`Submit an original and a duplicate for fee processing
`Only
`for new nonprovisional applications under 37 CFR 1.53(b
`
`ADDRESSTO:
`
`Mail Stop Patent Application
`Commissionerfor Patents
`P.O. Box 1450
`Alexandria, Virginia 22313-1450
`
`Attorney Docket No.
`
`03,395
`
`First Named Inventor
`
`David Grabelsky
`
`Express Mail No.
`
`EV 334708865 US
`
`0
`
`b.
`
`i.
`
`] Transmittal Form with Fee
`XX] Specification (including claims and
`abstract)
`[Total Pages 46]
`(J Drawings
`[Total Sheets7]
`Oath or Declaration
`{Total Pages 2]
`[~X] Newly executed
`(J Copyfrom prior application
`[Note Boxes 5 and 18 below]
`(J Deletion of Inventor(s) Signed
`statement attached deleting inventor(s)
`namedin the prior application:
`] Incorporation by Reference: Theentire
`disclosure of the prior application, from which a
`copyof the oath or declaration is supplied under
`Box 4b, is considered as being part of the
`disclosure of the accompanying application and is
`hereby incorporated by reference therein.
`|] Computer CodeListing (See 1.96)
`a. L] Microfiche Appendix
`b.
`([] CD-Rom(in duplicate, with
`separate transmittal)
`(-] Nucleotide and/or Amino Acid Sequence
`Submission
`a.
`(_] Computer Readable Copy
`b.
`(CL) Paper Copy
`c.
`[1 Statementverifying above copies
`. LJ Small Entity Status
`(_]
`is claimed
`(_] Statementfiled in prior application;
`statusstill proper and desired
`[] is no longer claimed.
`18. L] This is a CONTINUING APPLICATION. Please notethefollowing:
`
`Theprior application is assigned of record to
`
`khMOXOOOO’
`
`Assignment Papers
`Powerof Attorney
`English Translation Document(if applicable)
`Information Disclosure Statement (IDS)
`[] PTO-1449 Form
`L1] Copies of IDS Citations
`Preliminary Amendment
`Return Receipt Postcard
`(Should be specifically itemized)
`Certified Copy of Priority Document(s)
`A Request for non-publication pursuantto
`35 U.S.C. § 122(b)(2)(B){i)
`Other: Patent Application Data Sheet
`
`([] Continuation-in-part
`a. L] This is a(_] Continuation ( Divisional
`of prior U.S. Patent Application Serial No..
`
`b. [] Cancelin this application original claims
`thefiling fee.
`(At least one claim must remain.)
`
`of the prior application before calculating
`
`c. L] Amendthe specification by inserting before thefirst line the sentence:
`This is a (_] continuation (J divisional (J continuation-in-part
`of application Serial No.
`
`[Page 1 of 2]
`
`IPR2018-00884
`Apple Inc. EX1002 Page 1
`
`
`
`IPR2018-00884
`Apple Inc. EX1002 Page 1
`
`
`
`UTILITY PATENT APPLICATION TRANSMITTAL
`5
`APPLICATION FEES
`
`
`
`Attorney Docket No. 03,395
`
`
`
`McDonnell Boehnen Hulbert & Berghoff
`
`
`
`
`
`
`CLAIMS|NUMBERFILED[|NUMBEREXTRA|RATE|
`
`
`Total Claims|26-20=|CCStC“<«i‘iT:CSC“‘(C‘«éK1BG108.00
`Independent Claims
`$ 168.00
`
`
`
`[_] Multiple Dependent Claims(s) +$280.00/$|if applicable
`=|$
`Total of above calculations =
`1026.00
`Reduction by 50% forfiling bysmall entiy=[$( =)|
`
`>] Assignmentfeeif applicable + $40.00|$ 40.00
`
`
`
`TOTAL=]$1066.00
`19. | Please charge my Deposit Account No. 13-2490 in the amountof $
`
` 20. 1 Acheckin the amountof $1066.00 is enclosed.
` 21. The Commissioneris hereby authorized to credit overpayments or charge any additional fees of the
`following types to Deposit Account No. 13-2490:
`
`
`a.
`[Fees required under 37 CFR 1.16.
`
`
`
`
`b.
`[Fees required under 37 CFR 1.17.
`
`c.
`<]
`Fees required under 37 CFR 1.18.
