TECHNICAE FIEED

[0001] An example embodiment relates generally to a method, apparatus and computer program product generally related to a serving call session control function (S-CSCF) of a communications network, such as a fifth generation (5G) network.

BACKGROUND

[0002] As mobile devices have become important, ubiquitous tools upon which individuals rely to communicate with one another, access information, entertain themselves, and otherwise improve many facets of their lives, network operators have faced ever-increasing demands on finite network resources. While networks and their operators are typically able to meet user expectation and demands, unauthorized use of network resources can divert potentially limited network resources away from authorized users and otherwise contribute to undesirable network performance.

[0003] In addition, a network operator may want to restrict access of certain mobile devices that are lost, stolen, or otherwise involved with suspicious activities by placing those devices on a blacklist. A network operator may also want to track network access activities of suspicious mobile devices that are identified by a graylist. Detecting and determining the validity status of a device within a network environment, responding to unauthorized access events, and communicating a current, correct validation and/or authorization status of a device to the relevant network components poses a number of technical challenges. For example, the maintenance, updating and checking of the blacklist and the graylist may consume an undesirable amount of network resources if performed inefficiently.

BRIEF SUMMARY

[0004] An example embodiment relates generally to a method, apparatus and computer program product for checking a mobile equipment identity for a serving call session control function (S-CSCF) in a communications network, such as a fifth generation (5G) network, in the event that the latest status of the equipment is lost to the S-CSCF due to restoration. As such, the equipment status may be properly determined during or following restoration. [0005] In one example embodiment, a method is provided that includes receiving a network registration request from a user equipment (UE). The method further includes determining that a validity status of the user equipment is not blacklisted. The method further includes causing transmission of a registration success message to the user equipment. The method further includes receiving a session initiation protocol request message from the user equipment. The method further includes causing transmission of a server assignment request message to a home subscriber server. The home subscriber server is configured to store an up-to-date user equipment validity status. The method further includes receiving a server assignment answer message from the home subscriber server. The server assignment answer message includes the up-to-date user equipment validity status of the user equipment. The method further includes causing a response to be provided to the session initiation protocol request message according to the up-to-date user equipment validity status.

[0006] In some implementations of such a method, the up-to-date user equipment validity status of the user equipment indicates that the user equipment is blacklisted, and causing a response to be provided comprises causing transmission of an error message to the user equipment. In some embodiments, the method further includes causing

transmission of a second server assignment request message to the home subscriber server to remove a registration of the user equipment. In some embodiments, the validity status of the user equipment is one of: blacklisted, greylisted, or whitelisted. In some embodiments, blacklisted indicates that the user equipment is restricted from accessing a network and greylisted indicates that the user equipment needs to be tracked when accessing a network.

[0007] In another example embodiment, an apparatus is provided that includes means for receiving a network registration request from a user equipment. The apparatus further includes means for determining that a validity status of the user equipment is not blacklisted. The apparatus further includes means for causing transmission of a registration success message to the user equipment. The apparatus further includes means for receiving a session initiation protocol request message from the user equipment. The apparatus further includes means for causing transmission of a server assignment request message to a home subscriber server. The home subscriber server is configured to store an up-to-date user equipment validity status. The apparatus further includes means for receiving a server assignment answer message from the home subscriber server. The server assignment answer message includes the up-to-date user equipment validity status of the user equipment. The apparatus further includes means for causing a response to be provided to the session initiation protocol request message according to the up-to-date user equipment validity status.

[000S] In some implementations of such an apparatus, the up-to-date user equipment validity status of the user equipment indicates that the user equipment is blacklisted. In some embodiments, causing a response to be provided comprises causing transmission of an error message to the user equipment. In some embodiments, the apparatus further includes means for causing transmission of a second server assignment request message to the home subscriber server to remove a registration of the user equipment. In some embodiments, the validity status of the user equipment is one of: blacklisted, greylisted, or whitelisted. In some embodiments, blacklisted indicates that the user equipment is restricted from accessing a network and greylisted indicates that the user equipment needs to be tracked when accessing a network.

[0009] In another example embodiment, an apparatus is provided that includes at least one processor and at least one memory including computer program code for one or more programs with the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus at least to receive a network registration request from a user equipment. The computer program code is further configured to, with the at least one processor, cause the apparatus to determine that a validity status of the user equipment is not blacklisted. The computer program code is further configured to, with the at least one processor, cause the apparatus to cause transmission of a registration success message to the user equipment. The computer program code is further configured to, with the at least one processor, cause the apparatus to receive a session initiation protocol request message from the user equipment. The computer program code is further configured to, with the at least one processor, cause the apparatus to cause transmission of a server assignment request message to a home subscriber server. The home subscriber server is configured to store an up-to-date user equipment validity status. The computer program code is further configured to, with the at least one processor, cause the apparatus to receive a server assignment answer message from the home subscriber server. The server assignment answer message includes the up-to-date user equipment validity status of the user equipment. The computer program code is further configured to, with the at least one processor, cause the apparatus to cause a response to be provided to the session initiation protocol request message according to the up-to-date user equipment validity status. [0010] In some implementations of such an apparatus, the up-to-date user equipment validity status of the user equipment indicates that the user equipment is blacklisted. In some embodiments, causing a response to be provided comprises causing transmission of an error message to the user equipment. In some embodiments, the computer program code is further configured to, with the at least one processor, cause the apparatus to cause transmission of a second server assignment request message to the home subscriber server to remove a registration of the user equipment. In some embodiments, the validity status of the user equipment is one of: blacklisted, greylisted, or whitelisted. In some embodiments, blacklisted indicates that the user equipment is restricted from accessing a network and greylisted indicates that the user equipment needs to be tracked when accessing a network.

