Search

US-20260129039-A1 - Methods and Systems for Delivering Secure Services or Content to Non-Subscriber Identity Module (SIM)-Based Endpoint Clients

US20260129039A1US 20260129039 A1US20260129039 A1US 20260129039A1US-20260129039-A1

Abstract

A method comprising receiving incoming data destined to a line associated with a user, determining a security parameter associated with the incoming data based on at least one of a source of the incoming data or a content of the incoming data, in which the security parameter indicates a security level of the incoming data, storing, in a second data store accessible to the data application, the incoming data in association with the security parameter, receiving a sync request for the incoming data comprising an access token indicating an authentication type associated with a second factor of authentication used to authenticate the client with an authorization server, transmitting the incoming data to the client when the client is permitted to retrieve the incoming data from a data store.

Inventors

  • Mark Allen
  • Deepak Jaiswal

Assignees

  • T-MOBILE INNOVATIONS LLC

Dates

Publication Date
20260507
Application Date
20251230

Claims (20)

  1. 1 . A method implemented in a communication network including an Internet Protocol (IP) Media Subsystem (IMS) core network, wherein the method comprises: receiving, by a data application a data server, incoming data destined to a line associated with a user; determining, by the data application, a security parameter associated with the incoming data, wherein the security parameter indicates a security level of the incoming data; storing, in a first data store accessible to the data application, the incoming data in association with the security parameter; receiving, by the data application, from a client, a sync request for the incoming data, wherein the sync request comprises an access token indicating an authentication type associated with a second factor of authentication used to authenticate the client with an authorization server, and wherein the client comprises a non-subscriber identity module-based device; and transmitting, by the data application, the incoming data to the client in response to the client being permitted to retrieve the incoming data from the first data store, wherein the client is permitted to retrieve the incoming data based on the authentication type in the access token and the security parameter associated with the incoming data.
  2. 2 . The method of claim 1 , further comprising transmitting, by the data application, to the client, a notification indicating that the first data store includes the incoming data destined to the line associated with the user when the authentication type stored in association with a client identifier indicates a first authentication type.
  3. 3 . The method of claim 1 , wherein the security parameter comprises a value indicating the security level of the incoming data.
  4. 4 . The method of claim 1 , wherein the authentication type comprises a value indicating the second factor of authentication used to authenticate the client with the authorization server.
  5. 5 . The method of claim 1 , wherein the security parameter indicates a value identifying at least one of a secure message or a standard message.
  6. 6 . The method of claim 1 , wherein when the source of the incoming data is a short message service (SMS) gateway, the security parameter comprises a value identifying standard data, and wherein when the source of the incoming data is an application service delivery gateway, the security parameter comprises a value identifying secure data.
  7. 7 . The method of claim 1 , wherein the security parameter is determined based on at least one of a source of the incoming data or a content of the incoming data.
  8. 8 . A data server, comprising: a non-transitory memory; a processor coupled to the non-transitory memory; and a data application stored at the non-transitory memory, which when executed by the processor, causes the processor to be configured to: receive incoming data destined to a line associated with a user; determine a security parameter associated with the incoming data, wherein the security parameter indicates a security level of the incoming data; store, in a first data store accessible to the data application, the incoming data in association with the security parameter; receive from a client, a sync request for the incoming data, wherein the sync request comprises an access token indicating an authentication type associated with a second factor of authentication used to authenticate the client with an authorization server, and wherein the client comprises a non-subscriber identity module-based device; and transmit the incoming data to the client in response to the client being permitted to retrieve the incoming data from the first data store, wherein the client is permitted to retrieve the incoming data based on the authentication type in the access token and the security parameter associated with the incoming data.
  9. 9 . The data server of claim 8 , wherein the data application further causes the data application to transmit, to the client, a notification indicating that the first data store includes the incoming data destined to the line associated with the user when the authentication type stored in association with a client identifier indicates a first authentication type.
  10. 10 . The data server of claim 8 , wherein the security parameter comprises a value indicating the security level of the incoming data.
  11. 11 . The data server of claim 8 , wherein the authentication type comprises a value indicating the second factor of authentication used to authenticate the client with the authorization server.
  12. 12 . The data server of claim 8 , wherein the security parameter indicates at least one of a secure message or a standard message.
  13. 13 . The data server of claim 8 , wherein when the source of the incoming data is a short message service (SMS) gateway, the security parameter comprises a value identifying standard data, and wherein when the source of the incoming data is an application service delivery gateway, the security parameter comprises a value identifying secure data.
  14. 14 . The data server of claim 8 , wherein the security parameter is determined based on at least one of a source of the incoming data or a content of the incoming data.
