Abstract: An apparatus and method of processing a service request in an IP multimedia core network is provided. The method includes the steps of receiving a service request initiated by a first user, for a second user, forwarding the received service request to a unit for processing the service, receiving a processing result from the processing unit, and determining, on the basis of the received processing result, whether the service request processing for the second user is to be stopped.

Abstract: The invention relates to a service provisioning method in a communication system. In the method information regarding a communication control entity capable of servicing a user of the communication system is received at a first entity associated with the communication system from a storage entity. Based on said information, an originating request is then signalled from the first entity to the communication control entity.

Abstract: An apparatus and method for selecting a security association timer between user equipment and a control entity in a communication system are disclosed. The apparatus includes a transmitter configured to transmit a registration request message to a control entity in a communication system, whereby the registration request message is configured to request registration with the control entity. The apparatus further includes a receiver configured to receive an authentication challenge including a temporary timer, whereby the temporary timer is configured to set a time duration for the apparatus to respond to the authentication challenge. The receiver is further configured to receive an acknowledgement message including a security association timeout value in response to the transmitted registration message, whereby the security association timeout value includes a set time length of a security association equal to a registration time length set for registration of the apparatus.

Abstract: A method for selecting a time length of a security association (SA) between user equipment (UE) which transmits and receives communications and a control entity in a communication system in accordance with the invention, includes transmitting a registration message (SM1) from the user equipment to the control entity (P-CSCF) requesting registration of the user equipment with the control entity; after transmission of the registration message, setting the time length of the security association between the user equipment and the control entity to be equal to a registration time length set between the user equipment and the control entity during which registration of the user equipment with the control entity is valid; and transmitting the set time length of the security association to the user equipment as part of an acknowledgment message (SM10 or SM12) to the registration message to cause the security association to have a time equal to the registration timer length.

Abstract: A method for tracing a session or call in a network environment, comprising the step of transmitting a trace invocation from a control plane network element to another control pane network element or a user plane network element. According to a first aspect, a trace report is generated in the S-CSCF of the called party. This overcomes the lack of being able to provide detailed information about the interworking between the User Equipment (UE) and the IMS, in setting up IP multimedia sessions. According to a second aspect trace reports are generated in all the network functions involved in session setup.

Abstract: The invention relates to a method of authenticating a user equipment in a communications network. The method involves sending a message from a network entity to the user equipment. This message includes a set of options for an authentication procedure for authenticating an internet protocol communication over a first interface between the user equipment and the network entity; said options including a “shared key”-based authentication procedure. The method also involves selecting an option from the set. In the event that the “shared-key”-based authentication procedure is selected, a shared secret from a security key established in a generic bootstrapping architecture (GBA) is generated over a second interface between the user equipment and a bootstrapping service function. The shared secret is then used to compute and verify authentication payloads in the key-based authentication procedure for the communication over the first interface.

Abstract: An approach is provided for refreshing keys in a communication system. An application request is transmitted to a network element configured to provide secure services. A message is received, in response to the application request, indicating refreshment of a key that is used to provide secure communications with the network element. A refreshed key is derived based on the received message.

Abstract: A system, mobile node, network entity, method and computer program product for providing firewall protection for a wireless communication network are provided in which a firewall profile is accessed by the network entity when a mobile node connects to the network. The firewall profile defines a list of static firewall pinholes which are opened in a firewall by the network entity. The mobile node may open additional pinholes dynamically. The opened pinholes are closed by the network entity when the mobile node disconnects from the network.

Abstract: In one exemplary and non-limiting aspect thereof this invention provides a method to execute a bootstrapping procedure between a node, such as a MN, and a wireless network (WN). The method includes sending the WN a first message that contains a list of authentication mechanisms supported by the MN; determining in the WN an authentication mechanism to be used for bootstrapping, based at least on the list received from the MN, and including in a first response message to the MN information pertaining to the determined authentication mechanism; and sending a second message to the WN that is at least partially integrity, the second message containing the list of authentication mechanisms that the MN supports in an integrity protected form.

