Patent application number | Description | Published |
20080273704 | Method and Apparatus for Delivering Keying Information - A method of delivering an application key or keys to an application server for use in securing data exchanged between the application server and a user equipment, the user equipment accessing a communications network via an access domain. The method comprises running an Authentication and Key Agreement procedure between the user equipment and a home domain in order to make keying material available to the user equipment and to an access enforcement point. At least a part of said keying material is used to secure a communication tunnel between the user equipment and the access enforcement point, and one or more application keys are derived within the home domain using at least part of said keying material. Said application key(s) is(are) provided to said application server, and the same application key(s) derived at the user equipment, wherein said access enforcement point is unable to derive or have access to said application key(s). | 11-06-2008 |
20080301787 | IMS NETWORK IDENTITY MANAGEMENT - There is disclosed a manner of enabling secure communications between a UE (user equipment) device operating though a packet-switched network and a 3 | 12-04-2008 |
20090077616 | Handling trust in an IP multimedia subsystem communication network - A method and apparatus for handling trust in an IP Multimedia Subsystem network. A node in the IP Multimedia Subsystem network receives a Session Initiation Protocol message from a remote node. The message includes an indicator indicating the level of trust of a communication sent from the remote node to the IP Multimedia Subsystem node. The node can then apply a security policy to the message, the security policy being determined by the indicator. | 03-19-2009 |
20090327721 | Method and Apparatuses for Securing Communications Between a User Terminal and a SIP Proxy Using IPSEC Security Association - A method and user terminal for securing communications between the user terminal and a SIP proxy. The user terminal performs a full authentication procedure with a first SIP proxy to generate an IPSec Security Association, wherein signaling is exchanged between the user terminal and a home network. In response to a change of location of the user terminal or to a handover of the user terminal to a second SIP proxy, a local re-authentication of the user terminal is performed at the first SIP proxy, or at the second SIP proxy in the case of a handover, based upon the pre-existing Security Association in order to establish a new Security Association. | 12-31-2009 |
20100009681 | METHOD AND APPARATUS FOR INSTANCE IDENTIFIER BASED ON A UNIQUE DEVICE IDENTIFIER - A method and apparatus for use in a communications network whereby an Instance Identifier (ID) is created to uniquely identify a device such as a mobile device or User Equipment (UE) in the communications network. | 01-14-2010 |
20100037045 | METHOD AND APPARATUS FOR CREATING AN INSTANCE ID BASED ON A UNIQUE DEVICE IDENTIFIER - A method and apparatus for signaling between a device and network. The method comprises the step of generating, by a device, an Instance Identification (ID) that matches an Instance ID used by a network. The apparatus of the present invention includes a means of generating an ID that matches the Instance ID used by the network. | 02-11-2010 |
20100050234 | Provision of Access Information in a Communication Network - A method and apparatus for providing user access information to a Home Subscriber Server (HSS) in an IP Multimedia Subsystem (IMS) network. A User Equipment transmits to a Call Session Control Function (CSCF), a message containing a P-Access-Network-Info (PANI) header. The CSCF or an Application Server then sends user access information retrieved from the PANI header to the HSS, which stores the information. The stored information can be used to control access to the IMS network based on the access network being utilized or the user location. | 02-25-2010 |
20100246523 | METHOD AND APPARATUS FOR CORRELATING SIGNALLING IN A COMMUNICATIONS NETWORK - A node in an IMS network receives circuit switched signalling relating to a communication session sent from a terminal over a circuit switched access network, and also receives packet switched signalling relating to the communication session sent from the terminal over a packet switched access network. The packet switched signalling comprises an identifier, and the node uses the identifier to correlate the circuit switched signalling with the packet switched signalling. This allows terminals using ICS to send signalling over both packet switched and circuit switched access networks, and a receiving node to correlate those signals. | 09-30-2010 |
20100268937 | KEY MANAGEMENT FOR SECURE COMMUNICATION - A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary. | 10-21-2010 |
20100290403 | METHOD OF ACCESS PROVISION - A method is proposed for providing a mobile terminal associated with a user with access to a visited Internet Protocol based mobile communication network. The mobile terminal generates a network information element that comprises a home network identifying element that identifies a home network of the user, and a domain name of the visited IP based mobile communication network as a base domain identifier. The mobile terminal then provides this special network information element to the visited IP based mobile communication network, which executes a subscription generating procedure for generating a subscription for the user upon recognizing the special network information element and provides the mobile terminal access based on the generated subscription. | 11-18-2010 |