`
`22. The Commissioneris hereby generally authorized under 37 CFR 1.136(a)(3) to treat any future
`reply in this or anyrelated application filed pursuant to 37 CFR 1.53 requiring an extensionof time as
`
`
`incorporating a request therefor, and the Commissioneris hereby specifically authorized to charge
`
`
`Deposit Account No. 13-2490 for any fee that may be due in connection with such a request for an
`
`
`
`extension of time.
` 23. CERTIFICATE OF MAILING
`
`
`
`
`I hereby certify that, under 37 CFR § 1.10, | directed that the correspondenceidentified above be
`
`
`deposited with the United States Postal Service as “Express Mail Post Office to Addressee,"
`
`
`addressed to Mail Stop Patent Application, Commissionerfor Patents, P.O. Box 1450, Alexandria,
`
`Virginia 22313-1450, on the date indicated below.
`,
`
` 24. USPTO CUSTOMER NUMBER
`
`20306
`
` 25. SIGNATURE OF APPLICANT, ATTORNEY, OR AGENT REQUIRED
`
`
`
`
`Joseph A. Herndon
` Reg. No.
`50,469
`
`oeFlewSSS C eptember 25, 2003
`
`UTIL (Rev. 11/21/00)
`
`
`
`[Page 2 of 2]
`
`IPR2018-00884
`Apple Inc. EX1002 Page 2
`
`
`
`IPR2018-00884
`Apple Inc. EX1002 Page 2
`
`
`
`REQUEST AND CERTIFICATION|“trey Docket no. 03,395
`
`UNDER
`First Named Inventor
`David Grabelsky
`35 U.S.C. 122(b)(2)(B)(i)
`Express Mail Label No.
`EV 334708865 US
`
`| herebycertify that the invention disclosed in the attached application
`has not been and will not be the subject of an application filed in
`another country, or under a multilateral agreement, that requires
`publication at eighteen monthsafterfiling.
`| hereby request that the
`
`attached application not be published under 35 U.S.C. 122(b).
`
`32™ Floor, 300 South WackerDrive
`
`City, State, Zip|Chicago,Illinois 60606
`
`SIGNATURE OF APPLICANT, ATTORNEY, OR AGENT REQUIRED
`Name
`Joseph A. Herndon
`
` ome McDonnell BoehnenHulbert&Berghoff
`
`
`
`
`
`
`
`
`
`Reg. No.
`
`50,469
`
`Signature
`
`
`
`
`
`\
`Oa
`
`September 25, 2003
`
`IPR2018-00884
`Apple Inc. EX1002 Page 3
`
`
`
`IPR2018-00884
`Apple Inc. EX1002 Page 3
`
`
`
`APPLICATION FOR A UNITED STATES PATENT
`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`5
`
`MBHBCaseNo.03-395
`(3Com Case No. 3948.CS.US.P)
`
`10__—‘Title: SYSTEM AND METHOD FOR NETWORK BASEDPOLICY
`
`
`
`ENFORCEMENTOF INTELLIGENT-CLIENT FEATURES
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`Inventors:
`
`David Grabelsky
`3800 Lee Street
`Skokie, Illinois 60076
`Citizen of United States of America
`
`AnoopTripathi
`462 Pheasant Ridge Road
`Lake Zurich,Illinois 60047
`Citizen of India
`
`Michael Homeier
`284 Greenwood Avenue
`Lake Forest, Illinois 60045
`Citizen of United States of America
`
`Guanglu Wang
`43 Canterbury Lane
`Buffalo Grove,Illinois 60089
`Citizen of China
`
`Assignee:
`
`3Com Corporation
`Legal Department
`5500 Great America Boulevard
`Mailstop 8412
`Santa Clara, California 95052
`
`McDonnell Boehnen Hulbert & Berghoft
`300 South Wacker Drive, 32nd Floor
`Chicago,IL 60606
`(312) 913-0001
`
`1
`
`IPR2018-00884
`Apple Inc. EX1002 Page 4
`
`IPR2018-00884
`Apple Inc. EX1002 Page 4
`
`
`
`FIELD OF INVENTION
`
`The present
`
`invention relates to policy enforcement of network services and, more
`
`particularly, to a system and method for network based policy enforcement of intelligent-client
`
`features.