[0011] In another example embodiment, a computer program product is provided that includes at least one non-transitory computer-readable storage medium having computer executable program code instructions stored therein with the computer executable program code instructions comprising program code instructions configured, upon execution, to receive a network registration request from a user equipment. The computer executable program code instructions comprise program code instructions that are further configured, upon execution, to determine that a validity status of the user equipment is not blacklisted. The computer executable program code instructions comprise program code instructions that are further configured, upon execution, to cause transmission of a registration success message to the user equipment. The computer executable program code instructions comprise program code instructions that are further configured, upon execution, to receive a session initiation protocol request message from the user equipment. The computer executable program code instructions comprise program code instructions that are further configured, upon execution, to cause transmission of a server assignment request message to a home subscriber server. The home subscriber server is configured to store an up-to- date user equipment validity status. The computer executable program code instructions comprise program code instructions that are further configured, upon execution, to receive a server assignment answer message from the home subscriber server. The server assignment answer message includes the up-to-date user equipment validity status of the user equipment. The computer executable program code instructions comprise program code instructions that are further configured, upon execution, to cause a response to be provided to the session initiation protocol request message according to the up-to-date user equipment validity status. [0012] In some implementations of such a computer program product, the up-to-date user equipment validity status of the user equipment indicates that the user equipment is blacklisted. In some embodiments, causing a response to be provided comprises causing transmission of an error message to the user equipment. In some embodiments, the computer executable program code instructions comprise program code instructions that are further configured, upon execution, to cause transmission of a second server assignment request message to the home subscriber server to remove a registration of the user equipment. In some embodiments, the validity status of the user equipment is one of: blacklisted, greylisted, or whitelisted. In some embodiments, blacklisted indicates that the user equipment is restricted from accessing a network and greylisted indicates that the user equipment needs to be tracked when accessing a network.

[0013] In another example embodiment, a method is provided that includes receiving a network registration request from a user equipment. The method further includes determining that the validity status of the user equipment is not blacklisted. The method further includes causing transmission of a registration success message to the user equipment. The method further includes receiving a session initiation protocol request message from the user equipment. The method further includes causing transmission of a server assignment request message to a home subscriber server. The method further includes receiving a server assignment answer message from the home subscriber server. The method further includes causing transmission of an equipment identity check request message to an equipment identity register. The equipment identity register is configured to store an up-to-date user equipment validity status. The method further includes receiving an equipment identity check answer message from the equipment identity register. The equipment identity check answer message includes the up-to-date user equipment validity status of the user equipment. The method further includes causing a response to be provided to the session initiation protocol request message according to the up-to-date user equipment validity status.

[0014] In some implementations of such a method, the up-to-date user equipment validity status of the user equipment indicates that the user equipment is blacklisted and causing a response to be provided comprises causing transmission of an error message to the user equipment. In some embodiments, the method further includes causing

transmission of a second server assignment request message to the home subscriber server to remove a registration of the user equipment. In some embodiments, the validity status of the user equipment is one of: blacklisted, greylisted, or whitelisted. In some embodiments, blacklisted indicates that the user equipment is restricted from accessing a network and greylisted indicates that the user equipment needs to be tracked when accessing a network.

[0015] In another example embodiment, an apparatus is provided that includes means for receiving a network registration request from a user equipment. The apparatus further includes means for determining that the validity status of the user equipment is not blacklisted. The apparatus further includes means for causing transmission of a registration success message to the user equipment. The apparatus further includes means for receiving a session initiation protocol request message from the user equipment. The apparatus further includes means for causing transmission of a server assignment request message to a home subscriber server. The apparatus further includes means for receiving a server assignment answer message from the home subscriber server. The apparatus further includes means for causing transmission of an equipment identity check request message to an equipment identity register. The equipment identity register is configured to store an up- to-date user equipment validity status. The apparatus further includes means for receiving an equipment identity check answer message from the equipment identity register. The equipment identity check answer message includes the up-to-date user equipment validity status of the user equipment. The apparatus further includes means for causing a response to be provided to the session initiation protocol request message according to the up-to- date user equipment validity status.

[0016] In some implementations of such an apparatus, the up-to-date user equipment validity status of the user equipment indicates that the user equipment is blacklisted and causing a response to be provided comprises causing transmission of an error message to the user equipment. In some embodiments, the apparatus further includes means for causing transmission of a second server assignment request message to the home subscriber server to remove a registration of the user equipment. In some embodiments, the validity status of the user equipment is one of: blacklisted, greylisted, or whitelisted. In some embodiments, blacklisted indicates that the user equipment is restricted from accessing a network and greylisted indicates that the user equipment needs to be tracked when accessing a network.

[0017] In another example embodiment, an apparatus is provided that includes at least one processor and at least one memory including computer program code for one or more programs with the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus at least to receive a network registration request from a user equipment. The computer program code is further configured to, with the at least one processor, cause the apparatus to determine that the validity status of the user equipment is not blacklisted. The computer program code is further configured to, with the at least one processor, cause the apparatus to cause transmission of a registration success message to the user equipment. The computer program code is further configured to, with the at least one processor, cause the apparatus to receive a session initiation protocol request message from the user equipment. The computer program code is further configured to, with the at least one processor, cause the apparatus to cause transmission of a server assignment request message to a home subscriber server. The computer program code is further configured to, with the at least one processor, cause the apparatus to receive a server assignment answer message from the home subscriber server. The computer program code is further configured to, with the at least one processor, cause the apparatus to cause transmission of an equipment identity check request message to an equipment identity register. The equipment identity register is configured to store an up-to-date user equipment validity status. The computer program code is further configured to, with the at least one processor, cause the apparatus to receive an equipment identity check answer message from the equipment identity register. The equipment identity check answer message includes the up-to-date user equipment validity status of the user equipment. The computer program code is further configured to, with the at least one processor, cause the apparatus to cause a response to be provided to the session initiation protocol request message according to the up-to-date user equipment validity status.

[0018] In some implementations of such an apparatus, the up-to-date user equipment validity status of the user equipment indicates that the user equipment is blacklisted and causing a response to be provided comprises causing transmission of an error message to the user equipment. In some embodiments, the computer program code is further configured to, with the at least one processor, cause the apparatus to cause transmission of a second server assignment request message to the home subscriber server to remove a registration of the user equipment. In some embodiments, the validity status of the user equipment is one of: blacklisted, greylisted, or whitelisted. In some embodiments, blacklisted indicates that the user equipment is restricted from accessing a network and greylisted indicates that the user equipment needs to be tracked when accessing a network.