20100293265 | IP MULTIMEDIA SUBSYSTEM REGISTRATION - A method of ensuring that a currently reachable contact address is registered for a user terminal within an IP Multimedia Subsystem, the method comprising registering a first contact address for said terminal with the IP Multimedia Subsystem, subsequently determining on a network side that said terminal is no longer reachable via said first contact address, and as a consequence of such a determination, registering on the network side a second reachable contact address on behalf of the user terminal, with the IP Multimedia Subsystem. | 11-18-2010 |
20100293593 | SECURING CONTACT INFORMATION - A method of controlling user access to contact information associated with public user identities (IMPUs) registered in respect of the user's subscription within an IP Multimedia Subsystem. The method comprises installing into a Serving Call/Session Control Function assigned to the user, one or more contact information access policies, the contact information access policy or policies defining if and under what circumstances the user can view or delete contact information. Upon a request by the user to view and/or modify said contact information, the Serving Call/Session Control Function evaluates and enforces these contact information policies. | 11-18-2010 |
20110010768 | Method and Apparatuses for End-to-Edge Media Protection in ANIMS System - An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node. | 01-13-2011 |
20110014892 | Network-Assisted Initiation of Emergency Calls from a Multi-Mode Wireless Communication Device - A multi-mode wireless communication device is configured to access a core network of a wireless communication system via any one of multiple different access networks (ANs). Not all of these ANs may support emergency calls. To help the device select which AN it should use to initiate an emergency call, one or more servers in the core network send emergency support information to the device indicating which ANs support emergency calls. The server(s) advantageously send this information to the device prior to the device initiating an emergency call. Thus, upon receiving a command to initiate an emergency call, the device intelligently selects the AN over which to initiate the call based on which ANs actually support that emergency call. This eliminates or at least minimizes the possibility that the emergency call will be redirected to a different AN, thereby reducing the delay required to successfully place the emergency call. | 01-20-2011 |
20110047209 | METHOD AND NETWORK FOR DELIVERING STREAMING DATA - In a procedure for delivering streaming media, a Client first requests the media from an Order Server. The Order Server authenticates the Client and sends a ticket to the Client. Then, the Client sends the ticket to a Streaming Server. The Streaming Server checks the ticket for validity and if found valid encrypts the streaming data using a standardized real-time protocol such as the SRTP and transmits the encrypted data to the Client. The Client receives the data and decrypts them. Copyrighted material adapted to streaming can be securely delivered to the Client. The robust protocol used is very well suited for in particular wireless clients and similar devices having a low capacity such as cellular telephones and PDAs. | 02-24-2011 |
20110064219 | IPTV SECURITY IN A COMMUNICATION NETWORK - A method of setting up a secure IPTV session. An Application Server (AS) receives an invite message from an IPTV receiving node such as a mobile telephone or a Set Top Box to set up an IPTV session. The invite message includes a Bootstrapping Transaction Identifier (BTID) associated with the IPTV receiving node. The AS sends an authentication request including the BTID to a Bootstrapping Server Function (BSF). The AS then receives from the BSF, an authentication response, which includes a long-term key associated with and previously provided to the IPTV receiving node. The AS then sends a request identifying the receiving node to an IPTV content provider. The AS then uses the long-term key to encrypt a media encryption key that is used to encrypt the media sent by the content provider, and sends the encrypted media encryption key to the IPTV receiving node in an invite response. | 03-17-2011 |
20110093933 | AUTHENTICATION IN A COMMUNICATIONS NETWORK - A method of authenticating a user in an IP Multimedia Subsystem network, the method comprising receiving from an access network an access identifier defining a terminal's physical location, retrieving from a database a registered access identifier associated with the user; and determining if the received access identifier matches the registered access identifier, and if so then authenticating the user in the IMS network, and if not then performing an alternative authentication method. The method allows a nomadic user in the access network to register with an IP Multimedia Subsystem network. | 04-21-2011 |
20110110331 | Handover Delay Optimization - A method of anchoring a packet switched session of a subscriber comprises receiving a packet switched request for a session setup, and anchoring the packet switched session in a control node (MSC-S) of a visited network of the subscriber. | 05-12-2011 |