  15. 15 . A non-transitory computer-readable medium comprising instructions, that when executed by a processor, perform the steps of: receiving incoming data destined to a line associated with a user; determining a security parameter associated with the incoming data, wherein the security parameter indicates a security level of the incoming data; storing, in a first data store, the incoming data in association with the security parameter; receiving, from a client, a sync request for the incoming data, wherein the sync request comprises an access token indicating an authentication type that identifies a type of authentication performed by the client with an authorization server, and wherein the client comprises a non-subscriber identity module-based device; and transmitting the incoming data to the client in response to the client being permitted to retrieve the incoming data from the first data store, wherein the client is permitted to retrieve the incoming data based on the authentication type in the access token and the security parameter associated with the incoming data.
  16. 16 . The non-transitory computer-readable medium of claim 15 , wherein the type of authentication comprises a one-factor authentication method or a two-factor authentication method.
  17. 17 . The non-transitory computer-readable medium of claim 16 , wherein the authentication type comprises a first value identifying the one-factor authentication method, a second value identifying a first type of second factor authentication, or a third value identifying a second type of second factor authentication.
  18. 18 . The non-transitory computer-readable medium of claim 17 , wherein the first type of second factor authentication comprises a one-time code received via a message at a separate device.
  19. 19 . The non-transitory computer-readable medium of claim 17 , wherein the second type of second factor authentication comprises a security question and answer combination.
  20. 20 . The non-transitory computer-readable medium of claim 15 , wherein the security parameter is determined based on at least one of a source of the incoming data or a content of the incoming data.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application is a continuation of and claims priority under 35 U.S.C. § 120 to U.S. patent application Ser. No. 18/663,067 filed on May 14, 2024, entitled “METHODS AND SYSTEMS FOR DELIVERING SECURE SERVICES OR CONTENT TO NON-SUBSCRIBER IDENTITY MODULE (SIM)-BASED ENDPOINT CLIENTS,” by Mark Allen, et al., which is incorporated herein by reference in its entirety for all purposes. STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT Not applicable. REFERENCE TO A MICROFICHE APPENDIX Not applicable. BACKGROUND An Internet Protocol (IP) Media Subsystem (IMS) core network is a network or a framework for delivering multimedia services over IP networks. The IMS core network may be a standardized architecture defined by the 3rd Generation Partnership Project (3GPP) for delivering voice, video, messaging, and other services over IP-based networks, including both mobile and fixed networks. IMS enables the convergence of traditional telecommunications services with IP-based services, allowing for a more flexible and efficient delivery of multimedia services. An IMS core network may provide telecommunications services to users or customers of the telecommunications service providing company operating the IMS core. The telecommunications services provided by the IMS are being opened up to developers via publicly accessible API endpoints. SUMMARY In an embodiment, a method implemented in a communication network including an Internet Protocol (IP) Media Subsystem (IMS) core network is disclosed. The method comprises transmitting, by an authorization application at an authorization server, to a client operated by a user, an access token comprising an authentication type identifying a second factor of authentication used to authenticate the client with the authorization server. The client is a non-subscriber identity module-based device. The method further comprises receiving, by a core application at a core access network element in the IMS core network, a subscription request from the client, in which the subscription request comprises a request to be notified of pending incoming data stored at a first data store and destined to a line associated with the user, and the subscription request comprises the access token. The method further comprises storing, in a second data store accessible to the core application, the authentication type of the second factor of authentication used to authenticate the client with the authorization server, in association with a client identifier identifying the client, receiving, by a data application at a data server, incoming data destined for the line associated with the user, and storing, in the first data store in the data server, the incoming data in association with a security parameter based on at least one of a source of the incoming data or a content of the incoming data, in which the security parameter indicates a security level of the incoming data. The method further comprises determining, by the data application, whether the client is permitted to retrieve the incoming data from the first data store based on the authentication type in the access token and the security parameter associated with the incoming data, and transmitting, by the data application in response to receiving a sync request from the client, the incoming data to the client when the client is permitted to retrieve the incoming data from the first data store. In another embodiment, a method implemented in a communication network including an Internet Protocol (IP) Media Subsystem (IMS) core network is disclosed. The method comprises receiving, by a data application a data server, incoming data destined to a line associated with a user, determining, by the data application, a security parameter associated with the incoming data based on at least one of a source of the incoming data or a content of the incoming data, in which the security parameter indicates a security level of the incoming data, storing, in a first data store accessible to the data application, the incoming data in association with the security parameter, and receiving, by the data application, from a client, a sync request for the incoming data, in which the sync request comprises an access token indicating an authentication type associated with a second factor of authentication used to authenticate the client with an authorization server, and the client is a non-subscriber identity module-based device. The method further comprises determining, by the data application, whether the client is permitted to retrieve the incoming data based on the authentication type in the access token received from the client and the security parameter associated with the incoming data, transmitting, by the data application, the incoming data to the client when the client is permitted to retrieve the incoming data from a data store, and transmitting, by the data application, a security message to the client when