[0019] In another example embodiment, a computer program product is provided that includes at least one non-transitory computer-readable storage medium having computer executable program code instructions stored therein with the computer executable program code instructions comprising program code instructions configured, upon execution, to receive a network registration request from a user equipment. The computer executable program code instructions comprise program code instructions that are further configured, upon execution, to determine that the validity status of the user equipment is not blacklisted. The computer executable program code instructions comprise program code instructions that are further configured, upon execution, to cause transmission of a registration success message to the user equipment. The computer executable program code instructions comprise program code instructions that are further configured, upon execution, to receive a session initiation protocol request message from the user equipment. The computer executable program code instructions comprise program code instructions that are further configured, upon execution, to cause transmission of a server assignment request message to a home subscriber server. The computer executable program code instructions comprise program code instructions that are further configured, upon execution, to receive a server assignment answer message from the home subscriber server. The computer executable program code instructions comprise program code instructions that are further configured, upon execution, to cause transmission of an equipment identity check request message to an equipment identity register. The equipment identity register is configured to store an up-to-date user equipment validity status. The computer executable program code instructions comprise program code instructions that are further configured, upon execution, to receive an equipment identity check answer message from the equipment identity register. The equipment identity check answer message includes the up-to-date user equipment validity status of the user equipment. The computer executable program code instructions comprise program code instructions that are further configured, upon execution, to cause a response to be provided to the session initiation protocol request message according to the up-to-date user equipment validity status.

[0020] In some implementations of such a computer program product, the up-to-date user equipment validity status of the user equipment indicates that the user equipment is blacklisted and causing a response to be provided comprises causing transmission of an error message to the user equipment. In some embodiments, the computer executable program code instructions comprise program code instructions that are further configured, upon execution, to cause transmission of a second server assignment request message to the home subscriber server to remove a registration of the user equipment. In some embodiments, the validity status of the user equipment is one of: blacklisted, greylisted, or whitelisted. In some embodiments, blacklisted indicates that the user equipment is restricted from accessing a network and greylisted indicates that the user equipment needs to be tracked when accessing a network.

BRIEF DESCRIPTION OF THE DRAWINGS

[0021] Having thus described certain example embodiments of the present disclosure in general terms, reference will hereinafter be made to the accompanying drawings, which are not necessarily drawn to scale, and wherein:

[0022] Figure 1 depicts an example system environment in which implementations in accordance with an example embodiment of the present invention may be performed;

[0023] Figure 2 is a block diagram of an apparatus that may be specifically configured in accordance with an example embodiment of the present invention;

[0024] Figure 3 is a message flow diagram that illustrates a technical challenge that may be overcome by implementations of an example embodiment of the present invention;

[0025] Figure 4 is a message flow diagram that illustrates aspects of an example embodiment of the present invention;

[0026] Figure 5 is another message flow diagram that illustrates aspects of another example embodiment of the present invention;

[0027] Figure 6 is a flowchart illustrating a set of operations performed, such as by the apparatus of Figure 2, in accordance with an example embodiment of the present invention; and

[0028] Figure 7 is another flowchart illustrating a set of operations performed, such as by the apparatus of Figure 2, in accordance with another example embodiment of the present invention.

DETAILED DESCRIPTION

[0029] Some embodiments of the present invention will now be described more fully hereinafter with reference to the accompanying drawings, in which some, but not all, embodiments of the invention are shown. Indeed, various embodiments of the invention may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will satisfy applicable legal requirements. Like reference numerals refer to like elements throughout. As used herein, the terms“data,”“content,”“information,” and similar terms may be used interchangeably to refer to data capable of being transmitted, received and/or stored in accordance with embodiments of the present invention. Thus, use of any such terms should not be taken to limit the spirit and scope of embodiments of the present invention.

[0030] Additionally, as used herein, the term‘circuitry’ refers to (a) hardware-only circuit implementations (e.g., implementations in analog circuitry and/or digital circuitry); (b) combinations of circuits and computer program product(s) comprising software and/or firmware instructions stored on one or more computer readable memories that work together to cause an apparatus to perform one or more functions described herein; and (c) circuits, such as, for example, a microprocessor(s) or a portion of a microprocessor(s), that require software or firmware for operation even if the software or firmware is not physically present. This definition of‘circuitry’ applies to all uses of this term herein, including in any claims. As a further example, as used herein, the term‘circuitry’ also includes an implementation comprising one or more processors and/or portion(s) thereof and accompanying software and/or firmware. As another example, the term‘circuitry’ as used herein also includes, for example, a baseband integrated circuit or applications processor integrated circuit for a mobile phone or a similar integrated circuit in a server, a cellular network device, other network device, field programmable gate array, and/or other computing device.

[0031] As defined herein, a“computer-readable storage medium” refers to a physical storage medium (e.g., volatile or non-volatile memory device).

[0032] An example embodiment relates generally to a method, apparatus and computer program product for checking a mobile equipment identity for a serving call session control function (S-CSCF) in a communications network, such as a fifth generation network, in the event that the latest status of the equipment is lost to the S-CSCF due to restoration, that is, the process of coming back online and restoring the various parameters and values following a period of inoperability during the performance of various IMS functions such as a S-CSCF.

[0033] Some example implementations arise in network environments that incorporate an equipment identity register (EIR) or similar network element that includes a database that stores information about the authorization and/or validity status of user equipment devices that may be associated with the network environment. When the validity status of a user equipment (UE) device such as a mobile phone is altered to a status in which the user equipment is to be barred from accessing the network (such as when the device is “blacklisted”, or is otherwise identified as lacking authorization to access network resources, for example), a unique device identifier (such as an international mobile equipment identity (IMEI) associated with the particular user equipment device, for example), may be added to a list of blacklisted, restricted, and/or otherwise unauthorized devices that is stored at a relevant EIR. When the validity status of a user equipment (UE) device such as a mobile phone is altered to a status in which the user equipment is to be tracked by the network (such as when the device is“grey listed”), a unique device identifier (such as an international mobile equipment identity (IMEI) associated with the particular user equipment device, for example), may be added to a list of greylisted devices that is stored at a relevant EIR.

[0034] When a network element subsequently uses the IMEI number associated with the user equipment device to check and/or otherwise determine whether the user equipment device that is attempting to access the network is a valid and/or otherwise authorized user equipment device, the IMEI number may be checked against the list maintained at the EIR, and an unauthorized user equipment device may be barred from accessing that particular network.

