1. Field of the Invention
The present invention relates to the handling of identities in portions of a network. The present invention further relates to the insertion or the removal of user asserted identities when crossing the boundary of the trust domain and honoring user privacy requirements with respect to asserted identities.
2. Description of the Related Art
In the 3rd Generation Partnership Project (3GPP) IP Multimedia Subsystem (IMS), Release 5, a system is considered to be a closed network of trusted parties. IMS sessions always originate or terminate in an IMS network and all IMS networks trust each other. This model precludes the establishment of an IMS session that originates or terminates in the public Internet. On the other hand, as all the IMS networks trust each other, Session Initiation Protocol (SIP) proxies (Call Session Control Function (CSCF), Breakout Gateway Control Function (BGCF), etc.) need not take any action about asserted identities in SIP requests. If an asserted identity is present when a request is received from another IMS (trusted) network, it is to be trusted. If the SIP proxy is going to send a SIP request to another network, the asserted identity is kept in the message.
3GPP IMS Release 6 allows IMS sessions to be established to and from internet SIP clients. This, however, requires a new trust model because, for a particular network, only selected (IMS or non-IMS) networks are considered to be trusted. It is required that SIP proxies (e.g., CSCF, BGCF, etc.) are able to take an action (e.g., removal) on asserted identities when traffic is routed to a non-trusted network. If a SIP proxy receives a SIP request from a trusted network and there is an asserted identity, it is kept. However, if a SIP proxy receives a SIP request from an untrusted network and there is an asserted identity, the SIP proxy removes the identity since it is not trusted. Similarly, if a SIP proxy is about to forward a request to a trusted network, it keeps any asserted identity. But if a SIP proxy is about to forward a request to an untrusted network, the asserted identity is removed.
The concept of the trust network in IMS is supported by the existence of an interconnection agreement between the two networks that trust each other. When two networks sign an interconnection agreement, they exchange security information. 3GPP IMS Release 5 does not support a mixture of trusted and untrusted nodes. The 3GPP IMS Release 5 specifies that all the IMS networks trust each other; in other words, connections to non-IMS networks are not allowed. 3GPP IMS Release 5 provides Internet Protocol security (IPsec) gateways and IPsec tunnels between any two IMS networks. However, IPsec gateways are not useful for the trusted/untrusted model in Release 6, since IPsec gateways operate with the IP layer, not the SIP layer, and since IPsec gateways are physically and logically different elements than SIP proxies. Additionally, the existence of an IPsec tunnel between two IMS operators is not enough to assume that there is a trust relationship at the SIP level between these operators.
Thus, there is a need for a method to determine whether a particular request is received from a trusted or untrusted source for a particular SIP proxy that is receiving a SIP request. Furthermore, it is also necessary to determine, prior to forwarding the SIP request, whether the next SIP proxy is trusted or not for a particular SIP proxy that is about to forward a SIP request to another network.