`
`BACKGROUND
`
`The emergence of Internet Protocol (IP) telephony and IP multimedia networks poses
`
`challenges to carriers and service providers, however,
`
`it also presents new and expanded
`
`business opportunities. The increasing use of IP telephony has spurred development and
`
`10
`
`introduction of numeroustelephonyservices. The use ofIP telephony protocols as an interface
`
`mayassure that a “customer” and a “server” can rely on a commonand widely used method for
`
`exchanging information. The protocols developed for IP-based services, features, and media
`
`transport enable migration of signaling and call-control functionality to intelligent end-user
`
`clients. Examples of such protocols include H.323 and the Session Initiation Protocol (SIP). To
`
`15
`
`the extent that telephony services and features can be implemented in intelligent clients, the
`
`carriers and service provider network’s responsibilities include little more than providing data
`
`pipes.
`
`In practice, however, many next-generation services still depend upon network-based
`
`servers and support, so network providers are probably in no dangerof loosing their ability to
`
`20
`
`sell services. But the trend toward intelligent, IP-based clients is a new dimension in the space
`
`of creation and delivery of telephony and media services. At best, carriers, service providers,
`
`and device manufacturers may have to work together to ensure interoperability. At worst,
`
`carriers and service providers may need to deal with unauthorized delivery of services by
`
`McDonnell Boehnen Hulbert & Berghoff
`300 South Wacker Drive, 32nd Floor
`Chicago, IL 60606
`(312) 913-0001
`
`2
`
`IPR2018-00884
`Apple Inc. EX1002 Page 5
`
`IPR2018-00884
`Apple Inc. EX1002 Page 5
`
`
`
`intelligent clients in their networks. Either way, maintaining relevance as providers of services,
`and not just transport of the services,
`is no longer a given for network providers in a world
`
`shared with intelligent clients.
`
`Therefore, if carriers and service providers are to maintain their ability to generate
`
`5
`
`revenuefor services offered or supported in their networks, then the service providers’ ability to
`
`enforce the authorization of service usage is important. This is particularly important in next-
`
`generation IP telephony and IP multimedia networks, where many basic and advanced services
`
`maybesignaled, controlled, and/or delivered byintelligent end-user clients that are not owned or
`
`controlled by the network providers, thereby enabling potential bypassing by the end user of
`
`10
`
`service agreements or other subscription accounting mechanisms.
`
`McDonnell Boehnen Hulbert & Berghoff
`300 South Wacker Drive, 32nd Floor
`Chicago,IL 60606
`(312) 913-0001
`
`3
`
`IPR2018-00884
`Apple Inc. EX1002 Page 6
`
`IPR2018-00884
`Apple Inc. EX1002 Page 6
`
`
`
`SUMMARY
`
`In an exemplary embodiment, a method for controlling services in packet-based networks
`
`is provided. The method includes receiving signaling messages within a communication path
`
`between a sender and a recipient device. The signaling messages include an indication of a type
`
`of service which the messages are intended to invoke. The method further includes making a
`
`determination of whether the sender or the recipient of the messages is authorized to invoke the
`
`typeofservice,and filtering the signaling messages based on the determination so as to pass to
`
`the intended recipient device signaling messages having an indication of services that are
`
`authorized.
`
`10
`
`In another respect,
`
`the exemplary method for controlling services in packet-based
`
`networks includes receiving a message, which is configured according to a protocol, and
`
`associating the message with a knownservice that is defined within the protocol. This method
`
`includes requesting a user profile of a user associated with the message that specifies which
`
`services the user is authorized to use. This method also includes determining from the user
`
`15
`
`profile whether the user is authorized to invoke the knownservice, and filtering the message
`
`based on whetherthe useris authorized to invoke the known service.
`
`In still another respect, the exemplary embodiment may take the form of a system that
`
`includes a border element and a proxy server. The border element is in a communications path
`
`of session initiation protocol (SIP) signaling messages between end devices, and mayfilter the
`
`20
`
`SIP signaling messages based on authorized services of the end devices. The SIP signaling
`
`messages include an indication of services. The proxy server may receive a request from the
`
`border elementfor a userprofile of at least one of the end devices, and in response, send the user
`
`McDonnell Boehnen Hulbert & Berghoff
`300 South Wacker Drive, 32nd Floor
`Chicago, IL 60606
`(312) 913-0001
`
`4
`
`IPR2018-00884
`Apple Inc. EX1002 Page 7
`
`IPR2018-00884
`Apple Inc. EX1002 Page 7
`
`
`
`profile to the at least one of the end devices. Theuser profile specifies which servicestheat least
`one end device is authorizedto use.