[0035] In some such network environments, a status change associated with a user equipment device (such as blacklisting, for example), occurs at the EIR, which may contain a record of all of the user equipment devices associated with a network and an indication whether the user equipment device is authorized to use network resources. In such environments the EIR may be configured as and/or incorporate a central database that stores user equipment device status information, such as a whitelist, blacklist, a gray list, and/or the like. As discussed in more detail herein, the EIR and the information stored therewith may be used to enable network operators to control access to network resources, including but not limited to the prevention of unauthorized user equipment devices and/or unauthorized users of user equipment devices from accessing network resources.

[0036] In some example situations, a mobile equipment identity check (MEIC) procedure may be used between a mobility management entity (MME) and the EIR, and between the serving GPRS support node (SGSN) and the EIR to check the status of a user equipment device (such as to check that the user equipment device has not been reported as stolen, to check that the user equipment device is not indicated as having faults, or the like). In some such example situations, the S 13 and S13’ interfaces (such as those between the MME and the EIR, and between the SGSN and EIR, respectively), are defined as set out in 3GPP TP 29.272, and may follow predetermined procedures to validate the IMEI associated with a user equipment device through Mobile Equipment (ME) Identity Check Request (ECR) and ME Identity Check Answer (ECA) messages. However, there are a number of technical challenges associated with ensuring that a change in a status of a user equipment device that may be reflected in the EIR is communicated to other relevant network elements in a manner that reduces and/or eliminates the ability of an unauthorized user equipment device to access and use network resources.

[0037] In many current network environments, a serving call session control function (S-CSCF) may be integrated with the EIR and may be configured to use an IMEI to check the validity status of a particular user equipment device. Based on the response from the EIR, the S-CSCF may take the appropriate action. Typically, this IMEI-based check occurs during the registration and/or re-registration of the user equipment device associated with the particular IMEI.

[0038] The validity status of the user equipment may change due to various reasons. In the event that the validity status of a user equipment changes, the EIR is configured to send a message, such as an equipment notify request (ENR) message, to the S-CSCF to indicate the change of status. However, if the ENR message is lost because S-CSCF is not operational at the time the ENR message is sent, the S-CSCF will not receive an indication of the change of validity status of a user equipment. Hence, the S-CSCF will not be able to take appropriate action toward a request made by the user equipment. For example, a user equipment that has been blacklisted may make a call request and the S-CSCF may mistakenly authorize such call request because the S-CSCF did not receive an indication reflecting the updated blacklisted validity status.

[0039] As noted above, an example embodiment relates generally to a method, apparatus and computer program product for checking mobile equipment identity for a serving call session control function in the event that the latest validity status of the equipment is lost to the S-CSCF due to restoration. While the method, apparatus and computer program product of an example embodiment may be deployed in a variety of different systems, one example of a system that may benefit from the procedures discussed and contemplated herein in accordance with an example embodiment of the present invention is depicted in Figure 1. The depiction of system environment 100 in Figure 1 is not intended to limit or otherwise confine the embodiments described and contemplated herein to any particular configuration of elements or systems, nor is it intended to exclude any alternative configurations or systems for the set of configurations and systems that can be used in connection with an embodiment of the present invention. Rather, Figure 1, and the system environment 100 disclosed therein is merely presented to provide an example basis and context for the facilitation of some of the features, aspects, and uses of the methods, apparatuses, and computer program products disclosed and contemplated herein. It will be understood that while many of the aspects and components presented in Figure 1 are shown as discrete, separate elements, other configurations may be used in connection with the methods, apparatuses, and computer programs described herein, including configurations that combine, omit, and/or add aspects and/or components.

[0040] As shown in Figure 1, the system environment includes one or more user equipment 102 configured to communicate wirelessly, such as via an access network, with a network 106. Although various types of user equipment may operate within the system environment, the user equipment may be embodied as a mobile terminal, such as a portable digital assistant (PDA), mobile phone, smartphone, pager, mobile television, gaming device, laptop computer, camera, tablet computer, communicator, pad, headset, touch surface, video recorder, audio/video player, radio, electronic book, positioning device (e.g., global positioning system (GPS) device), or any combination of the aforementioned, and other types of voice and text and multi-modal communications systems. System

environment 100, as depicted in Figure 1, also includes one or more access points l04a and l04b, such as base stations, (such as node Bs, evolved Node Bs (eNB), or the like, for example). A cellular access point, such as a base station, may define and service one or more cells. The access points may, in turn, be in communication with a network 106, such as a core network via a gateway, such that the access points establish cellular radio access networks by which the user equipment 102 may communicate with the network. The system environment 100 of Figure 1 may include a plurality of different cellular radio access networks including, for example, a 5G radio access network, an LTE (long term evolution) radio access network, a UMTS (universal mobile telecommunications system) radio access network, etc. In some example implementations, equipment and other infrastructure associated with multiple different cellular radio access networks may be located at or near structures and/or other equipment associated with a particular access point, such as access points l04a and l04b.

[0041] In some implementations of system environment 100, the cellular radio access networks serviced by access points l04a, l04b, and any other access points in a given area are identical, in the sense that as user equipment 102 moves from an area serviced by access point l04a to an area serviced by access point l04b, the user equipment 102 is able to access the network 106 via a radio access network provided by the same vendor across access points. Although not shown, the system may also include a controller associated with one or more of the cellular access points, e.g., base stations, so as to facilitate operation of the access points and management of the user equipment 102 in communication therewith. As shown in Figure 1, a system may also include one or more wireless local area networks (WLANs), each of which may be serviced by a WLAN access point 108 configured to establish wireless communications with the user equipment. As such, the user equipment may communicate with the network via a WLAN access point as shown in solid lines in Figure 1, or, alternatively, via a cellular access point as shown in dashed lines. The radio access networks as well as the core networks may consist of additional network elements as routers, switches, servers, gateways, and/or controllers.

[0042] In order to embody the one or more S-CSCFs and other network components such as one or more EIRs, one or more home subscriber servers (HSSs), and/or one or more other CSCFs, an apparatus 200 is provided in Figure 2. The apparatus 200 may be embodied by a computing device, such as a personal computer, a computer workstation, a server or the like, or by any of various mobile computing devices, such as a mobile terminal, (such as a smartphone, a tablet computer, or the like, for example).