20110119357 | Methods and Apparatuses for Terminating an IP Multimedia Subsystem Service When IP Address is No Longer Allocated to the User - A method of terminating an IP Multimedia Subsystem enabled communication service involving a user terminal, the terminal having been allocated an IP address by an access network used by the terminal to access the communication service. The method comprises determining when the IP address is no longer allocated to the user by the access network, and as a consequence of the determination, terminating the IP Multimedia Subsystem communication service. | 05-19-2011 |
20110124339 | EARLY IMS SECURITY - A method for providing Early IMS Security in a network. In registering a terminal on a telecommunications network, a plurality of private user identities (IMPIs) are derived from the IMSI of the terminal. Some or all of these IMPIs are registered with the network. Each IMPI has its own IRS containing its own IMPUs, enabling different identities of the user to be registered with the network. | 05-26-2011 |
20110153866 | Method And Apparatuses For Maintaining Service Continuity To A Centralization And Continuity Application Server - A method and apparatus for maintaining service continuity for User Equipment accessing an IP Multimedia Subsystem communication network. A routing identifier is established that identifies a Service Centralization and Continuity Application Server allocated to the User Equipment. The routing identifier is sent to the between the User Equipment and the Service Centralization and Continuity Application Server, a handover message is sent from the User Equipment via a Circuit Switched access network. The handover message includes the routing identifier, and is then forwarded to the identified Service Centralization and Continuity Application Server. This allows the same Service Centralization and Continuity Application Server to be used after the handover as was used before the handover, thereby providing service continuity. | 06-23-2011 |
20110191842 | Authentication in a Communication Network - A method and apparatus for authentication in a communication network. A network node receives an initial request message from a user device, and sends an authentication message to an authentication node. In reply, the network node receives an expected response value and an authentication token from the authentication node. The expected response value is determined using a first shared secret known to the authentication node and the user and a second shared secret known to the authentication node and the user device, and the authentication token is determined using the second shared secret. The network node sends the authentication token from the network node to the user device, and in response receives a response value calculated using authentication token, the first shared secret and the second shared secret. The network node then determines if the response value matches the expected response value and, if so, authenticates the user. | 08-04-2011 |
20110206206 | Key Management in a Communication Network - A method and apparatus for key management in a communication network. A Key Management Terminal KMS Terminal Server (KMS) receives from a first device a request for a token associated with a user identity, the user identity being associated with a second device. The KMS then sends the requested token and a user key associated with the user to the first device. The KMS subsequently receives the token from the second device. A second device key is generated using the user key and a modifying parameter associated with the second device. The modifying parameter is available to the first device for generating the second device key. The second device key is then sent from the KMS to the second device. The second device key can be used by the second device to authenticate itself to the first device, or for the first device to secure communications to the second device. | 08-25-2011 |
20110219417 | Method and Apparatus For Providing Interactive Television - According to a first aspect of the present invention there is provided a method of providing interactive IP Television to a user terminal | 09-08-2011 |
20110255695 | KEY MANAGEMENT METHOD - The present invention relates to a key management method to establish selective secret information in multiple disjoint groups, more specifically to a method of reducing the broadcast size in access hierarchies and localize and facilitate management in said access hierarchies. The key management method selects a number of subgroups. Each subgroup supports an instance of a key distribution method for receiving distributed key material, and is capable of computing a usage security key based on the distributed key material and predefined user group key material. | 10-20-2011 |
20110299682 | Security Solution For Voice Over LTE Via GAN (VoLGA) - A VoLGA Access Network Controller (VANC), a User Equipment, and methods are described herein for providing security to Voice over Long-Term Evolution via Generic Access (VoLGA) traffic. | 12-08-2011 |