`
`These as well as other features and advantages will become apparent to those of ordinary
`
`skill in the art by reading the following detailed description, with appropriate reference to the
`
`5
`
`accompanying drawings.
`
`McDonnell Boehnen Hulbert & Berghoff
`300 South Wacker Drive, 32nd Floor
`Chicago, IL 60606
`(312) 913-0001
`
`5
`
`IPR2018-00884
`Apple Inc. EX1002 Page 8
`
`IPR2018-00884
`Apple Inc. EX1002 Page 8
`
`
`
`BRIEF DESCRIPTION OF FIGURES
`
`Exemplary embodiments of the present invention are described with reference to the
`
`following drawings, in which:
`
`Figure 1
`
`is a block diagram illustrating one embodiment of a network architecture for
`
`5
`
`support of packet-based telephony and multimedia sessions and services according to the present
`
`invention;
`
`Figure 2 is a block diagram illustrating another embodiment of a network architecture for
`
`support of packet-based telephony and multimedia sessions and services according to the present
`
`invention;
`
`10
`
`Figure 3 is a flowchart depicting one embodiment of a method of network-based policy
`
`enforcementof intelligent client features;
`
`Figure 4 illustrates one embodiment of a network policy enforcement entity that may
`
`carry out the method ofFigure 3;
`
`Figure 5 illustrates one embodiment of a SIP-aware firewall functioning as the network
`
`15
`
`policy enforcementpoint;
`
`Figure 6 illustrates one embodiment of a SIP-aware NAT anda firewall functioning as
`
`the network policy enforcement point; and
`
`Figure 7 illustrates one embodiment of a SIP-aware firewall and a SIP Proxy server
`
`functioning as the network policy enforcementpoint.
`
`20
`
`300SouthWackerDrive,32ndFlor
`nee
`
`6
`
`IPR2018-00884
`Apple Inc. EX1002 Page 9
`
`IPR2018-00884
`Apple Inc. EX1002 Page 9
`
`
`
`DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS
`
`In packet-based networks, intelligent end-user clients with little or no support and/or
`
`knowledge ofthe network can deliver many features and services. For networksto retain control
`
`over the features and services used by subscribers that use intelligent end-user clients, the
`
`5
`
`networks need to be able to recognize signaling and call control messages and transactionsthat
`
`implementthese features and services within the network. Thisis particularly important in next-
`
`generation IP telephony and IP multimedia networks where many basic and advancedservices
`
`may besignaled, controlled, and/or delivered by intelligent end-user clients which are not owned
`
`or controlled by the networkorservice providers, thereby enabling the potential bypassing by the
`
`10
`
`end userof service agreements or other subscription accounting mechanisms.
`
`One approach to policing network service usage is to extend signaling and control
`
`protocols, such as the Session Initiation Protocol (SIP), to support informingtheintelligent client
`
`as to which services are authorized. This approachis described in U.S. Patent Application Serial
`
`Number 10/243,642, filed on September 10, 2002, and entitled “Architecture and Method for
`
`15
`
`Controlling Features and Services in Packet-Based Networks,” which is entirely incorporated by
`
`reference herein asif fully set forth in this description. This approachrelies on the ability of the
`
`client to support required protocol extensions, and to function as the policy enforcement point on
`
`behalf of the network.
`
`In the exemplary embodiment, the present invention describes a system and method for
`using network-based policy enforcement to control access to, and invocation of, features and
`
`20
`
`services which may otherwise be delivered to subscribers without the knowledgeor authorization
`
`of the network. An operator of an IP telephony and/or IP multimedia network may enforce
`
`authorization or privileges of intelligent end-user clients to utilize or invoke services in the
`
`McDonnell Boehnen Hulbert & Berghoff
`300 South Wacker Drive, 32nd Floor
`Chicago,IL 60606
`(312) 913-0001
`
`7
`
`IPR2018-00884
`AppleInc. EX1002 Page 10
`
`IPR2018-00884
`Apple Inc. EX1002 Page 10
`
`
`
`network, even whenthe capabilities for the requisite signaling and call control of those services
`may reside in the end-userclients themselves.