[0043] Regardless of the manner in which the apparatus 200 is embodied, the apparatus of an example embodiment is configured to include or otherwise be in communication with a processor 202, a memory device 204 and a communication interface 206. In some embodiments, the processor (and/or co-processors or any other processing circuitry assisting or otherwise associated with the processor) may be in communication with the memory device via a bus for passing information among components of the apparatus. The memory device may be non-transitory and may include, for example, one or more volatile and/or non-volatile memories. In other words, for example, the memory device may be an electronic storage device (e.g., a computer readable storage medium) comprising gates configured to store data (e.g., bits) that may be retrievable by a machine (e.g., a computing device like the processor). The memory device may be configured to store information, data, content, applications, instructions, or the like for enabling the apparatus to carry out various functions in accordance with an example embodiment of the present invention. For example, the memory device could be configured to buffer input data for processing by the processor. Additionally or alternatively, the memory device could be configured to store instructions for execution by the processor.

[0044] As described above, the apparatus 200 may be embodied by a computing device. However, in some embodiments, the apparatus may be embodied as a chip or chip set. In other words, the apparatus may comprise one or more physical packages (e.g., chips) including materials, components and/or wires on a structural assembly (e.g., a baseboard). The structural assembly may provide physical strength, conservation of size, and/or limitation of electrical interaction for component circuitry included thereon. The apparatus may therefore, in some cases, be configured to implement an embodiment of the present invention on a single chip or as a single“system on a chip.” As such, in some cases, a chip or chipset may constitute means for performing one or more operations for providing the functionalities described herein.

[0045] The processor 202 may be embodied in a number of different ways. For example, the processor may be embodied as one or more of various hardware processing means such as a coprocessor, a microprocessor, a controller, a digital signal processor (DSP), a processing element with or without an accompanying DSP, or various other processing circuitry including integrated circuits such as, for example, an ASIC

(application specific integrated circuit), an FPGA (field programmable gate array), a microcontroller unit (MCU), a hardware accelerator, a special-purpose computer chip, or the like. As such, in some embodiments, the processor may include one or more processing cores configured to perform independently. A multi-core processor may enable

multiprocessing within a single physical package. Additionally or alternatively, the processor may include one or more processors configured in tandem via the bus to enable independent execution of instructions, pipelining and/or multithreading.

[0046] In an example embodiment, the processor 202 may be configured to execute instructions stored in the memory device 204 or otherwise accessible to the processor. Alternatively or additionally, the processor may be configured to execute hard coded functionality. As such, whether configured by hardware or software methods, or by a combination thereof, the processor may represent an entity (e.g., physically embodied in circuitry) capable of performing operations according to an embodiment of the present invention while configured accordingly. Thus, for example, when the processor is embodied as an ASIC, FPGA or the like, the processor may be specifically configured hardware for conducting the operations described herein. Alternatively, as another example, when the processor is embodied as an executor of software instructions, the instructions may specifically configure the processor to perform the algorithms and/or operations described herein when the instructions are executed. However, in some cases, the processor may be a processor of a specific device (e.g., a pass-through display or a mobile terminal) configured to employ an embodiment of the present invention by further configuration of the processor by instructions for performing the algorithms and/or operations described herein. The processor may include, among other things, a clock, an arithmetic logic unit (ALU) and logic gates configured to support operation of the processor.

[0047] The apparatus 200 may optionally also include the communication interface 206. The communication interface may be any means such as a device or circuitry embodied in either hardware or a combination of hardware and software that is configured to receive and/or transmit data from/to a network and/or any other device or module in communication with the apparatus. In this regard, the communication interface may include, for example, an antenna (or multiple antennas) and supporting hardware and/or software for enabling communications with a wireless communication network.

Additionally or alternatively, the communication interface may include the circuitry for interacting with the antenna(s) to cause transmission of signals via the antenna(s) or to handle receipt of signals received via the antenna(s). In some environments, the communication interface may alternatively or also support wired communication. As such, for example, the communication interface may include a communication modem and/or other hardware/software for supporting communication via cable, digital subscriber line (DSL), universal serial bus (USB) or other mechanisms.

[0048] Figure 3 depicts message flow 300 which illustrates aspects of some of the technical challenges addressed by an embodiment of the present disclosure. As shown in Figure 3, message flow 300 involves the propagation of messages between a user equipment device 302, an Internet Protocol (IP) Multimedia Subsystem (IMS) network 304, an HSS 306, an S-CSCF 308, and an EIR 310. As depicted in Figure 3, message flow 300 commences when a network registration request 312 is transmitted from a UE 302 to an S-CSCF 308. The network registration request 312 may be transmitted from the UE 302 to the S-CSCF 308 indirectly. For example, the network registration request 312 may be transmitted to the IMS network 304 and then, in turn, to the S-CSCF 308. In response to receiving the network registration request 312, the S-CSCF transmits an ECR message 314 to the EIR 310. In some example implementations, the ECR message may include the IMEI or other unique identifiers associated with the UE 302.

[0049] If the UE 302 is including in a listing, e.g., a whitelist, of devices authorized for network access at the time the ECR message 314 arrives at the EIR 310, the EIR 310 may respond to the S-CSCF 308 with a success message, such as the ECA success message 316 depicted in Figure 3. Upon receiving the ECA success message 316 from EIR 310, the S- CSCF 308 may transmit a registration success message 318 (which may take the form of a 200 OK message, for example) to the UE 302. The registration success message 318 may be transmitted indirectly via IMS 304.

[0050] A validity status change associated with the UE 302 (such as a determination that the UE 302 should be blacklisted, for example) can occur at any time after the registration success message 318 is sent. In the event that a validity status change occurs, the EIR 310 will attempt to transmit an ENR message 320 to the S-CSCF 308. However, if the ENR message 320 is lost because S-CSCF is not operational at the time the ENR message is sent, the S-CSCF will not receive an indication of the change of validity status of a user equipment as depicted in Figure 3. The now unauthorized UE 302 may continue to interact with the S-CSCF 308 after the S-CSCF 308 returns to a functional state

(restoration), as shown, for example, by the session initiation protocol (SIP) request message 322 which may take the form of an invite message that attempts to initiate a call. Because the S-CSCF did not receive an indication of the change of validity status of a user equipment, the S-CSCF may authorize the request from now unauthorized UE 302, resulting in an unwanted consequence that poses security risks and wasted network resources.

