Patent Application
20100185763
The invention relates to a method for exchanging user information in a telecommunication network. In particular the invention relates to a method for access control of a client which works across different access protocols and entities.
Today there exist many communication protocols and architectures for transferring or conveying information. The most important communication protocols are Hypertext Transfer Protocol (HTTP), Session Initiation Protocol (SIP) and Simple Mail Transfer Protocol (SMTP). Generally, these communication protocols are based on the well known client-server system.
Either of these communication protocols include mechanisms to allow or restrict an access of the client to certain resources on the server side. For example, protocol specific or generic authentication procedures are used for access control.
Currently there is no mechanism available which allows a reuse of information exchanged in one protocol via another.
Also there is no generic mechanism available which allows correlating access to certain resources and information stored about these transactions, in case there is used more than one protocol to exchange information.
An example may be a user (client) which dials into a telephone conference using SIP. After having the conference established, the user intends to use a service offered by the operator of the conferencing service which enables him to see the details of the conference with his http based internet web browser. In addition to an authentication to the telephone conference system using the SIP protocol the user needs to additionally authenticate to the http based web server. Today there is no standardised way to reuse the authentication from the SIP access to the conference server for the http based web server. There is as well no generic way for the web server to identify the user's transactions on the conference server in order to retrieve the according information.
It is the object of the present invention to provide a method and a system for exchanging user information between entities of at least one communication system using different communication protocols.
This object is achieved by providing a method and system as described in the independent claims.
Other features which are considered to be characteristic for the invention are set forth in the dependent claims.
The method according to the invention comprises the steps of: transmitting user information from the user client to a control entity of the access network in order to register with the access network, checking in the control entity the user information versus a user profile stored at the control entity, generating a global identifier assigned to the client, storing the global identifier in the control entity, transmitting the global identifier to the service entity, and using the global identifier to register the client with the service entity.
According to the present invention it is possible to exchange user information via different access protocols and to identify and reuse the user information for other access channels and authentication procedures.
By conveying the information to application servers, they are able to identify sessions of a user and respond to requests for session details.
By using clients more sophisticated than off-the-shelf-single-protocol ones, additional functionality can be added, e.g. automatic login, scheduling of background tasks such as synchronisation, etc.
Session Correlation Framework
Today's and next generation telecommunication services are posing a number of requirements with regards to providing an internet-like user experience while making the service still fitting into a telecommunication operator's processes. The most important are:
a) In order not to rely on a specific client type or the integrity of a mobile device, control has to remain on the network side. This requirement comes down to the fact that the network needs to correlate the data provided to the client and it's granularity with the policies included in the subscriber's profile.
b) In order to allow free selection of modules from the market and create a best of breed network environment, the architecture has to show the modularity necessary to deploy already existing and newly introduced building blocks, rather than to deliver a set of functions in a monolithic way.
c) Security requirements are forcing to deploy mechanisms which allow tracking the access of users to data and status information of other users and the assignment of users' policies to their data.
These requirements can be tackled by the mechanism according to the present invention that allows correlating clients' action regardless of the used protocol to their user profile and each other. The user profile will specify the type and granularity of data to which the user has access.
A second user B is allowed to access and consequently subscribe to location and presence information delivered by the location server 170 and presence server 180. User B could run a 3rd party application on his terminal device which makes use of the before mentioned data.
The mechanism described in connection with
The aim of the control platform is to describe a generic mechanism which is working across all access protocols.
The invention is described for example in connection with an IP Multimedia Subsystem (IMS) as a standard for next generation networks which is based on the Session Initiation Protocol (SIP). IMS consists of a number of proxies and a registrar for SIP messages. The registrar is connected to a database which stores all information necessary to process a subscriber session in his subscriber profile.
The Call State Control Function (CSCF) in
The User Mobility Server 150 (UMS) is a database that contains an identifier for the system where a mobile station is currently registered (or the last known system where the mobile station was registered). The UMS 150 is part of the Home Subscriber Server (HSS). It stores related information for the users such as User Service Profile and User Mobility information. UMS might also generate, store and/or manage security data and policies (e.g. IETF features). Moreover, it should provide logical name to transport address translation in order to provide answer to DNS queries. It basically interacts with the CSCF providing the latter with all the appropriate information for the location of the user and for his service profile.
The message sequence according to
S1) a client 100 sends a SIP register message to the P-CSCF 120.
S2) the P-CSCF 120 forwards the message to the I-CSCF 130.
S3) I-CSCF 130 forwards the message to the S-CSCF 140.
S4) S-CSCF 140 retrieves the subscribers profile from the UMS 150 and performs a challenge response mechanism (401 reject, new register with challenge response expected from the client).
S5) the S-CSCF 140 checks for positive challenge response match, if match is positive, S-CSCF generates a global identifier for the client and stores it on the
UMS 150. Subsequently a 200 OK message including the global identifier is send to the client 100.
S6) Message 200 OK is send along the path.
S7) S-CSCF 140 starts to evaluate the subscribers profile and checks for necessary 3rd party registration actions to be performed, in the given example: a party registration is send to an address book server 160 being part of a service entity.
