Bluetooth"), Asynchronous Transfer Mode (ATM), WIMAX, and other network technologies, e.g., configured to transport Internet Protocol (IP) packets. In some examples, the server 304 includes or is communicatively connected with an interworking function (IWF) or other device bridging networks, e.g., LTE, third-generation cellular (3G), and POTS networks. In some examples, the server 304 can bridge SS7 traffic from the PSTN into the network 306, e.g., permitting PSTN customers to place calls to cellular customers and vice versa.
[0054] In some examples, the cellular network 308 and the data network 310 can carry voice or data. For example, the data network 310 can carry voice traffic using Voice over Internet Protocol (VoIP) or other technologies as well as data traffic, or the cellular network 308 can carry data packets using High Speed Packet Access (HSPA), LTE, or other technologies as well as voice traffic. Some cellular networks 308 carry both data and voice in a PS format. For example, many LTE networks carry voice traffic in data packets according to the voice-over-LTE (VoLTE) standard. Various examples herein provide origination and termination of, e.g., carrier-grade voice calls
on, e.g., networks 306 using CS transports or mixed VoLTE/3G transports, or on computing devices 302 including original equipment manufacturer (OEM) handsets and non-OEM handsets.
[0055] The computing device 302 can be or include a wireless phone, a wired phone, a tablet computer, a laptop computer, a wristwatch, or other type of computing device. The computing device 302 can include one or more processors 312, e.g., one or more processor devices such as microprocessors, microcontrollers, field- programmable gate arrays (FPGAs), application-specific integrated circuits (ASICs), programmable logic devices (PLDs), programmable logic arrays (PLAs), programmable array logic devices (PALs), or digital signal processors (DSPs), and one or more computer readable media 314, such as memory (e.g., random access memory (RAM), solid state drives (SSDs), or the like), disk drives (e.g., platter-based hard drives), another type of computer-readable media, or any combination thereof. The computing device 302 can further include a user interface (UI) 316, e.g., including an electronic display device 318, a speaker, a vibration unit, a touchscreen, or other devices for presenting information to a user and receiving commands from the user. The user interface 316 can include a session-initiating user interface control 112, e.g., a touchscreen button, to indicate a communication session should be initiated. The user interface 316 or components thereof, e.g., the display 318, can be separate from the computing device 302 or integrated (e.g., as illustrated in FIG. 1) with the computing device 302. The computing device 302 can further include one or more radio(s) 320 configured to selectively communicate wirelessly via the network 306, e.g., via an access network 108 or 110, or one or more transceivers (not shown) configured to selectively communicate using wired connections via the network 306.
[0056] The computer readable media 314 can be used to store data and to store instructions that are executable by the processors 312 to perform various functions as described herein. The computer readable media 314 can store various types of instructions and data, such as an operating system, device drivers, etc. The processor- executable instructions can be executed by the processors 312 to perform the various functions described herein.
[0057] The computer readable media 314 can be or include computer-readable storage media. Computer-readable storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital
versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other tangible, non- transitory medium which can be used to store the desired information and which can be accessed by the processors 312. Tangible computer-readable media can include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data.
[0058] The computer readable media 314 can store information 322 of one or more capabilities or preferred or available session attributes of the computing device 302. The information 322 can include, e.g., indications of voice or video codecs supported by the computing device 302. The computer readable media 314 can additionally or alternatively store credentials (omitted for brevity) used for access, e.g., to IMS or RCS services.
[0059] The computer readable media 314 can include processor-executable instructions of a client application 324. The client application 324, e.g., a native or other dialer, can permit a user to originate and terminate communication sessions associated with the computing device 302, e.g., a wireless phone. The client application 324 can additionally or alternatively include an SMS, RCS, or presence client, or a client of another telephony service offered by the server 304. In some examples, the client application 324 can include computer instructions executable to cause the computing device 302 to transmit the service message 114 indicating the destination 1 16 and the information 118 of the session attribute to the server 304. The server 304 can receive from the computing device 302 or other user equipment the service message 114 of a communication session, e.g., as discussed above with reference to FIG. 1.
[0060] The server 304 can include one or more processors 326 and one or more computer readable media 328. The computer readable media 328 can be used to store processor-executable instructions of an authorization-processing module 330. The processor-executable instructions can be executed by the processors 326 to perform various functions described herein. In some examples (not shown), the computer readable media 328 or another component of the server 304 also stores an authorization registry, discussed below. In some examples, the server 304 is communicatively connected with an authorization registry 332 separate from the server 304. The server
can retrieve information from the authorization registry via, e.g., a SIP MESSAGE request, a SIP NOTIFY request (and corresponding SIP 200 OK response from the queried registry) or an HTTP request such as a GET to a Web Services or Representational State Transfer (REST) application programming interface (API) endpoint. In some examples, server 304 can communicate with computing device 302, authorization registry 332, or other devices via one or more communications interface(s) 334, e.g., network transceivers for wired or wireless networks, or memory interfaces. Example communications interface(s) 334 can include ETHERNET or FIBRE CHANNEL transceivers, WIFI radios, or DDR memory-bus controllers (e.g., for DMA transfers to a network card installed in a physical server 304).
[0061] The authorization registry 332 (or an authorization registry internal to server 304, and likewise throughout) can include a database storing authorization information, such as information of permitted or forbidden session attributes. The information in the authorization registry 332 can be stored in association with, or keyed by, identification information of one or more parties of a communication session. The server 304 can thus be configured to (e.g., by executing instructions stored in computer- readable media 328) retrieve from the authorization registry 332 authorization information corresponding to the identification information. The authorization information can specify one or more session attributes that are prohibited, e.g., one or more codecs or RCS services.
[0062] In some examples, in response to the first service message 114 associated with a communication session, new or existing, the server 304 can retrieve authorization information, e.g., from authorization registry 332. The authorization information can correspond to identification information of one or more parties of the communication session, e.g., computing device 302 or a user thereof. In some examples, the identification information can includes at least one of a terminal identifier such as an international mobile equipment identity (IMEI), a user identifier such as an international mobile subscriber identity (IMSI), a network identifier such as a mobile country code (MCC) and a mobile network code (MNC), a user address such as an E.164 international-dialing-plan telephone number, mobile station international subscriber directory number (MSISDN), or network address, such as an Internet IPv4 or IPv6 address, or a country code, e.g., indicating a country in which computing device 302 is located.
[0063] The first service message can include information 118 of a first session attribute. The server 304 can, using the authorization information, determine whether the first session attribute is permitted in the communication session. In some examples, server 304 can look up the identification information, the first session attribute, or a combination thereof in in authentication registry 332 to determine whether the first session attribute is permitted in the communication session. In some examples, server 304 can receive, from a profile server such as HSS 228, service-access information associated with a user of computing device 302 or other user equipment that transmitted the first service message 114. Server 304 can then look up at least the identification information or the first session attribute in the service-access information to determine whether the user is authorized to use the first session attribute, e.g., to participate in communication sessions having that session attribute. If the user is not authorized, the session attribute is not permitted in the communication session, at least with respect to that user.