[0051] Figure 4 depicts message flow 400 which illustrates how some aspects of an example embodiment of the invention disclosed and otherwise presented herein may be implemented in an example network environment that is similar to the network

environment associated with message flow 300 shown in Figure 3. Similar to message flow 300 shown in Figure 3, the example message flow 400 involves the movement of messages between a user equipment device 402, an IMS network 404, an HSS 406, an S-CSCF 408, and an EIR 410. As depicted in Figure 4, message flow 400 commences when a network registration request 412 is transmitted from a UE 402 to an S-CSCF 408. The network registration request 412 may be transmitted from the UE 402 to the S-CSCF 508 indirectly. For example, the network registration request 412 may be transmitted to the IMS network 404 and then, in turn, to the S-CSCF 408. In response to receiving the network registration request 412, the S-CSCF transmits an ECR message 414 to the EIR 410. In some example implementations, the ECR message may include the IMEI or other unique identifiers associated with the UE 402.

[0052] If the UE 402 is whitelisted and/or otherwise authorized at the time the ECR message 414 arrives at the EIR 410, the EIR 410 may respond to the S-CSCF 408 with a success message, such as the ECA success message 416 depicted in Figure 4. Upon receiving the ECA success message 416 from EIR 410, the S-CSCF 408 may transmit a registration success message 418 (which may take the form of a SIP 200 OK message, for example) to the UE 402. The registration success message 418 may be transmitted indirectly via IMS 404.

[0053] A validity status change associated with the UE 402 (such as a determination that the UE 402 should be blacklisted, for example) can occur at any time after the registration success message 418 is sent. In the event that a validity status change occurs, the EIR 410 will attempt to transmit an ENR message 420 to the S-CSCF 408. However, if the ENR message 420 is lost because S-CSCF is not operational at the time the ENR message is sent, the S-CSCF will not receive an indication of the change of validity status of a user equipment as depicted in Figure 4.

[0054] In some example implementations of message flow 400 that conform to an example embodiment of the invention, unlike the S-CSCF depicted in Figure 3, the S- CSCF in Figure 4 will be able to process requests made by the now unauthorized UE 402 appropriately. For example, when the UE 402 transmits a session initiation protocol request message 422 which may take the form of an invite message that attempts to initiate a call, the S-CSCF 408 will transmit a server assignment request (SAR) message 424 to the HSS 406. The HSS 406 stores up-to-date validity status of the UE 402. After the HSS 406 receives the SAR message from the S-CSCF 408, the HSS 406 will transmit a server assignment answer (SAA) message 426 to the S-CSCF 408. Unlike unconventional SAA messages, SAA message 426 has a new attribute-value pair (A VP)“ME-Status” which indicates the validity status of the UE 402. In some embodiments, the validity status may be one of: whitelisted, blacklisted, or greylisted.

[0055] After the S-CSCF 408 receives the SAA message 426, the S-CSCF 408 may respond to the session initiation protocol request message 422 according to the up-to-date user equipment validity status. In the example illustrated in Figure 4, because the UE 402 is blacklisted, the S-CSCF 408 will transmit an error message 428 to the UE 402. The error message 428 may take the form of a session initiation protocol 500 error message or a session initiation protocol 403 error message.

[0056] After the S-CSCF transmits the error message 428, the S-CSCF 408 will transmit a SAR 430 to remove an indication of registration status of the UE 402 stored in HSS 406. After HSS 406 receives the SAR 430, the HSS 406 will return a SAA 432 in response.

[0057] Figure 5 depicts message flow 500 which illustrates an implementation of other aspects of an example embodiment of the invention disclosed and otherwise presented herein in an example network environment that is similar to the network environment associated with message flow 400 shown in Figure 4. Similar to message flow 400 shown in Figure 4, the example message flow 500 involves the movement of messages between a user equipment 502, an IMS network 504, an HSS 506, an S-CSCF 508, and an EIR 510. As depicted in Figure 5, message flow 500 commences when a network registration request 512 is transmitted from a UE 502 to an S-CSCF 508. The network registration request 512 may be transmitted from the UE 502 to the S-CSCF 508 indirectly. For example, the network registration request 512 may be transmitted to the IMS network 504 and then, in turn, to the S-CSCF 508. In response to receiving the network registration request 512, the S-CSCF transmits an ECR message 514 to the EIR 510. In some example implementations, the ECR message may include the IMEI or other unique identifiers associated with the UE 502.

[0058] If the UE 502 is whitelisted and/or otherwise authorized at the time the ECR message 514 arrives at the EIR 510, the EIR 510 may respond to the S-CSCF 508 with a success message, such as the EC A success message 516 depicted in Figure 5. Upon receiving the ECA success message 516 from EIR 510, the S-CSCF 508 may transmit a registration success message 518 (which may take the form of a SIP 200 OK message, for example) to the UE 502. The registration success message 518 may be transmitted indirectly via IMS 504.

[0059] A validity status change associated with the UE 502 (such as a determination that the UE 502 should be blacklisted, for example) can occur at any time after the registration success message 518 is sent. In the event that a validity status change occurs, the EIR 510 will attempt to transmit an ENR message 520 to the S-CSCF 508. However, if the ENR message 520 is lost because S-CSCF is not operational at the time the ENR message is sent, the S-CSCF will not receive an indication of the change of validity status of a user equipment as depicted in Figure 5.

[0060] In some example implementations of message flow 500 that conform to an example embodiment of the invention, unlike the S-CSCF depicted in Figure 3, the S- CSCF in Figure 5 will be able to process requests made by the now unauthorized UE 502 appropriately. When the UE 502 transmits a session initiation protocol request message 522 which may take the form of an invite message that attempts to initiate a call, the S- CSCF 508 will transmit a server assignment request (SAR) message 524 to the HSS 506. The HSS 506 stores up-to-date validity status of the UE 502. After the HSS 406 receives the SAR message from the S-CSCF 508, the HSS 506 will transmit a server assignment answer (SAA) message 526 to the S-CSCF 508.

[0061] After the S-CSCF 508 successfully receives the SAA 526 from the HSS 506, the S-CSCF 508 will transmit an ECR message 528 to the EIR 510 to query the validity status of the UE 502. After the EIR 510 receives the ECR message 528, the EIR 510 will transmit an ECA 530 that includes the validity status of the UE 502 to the S-CSCF 508.