Abstract: In one exemplary and non-limiting aspect thereof a method is provided that includes sending a wireless network (WN) a first message that includes a list of authentication mechanisms supported by a node and, in association with each authentication mechanism, a corresponding identity; determining in the WN an authentication mechanism to be used for bootstrapping, based at least on the list received from the node; and including information in a second message that is sent to the node, the information including the determined authentication mechanism in conjunction with a corresponding identity. The method further includes protecting at least the list of authentication mechanisms supported by the node and the corresponding identities and sending a second message to the network, the second message including at least the list of authentication mechanisms and the corresponding identities.

Abstract: Disclosed are examples of a method, system, devices and nodes to conduct communications between a device coupled to a communication network and a network security enforcement node, such as a firewall. An illustrative method includes, with a device coupled to a network security enforcement node through a communication network, requesting from the network security enforcement node information comprised of at least one of supported and enabled features and, in response to receiving the request, sending information descriptive of at least one of network security enforcement node supported and enabled features. The method may further include requesting by the device that at least one network security enforcement node feature be one of enabled or disabled.

Abstract: This invention relates to a method of routing for a message via an IMS system is disclosed. A message is received at an ICSCF. Address information is obtained for one of an application server, server or gateway for which said message is intended. The message is sent to said application server, server or gateway in accordance with said address information.

Abstract: A method for handling user identity and privacy, wherein a first Session Initiation Protocol (SIP) proxy is about to forward a SIP request to a next SIP proxy includes the step of determining whether Transport Layer Security (TLS) is supported in a hop to a next SIP proxy. When TLS is supported, the method includes establishing a TLS connection to the hop to the next SIP proxy, requesting a certificate from the next SIP proxy, receiving the certificate, verifying the certificate and trustworthiness of a network of the next SIP proxy and retaining identity information when the certificate and the trustworthiness of the network is verified. When TLS is not supported, or when the certificate is not verified, or when the trustworthiness of the network is not verified, the identity information is removed. Thereafter, the SIP request is forwarded over the TLS connection.

Abstract: A communication system for handling subscriber requests is provided. The system includes a communications network and a serving node configured to permit a user to subscribe to a plurality of resources anonymously. The serving node has a list of the resources and is configured to receive a subscribe request specifying the identity of the user that is requesting at least one of the resources, and in response thereto, to generate at least one subscription request to be sent to the requested resource. The serving node is operable to generate the identity of the user and a preference of the identity of the user with the subscription request when the original subscribe request received from the user has a preference of the identity of the user.

Abstract: The present invention relates to presence (PRES) and instant messaging (IM) services. The invention describes how wireless communication systems can handle messages related to presence and instant messaging services.

Abstract: In a method in a communication system a request for registration of a user equipment to a data network is sent from a second controller to a serving controller. Information regarding the state of the second controller is sent from the second controller to the serving controller.

Abstract: A method and communication system for authentication of requests are disclosed. In the method, a user equipment is authenticated during a registration to a controller. At least two registration requests may be received at the controller, with at least one of the registration requests originating from another source than the user equipment. Authentication of the received registration requests may be initiated regardless of the origin of the requests. The user equipment is registered in response to a request from an already authenticated user equipment.

Abstract: The present invention relates to a method, terminal device, network device and user agent program product for handling a compartment used for compression of signaling messages, wherein a compartment-related information defining at least one of an identification and a handling of the compartment is conveyed in a header of a signaling message between the terminal device and a packet data network. Thereby, it can be made sure that the compartment is uniquely identified and can be opened and/or closed when necessary. Moreover, the need for multiple compartments at a user agent can be eliminated.

Abstract: The invention relates to a communication system which comprises at least one user equipment having a plurality of identities associated therewith. The user equipment has means for storing at least one of the identities. Storage means are provided for storing at least one of the plurality of identities and means for receiving identity information from the user equipment, for obtaining from the storage means at least one identity associated with the received identity information and for sending to the user equipment the at least one obtained from the storage means.

Abstract: The present invention is a system and method which provides authentication for data services for at least one UE (12) using common authentication information based upon information stored in a HSS (16) of a home network (20) of the at least one UE for multiple protocols. At least one proxy server (18) stores authentication information for each of the protocols which may be used to provide data services to the at least one UE. Authentication of the protocols available to the least one UE uses the authentication information stored at the at least one proxy server obtained from the protocol used in the home network of the at least one UE.