[0064] In some examples, if the first session attribute is not permitted in the communication session, the server 304 can determine a second session attribute different from the first session attribute based at least in part on the first session attribute. For example, the second session attribute can include a "downgraded," e.g., less capable, attribute corresponding to the first session attribute. Examples are discussed below with reference to FIG. 4. For example, the server 304 can retrieve the second session attribute from a downgrade-information table or other data store.
[0065] In some examples, the downgrade information can be stored or transmitted with or within the authorization information. The downgrade information can include the second session attribute associated with a requested first session attribute. Additionally or alternatively, downgrade information can be stored on computer- readable media 328 or other computer-readable media, e.g., on server 304 or communicatively connected to server 304.
[0066] The server 304 can transmit a second service message including information 126 of the second session attribute, e.g., to computing device 302, computing device 104 (user equipment; indicated by a dashed arrow), or in general to one or more parties of the telecommunication session. In some examples, the user equipment (e.g., computing device 302) can be associated with a first party of the telecommunication session and the one or more parties can include a second party
different from the first party. In some examples, computing device 302 can be an originating terminal of the communication session, a terminating terminal of the communication session, or a participating terminal, e.g., involved in a multiparty conference session.
[0067] In some examples, the first session attribute and the second session attribute can include respective capabilities. In some of these examples, the first session attribute is a video capability and the second session attribute is an audio capability. For example, if the authorization information indicate the first session attribute, e.g., video calling, is not permitted, the second attribute can be determined to be audio calling. This can permit communications between parties even if a particular requested form of communication is not authorized.
[0068] In some examples, the first session attribute comprises a first set of one or more parties. For example, some telecommunications networks support "call forking," in which a single call placed to a user's telephone number causes multiple devices to ring. This can permit, e.g., one number to ring on both a user's home and work phones and the user's assistant's phone, e.g., substantially simultaneously, or sequentially as part of a hunt group. In some examples, the second session attribute comprises a second set of one or more parties including fewer than all of the parties in the first set of one or more parties. For example, depending on the identification information, e.g., the access network to which the computing device 302 is connected, the server 304 can determine that forking should occur to fewer than all of the numbers in the first set. This can, e.g., permit reducing network congestion by prohibiting forking to terminals connected via low-bandwidth or highly-congested access networks.
[0069] In some examples, the first session attribute and the second session attribute comprise respective protocols, e.g., respective, different protocols. For example, the first session attribute can specify that messages be sent via MSRP. If RCS is not available or preferred, the server 304 can determine the second session attribute as SMS or multimedia message service (MMS). This can permit users to exchange messages even when the preferred RCS functionality is not available, and can permit carriers to control bandwidth usage by controlling when RCS is available. In another example, the first session attribute can specify that an LTE transport be used for IP packets. If the LTE core is inaccessible, e.g., due to maintenance or an outage, the server 304 can determine the second session attribute specifying that GPRS or HSPA be used to carry
the packets. This can reduce user wait times and radio congestion by removing time and channel occupancy that computing device 302 or a peer computing device such as UE 104 might otherwise spend attempting unsuccessfully to communicate via LTE.
[0070] In some examples, the first session attribute can specify that SMS messages be sent via a PS data network. If a packet network is not available or reliable, the server 304 can determine the second session attribute indicating the SMS messages should be sent via a CS network using, e.g., a CS retry.
[0071] In some examples, if the first session attribute is not permitted in the communication session, the server 304 can transmit a service-failure message to computing device 302 indicating that the requested attribute is not available, e.g., as discussed below with reference to FIG. 5.
[0072] In some examples, e.g., of transferring a call, the first session attribute can include a referred-to party of a call transfer. The server 304 can determine the service- failure message including an indication that transfer to the referred-to party is prohibited. This can, e.g., reduce spam calls initiated by malware.
[0073] In some examples, e.g., of some RCS networks or other networks capable of maintaining user presence information (e.g., online vs. offline), the first session attribute comprises presence information of a user of computing device 302. The server 304 can be configured to determine the service-failure message including an indication that the presence information may not be published, e.g., in a presence registry. This can control bandwidth usage, e.g., by reducing visibility of users on low- bandwidth or congested networks and therefore reducing instant-message traffic sent to those users.
[0074] In some examples involving presence information, e.g., of an MT UE, the first session attribute can include a presence-query session type. In an example, the first service message 114 can include a SIP OPTIONS request, e.g., from the computing device to a user of interest. The server 304 can be configured to determine the service- failure message including an indication that presence information may not be retrieved. For example, the server 304 can determine the service-failure message including a SIP 4xx, 5xx, or 6xx response other than a SIP 404, 408, 480, or 604 response.
[0075] In some examples, the server 304 can transmit the determined service- failure message 124 (FIG. 1), e.g., a SIP 488 Not Acceptable response, to the computing device 302 originating the communications session. In some examples, the
service-failure information can provide the computing device 302 information about the reason for the failure. This can permit the originating computing device 302 to retry the session initiation using a codec or other session attribute likely to correspond, or known to correspond, with the capability information of the terminating device or network. In some examples, the service-failure message 124 can indicate one or more of the session attributes that are prohibited. This permits the originating computing device 302 to retry the service request without using a session attribute known to be disallowed.
[0076] FIG. 4 shows a call flow 400 illustrating an example downgrade of a service request of a session. The illustrated session is from originating (MO) UE (e.g., computing device 102) to a terminating (MT) UE (e.g., computing device 104). The terms "MO" and "MT" are used herein for brevity and do not require any device so identified be a mobile device. Several core network devices are shown, including an HSS 402, a telephony application server (TAS) 404, which is an example of an anchoring network device, and an authentication server 406, e.g., an EEIR. Not all core network devices are shown. In some examples omitted for brevity, functions described below with reference to TAS 404, which is communicatively connected with MO UE 102, can additionally or alternatively be performed with a terminating TAS communicatively connected with MT UE 104. In some examples, both the originating TAS 404 and the terminating TAS can check authorization information and disallow or downgrade as described herein.
[0077] As shown, the MO UE 102 sends a first service message, in this example a session-initiation request in the form of a SIP INVITE with an SDP message body. The TAS 404 receives, from the user equipment (MO UE 102), the first service message associated with the new communication session to be established. The first service message includes information of a first session attribute. In this example, the first service message requests a video call, e.g., by including an "m=video" line in the SDP body.
[0078] As noted above, the first service message can additionally or alternatively be associated with an existing communication session. For example, the first service message can be transmitted in an existing communication session to add attributes to that session, e.g., to transfer a file or send an instant message. Any number of first service messages and corresponding status messages, e.g., service-failure messages 124
or second service messages 128, can be transmitted in a particular communication session.
