Controlling access to traversal using relays around network address translation (TURN) servers using trusted single-use credentials
First Claim
1. A method for controlling access to a Traversal Using Relays around Network Address Translation (TURN) server, the method comprising:
- receiving, by the TURN server, a request from a Web Real-Time Communications (WebRTC) client for a TURN service;
challenging, by the TURN server, the request for the TURN service;
receiving, by the TURN server, a userid comprising an authorized domain identifier and a password comprising an encrypted authentication token from the WebRTC client, wherein the authentication token comprises enterprise policy instructions, wherein the authentication token was generated by a TURN authentication agent executing on a computing device in response to a determination by the TURN authentication agent to authorize a request for a TURN server credential from the WebRTC client;
determining, by the TURN server, whether the userid comprises an authorized single-use credential by determining if the userid comprises the authorized domain identifier;
determining, by the TURN server, whether to authorize the request for the TURN service by decrypting the password to obtain the authentication token using a key based on the authorized domain identifier, wherein the authentication token comprises enterprise policy instructions; and
responsive to determining whether to authorize the request for the TURN service, providing, by the TURN authentication agent, the TURN service for the WebRTC client according to the enterprise policy instructions.
14 Assignments
0 Petitions
Accused Products
Abstract
Embodiments disclosed provide access to Traversal Using Relays around Network Address Translation (TURN) servers using trusted single-use credentials, and related methods, systems, and computer-readable media. In one embodiment, a method comprises receiving, by a TURN authentication agent, a request for a TURN server credential. Responsive to determining that the request is authorized, the agent generates a trusted single-use credential and transmits it to the requestor. Using this trusted single-use credential allows untrusted clients to access a TURN server without exposing a userid/password combination. In another embodiment, a method comprises receiving, by the TURN server, a request for a TURN service. The server challenges the request, and receives a userid and a password. Responsive to determining that the userid and the password constitute a trusted single-use credential and responsive to determining that the request is authorized, the server provides the TURN service for the requestor.
-
Citations
18 Claims
-
1. A method for controlling access to a Traversal Using Relays around Network Address Translation (TURN) server, the method comprising:
-
receiving, by the TURN server, a request from a Web Real-Time Communications (WebRTC) client for a TURN service; challenging, by the TURN server, the request for the TURN service; receiving, by the TURN server, a userid comprising an authorized domain identifier and a password comprising an encrypted authentication token from the WebRTC client, wherein the authentication token comprises enterprise policy instructions, wherein the authentication token was generated by a TURN authentication agent executing on a computing device in response to a determination by the TURN authentication agent to authorize a request for a TURN server credential from the WebRTC client; determining, by the TURN server, whether the userid comprises an authorized single-use credential by determining if the userid comprises the authorized domain identifier; determining, by the TURN server, whether to authorize the request for the TURN service by decrypting the password to obtain the authentication token using a key based on the authorized domain identifier, wherein the authentication token comprises enterprise policy instructions; and responsive to determining whether to authorize the request for the TURN service, providing, by the TURN authentication agent, the TURN service for the WebRTC client according to the enterprise policy instructions. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for controlling access to a Traversal Using Relays around Network Address Translation (TURN) server, the system comprising:
-
a TURN server configured to; receive a request from a Web Real-Time Communications (WebRTC) client for a TURN service; challenge the request for the TURN service; receive a userid comprising an authorized domain identifier and a password comprising an encrypted authentication token from the WebRTC client, wherein the authentication token comprises enterprise policy instructions, wherein the authentication token was generated by a TURN authentication agent executing on a computing device in response to a determination by the TURN authentication agent to authorize a request for a TURN server credential from the WebRTC client; determine whether the userid comprises an authorized single-use credential by determining if the userid comprises the authorized domain identifier; determine whether to authorize the request for the TURN by decrypting the password to obtain the authentication token using a key based on the authorized domain identifier, wherein the authentication token comprises enterprise policy instructions; and responsive to determining whether to authorize the request for the TURN service, provide the TURN service for the WebRTC client according to the enterprise policy instructions. - View Dependent Claims (8, 9, 10, 14, 15)
-
-
11. A non-transitory computer-readable medium storing one or more programs, the one or more programs comprising instructions, which when executed by an electronic device cause the electronic device to implement a method for controlling access to a Traversal Using Relays around Network Address Translation (TURN) server, the method comprising:
-
receiving, by the TURN server, a request from a Web Real-Time Communications (WebRTC) client for a TURN service; challenging, by the TURN server, the request for the TURN service; receiving, by the TURN server, a userid comprising an authorized domain identifier and a password comprising an encrypted authentication token from the WebRTC client, wherein the authentication token comprises enterprise policy instructions, wherein the authentication token was generated by a TURN authentication agent executing on a computing device in response to a determination by the TURN authentication agent to authorize a request for a TURN server credential from the WebRTC client; determining, by the TURN server, whether the userid comprises an authorized single-use credential by determining if the userid comprises the authorized domain identifier; determining, by the TURN server, whether to authorize the request for the TURN service by decrypting the password to obtain the authentication token using a key based on the authorized domain identifier, wherein the authentication token comprises enterprise policy instructions; and responsive to determining whether to authorize the request for the TURN service, providing, by the TURN authentication agent, the TURN service for the WebRTC client according to the enterprise policy instructions. - View Dependent Claims (12, 13, 16, 17, 18)
-
Specification