[0062] After the S-CSCF 508 receives the ECR message 528, the S-CSCF 508 may respond to the session initiation protocol request message 522 according to the up-to-date user equipment validity status. In the example illustrated in Figure 5, because the UE 502 is blacklisted, the S-CSCF 508 will transmit an error message 532 to the UE 502.

[0063] After the S-CSCF 508 transmits the error message 532, the S-CSCF 508 will transmit a SAR 530 to remove an indication of registration status of the UE 502 stored in HSS 506. After HSS 506 receives the SAR 534, the HSS 506 will return a SAA 536 in response.

[0064] Referring now to Figure 6, the operations performed by the apparatus 200 of Figure 2 which include an S-CSCF in accordance with an example embodiment of the present invention are depicted as an example process flow 600. In this regard, the apparatus includes means, as shown in block 602, such as the processor 202, the memory 204, the communication interface 206 or the like, for receiving a network registration request from a user equipment. As discussed elsewhere herein, some example

implementations of embodiments of the invention arise in the context of a network environment that includes, among other network elements, an equipment identity register (which may be referred to an EIR). In some example implementations, the EIR is configured to store lists of IMEI information and/or other identification information associated with one or more user equipment devices, including but not limited to lists that reflect the validity and/or other authorization status of a user equipment device. For example, a whitelist, blacklist, and/or gray list may be maintained at the EIR.

[0065] The apparatus further includes means, as shown in block 604, such as the processor 202, the memory 204 or the like, for determining that the validity status of the user equipment is not blacklisted. If the user equipment is blacklisted, the apparatus may cause transmission of a registration failure message to the user equipment. In some embodiments, the apparatus determines that the user equipment is not blacklisted by, as discussed elsewhere herein, causing transmission of an ECR message to the EIR and receiving an ECA message from the EIR. The ECR message may include an IMEI associated with the user equipment and the ECA message may include a validity status associated with the IMEI stored in the EIR.

[0066] The apparatus further includes means, as shown in block 606, such as the processor 202, the memory 204, the communication interface 206 or the like, for causing transmission of a registration success message to the user equipment. After the apparatus transmits the registration success message to the user equipment, an S-CSCF function enabled by the apparatus may come offline for a period of time. During the period of time, the validity status of the user equipment may change, for example, from non-blacklisted status to a blacklisted status. The EIR and a HSS may store an up-to-date validity status of the user equipment. The EIR may attempt to transmit an ENR message to the apparatus but such ENR message may be lost because the S-CSCF function is offline.

[0067] The apparatus further includes means, as shown in block 608, such as the processor 202, the memory 204, the communication interface 206 or the like, for receiving a session initiation protocol request message from the user equipment. In some

embodiments, the session initiation protocol request message is received in the restoration procedure of the S-CSCF. The session initiation protocol request message may be a session initiation protocol invite message.

[0068] The apparatus further includes means, as shown in block 610, such as the processor 202, the memory 204, the communication interface 206 or the like, for causing transmission of a server assignment request message to the home subscriber server. In some embodiments, the HSS is configured to store at least the following user related information: 1) User Identification, Numbering and addressing information; 2) User Security information: Network access control information for authentication and authorization; 3) User Location information at an inter-system level and 4) User profile information. In some embodiments, the HSS may also generate User Security information for mutual authentication, communication integrity check and ciphering.

[0069] The apparatus further includes means, as shown in block 612, such as the processor 202, the memory 204, the communication interface 206 or the like, for receiving a server assignment answer message from the home subscriber server. As discussed elsewhere herein, the server assignment answer message includes an up-to-date user equipment validity status of the user equipment. Unlike server assignment answer SAA messages, the server assignment answer message in an example embodiment includes a new attribute-value pair (A VP)“ME-Status” which indicates the validity status of the user equipment. In some embodiments, the validity status may be one of: whitelisted, blacklisted, or greylisted.

[0070] The apparatus further includes means, as shown in block 614, such as the processor 202, the memory 204, the communication interface 206 or the like, for causing a response to be provided to the session initiation protocol request message according to the up-to-date user equipment validity status. In some embodiments, if the up-to-date user equipment validity status indicates that the user equipment is blacklisted, the apparatus may cause transmission of an error message to the UE. The error message may take the form of a session initiation protocol error message with code 500. In addition, the apparatus may cause transmission of an SAR to remove an indication of registration status of the UE stored in the HSS. After the HSS receives the SAR, the HSS will return a SAA in response.

[0071] In some embodiments, if the up-to-date user equipment validity status indicates that the user equipment is not blacklisted, the apparatus, such as the processor 202, may proceed to process the session initiation protocol request message accordingly. For example, in the situation where the session initiation protocol request message is an invite message, the apparatus, such as the processor 202, may proceed to process a specific request indicated in the invite message or subsequent messages.

[0072] Referring now to Figure 7, the operations performed by the apparatus 200 of Figure 2 which include an S-CSCF in accordance with an example embodiment of the present invention are depicted as an example process flow 700. In this regard, the apparatus includes means, as shown in block 702, such as the processor 202, the memory 204, the communication interface 206 or the like, for receiving a network registration request from a user equipment. As discussed elsewhere herein, some example

implementations of embodiments of the invention arise in the context of a network environment that includes, among other network elements, an equipment identity register (which may be referred to an EIR). In some example implementations, the EIR is configured to store lists of IMEI information and/or other identification information associated with one or more user equipment devices, including but not limited to lists that reflect the validity and/or other authorization status of a user equipment device. For example, a whitelist, blacklist, and/or gray list may be maintained at the EIR.

[0073] The apparatus further includes means, as shown in block 704, such as the processor 202, the memory 204 or the like, for determining that the validity status of the user equipment is not blacklisted. If the user equipment is blacklisted, the apparatus may cause transmission of a registration failure message to the user equipment. In some embodiments, the apparatus determines that the user equipment is not blacklisted by, as discussed elsewhere herein, causing transmission of an ECR message to the EIR and receiving an ECA message from the EIR. The ECR message may include an IMEI associated with the user equipment and the ECA message may include a validity status associated with the IMEI stored in the EIR.