[0079] At block 408, TAS 404 determines identification information of one or more parties of the communication session. For example, as noted above, the identification information can include a terminal identifier such as an IMEI, a user identifier such as an IMSI, a network identifier such as an MCC/MNC pair, a user address such as an E.164 or IP address, or a country code. In some examples, the identification information can include an identifier of a Mobile virtual network operator (MVNO) determined from the IMSI of MO UE 102 or MT UE 104. In some examples, TAS 404 can determine an IMEI of MO UE 102 and an IMEI of MT UE 104. In some examples, TAS 404 can determine the identification information from the first service message. For example, the first service message is accompanied by the IP address of MO UE 102. In another example, if the first service message is a SIP message, e.g., a SIP REGISTER request or a SIP INVITE request, including a P- Access-Network-Info (PANI) header, the cell global identity (CGI) of the cell (e.g., the eNodeB 220) serving the MO UE 102 can be retrieved from the "cgi-3gpp" parameter of the PANI header. The cgi-3gpp parameter can include the MCC, MNC, location area code (LAC), and cell identity (CI).
[0080] As shown, in some examples, TAS 404 can query the HSS 402 (or other servers, e.g., S-CSCF 232) and receive a response indicating identification information. For example, TAS 404 can query HSS 402 with a Public User Identity specified in a SIP "From" header of the first service message, or an IP address of the MO UE 102, and receive an IMSI. In some examples, if specific identification information cannot be retrieved, the identification information can be determined to include an anonymous- party indicator, e.g., the URL <sip:anonymous@anonymous.invalid>.
[0081] At block 410, TAS 404 can retrieve authorization information corresponding to the identification information. For example, TAS 404 can retrieve the authorization from an internal database. In some examples, as shown, TAS 404 can retrieve the authorization information from authorization server 406. For example, TAS 404 can query an EIR using the Diameter protocol to determine the authorization information, e.g., corresponding to an IMEI of MO UE 102. In some examples, TAS 404 can query authorization server 406 for identification information of multiple parties, e.g., MO UE 102 and MT UE 104, in one or more queries. In some examples,
TAS 404 can query authorization server 406 for authorization information or other information relating to supplementary services or customized logic for video call service authorization.
[0082] At block 412, TAS 404 can determine whether or not the authorization information indicates that the first session attribute is permitted. In some examples, the authorization information can be specific to the first session attribute. In some of these examples, the authorization information can indicate directly whether or not the first session attribute is permitted. In some examples, the authorization information can include permissions for a variety of session attributes. In some of these examples, at block 412, TAS 404 can locate, in the authorization information, permissions corresponding to the first session attribute.
[0083] In some examples, the identification information includes a network identifier of visited network 134. For example, the identification information can include information extracted or derived from the PVNI SIP header. The authorization information indicates, for the identified visited network 134, which session attributes are to be downgraded or are disallowed (FIG. 5).
[0084] In some examples, HSS 402 can include information about services that are allowed. For example, HSS 402 can store flags or initial filter criteria (IFCs) for various session attributes that are permitted for a particular user. The authorization information can indicate session attributes that are not permitted, notwithstanding the IFCs or other information received from the HSS 402. This can permit controlling access more precisely than using the IFCs alone, and with reduced computational load and storage requirements on HSS 402 or TAS 404.
[0085] At block 414, in response to the authorization information indicating the first session attribute is not permitted, TAS 404 can determine a second session attribute different from the first session attribute based at least in part on the first session attribute. TAS 404 can further determine a second service message including information of the second session attribute. TAS 404 can then transmit the second service message to one or more parties of the telecommunication session, e.g., MT UE 104, via communications interface 334. In the illustrated example, the second service message is a SIP INVITE including an SDP body modified, compared to the body of the first service message, to request an audio call ("m=audio") instead of a
video call. In some examples of a terminating TAS, downgrade from video to audio can include, e.g., breaking out the terminating leg of the session to a CS network.
[0086] FIG. 5 shows a call flow 500 illustrating an example of service-failure messages. This call flow is as shown in FIG. 4 except as noted. As in FIG. 4, the first service message requests a video call and (block 412) video calls are not permitted for the session.
[0087] At block 502, in some examples, TAS 404 receives, from a profile server such as HSS 402, service-access information associated with a user of MO UE 102.
[0088] Block 410 can be as described above with reference to FIG. 4.
[0089] At block 504, in some examples, TAS 404 can determine whether the session attribute is permitted as described above with reference to block 412, FIG. 4. In some examples, at block 504, TAS 404 can additionally or alternatively determine that the session attribute is not permitted if the service-access information from HSS 402 indicates the user is not authorized to use the first session attribute. For example, HSS 402 can transmit information from one or more service profiles to TAS 404 (or an S-CSCF, or another anchoring network device, and likewise throughout). TAS 404 can determine, at block 504, that the session attribute is not permitted if the information from the service profiles does not include a profile covering or enabling that session attribute.
[0090] At block 506, in response to the authorization information indicating the first session attribute is not permitted, e.g., as discussed above with reference to blocks 412 or 504, TAS 404 can determine a service-failure message based at least in part on the first service message. TAS 404 can then transmit the service-failure message to MO UE 102 via communications interface 334. In the illustrated example, the service-failure message includes a SIP 488 Not Supported response. The service- failure message can additionally or alternatively include other SIP return codes, e.g., in the 4xx, 5xx, or 6xx series, or other error or warning messages defined in other protocols, e.g., MSRP.
[0091] FIG. 6 illustrates an example process 600 for controlling a communication session. Process 600 can be performed, e.g., by a core network device, e.g., the server 304, communicatively connectable with user equipment, e.g., computing device 302, of a telecommunications network 306 (all FIG. 2). In some examples, the core network device includes one or more processors (e.g., processor 326) configured
to perform operations described below, e.g., in response to computer program instructions of the authorization-processing module 330. Operations shown in FIG. 6 and in FIG. 7, discussed below, can be performed in any order except when otherwise specified, or when data from an earlier step is used in a later step. For clarity of explanation, reference is herein made to various components shown in FIGS. 1-3 that can carry out or participate in the steps of the exemplary method, and to various operations and messages shown in FIGS. 4 and 5 that can occur while the exemplary method is carried out or as part of the exemplary method. It should be noted, however, that other components can be used; that is, exemplary method(s) shown in FIGS. 6 and 7 are not limited to being carried out by the identified components, and are not limited to including the identified operations or messages.
[0092] At 602, the server 304, e.g., the processor 326, receives, from a first party of a communication session, a service message including information of a first session attribute and associated with identification information of a party of the communication session (e.g., the first party or another party). This can be done, e.g., as described above with reference to first service message 114, FIG. 1, or TAS 404, FIG. 4. In some examples, the identification information can include an IMEI or other types of identification information described above, e.g., with reference to AS 234, server 304, or block 408.
[0093] At 604, the server 304 retrieves, from an authorization registry (e.g., authorization server(s) 122 or authorization registry 332), authorization information corresponding to the identification information. This can be done, e.g., as described above with reference to block 410.
[0094] At 606, the server 304 determines whether the first capability is permitted. This can be done, e.g., as described above with reference to blocks 412 or 504. If so, the session can continue as normal. For example, the server 304 can relay the service message including the information of the first session attribute to one or more other parties of the communication session.