20120011273 | GROUP ACCESS TO IP MULTIMEDIA SUBSYSTEM SERVICE - A method of facilitating access to services of an IP Multimedia Subsystem, by users groups that require alternative handling in relation to the standard handling of IP Multimedia Subsystem users. Functioning instructions are added to the user groups subscription maintained in the IP Multimedia Subsystem, instructing nodes in the IP Multimedia Subsystem to adapt their standard functioning for this specific group of users. The instructions in a subscription of a specific user group, provide a node of the IP Multimedia Subsystem that does no longer need to be specific for certain types of users, but has a standard way of operation, that is modified by instructions for dedicated operation for only that specific user group. In further aspect embodiments are disclosed providing improved solutions for known problems of IP Multimedia Subsystems making use of functioning instructions included in the subscription. | 01-12-2012 |
20120120914 | Packet Switched To Circuit Switched Access Handovers In An IMS Architecture. - A method of enabling the management of handovers of voice calls from a Packet Switched, PS, access to a Circuit Switched, CS, access where the voice calls are established using an IP Multimedia Subsystem, IMS, network. The method comprises performing a first IMS registration of a user via said PS access including setting for the user in a Home Subscriber Server, HSS, of the user's home network, an identifier of a first access transfer control function, which access transfer control function is responsible for anchoring user media sessions in an access transfer gateway of a serving network, and notifying a mobility function within said service network of the set identifier. A second or further IMS registration of the same user is then performed via said PS access, it being determined that said first IMS registration exists. As a consequence, the setting of an identifier of a second or further access transfer control function in the HSS for the user is prevented, whilst either the setting of the identifier of the first access transfer control function is maintained, or is replaced with an identifier of a service centralisation and continuity application server. The mobility function is notified of any change to the set identifier. In the event of a requirement to handover an ongoing voice call associated with said second or further IMS registration from said PS to said CS access, the identifier currently set in the HSS and identified to the mobility function is used to manage the handover. | 05-17-2012 |
20120177193 | Method of Routing a Sesson from a Calling Party in a Serving Communication Network of the Calling Party to a Called Party - A method of routing a session from a calling party in a serving communication network of the calling party to a called party is described. The serving communication network of the calling party is distinct from a home communication network of the calling party. The method is executed by a session routing node in the serving communication network of the calling party. In order to optimize a session routing path of signaling data of the session, the method comprises receiving from the home communication network of the calling party a session routing request requesting routing the signaling data of the session to the called party via the serving communication network of the calling party, and routing the signaling data of the session to the called party via the serving communication network of the calling party based on the received session routing request. | 07-12-2012 |
20120296953 | GROUP ACCESS TO IP MULTIMEDIA SUBSYSTEM SERVICE - A method of facilitating access to services of an IP Multimedia Subsystem, by users groups that require alternative handling in relation to the standard handling of IP Multimedia Subsystem users. Functioning instructions are added to the user group s subscription maintained in the IP Multimedia Subsystem, instructing nodes in the IP Multimedia Subsystem to adapt their standard functioning for this specific group of users. The instructions in a subscription of a specific user group, provide a node of the IP Multimedia Subsystem that does no longer need to be specific for certain types of users, but has a standard way of operation, that is modified by instructions for dedicated operation for only that specific user group. In further aspect embodiments are disclosed providing improved solutions for known problems of IP Multimedia Subsystems making use of functioning instructions included in the subscription. | 11-22-2012 |
20130268681 | Method and Apparatuses for End-to-Edge Media Protection in ANIMS System - An IMS system includes an IMS initiator user entity. The system includes an IMS responder user entity that is called by the initiator user entity. The system includes a calling side S-CSCF in communication with the caller entity which receives an INVITE having a first protection offer and parameters for key establishment from the caller entity, removes the first protection offer from the INVITE and forwards the INVITE without the first protection offer. The system includes a receiving end S-CSCF in communication with the responder user entity and the calling side S-CSCF which receives the INVITE without the first protection offer and checks that the responder user entity supports the protection, inserts a second protection offer into the INVITE and forwards the INVITE to the responder user entity, wherein the responder user entity accepts the INVITE including the second protection offer and answers with an acknowledgment having a first protection accept. A method for supporting a call by a telecommunications node. | 10-10-2013 |