`
`In the exemplary embodiment, a policy enforcement point is maintained in the network
`
`by elements that are under control of the network operator. This approach lessens and/or
`
`5
`
`eliminates a need for the network operator to police the selection of client devices, and at the
`
`sametime, allows endusersto install nearly any suitable device of their choosing.
`
`NETWORK ARCHITECTURE
`
`Referring now to the figures, Figure 1 is a block diagram illustrating one embodiment of
`
`10
`
` anetwork 100.
`
`It should be understood that this and other arrangements described herein are set
`
`forth for purposes of example only, and other arrangements and elements can be used instead and
`
`some elements may be omitted altogether. Further, many of the elements described herein are
`
`functional entities that may be implemented as hardware, firmware or software, and as discrete
`
`componentsor in conjunction with other components,in any suitable combination andlocation.
`
`15
`
`The network 100 includes functionality of a packet network architecture for support of
`
`packet-based telephony and multimedia sessions and services. The network 100 includes a core
`
`packet network 102, and two local packet networks 104 and 106, as well as intelligent end-user
`
`clients 104a-d and 106a-e associated with the local packet networks 104 and 106. Access to the
`
`core packet network 102 is available through border elements 108 and 110, such asa firewall or
`
`20
`
`application layer gateway (ALG) device. Maintaining the border elements 108 and 110 within
`
`the core packet network 102 may protect the core packet network 102 from errant behavior of
`
`extra-network elements, whether malicious or inadvertent. Note that local packet networks 104
`
`and 106 maylikewise employ border elements for security purposes.
`
`McDonnell Boehnen Hulbert & Berghoff
`300 South Wacker Drive, 32nd Floor
`Chicago, IL 60606
`(312) 913-0001
`
`8
`
`IPR2018-00884
`Apple Inc. EX1002 Page 11
`
`IPR2018-00884
`Apple Inc. EX1002 Page 11
`
`
`
`The core packet network 102 includes a signaling and call control server 112, an
`
`authentication and authorization sever 114, and a network-based services server 116. The
`
`signaling and call control server 112 intercepts call set-up messages sent between the end-user
`
`clients, e.g.,
`
`intelligent client 104c, and the core packet network 102 and checks the
`
`5
`
`authentication and authorization server 114 to determine what services the client may invoke.
`
`In
`
`turn, the signaling and call control server 112 may contact the network-based services server 116
`
`to invoke any services requested by the client,if the client is authorized to invoke theservice.
`
`The local packet networks 104 and 106 may be local area networks (LANs). The LAN
`
`provides local connectivity for end-user clients, while the core packet network 102 provides
`
`10
`
`access to global packet telephony services, as well as possibly to a public packet data network.
`
`The core packet network 102 connects the local packet networks 104 and 106 to other local
`
`networks, as well as to the public switched telephone network (PSTN) via media gateways, for
`
`example.
`
`The local packet networks 104 and 106 may be maintained within private or restricted
`
`15
`
`address spaces. That is, addresses of devices within or residing within a given local packet
`
`network maynotbe visible or valid to entities in the core packet network 102, or in other local
`
`networks. Rather, a mapping of addresses is used across the boundaries between the core packet
`
`network 102 and the local packet networks 104 and 106.
`
`In this case, the border elements 108
`
`and 110 in the core packet network 102 provide the mapping functionality, translating between
`
`20
`
`addresses on the core packet network 102 side and the local packet network side.
`
`In an IP
`
`network, for example, this could be supported with Network Address Translation (NAT). This
`
`may also be supported with Realm Specific Internet Protocol (as described in RFC 3104-3105).
`
`Alternatively, this address-mapping function may be accomplished on the local networkside, but
`
`McDonnell Boehnen Hulbert & Berghoff
`300 South Wacker Drive, 32nd Floor
`Chicago,IL 60606
`(342) 913-0001
`
`9
`
`IPR2018-00884
`Apple Inc. EX1002 Page 12
`
`IPR2018-00884
`Apple Inc. EX1002 Page 12
`
`
`
`the corepacket network 102 maystill provide a subset of core network addresses that may be
`used in the mapping, i.e., access to the core packet network 102 first passes through somesort of
`
`core-network border element.