[0095] In the examples described herein, including examples described with reference to FIGS. 1-7, unless otherwise specified, individual items, e.g., physical items or data items, can be provided or operated on by any combination of the described operations. For example, block 606 can be performed with respect to all of the authorization information provided by block 604, or with respect to less than all of the
authorization information provided by block 604. Similarly, any operation described herein can produce data not consumed by a subsequent operation.
[0096] At 608, in response to the authorization information indicating the first capability is not permitted, the server 304 can determine a status message based at least in part on the service message. Examples of status messages can include second service messages such as those described above with reference to FIG. 4 and service-failure messages such as those described above with reference to FIG. 5.
[0097] At 610, the server 304 can transmit the status message via communications interface 334. For example, server 304 can transmit a status message including a second service message to one or more parties of the communication session, or can transmit a status message including a service-failure message to the first party. Some examples are discussed above with reference to FIG. 2 and below with reference to FIG. 7.
[0098] FIG. 7 illustrates an example process 700 for establishing a communication session performed, e.g., by a core network device, e.g., the server 304, FIG. 2. Blocks 602, 604, 606, and 610 can be as discussed above with reference to FIG. 6. Block 606 can be followed by block 702. Block 702 can be an example of block 608, FIG. 6. Block 702 can include blocks 704, 706, 708, or 710. Block 702 can be followed by block 712, which can include blocks 714 or 716 and which can be an example of block 610, FIG. 6.
[0099] At block 704, server 304 can determine whether the first session attribute is entirely disallowed, or whether a downgrade (e.g., from video to audio) can be performed. If the first session attribute is disallowed, the next block can be block 706; otherwise, the next block can be block 708.
[0100] At block 706, server 304 can determine the status message including a service-failure message. This can be done, e.g., as discussed above with respect to block 506, FIG. 5. Block 706 can be followed by block 714.
[0101] At block 708, if the first session attribute is not disallowed, server 304 can determine a second session attribute different from the first session attribute based at least in part on downgrade information associated with the first session attribute. This can be done, e.g., as discussed above with reference to FIG. 4. In some examples, the first session attribute can be a video capability and the second session attribute can be an audio capability
[0102] At block 710, server 304 can determine the status message including information of the second session attribute. This can be done, e.g., as discussed above with reference to FIG. 4 or block 608.
[0103] At block 714, if the first session attribute is disallowed, the status message including the service-failure message can be transmitted to the first party. The service- failure message 124 can be, e.g., a SIP 488 response, as discussed above, e.g., with reference to FIG. 5. In some examples, the service-failure message 124 can include an indication of the session attribute that was disallowed. This can permit, e.g., the MO UE 102, to retry, e.g., without a disallowed attribute. For example, the MO UE 102 can retry a video call as a voice call if the MT UE 104 or terminating network does not support video. Transmitting the service-failure message 124 can reduce load on the network and resource consumption of the application server or other core network device.
[0104] At block 716, if the first session attribute is not disallowed, the status message including the information of the second session attribute can be transmitted to a second party of the communication session, e.g., a party different from the first party. This can be done, e.g., as described above with reference to FIG. 4.
[0105] Various aspects described above permit allowing, disallowing, or downgrading services, e.g., based on whether a terminal is in a home network or is roaming in a visited network. In some examples, the home network can support IMS or other services such as VoLTE calling, RCS, SMS over IP, or Presence. In some examples, access to some of these services may be restricted on visited networks. For example, access may be restricted based on the operator of the visited network, a combination of the operator and the user of the terminal, or a combination of the operator, the user, and the requested service. As discussed above, technical effects of various examples can include controlling bandwidth usage and inhibiting the spread of malware. Technical effects of various examples can include controlling service access while maintaining rapid call setup times compared to prior schemes using IFC-based control.
[0106] Example data transmissions (parallelograms) in FIGS. 1 and 3, example data exchanges in the call flow diagrams of FIGS. 4 and 5, and example blocks in the process diagrams of FIGS. 6 and 7 represent one or more operations that can be implemented in hardware, software, or a combination thereof to transmit or receive
described data or conduct described exchanges. In the context of software, the illustrated blocks and exchanges represent computer-executable instructions that, when executed by one or more processors, cause the processors to transmit or receive the recited data. Generally, computer-executable instructions, e.g., stored in program modules that define operating logic, include routines, programs, objects, modules, components, data structures, and the like that perform particular functions or implement particular abstract data types. Except as expressly set forth herein, the order in which the transmissions or operations are described is not intended to be construed as a limitation, and any number of the described transmissions or operations can be combined in any order and/or in parallel to implement the processes. Moreover, structures or operations described with respect to a single server or device can be performed by each of multiple devices, independently or in a coordinated manner, except as expressly set forth herein.
[0107] Other architectures can be used to implement the described functionality, and are intended to be within the scope of this disclosure. Furthermore, although specific distributions of responsibilities are defined above for purposes of discussion, the various functions and responsibilities might be distributed and divided in different ways, depending on particular circumstances. Similarly, software can be stored and distributed in various ways and using different means, and the particular software storage and execution configurations described above can be varied in many different ways. Thus, software implementing the techniques described above can be distributed on various types of computer-readable media, not limited to the forms of memory that are specifically described.
[0108] The word "or" is used herein in an inclusive sense unless specifically stated otherwise. Accordingly, conjunctive language such as the phrases "X, Y, or Z" or "at least one of X, Y or Z," unless specifically stated otherwise, is to be understood as signifying that an item, term, etc., can be either X, Y, or Z, or a combination thereof.
[0109] Furthermore, although the subj ect matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described. Rather, the specific features and acts are disclosed as exemplary forms of implementing the claims. Moreover, in the claims, any reference
to a group of items provided by a preceding claim clause is a reference to at least some of the items in the group of items, unless specifically stated otherwise.
Claims
1. A telecommunications network, comprising:
an anchoring network device communicatively connectable with user equipment, wherein the anchoring network device is configured to:
receive from the user equipment a first service message associated with a communication session, the first service message including information of a first session attribute;
determine identification information of one or more parties of the communication session;
retrieve authorization information corresponding to the identification information;
in response to the authorization information indicating the first session attribute is not permitted, determine a second session attribute different from the first session attribute based at least in part on the first session attribute; determine a second service message including information of the second session attribute; and
transmit the second service message to one or more parties of the telecommunication session via a communications interface.
2. The telecommunications network of claim 1, further comprising an authorization server, wherein the anchoring network device is configured to retrieve the authorization information from the authorization server.
3. The telecommunications network of claim 1, wherein the first session attribute and the second session attribute comprise respective capabilities.
4. The telecommunications network of claim 3, wherein the first session attribute is a video capability and the second session attribute is an audio capability.
5. The telecommunications network of claim 1, wherein the identification information includes at least a terminal identifier, user identifier, a network identifier, a user address, or a country code.
6. The telecommunications network of claim 1, wherein the first session attribute comprises a first set of one or more parties, and the second session attribute comprises a second set of one or more parties including fewer than all of the parties in the first set of one or more parties.