[0074] The apparatus further includes means, as shown in block 706, such as the processor 202, the memory 204, the communication interface 206 or the like, for causing transmission of a registration success message to the user equipment. After the apparatus transmits the registration success message to the user equipment, an S-CSCF function enabled by the apparatus may come offline for a period of time. During the period of time, the validity status of the user equipment may be change, for example, from non-blacklisted status to a blacklisted status. The EIR and a HSS may store an up-to-date validity status of the user equipment. The EIR may attempt to transmit an ENR message to the apparatus but such ENR message may be lost because the S-CSCF function is offline.

[0075] The apparatus further includes means, as shown in block 708, such as the processor 202, the memory 204, the communication interface 206 or the like, for receiving a session initiation protocol request message from the user equipment. In some

embodiments, the session initiation protocol request message is received in the restoration procedure of the S-CSCF. The session initiation protocol request message may be a session initiation protocol invite message.

[0076] The apparatus further includes means, as shown in block 710, such as the processor 202, the memory 204, the communication interface 206 or the like, for causing transmission of a server assignment request message to the home subscriber server. In some embodiments, the HSS is configured to store at least the following user related information: 1) User Identification, Numbering and addressing information; 2) User Security information: Network access control information for authentication and authorization; 3) User Location information at an inter-system level and 4) User profile information. In some embodiments, the HSS may also generate User Security information for mutual authentication, communication integrity check and ciphering.

[0077] The apparatus further includes means, as shown in block 712, such as the processor 202, the memory 204, the communication interface 206 or the like, for receiving a server assignment answer message from the home subscriber server. In this embodiment, the server assignment answer message does not include an up-to-date user equipment validity status of the user equipment.

[0078] The apparatus further includes means, as shown in block 714, such as the processor 202, the memory 204, the communication interface 206 or the like, for causing transmission of an equipment identity check request message to an equipment identity register in response to receiving the server assignment answer message. In some embodiments, the equipment identity check request message is transmitted to an equipment identity register in response to receiving the server assignment answer message (which indicates successful restoration of the S-CSCF function on the apparatus) to avoid unnecessary signaling.

[0079] The apparatus further includes means, as shown in block 716, such as the processor 202, the memory 204, the communication interface 206 or the like, for receiving an equipment identity check answer message from the equipment identity register. The equipment identity check answer message includes an up-to-date user equipment validity status of the user equipment.

[0080] The apparatus further includes means, as shown in block 718, such as the processor 202, the memory 204, the communication interface 206 or the like, for causing a response to be provided to the session initiation protocol request message according to the up-to-date user equipment validity status. In some embodiments, if the up-to-date user equipment validity status indicates that the user equipment is blacklisted, the apparatus may cause transmission of an error message to the UE. The error message may take the form of a session initiation protocol error message with code 500. In addition, the apparatus may cause transmission of an SAR to remove an indication of registration status of the UE stored in the HSS. After the HSS receives the SAR, the HSS will return a SAA in response.

[0081] In some embodiments, if the up-to-date user equipment validity status indicates that the user equipment is not blacklisted, the apparatus, such as the processor 202, may proceed to process the session initiation protocol request message accordingly. For example, in the situation where the session initiation protocol request message is an invite message, the apparatus, such as the processor 202, may proceed to process a specific request indicated in the invite message or subsequent messages.

[0082] As described above, Figures 6 and 7 are flowcharts of an apparatus 200, method, and computer program product according to example embodiments of the invention. It will be understood that each block of the flowcharts, and combinations of blocks in the flowcharts, may be implemented by various means, such as hardware, firmware, processor, circuitry, and/or other devices associated with execution of software including one or more computer program instructions. For example, one or more of the procedures described above may be embodied by computer program instructions. In this regard, the computer program instructions which embody the procedures described above may be stored by a memory 204 of an apparatus employing an embodiment of the present invention and executed by a processor 202 of the apparatus. As will be appreciated, any such computer program instructions may be loaded onto a computer or other

programmable apparatus (e.g., hardware) to produce a machine, such that the resulting computer or other programmable apparatus implements the functions specified in the flowchart blocks. These computer program instructions may also be stored in a computer- readable memory that may direct a computer or other programmable apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture, the execution of which implements the function specified in the flowchart blocks. The computer program instructions may also be loaded onto a computer or other programmable apparatus to cause a series of operations to be performed on the computer or other programmable apparatus to produce a computer- implemented process such that the instructions which execute on the computer or other programmable apparatus provide operations for implementing the functions specified in the flowchart blocks.

[0083] A computer program product is therefore defined in those instances in which the computer program instructions, such as computer-readable program code portions, are stored by at least one non-transitory computer-readable storage medium with the computer program instructions, such as the computer-readable program code portions, being configured, upon execution, to perform the functions described above, such as in conjunction with the flowchart of Figure 3. In other embodiments, the computer program instructions, such as the computer-readable program code portions, need not be stored or otherwise embodied by a non-transitory computer-readable storage medium, but may, instead, be embodied by a transitory medium with the computer program instructions, such as the computer-readable program code portions, still being configured, upon execution, to perform the functions described above.

[0084] Accordingly, blocks of the flowcharts support combinations of means for performing the specified functions and combinations of operations for performing the specified functions for performing the specified functions. It will also be understood that one or more blocks of the flowcharts, and combinations of blocks in the flowcharts, may be implemented by special purpose hardware-based computer systems which perform the specified functions, or combinations of special purpose hardware and computer instructions.

[0085] In some embodiments, certain ones of the operations above may be modified or further amplified. Furthermore, in some embodiments, additional optional operations may be included. Modifications, additions, or amplifications to the operations above may be performed in any order and in any combination.

[0086] Many modifications and other embodiments of the inventions set forth herein will come to mind to one skilled in the art to which these inventions pertain having the benefit of the teachings presented in the foregoing descriptions and the associated drawings. Therefore, it is to be understood that the inventions are not to be limited to the specific embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of the appended claims. Moreover, although the foregoing descriptions and the associated drawings describe example embodiments in the context of certain example combinations of elements and/or functions, it should be appreciated that different combinations of elements and/or functions may be provided by alternative embodiments without departing from the scope of the appended claims. In this regard, for example, different combinations of elements and/or functions than those explicitly described above are also contemplated as may be set forth in some of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.