`
`Isolating the address space of the local packet networks 104 and
`
`106 from the core packet network 102 introduces a stronger degree of control over access to
`
`5
`
`services and features in the core packet network 102, becauseclients’ true addresses are hidden
`
`from entities outside the local packet networks 104 and 106, which prevents surreptitious
`
`communications across the boundary betweenlocal and core networks.
`
`If address mapping is used at the border between the core packet network 102 and the
`
`local packet networks 104 and 106, then end-user devices can access services in the core packet
`
`10
`
`network 102 with explicit awareness of some element or elements within the core packet
`
`network 102.
`
`Figure 2 illustrates a specific example of a network 200, similar to that illustrated in
`
`Figure 1, in which the packet networks are IP networks. For this example, the SIP signaling and
`
`call control protocol is implemented. However, other signaling protocols, such as H-323, Media
`
`15.
`
`Gateway Control Protocol (MGCP), Media Gateway Control (MEGACO), and other standard or
`
`proprietary techniques mayalternatively be used. A brief explanation of SIP is given below.
`
`SIP is described in Handley, et al., “SIP: Session Initiation Protocol,” IETF RFC 2543,
`
`March 1999, which is entirely incorporated by reference herein, as if fully set forth in this
`
`description. SIP is also described in Rosenberg et al., “SIP: Session Initiation Protocol,” IETF
`
`20
`
`RFC 3261, June 2002, the contents of which are entirely incorporated herein by reference, as if
`
`fully set forth in this description.
`
`SIP describes how to set up Internet
`
`telephone calls,
`
`videoconferences, and other multimedia connections.
`
`SIP can establish two-party sessions
`
`(ordinary telephone calls), multiparty sessions (where everyone can hear and speak), and
`
`McDonnell Boehnen Hulbert & Berghoft
`300 South Wacker Drive, 32nd Floor
`Chicago,IL 60606
`(312) 913-0001
`
`1 ¢)
`
`IPR2018-00884
`Apple Inc. EX1002 Page 13
`
`IPR2018-00884
`Apple Inc. EX1002 Page 13
`
`
`
`multicast sessions (one sender, manyreceivers). The sessions may contain audio, video, or data.
`SIP handlescall setup, call management, and call termination. Other protocols, such asreal time
`
`protocol (RTP) are used for data transport. SIP is an application layer protocol and can run over
`
`the user datagram protocol (UDP)or the transport control protocol (TCP), for example.
`
`5
`
`SIP supportsa variety of services, including locating the callee, determining the callee’s
`
`capabilities, and handling the mechanicsofcall setup and termination, for example. SIP defines
`
`telephone numbers as uniform resource locators (URLs), so that Web pages can contain them,
`
`allowing a click on a link to initiate a telephonecall (similar to the mailto function that allows a
`
`click on a
`
`link to initiate a program to send an e-mail message).
`
`For example,
`
`10
`
`JohnDoe@3Com.com may represent a user named John at the host specified by the domain
`
`name system (DNS) of 3Com. SIP URLs mayalso contain other addresses or actual telephone
`
`numbers.
`
`| The SIP protocol
`
`is a text-based protocol
`
`in which one party sends a message in
`
`American standard code for information interchange (ASCII) text consisting of a method name
`
`15
`
`on thefirst line, followed by additional lines containing headers for passing parameters. Many
`
`of the headers are taken from multipurpose Internet mail extensions (MIME)to allow SIP to
`
`interwork with existing Internet applications.
`
`As an example, consider the following exemplary text encoded message below in Table
`
`INVITEsip:user@biloxi.com SIP/2.0
`Via: SIP/2.0/UDP pc33.atlanta.com;branch=z9hG4bK776asdhds
`
`
`
`
`
`
`
`
`
`
`
`McDonnell Boehnen Hulbert & Berghoff
`300 South Wacker Drive, 32nd Floor
`Chicago, IL 60606
`(312) 913-0001
`
`1 1
`
`IPR2018-00884
`Apple Inc. EX1002 Page 14
`
`IPR2018-00884
`Apple Inc. EX1002 Page 14
`
`
`
`Content-Type: application/sdp Content-Length: 142
`
`Table 1
`
`This text-encoded message is a SIP INVITE message.