7. The telecommunications network of claim 1, wherein the first session attribute and the second session attribute comprise respective protocols.
8. The telecommunications network of claim 1, wherein the user equipment is associated with a first party of the telecommunication session and the one or more parties includes a second party different from the first party.
9. The telecommunications network of claim 1, wherein the anchoring network device comprises a telephony application server (TAS) or Rich Communication Suite (RCS) anchoring network device.
10. A telecommunications network, comprising:
an anchoring network device communicatively connectable with a user equipment, wherein the anchoring network device is configured to:
receive from the user equipment a first service message associated with a communication session, the first service message including information of a first session attribute;
determine identification information of one or more parties of the communication session;
retrieve authorization information corresponding to the identification information;
in response to the authorization information indicating the first session attribute is not permitted, determine a service-failure message based at least in part on the first service message; and
transmit the service-failure message to the user equipment via a communications interface.
1 1. The telecommunications network of claim 10, further comprising an authorization server, wherein the anchoring network device is configured to retrieve the authorization information from the authorization server.
12. The telecommunications network of claim 10, wherein the first session attribute comprises a referred-to party of a call transfer, and the anchoring network device is configured to determine the service-failure message including an indication that transfer to the referred-to party is prohibited.
13. The telecommunications network of claim 10, wherein the first session attribute comprises presence information of a user of the user equipment, and the anchoring network device is configured to determine the service-failure message including an indication that the presence information may not be published.
14. The telecommunications network of claim 10, wherein the first session attribute comprises a presence-query session type, and the anchoring network device is configured to determine the service-failure message including an indication that presence information may not be retrieved.
15. The telecommunications network of claim 10, wherein the anchoring network device is further configured to:
receive, from a profile server, service-access information associated with a user of the user equipment; and
transmit the service-failure message in response to the service-access information indicating the user is not authorized to use the first session attribute.
16. A computer-implemented method comprising, under control of a processor:
receiving, from a first party of a communication session, a service message including information of a first session attribute and associated with identification information of a party of the communication session;
retrieving, from an authorization registry, authorization information corresponding to the identification information;
in response to the authorization information indicating the first capability is not permitted, determining a status message based at least in part on the service message; and
transmitting the status message via a communications interface.
17. The method of claim 16, further comprising:
determining the status message including a service-failure message; and transmitting the status message to the first party.
18. The method of claim 16, further comprising:
determining a second session attribute different from the first session attribute based at least in part on downgrade information associated with the first session attribute;
determining the status message including information of the second session attribute; and
transmitting the status message to a second party of the communication session.
19. The method of claim 18, wherein the first session attribute is a video capability and the second session attribute is an audio capability.
20. The method of claim 16, wherein the identification information includes at least a terminal identifier, user identifier, a network identifier, a user address, or a country code.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP17741770.6A EP3406069A4 (en) | 2016-01-19 | 2017-01-11 | Network service access control |
CN201780012740.9A CN108702363A (en) | 2016-01-19 | 2017-01-11 | Network service access controls |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/000,269 US10015671B2 (en) | 2016-01-19 | 2016-01-19 | Network service access control |
US15/000,269 | 2016-01-19 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2017127268A1 true WO2017127268A1 (en) | 2017-07-27 |
WO2017127268A9 WO2017127268A9 (en) | 2018-08-09 |
Family
ID=59314822
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2017/013010 WO2017127268A1 (en) | 2016-01-19 | 2017-01-11 | Network service access control |
Country Status (4)
Country | Link |
---|---|
US (2) | US10015671B2 (en) |
EP (1) | EP3406069A4 (en) |
CN (1) | CN108702363A (en) |
WO (1) | WO2017127268A1 (en) |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10015671B2 (en) | 2016-01-19 | 2018-07-03 | T-Mobile Usa, Inc. | Network service access control |
US10517021B2 (en) | 2016-06-30 | 2019-12-24 | Evolve Cellular Inc. | Long term evolution-primary WiFi (LTE-PW) |
US10237212B2 (en) | 2016-07-18 | 2019-03-19 | T-Mobile Usa, Inc. | RCS origination forking |
US10153993B2 (en) * | 2016-07-18 | 2018-12-11 | T-Mobile Usa, Inc. | RCS origination forking |
KR102266879B1 (en) * | 2017-04-14 | 2021-06-22 | 삼성전자주식회사 | A system for providing dialog contents |
US11489693B2 (en) * | 2017-06-12 | 2022-11-01 | British Telecommunications Public Limited Company | Home network access |
EP3639496B1 (en) * | 2017-06-12 | 2022-10-26 | British Telecommunications public limited company | Improved network access point |
US10993282B2 (en) * | 2017-08-09 | 2021-04-27 | Lenovo (Singapore) Pte. Ltd. | Method and apparatus for short code dialing for restricted services for unauthenticated user equipment |
US11343697B2 (en) * | 2018-05-16 | 2022-05-24 | Comcast Cable Communications, Llc | Systems and methods for network device management |
KR20200011137A (en) * | 2018-07-24 | 2020-02-03 | 삼성전자주식회사 | Electronic device suporting multiple subscriber identity modules and method therefor |
US11277450B2 (en) * | 2019-02-04 | 2022-03-15 | Verizon Patent And Licensing Inc. | Over-the-top client with native calling quality of service |
CN110011850B (en) * | 2019-04-09 | 2020-08-18 | 苏州浪潮智能科技有限公司 | Management method and device for services in cloud computing system |