S8) 3rd party registration message including the global identifier is send from S-CSCF 140 to the address book server 160.
S9) Address book server 160 stores the global identifier and creates a local identifier, which is used to identify the subscribers account and/or transactions on the address book server 160. Subsequently it checks the service specific subscriber profile and detects that location and presence information are needed in order to serve the subscriber.
S10) The address book server 160 sends subscribe messages to a location server 170.
S11) Location server 170 responds with OK, as servers are assumed to be trusted party anyway.
S12) The address book server 160 sends subscribe messages to the presence server 180.
S13) Presence server 180 responds with OK, as servers are assumed to be trusted party anyway.
S14) Address book server 160 responds with OK to the S-CSCF 140 and includes a URL which will be used by the client 100.
S15) The S-CSCF 140 waits for all 3rd party registration cycles to be finalised.
S16) The S-CSCF 140 sends a message with all URLs to application servers which will be used by the client 100 in the current registration period.
S17) The client 100 starts to work through the URL list and performs the related download and update actions.
For clients 100 which comprise specific logic, it is expected that all functions are running automatically. In specific, the client 100 would use the URLs provided for further requests on known servers and included the global ID in further attempts to access servers without registration (that can be the case e.g. for portal applications).
In case the client has not implemented the full Internet Connection Sharing (ICS) feature set or only parts of it, e.g. the subscriber is using a SIP client, the ICS client's automated functions need manual interaction with the user.
S1) A subscriber (client 100) sends an http GET message to the network, which is routed to the control platform by the DNS resolution.
S2) The http message is routed to the H-CSCF 110.
S3) H-CSCF 110 checks for the subscriber profile based on the IP address of the client 100 and finds that the number is not assigned in the current network.
S4) H-CSCF 110 then sends an authentication request to the client 100 (proxy authenticate).
S5) The Client 110 responds to the challenge.
S6) H-CSCF checks the challenge response, finds a positive match and includes the global identifier (Please note: in case the user has already registered, e.g. via SIP, the global identifier from the SIP session will be assigned, as is assumed for the rest of the sequence).
S7) The message is forwarded to a web portal 190.
S8) The web portal 190 responds with an HTML page.
S9) The client 100 hits a link pointing to information about his running messaging sessions (which are assumed to run on a different device or the server to show information of previously terminated Sessions).
S10) The client 100 sends an http GET to the H-CSCF 110.
S11) H-CSCF 110 forwards the message to the web portal 190.
S12) The web portal 190 creates a SOAP request to the messaging server 200 in order to retrieve the user's session object.
S13) Messaging server 200 responds with the session object.
S14) Web portal 190 creates a response to the H-CSCF
S15 the H-CSCF sends the html page to the client 100.
Global and Local Identifiers
(1) All access protocol authentication mechanisms can be maintained as specified in the according protocol. This refers in specific to http digest, early IMS authentication and digest AKA as used in IMS.
(2) The first activity of the client when using a specific access channel is to authenticate, this can either be done by the client automatically or be enforced by the network based on standard mechanisms. In case the client uses an access network which is under control of the server operator, checking might be done on basis of the IP address.
(3) All references are of the format <command>.<global pointer>.<local pointer>
(4) Upon registration the network generates the reference ID which is passed back to the client and to be used as a global identifier on all further requests, regardless of the transport protocol (SIP, http, SMTP/POP/IMAP) or the function called in case the client incorporates specific logic. In case the client does not incorporate specific logic, a suited network node will store the identifier together with a session identifier and insert it into further requests. All requests have to be routed through that network node. It will store the assigned reference ID for validating future requests of the clients, the application servers will validate client requests against the local reference assigned to the client's resources.
(5) In case the client incorporates specific logic, it can be used for updating client side information. In this case all application servers wishing to make use of that mechanism are required to generate a reference ID upon registration which identifies the resources to be updated and pass it back in the response to the authentication.
(6) The mechanism can be used to trigger predefined actions on the client, e.g. subscription to certain presence information, using a certain reference which is part of the trigger in case the client incorporates certain logic.
(7) Each server platform shall expose all session objects existing in it's domain for remote requests. The request key will be one or more identifiers.
(8) Interworking between application servers is assumed to be done based on identifiers. Each application server participating in the exchange of information is required to implement an interface which allows requesting a particular client's session information (SessionObject) by using the global or local reference as request key.
80 Control Entity
90 Service Entity
100 Client
110 Home Call Session Control Function (H-CSCF)
120 Proxy Call Session Control Function (P-CSCF)
130 Interrogating Call Session Control Function (I-CSCF)
140 Serving Call Session Control Function (S-CSCF)
150 User Mobility Server (UMS)
160 Address Book Server
170 Location Server
180 Presence Server
190 Web Portal
200 Message Server
HSS Home Subscriber Server
| Number | Date | Country | Kind |
|---|---|---|---|
| 07014467.0 | Jul 2007 | DE | national |
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/EP08/06064 | 7/24/2008 | WO | 00 | 3/18/2010 |