`
`Thefirst line of this text-encoded
`
`5
`
`message contains the method name(e.g., INVITE). Thelines that follow are a list of header
`
`fields. For example, the fields Via (describing the address at which the user is expecting to
`
`receive responses), To (contains a display name or SIP request-URI towards which the request
`
`wasoriginally directed), From (contains a display name and a SIP request-URI that indicate the
`
`originator of the request), Call-ID (contains a globally unique identifier for this call), CSeq (a
`
`10
`
`traditional sequence number), and Contact (contains a SIP request-URI that represents a direct
`
`route to contact the sender) are header fields.
`
`In addition, the From header also has a tag
`
`parameter containing a randomstring (e.g., 1928301774) that is used for identification purposes.
`
`Other example methodsare provided below in Table 2.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`REGISTER
`
`Inform a redirection server about
`
`the
`
`user’s current location
`
`
`
`REFER
`
`
`
`Requests
`
`that
`
`the party sending the
`
`REFERbenotified of the outcome of the
`
`referenced request
`
`15
`
`McDonnell Boehnen Hulbert & Berghoff
`300 South Wacker Drive, 32nd Floor
`Chicago, IL 60606
`(312) 913-0001
`
`Table 2
`
`12
`
`IPR2018-00884
`Apple Inc. EX1002 Page 15
`
`IPR2018-00884
`Apple Inc. EX1002 Page 15
`
`
`
`To establish a call session, a caller sends an INVITE messageto a callee by way of a
`
`proxy server. Thetransport protocol for the transmission may be TCP or UDP,for example.
`
`In
`
`both cases, the headers on the second and subsequent lines of INVITE message describe the
`
`5
`
`structure of the message body, which containsthe caller’s capabilities, media types, and formats.
`
`The INVITE message also contains a user identifier to identify the callee, a caller user identifier
`
`to identify the caller, and a session description that informs the called party what type of media
`
`the caller can accept and where the caller wishes the media data to be sent. User identifiers in
`
`SIP requests are known as SIP addresses.
`
`SIP addresses are referred to as SIP Universal
`
`10
`
`Resource Indicators (SIP request-URIs), which are of the form sip: user@host.domain. Other
`
`addressing conventions mayalso be used.
`
`The proxy server will read the INVITE message and mayusealocation service locally or
`
`remotely located to itself to determine the location of the callee, as identified in the INVITE
`
`message. The proxy server determines the location of the callee by matching the SIP request-
`
`15
`
`URI in the INVITE message to one within a location database, which may be within another
`
`proxy server. The INVITE request is then forwarded to the callee. Upon receiving the INVITE
`
`request, the callee may transmit a response message.
`
`The response message maybe a reply code. A reply code may be a three-digit number
`
`with a classification as defined below in Table 3.
`
`CODE
`
`
`
`4xx
`
`
`
`1xx
`
`2XxX
`
`
`
`MEANING
`
`EXAMPLES
`
`100 = server agrees to handle
`
`client’s request
`
`200 = request succeeded
`
`
`
`
`
`403 = forbidden page
`
`
`
`
`
`
`
`
`McDonnell Boehnen Hulbert & Berghoff
`300 South Wacker Drive, 32nd Floor
`Chicago, IL 60606
`(312) 913-0001
`
`] 3
`
`IPR2018-00884
`Apple Inc. EX1002 Page 16
`
`IPR2018-00884
`Apple Inc. EX1002 Page 16
`
`
`
`5xx
`
`ServerError
`
`500 = internal server error
`
`Table 3
`
`For example, if the callee accepts the call, the callee responds with a 200 OK message.
`
`Following the reply code line,
`
`the callee also may supply information about
`
`the callee’s
`
`capabilities, media types, and formats.
`
`Referring back to Figure 2, the network 200 includes a core IP network 202, and local IP
`
`networks 204 and 206.
`
`In this case, end-user clients are SIP user agents, such as SIP user agent
`
`204a-b and 206a-b, and SIP phones, such as SIP phone 204c-d and 206c-e. The core IP network
`
`10
`
`202 includes a SIP Proxy server 208, an authentication/authorization server 210, a directory
`
`server 212, and a network-based services server 214. Border elements in the core IP network
`
`202 are NAT firewalls 216 and 218, which incorporate functionality specific to SIP. Such
`
`devices are commonly referred to as SIP-aware firewalls, as illustrated. The NAT firewalls 216
`
`and 218 makeit possible, for example, for a SIP client with only a local address within the local
`
`15
`
`area network to initiate and receive SIP-based calls to and from SIP endpoints in the core IP
`
`network 202, or other local networks connected (directly or indirectly) to the core IP network
`
`202.