US11317255B2 (en) * | 2019-05-07 | 2022-04-26 | T-Mobile Usa, Inc. | Cross network rich communications services content |
CN110418346B (en) * | 2019-08-26 | 2021-09-17 | 中国联合网络通信集团有限公司 | Call establishment method and call establishment system |
EP4101141A4 (en) * | 2020-02-03 | 2023-10-25 | Nokia Solutions and Networks Oy | Providing mutl-device serivce using network application programming interface |
US11419167B2 (en) | 2020-07-20 | 2022-08-16 | T-Mobile Usa, Inc. | Session initiated protocol (SIP) session establishment with a home subscriber server (HSS) outage |
US11166327B1 (en) * | 2020-07-20 | 2021-11-02 | T-Mobile Usa, Inc. | Session initiated protocol (SIP) session establishment with a home subscriber server (HSS) outage |
US20220124091A1 (en) * | 2020-10-15 | 2022-04-21 | T-Mobile Usa, Inc. | Enhanced n17 interface between ims network and 5g-eir |
US11588862B2 (en) * | 2020-10-28 | 2023-02-21 | At&T Intellectual Property I, L.P. | Method for providing voice service to roaming wireless users |
US12074922B2 (en) | 2022-07-13 | 2024-08-27 | Hewlett Packard Enterprise Development Lp | Communication sessions in cluster computing environment |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6912382B2 (en) * | 2002-05-24 | 2005-06-28 | International Business Machines Corporation | System and method for enhanced telephone customer usage details |
WO2009024183A1 (en) | 2007-08-20 | 2009-02-26 | Telefonaktiebolaget Lm Ericsson (Publ) | Notification of resource restrictions in a multimedia communications network |
WO2009101235A1 (en) | 2008-02-14 | 2009-08-20 | Nokia Corporation | System and method for implementing a publication |
EP2117220A1 (en) | 2007-01-05 | 2009-11-11 | ZTE Corporation | A method and device for blind transfer service |
WO2010138035A1 (en) | 2009-05-28 | 2010-12-02 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and arrangement for implementing policy rules in peer-to-peer communication |
WO2011043526A1 (en) * | 2009-10-06 | 2011-04-14 | Lg Electronics Inc. | Method and system for media anchoring and bi-casting media data |
US8270346B2 (en) * | 2008-04-21 | 2012-09-18 | Shoretel, Inc. | Dynamic call anchoring |
US8689308B2 (en) * | 2008-09-30 | 2014-04-01 | At&T Intellectual Property I, L. P. | Portable authentication device |
US20140254491A1 (en) * | 2011-08-31 | 2014-09-11 | Telefonaktiebolaget L M Ericsson (Publ) | Home routing for ims roaming using vplmn anchor |
Family Cites Families (101)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100348249B1 (en) * | 1999-10-08 | 2002-08-09 | 엘지전자 주식회사 | Data architecture of VCT and method for transmit/receiving service information |
FI20010979A (en) | 2001-05-09 | 2002-11-10 | Nokia Corp | Call Control Method |
US7031706B2 (en) | 2001-08-21 | 2006-04-18 | Nokia Corporation | Internet protocol (IP) multimedia subsystem (IMS) availability detection |
GB0206849D0 (en) | 2002-03-22 | 2002-05-01 | Nokia Corp | Communication system and method |
US7372826B2 (en) | 2002-08-01 | 2008-05-13 | Starent Networks, Corp. | Providing advanced communications features |
US8122137B2 (en) | 2002-11-18 | 2012-02-21 | Aol Inc. | Dynamic location of a subordinate user |
US7076735B2 (en) * | 2003-07-21 | 2006-07-11 | Landmark Graphics Corporation | System and method for network transmission of graphical data through a distributed application |
WO2005069645A1 (en) | 2004-01-07 | 2005-07-28 | Huawei Technologies Co., Ltd. | A method for reducing interface load of home subscriber server |
US7317928B2 (en) * | 2004-03-26 | 2008-01-08 | Microsoft Corporation | System and method for exposing instant messenger presence information on a mobile device |
FR2874779A1 (en) * | 2004-08-25 | 2006-03-03 | France Telecom | METHOD AND SYSTEM FOR LOCATING USERS FOR SERVICES BASED ON SIP OR H.323 PROTOCOLS WITH DYNAMIC IP ADDRESS ASSIGNMENT |
FR2882482B1 (en) | 2005-02-23 | 2007-04-20 | Alcatel Sa | DEVICE FOR CONTROLLING THE ACCESS OF SUBSCRIBER TERMINALS OF A CS DOMAIN TO SERVICES OF AN IMS COMMUNICATION NETWORK |
US20060203773A1 (en) | 2005-03-09 | 2006-09-14 | Melissa Georges | Method and mechanism for managing packet data links in a packet data switched network |
EP1710982A1 (en) | 2005-04-04 | 2006-10-11 | Alcatel | Authentication method and authentication unit |
EP1715625A1 (en) | 2005-04-22 | 2006-10-25 | Alcatel | Apparatuses for controlling service delivery using access-dependent information in a system comprising a core network subsystem |
DE602006008409D1 (en) | 2005-04-29 | 2009-09-24 | Huawei Tech Co Ltd | METHOD FOR REALIZING A MESSAGE SERVICE FOR IMS (IP MULTIMEDIA SUBSYSTEM) |
US7983228B1 (en) | 2005-07-14 | 2011-07-19 | Nextel Communications Inc. | Integration of IP multimedia subsystem and a push-to-talk interoperability infrastructure |
KR100678151B1 (en) | 2005-08-01 | 2007-02-02 | 삼성전자주식회사 | Method and system for servicing roaming in mobile communication system |
CN1327663C (en) | 2005-08-12 | 2007-07-18 | 华为技术有限公司 | Method of user access radio communication network and radio network cut in control device |
WO2007043180A1 (en) | 2005-10-14 | 2007-04-19 | Fujitsu Limited | Access network selecting method |
CA2630733C (en) | 2005-11-24 | 2015-03-17 | Telefonaktiebolaget L M Ericsson (Publ) | A method and arrangement for enabling multimedia communication |
KR100758970B1 (en) | 2005-11-28 | 2007-09-14 | 한국전자통신연구원 | Method and system for providing service control and brokering in IMS based telecommunication system |
US9077591B2 (en) | 2005-12-13 | 2015-07-07 | Telefonaktiebolaget Lm Ericsson (Publ) | Dias-dynamic IMPU assignment service |
AU2007204559A1 (en) | 2006-01-10 | 2007-07-19 | Research In Motion Limited | Domain selection system and method operable in a network environment including IMS |
CN100474854C (en) * | 2006-01-10 | 2009-04-01 | 华为技术有限公司 | Method and network system for selecting called continued network |
CN101438256B (en) | 2006-03-07 | 2011-12-21 | 索尼株式会社 | Information processing device, information communication system, information processing method |
US8849297B2 (en) | 2006-07-14 | 2014-09-30 | Qualcomm Incorporated | Call establishment and maintenance in a wireless network |
US7899033B2 (en) | 2006-08-24 | 2011-03-01 | At&T Intellectual Property I, L.P. | Method and system for conditionally invoking an IMS service |
US8363640B2 (en) | 2007-01-31 | 2013-01-29 | At&T Intellectual Property I, L.P. | Methods and apparatus for handling a communication session for an unregistered internet protocol multimedia subsystem (IMS) device |
US20080192655A1 (en) * | 2007-02-09 | 2008-08-14 | Ted Vagelos | Systems And Methods For Providing Enhanced Telephone Services |
CN101247632B (en) | 2007-02-13 | 2013-01-30 | 华为技术有限公司 | Method, system and device for using IMS communication service identification in communication system |
