In modern and future communication networks including fixed an mobile telecommunication networks (such as for example Internet Protocol-based networks, Global System for Mobile Communication (GSM), General Packet Radio Service (GPRS), Universal Mobile Telecommunication System (UMTS), Long-Term Evolution (LTE) or the like) the provision of services to users plays an important role. Therefore, the aim to enable the delivery of any service to any user over any network has lead to the development of service network architectures. One example is the IP (Internet Protocol) multimedia subsystem (IMS). The IP multimedia subsystem has been defined both by 3GPP (3GPP: Third Generation Partnership Project) and ETSI TISPAN (ETSI: European Telecommunication Standard Institute, TISPAN: Telecommunications and Internet converged Services and Protocols for Advanced Networking).
Although IMS is taken as a non-limiting example in the subsequent description, it is to be noted that the below description equally applies to any other network or system having comparable properties.
In an IMS environment, a user or client needs to register and establish a session with the IMS system in order get access to services. A session initiation between a user or client and the IMS system is commonly achieved by using SIP (Session Initiation Protocol) as a signaling protocol. A logical function for handling session initiation on both control and user plane at the side of the IMS system may be referred to as session border control (SBC) functionality. It is noted that a SBC may have other functions as well, while in the following the handling of session initiation is basically referred to only.
FIG. 1 shows a schematic block diagram of a logical architecture and interfaces of a (decomposed) session border control functionality according to TIPSAN.
In the TISPAN IMS architecture, as depicted in FIG. 1, the first access point of a user or user equipment UE is a P-CSCF element (Proxy Call Session Control Function). The P-CSCF element has a Diameter-based interface to a SPDF element (Service Policy Decision Function), and the SPDF element has an interface based on H.248 to a BGF (Border Gateway Function) representing an IP-IP gateway element.
In the logical architecture according to FIG. 1, it is assumed as an example that the SBC function is decomposed such that a controller is realized by an Application Function AF (represented by the P-CSCF in FIG. 1) and the SPDF, and a border gateway is realized by the BGF. However, it is to be noted that the SBC function may equally well be implemented as a standalone unit, or (according to 3GPP) the SBC function may be implemented completely in the P-CSCF directly (i.e. without an intermediate SPDF) controlling an access gateway (referred to as A-BGF).
In the logical architecture according to FIG. 1, resource reservation for session initiation is performed between the thus depicted elements so as to control a quality of service (QoS) of the user's session and to control a session border control functionality. This SBC functionality forces a media stream of the user's session via pinholes of the gateway element, such pinholes representing reserved traffic resources.
Referring to FIG. 1, by way of example, these pinholes are allocated by Gq′ commands from the P-CSCF to the SPDF and by H.248 commands from the SPDF to the BGF. The P-CSCF informs the SPDF via the Gq′ interface about any changes in a session description which may be received in a SIP message's content in accordance with a Session Description Protocol (SDP), in this case in a SDP offer. The SPDF controls the IP-IP gateway BGF via the H.248 protocol, and after the corresponding BGF response the SPDF replies to the P-CSCF. When the Gq′ interface interaction is finished, the P-CSCF forwards the SIP request towards the next entity, namely an IMS S-CSCF (Serving Call Session Control Function) in the uplink direction, or to the user equipment UE in the downlink direction. The allocated pinhole will be updated and/or removed in a similar way, if the P-CSCF receives a response to the initial request with a SDP answer. Such pinhole allocation is indicated in FIG. 2.
FIG. 2 shows a schematic illustration of a call flow for session initiation in the logical architecture of FIG. 1. In the thus depicted call flow, a SIP INVITE message is assumed, in which “A” exemplarily represents a remote address of an offering user equipment within a SDP offer.
The values in the table of FIG. 2 represent remote and local bindings (address and port information) in the H.248 context, which are used for a symmetric payload transmission. The BGF is mapping the “A” address:port indicated in the SDP context of the SIP request to the “A′” address:port, which is only visible from the core network side.
In session initiation, it has also to be ensured that a user requesting a session initiation is authenticated.
IMS clients or users may be connected to the IMS system via several kinds of access networks, e.g. mobile, DSL (Digital Subscriber Line), cable, etc. For connection via different access networks, different authentication schemes may be usable. Such different authentication schemes may be based on different principles, such as e.g. the user authenticating himself towards the network, the network challenging the user, etc.
For example, for IMS clients connected via a fixed network the caching of credentials across dialogs for the same realm (IMS provider) is allowed, which means that the user will authenticate himself towards the network for session setups without being challenged by the IMS, but this behavior is not mandatory. Many clients do not follow this procedure. As a consequence, the resources in an integrated SBC element (as depicted in FIG. 1) will be reserved in the uplink direction and subsequently released in each session setup procedure, if the IMS client does not send required authentication data or credentials in an initial session initiation request and will be challenged by the S-CSCF, even if the media stream is not established. The S-CSCF might in any case require authentication data or credentials for the requests initiated by the IMS users using certain authentication schemes at registration.
Accordingly, when the initial request does not contain such required authentication data or credentials, the IMS clients may only authenticate themselves at the second session initiation trial using the received authentication challenge from the network side. The media stream will then be established to the terminating user, if all other prerequisites of the session setup are fulfilled.
FIG. 3 shows a signaling diagram of a session initiation call with failed authentication, as outlined above.
The session initiation call flow according to FIG. 3 shows the start of a session setup on the originating side. The first SIP INVITE message from the user equipment UE leads to the allocation of a pinhole in the BGF. This results in the exchange of five messages on the Gq′ and H.248 interfaces, namely AAR, ADD, ADD Reply, ADD Ack and AAA (AAR: Authentication-Authorization-Request, AAA: Authentication-Authorization-Answer, ADD: Addition request for pinhole resource). However, since the SIP INVITE message has been sent without authentication data or credentials, which is assumed to be required in the authentication of the requesting user, the thus requested session initiation may not be successful. Rather, the SIP INVITE message gets challenged with a negative SIP response message (denoted as “407 Auth Required”), and thus the recently allocated pinhole must be removed again. This results in the exchange of another five messages on the Gq′ and H.248 interfaces, namely STR, SUBTRACT, SUBTRACT Reply, SUBTRACT Ack and STA (STR: Session-Termination-Request, STA: Session-Termination-Answer, SUBTRACT: Subtraction request for pinhole resource). The following SIP INVITE message from the user equipment UE, which now contains authentication data or credentials in response to the challenge in the preceding negative SIP response, again leads to a pinhole allocation in the BGF. This results in the exchange of another five messages on the Gq′ and H.248 interfaces, which are similar to those exchanged upon the first SIP INVITE message. Thereby, the requested session is eventually initiated.
Accordingly, pinholes are allocated at first, even if the session setup will be cancelled again immediately.
In view of the above, it is evident that 10 out of 15 Gq′ and H.248 messages in the processing during session initiation with a failed first authentication trial are superfluous on the originating side. The terminating side session initiation is not affected by the overhead caused by the authentication challenge.
Hence, present techniques may easily lead to an excessive usage of resources in connection with a failed authentication in session initiation. This leads to performance degradation both in terms of resource occupancy and time delay due to an undue number of transactions on the signaling interfaces in session border control. However, the session border control function does not have any (standardized) means or processes for avoiding such a superfluous message exchange in the processing during session initiation with a failed authentication.
Accordingly, there does not exist any feasible solution for an improved resource reservation in session initiation.