`
`In order for a SIP phone, e.g., 204c, to establish connectivity beyondits local IP network
`
`204,its user registers with the SIP proxy server 208 in the core IP network 202. The registration
`
`20
`
`process will typically include somesort of verification that authenticates the user and authorizes
`
`use of a set of services. This authentication usually involves communications between the SIP
`
`proxy server 208 and the authentication and authorization server 210 via an additional protocol.
`
`For example, Remote Authentication Dial In User Service (RADIUS) might be used for this
`
`purpose. Assumingtheuseris successfully authenticated, authorization for use of services could
`
`McDonneil Boehnen Hulbert & Berghoff
`300 South Wacker Drive, 32nd Floor
`Chicago,IL 60606
`(312) 913-0001
`
`] 4
`
`IPR2018-00884
`Apple Inc. EX1002 Page 17
`
`IPR2018-00884
`Apple Inc. EX1002 Page 17
`
`
`
`be determined according to a user profile stored in the authentication and authorization server
`
`210. The user profile might list services and features to whichthe user has subscribed,e.g., basic
`
`calls, call waiting, call forwarding, etc. Once registration is complete, the user may invoke
`
`services within the core IP network 202. Note that the user could be a specific person, group, or
`
`generic identity (e.g., “cafeteria phone”).
`
`While lists of authorized services and features may be stored in the userprofile, it is
`
`possible for many of the features themselves to be fully or partially realized directly within the
`
`SIP phone 204c. Thus, a user could decline to subscribe to a certain service in the core IP
`
`network 202, but still obtain that service using the implementation on the SIP phone 204c.
`
`10
`
`Assumingthat a carrier or service provider of the network 200 normally charges for that service,
`
`then this user would be acquiringit for free. As noted, one way to attempt to prevent this from
`
`happeningis to extend or enhance the SIP protocol to support passing the information about the
`
`user’s authorized services to the SIP phone, as described in U.S. Patent Application Serial
`
`Number10/243,642, entitled “Architecture and Method for Controlling Features and Services in
`
`15
`
`Packet-Based Networks.” The SIP phone would then only invoke those services for which
`
`authorization has been received, i.e., the SIP phone becomes the policy enforcement point on
`
`behalf of the core IP network 202.
`
`NETWORK-BASED POLICY ENFORCEMENTOF INTELLIGENT-CLIENT FEATURES
`
`20
`
`In the exemplary embodiment, an entity of the network 200 is the policy enforcement
`
`point on behalf of the core IP network 202.
`
`The entity is a core-network-based policy
`
`enforcement point that is (1) in the communications path of substantially each and every call
`
`control and signaling message between any end-user client and any call control and signaling
`
`McDonnell Boehnen Hulbert & Berghoff
`300 South Wacker Drive, 32nd Floor
`Chicago, IL 60606
`(312) 913-0001
`
`1 5
`
`IPR2018-00884
`Apple Inc. EX1002 Page 18
`
`IPR2018-00884
`Apple Inc. EX1002 Page 18
`
`
`
`
`
`entity of the network 202 (including, possibly, another client device); and (2) able to
`
`communicate with, and set parameters of, network elements that monitor and control media data
`
`flow across network boundaries (e.g., border elements 216 and 218). The policy enforcement
`
`point may recognize all call control and signaling messages that pass through it, and filter them
`
`5
`
`according to their content, including, but not limited to, sender, intended recipient, and meaning
`
`within the particular call control and signaling protocol (e.g., message type).
`
`In addition, the
`
`policy enforcement point may control media data flow, or augment and/or assist other network
`
`elements that have this function. Such control of media data flow mayinclude,but is not limited
`
`to, ensuring compliance of media streams with agreed-to bandwidth and other network resource
`
`10
`
`usage.
`
`The policy enforcement point mayfacilitate network-based enforcement of service and
`
`feature privileges on a call-by-call basis, (1) during an initial setup phase of the call or session,
`
`based upon the filtering of call control and signaling messages; and (2) once the call, session,
`
`service, or feature is allowed and/or established, based upon both filtering of subsequent call
`
`15
`
`control messages, and the monitoring and