US20080207181A1 (en) | 2007-02-28 | 2008-08-28 | Roamware | Method and system for applying value added services on messages sent to a subscriber without affecting the subscriber's mobile communication |
US8280348B2 (en) | 2007-03-16 | 2012-10-02 | Finsphere Corporation | System and method for identity protection using mobile device signaling network derived location pattern recognition |
US20150142623A1 (en) | 2007-03-16 | 2015-05-21 | Finsphere Corporation | System and method for identity protection using mobile device signaling network derived location pattern recognition |
US8165561B2 (en) | 2007-03-27 | 2012-04-24 | Alcatel Lucent | IMS networks providing business-related content to wireless devices |
WO2008118471A2 (en) | 2007-03-27 | 2008-10-02 | Roamware, Inc. | Method and system for providing piggyback roaming for sponsoring split roaming relationships |
US8457631B2 (en) | 2007-05-01 | 2013-06-04 | Nextel Communications Inc. | Dispatch network with IMS integration |
EP2058988B1 (en) | 2007-09-13 | 2012-04-04 | Huawei Technologies Co., Ltd. | A method and system for route selecting in the ip multimedia subsystem |
US7945241B2 (en) | 2007-09-27 | 2011-05-17 | Alcatel-Lucent Usa Inc. | Charging for roaming users in IMS networks |
CA2705023A1 (en) * | 2007-11-07 | 2009-05-14 | Toposis Corporation | System and method for multiparty billing of network services |
CN101453527B (en) * | 2007-11-30 | 2011-11-30 | 华为技术有限公司 | Method, network system and network appliance for dynamic policy conversion |
US8505073B2 (en) | 2007-12-31 | 2013-08-06 | United States Cellular Corporation | Service utilization control manager |
US20110026481A1 (en) * | 2008-03-28 | 2011-02-03 | Kyocera Corporation | Wireless communication method and wireless communication system |
US20090286544A1 (en) | 2008-05-13 | 2009-11-19 | At&T Mobility Ii Llc | Administration of an access control list to femto cell coverage |
US8270417B2 (en) | 2008-06-04 | 2012-09-18 | Telefonaktiebolaget L M Ericsson (Publ) | Access network node and method for access network node |
EP2150016A1 (en) * | 2008-07-30 | 2010-02-03 | Alcatel Lucent | Method and system for selective call forwarding based on media attributes in telecommunication network |
TWI495108B (en) * | 2008-07-31 | 2015-08-01 | Semiconductor Energy Lab | Method for manufacturing semiconductor devices |
US7913047B2 (en) * | 2008-08-01 | 2011-03-22 | Disney Enterprises, Inc. | Method and system for optimizing data backup |
US20100046528A1 (en) | 2008-08-21 | 2010-02-25 | Telefonaktiebolaget Lm Ericsson (Publ) | Intelligent IMS Gateway for Legacy DSLAMs |
WO2010032989A2 (en) * | 2008-09-19 | 2010-03-25 | Samsung Electronics Co., Ltd. | Method and system for managing communication session establishment |
US8433317B2 (en) | 2008-11-27 | 2013-04-30 | Htc Corporation | Method of controlling home cell selection for a wireless communication system and related device |
US9225751B2 (en) | 2008-10-06 | 2015-12-29 | Nec Corporation | Protection against unsolicited communication for internet protocol multimedia subsystem |
JP5349580B2 (en) | 2008-10-10 | 2013-11-20 | テレフオンアクチーボラゲット エル エム エリクソン(パブル) | Service node, control method therefor, user node, and control method therefor |
US10743251B2 (en) | 2008-10-31 | 2020-08-11 | Qualcomm Incorporated | Support for multiple access modes for home base stations |
US8054780B1 (en) | 2008-12-09 | 2011-11-08 | Sprint Spectrum L.P. | Transparent application data notification during IMS registrations |
US20100198741A1 (en) | 2009-01-30 | 2010-08-05 | Yahoo! Inc. | Designating priority for characteristics of vitality events in a social networking system |
CN101489227B (en) * | 2009-02-27 | 2011-06-15 | 华为终端有限公司 | Host device, mobile terminal, method for processing mobile communication service and system thereof |
US20120047262A1 (en) | 2009-04-27 | 2012-02-23 | Koninklijke Kpn N.V. | Managing Undesired Service Requests in a Network |
KR101332706B1 (en) | 2009-05-04 | 2013-11-27 | 블랙베리 리미티드 | System and method for implementing a transfer of control of a collaborative session using sip protocol |
EP2433405B1 (en) | 2009-05-19 | 2013-04-17 | Telefonaktiebolaget LM Ericsson (publ) | Managing user registrations of roaming ims users |
CN101572967B (en) | 2009-05-22 | 2011-03-30 | 华为技术有限公司 | Method, system and network equipment for circuit domain core network evolution |
US20100309847A1 (en) * | 2009-06-04 | 2010-12-09 | Qualcomm Incorporated | Method and apparatus for ims application domain selection and mobility |
US20110077058A1 (en) | 2009-09-30 | 2011-03-31 | Yigang Cai | Offline charging in ims networks for sessions handed over between different operator networks |
EP3264686B1 (en) | 2009-10-16 | 2018-12-12 | Tekelec, Inc. | Methods, systems, and computer readable media for providing diameter signaling router with integrated monitoring and/or firewall functionality |
US8416780B2 (en) | 2009-11-03 | 2013-04-09 | Research In Motion Limited | System and method for session initiation protocol header modification |
MY159634A (en) | 2009-11-10 | 2017-01-13 | ERICSSON TELEFON AB L M (publ) | Handover delay optimization |
DK2334035T3 (en) | 2009-12-14 | 2019-09-23 | Telia Co Ab | Handling presence information in a communication system |
US8787174B2 (en) | 2009-12-31 | 2014-07-22 | Tekelec, Inc. | Methods, systems, and computer readable media for condition-triggered policies |
NO2375693T3 (en) | 2010-03-22 | 2018-02-24 | ||
US8233482B2 (en) * | 2010-04-22 | 2012-07-31 | Robert Paul Morris | Methods, systems, and computer program products for disabling an operative coupling to a network |
CN102362513B (en) | 2010-05-10 | 2014-03-12 | 华为技术有限公司 | Method, device and system for processing short messages |
TW201205317A (en) * | 2010-07-30 | 2012-02-01 | Gemtek Technology Co Ltd | Digital media server with extendable transcoding capability |
EP2628326A4 (en) | 2010-10-14 | 2014-04-02 | Blackberry Ltd | Method and apparatus pertaining to network-facilitated services |
WO2012077073A1 (en) | 2010-12-09 | 2012-06-14 | Allot Communications Ltd. | Device, system and method of traffic detection |
JP5885757B2 (en) | 2011-01-21 | 2016-03-15 | テケレック・インコーポレイテッドTekelec, Inc. | Method, system, and computer-readable medium for screening Diameter messages in a Diameter signaling router (DSR) having a distributed message processor architecture |
US8867411B2 (en) | 2011-02-03 | 2014-10-21 | T-Mobile Usa, Inc. | Emergency call mode preference in wireless communication networks |
WO2012106710A1 (en) | 2011-02-04 | 2012-08-09 | Tekelec, Inc. | Methods, systems, and computer readable media for provisioning a diameter binding repository |
US8774167B2 (en) * | 2011-03-04 | 2014-07-08 | T-Mobile Usa, Inc. | Packet-switched core network architecture for voice services on second- and third-generation wireless access networks |
