| 摘要 |
Methods and apparatus for authenticating a user equipment device (UE) requesting services through a session border controller (SBC) are described. In some embodiments the SBC stores the challenge and response for a successfully authenticated UE and uses this information to authenticate the UE when the UE seeks access to a service, e.g., establishing a new TCP connection. In some other embodiments, in response to receiving an Invite request from a UE requesting service the SBC generates and sends a Registration request to an authentication entity on behalf of the UE to trigger an authentication process. If the UE is authenticated the SBC allows service access, e.g., allows a call to proceed, otherwise denies service to the UE. |
| 主权项 |
1. A method of operating a session border controller, the method comprising:
receiving, by an input/output interface of the session border controller, a signal from a user equipment device (UE) seeking to establish a communication session through the session border controller; generating a registration request from stored information, said step of generating said registration request including identifying in said registration request a registrar with which the UE previously registered as a destination of said registration request; sending, by the session border controller, said registration request for the UE, to an authenticating entity; storing by the session border controller, in a memory of the session border controller, a challenge communicated to the UE through the session border controller, said challenge being from the authenticating entity in response to said registration request; storing by the session border controller, in said memory, a response to the challenge communicated from the UE to the authenticating entity; storing a UE identifier corresponding to the UE with said challenge and response; determining by the session border controller if said stored response is a valid response; receiving by the session border controller a signal from a UE requesting service as part of an attempt to obtain new service through the session border controller, said signal including said UE identifier as a source identifier; sending by the session border controller, after determining that said stored response is valid, the stored challenge to the UE requesting service prior to providing the new service to the UE; retrieving from said memory the stored challenge and response corresponding to said UE identifier for use in authenticating said UE prior to providing the requested service; checking by the session border controller a response received from the UE requesting service to determine if the UE which is requesting service is the UE which was previously authenticated; and wherein said challenge and response communicated through said session border controller are communicated as part of an authentication process performed as part of registering said UE with a registrar; and wherein said session border controller does not store or have knowledge of a secret or key used by said authenticating entity to authenticate said UE. |