EP2689567B1 (en) | 2011-03-22 | 2015-06-24 | Telefonaktiebolaget L M Ericsson (publ) | Network node and method to route through or around traffic detection function nodes |
FR2975861B1 (en) | 2011-05-25 | 2014-04-11 | Mobiquithings | DEVICE AND METHOD FOR CHOOSING A VISIT NETWORK |
US9160799B2 (en) * | 2011-05-26 | 2015-10-13 | Sonus Networks, Inc. | Systems and methods for authorizing services in a telecommunications network |
KR101800659B1 (en) | 2011-07-08 | 2017-11-23 | 삼성전자 주식회사 | Method and apparatus for setting terminal in mobile telecommunication system |
WO2013036219A1 (en) | 2011-09-06 | 2013-03-14 | Intel Corporation | Signaling of preferred visited nsp for roaming services |
KR101589393B1 (en) | 2011-10-03 | 2016-01-27 | 인텔 코포레이션 | Device to device(d2d) communication mechanisms |
KR101771260B1 (en) | 2011-10-04 | 2017-08-24 | 삼성전자주식회사 | Apparatus and method for controlling access of a user equipment in a mobile communication system |
CN105163398B (en) | 2011-11-22 | 2019-01-18 | 华为技术有限公司 | Connect method for building up and user equipment |
KR20140110853A (en) | 2011-12-13 | 2014-09-17 | 엘지전자 주식회사 | Method and device for providing a proximity service in a wireless communication system |
US8712409B2 (en) | 2012-03-05 | 2014-04-29 | T-Mobile Usa, Inc. | System and method for terminating communication sessions with roaming mobile devices |
CN104541541B (en) | 2012-08-07 | 2019-04-23 | 爱立信(中国)通信有限公司 | Enhancing on the continuous voice call during switching |
US9456290B2 (en) | 2012-12-28 | 2016-09-27 | Verizon Patent And Licensing Inc. | Installation of a voice client for roaming devices in a wireless network |
EP2996364B1 (en) | 2013-05-05 | 2018-04-25 | LG Electronics Inc. | Method and apparatus for proximity service discovery to provide proximity service |
US9819701B2 (en) | 2013-06-25 | 2017-11-14 | Avago Technologies General Ip (Singapore) Pte. Ltd. | Low latency IMS-based media handoff between a cellular network and a WLAN |
FR3014632A1 (en) * | 2013-12-06 | 2015-06-12 | Orange | METHOD AND DEVICE FOR ESTABLISHING COMMUNICATION |
US20150264553A1 (en) | 2014-03-12 | 2015-09-17 | Nokia Solutions And Networks Oy | Handling of simultaneous call session side registrations for voice over long term evolution in a visited network |
US9854004B2 (en) | 2014-05-09 | 2017-12-26 | Qualcomm Incorporated | Systems and methods for managing different types of registrations for IMS services on SIMs of a wireless communication device |
US9648053B2 (en) | 2014-05-12 | 2017-05-09 | Verizon Patent And Licensing Inc. | On-demand registration for internet protocol multimedia subsystem (IMS) services |
US9832319B2 (en) * | 2014-06-13 | 2017-11-28 | Genesys Telecommunications Laboratories, Inc. | System and method for transferee controlled protocol transfers |
US9871828B2 (en) | 2014-07-18 | 2018-01-16 | T-Mobile Usa, Inc. | Enhanced IMS services restriction and selection control for mobile devices roaming in foreign networks |
FR3030174A1 (en) * | 2014-12-16 | 2016-06-17 | Orange | METHOD FOR CONTROLLING A TELEPHONE COMMUNICATION INITIATED BY A TERMINAL CONNECTED TO A COMMUNICATION NETWORK |
EP3259893A1 (en) * | 2015-02-17 | 2017-12-27 | Telefonaktiebolaget LM Ericsson (publ) | Provision of location information in an ip multimedia subsystem network |
US10015671B2 (en) | 2016-01-19 | 2018-07-03 | T-Mobile Usa, Inc. | Network service access control |
JP6723845B2 (en) * | 2016-07-01 | 2020-07-15 | キヤノン株式会社 | Image heating device and image forming device |
-
2016
- 2016-01-19 US US15/000,269 patent/US10015671B2/en active Active
-
2017
- 2017-01-11 WO PCT/US2017/013010 patent/WO2017127268A1/en active Application Filing
- 2017-01-11 EP EP17741770.6A patent/EP3406069A4/en not_active Withdrawn
- 2017-01-11 CN CN201780012740.9A patent/CN108702363A/en active Pending
-
2018
- 2018-05-30 US US15/992,939 patent/US10334440B2/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6912382B2 (en) * | 2002-05-24 | 2005-06-28 | International Business Machines Corporation | System and method for enhanced telephone customer usage details |
EP2117220A1 (en) | 2007-01-05 | 2009-11-11 | ZTE Corporation | A method and device for blind transfer service |
WO2009024183A1 (en) | 2007-08-20 | 2009-02-26 | Telefonaktiebolaget Lm Ericsson (Publ) | Notification of resource restrictions in a multimedia communications network |
WO2009101235A1 (en) | 2008-02-14 | 2009-08-20 | Nokia Corporation | System and method for implementing a publication |
US8270346B2 (en) * | 2008-04-21 | 2012-09-18 | Shoretel, Inc. | Dynamic call anchoring |
US8689308B2 (en) * | 2008-09-30 | 2014-04-01 | At&T Intellectual Property I, L. P. | Portable authentication device |
WO2010138035A1 (en) | 2009-05-28 | 2010-12-02 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and arrangement for implementing policy rules in peer-to-peer communication |
WO2011043526A1 (en) * | 2009-10-06 | 2011-04-14 | Lg Electronics Inc. | Method and system for media anchoring and bi-casting media data |
US20140254491A1 (en) * | 2011-08-31 | 2014-09-11 | Telefonaktiebolaget L M Ericsson (Publ) | Home routing for ims roaming using vplmn anchor |
Also Published As
Publication number | Publication date |
---|---|
US20170208462A1 (en) | 2017-07-20 |
US20180279128A1 (en) | 2018-09-27 |
EP3406069A4 (en) | 2019-08-28 |
US10334440B2 (en) | 2019-06-25 |
US10015671B2 (en) | 2018-07-03 |
EP3406069A1 (en) | 2018-11-28 |
CN108702363A (en) | 2018-10-23 |
WO2017127268A9 (en) | 2018-08-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10334440B2 (en) | Network service access control | |
US10965719B2 (en) | Service capabilities in heterogeneous network | |
US11171996B2 (en) | Low latency IMS-based media handoff between a cellular network and a WLAN | |
US20230126115A1 (en) | Indicating network types to use for sip messages | |
US11799922B2 (en) | Network core facilitating terminal interoperation | |
US10609090B2 (en) | Reducing network protocol overhead | |
CA2721370C (en) | Apparatus, and associated method, for facilitating radio control system operation with an ics-capable wireless device | |
US10588056B2 (en) | Multi-network wireless management and transport selection | |
WO2017160682A1 (en) | Communication session registration- and subsidiary-request processing | |
US20190190996A1 (en) | Network service access control by authorization server | |
US11146595B2 (en) | Service-based IP multimedia network subsystem (IMS) architecture | |
WO2019126299A1 (en) | Network service access control |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17741770 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2017741770 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2017741770 Country of ref document: EP Effective date: 20180820 |