Endpoint privacy preservation with cloud conferencing

US 10,523,657 B2
Filed: 11/16/2015
Issued: 12/31/2019
Est. Priority Date: 11/16/2015
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium including instructions stored thereon, the instructions, when executed by a processor, cause the processor to:

receive a first request from a first endpoint to access a cloud-based conference platform, wherein the first request includes a first access token;

based at least on the first request, provide a first certificate to the first endpoint, wherein the first certificate does not include an identity of the first endpoint;

receive a second request from a second endpoint to access the cloud-based conference platform, wherein the second request includes a second access token;

based at least on the second request, provide a second certificate to the second endpoint, wherein the second certificate does not include an identity of the second endpoint;

route data within the cloud-based conference platform between the first endpoint and the second endpoint based at least on the first certificate and the second certificate;

receive, via an identity provider, a third request for an identity of one of the first endpoint or the second endpoint, the third request sent from another one of the first endpoint or the second endpoint; and

provide, via the identity provider, the identity of the one of the first endpoint or the second endpoint unless the one of the first endpoint or the second endpoint has not authorized the identity provider to provide the identity of the one of the first endpoint or the second endpoint.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a first request may be received from a first endpoint to access a cloud-based conference platform. The first request can include a first access token. Based at least on the first request, a first certificate may be provided to the first endpoint, wherein the first certificate may not include an identity of the first endpoint. A second request may be received from a second endpoint to access the cloud-based conference platform. The second request can include a second access token. Based at least on the second request, a second certificate can be provided to the second endpoint, wherein the second certificate may not include an identity of the second endpoint. Data can be routed within the cloud-based conference platform between the first endpoint and second endpoint based at least upon the first certificate and the second certificate.

431 Citations

20 Claims

1. A non-transitory computer-readable medium including instructions stored thereon, the instructions, when executed by a processor, cause the processor to:
- receive a first request from a first endpoint to access a cloud-based conference platform, wherein the first request includes a first access token;
  
  based at least on the first request, provide a first certificate to the first endpoint, wherein the first certificate does not include an identity of the first endpoint;
  
  receive a second request from a second endpoint to access the cloud-based conference platform, wherein the second request includes a second access token;
  
  based at least on the second request, provide a second certificate to the second endpoint, wherein the second certificate does not include an identity of the second endpoint;
  
  route data within the cloud-based conference platform between the first endpoint and the second endpoint based at least on the first certificate and the second certificate;
  
  receive, via an identity provider, a third request for an identity of one of the first endpoint or the second endpoint, the third request sent from another one of the first endpoint or the second endpoint; and
  
  provide, via the identity provider, the identity of the one of the first endpoint or the second endpoint unless the one of the first endpoint or the second endpoint has not authorized the identity provider to provide the identity of the one of the first endpoint or the second endpoint.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The non-transitory computer-readable medium of claim 1, wherein access tokens provide at least one of temporary access or one-time access to the cloud-based conference platform.
  - 3. The non-transitory computer-readable medium of claim 1, wherein access tokens are provided by the identity provider hosted by an enterprise network associated with the first endpoint.
  - 4. The non-transitory computer-readable medium of claim 1, wherein the identity provider provides access tokens and is hosted by a separate network from the first endpoint and the second endpoint.
  - 5. The non-transitory computer-readable medium of claim 1,wherein,the instructions further cause the processor to receive, via the identity provider, a listing of endpoints,the listing of endpoints is sent from the first endpoint,the listing of endpoints includes all endpoints authorized to receive the identity of the first endpoint, andthe listing of endpoints includes at least the second endpoint.
  - 6. The non-transitory computer-readable medium of claim 1,wherein,the third request is for the identity of the first endpoint,the third request is sent from the second endpoint, andthe second endpoint is included in a listing of endpoints authorized to receive the identity of the first endpoint.

7. A non-transitory computer-readable medium including instructions stored thereon, the instructions, when executed by a processor, cause the processor to:
- receive a first request from a first endpoint to access a cloud-based conference platform;
  
  in response to the first request, provide a first access token to the first endpoint;
  
  based at least on the first request, provide a first certificate to the first endpoint, wherein the first certificate does not include an identity of the first endpoint;
  
  receive a second request from a second endpoint to access the cloud-based conference platform;
  
  in response to the second request, provide a second access token to the second endpoint;
  
  based at least on the second request, provide a second certificate to the second endpoint;
  
  receive a third request from the second endpoint for the identity of the first endpoint; and
  
  in response to the third request, provide the identity of the first endpoint based at least upon a listing of endpoints authorized to access the cloud-based conference platform and to receive identifying information,wherein,the second certificate does not include an identity of the second endpoint, andthe first endpoint and the second endpoint communicate with each other in the cloud-based conference platform using at least the first certificate and the second certificate.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory computer-readable medium of claim 7,whereinthe instructions further cause the processor to receive the listing of endpoints,the listing of endpoints is sent from the first endpoint,the listing of endpoints includes all endpoints authorized to receive the identity of the first endpoint, andthe listing of endpoints includes the second endpoint.
  - 9. The non-transitory computer-readable medium of claim 7,wherein,the third request is for the identity of the first endpoint,the third request is sent from the second endpoint, andthe second endpoint is included in the listing of endpoints.
  - 10. The non-transitory computer-readable medium of claim 7, wherein access tokens provide at least one of temporary access or one-time access to the cloud-based conference platform.
  - 11. The non-transitory computer-readable medium of claim 7, wherein access tokens are provided by an identity provider hosted by an enterprise network associated with the first endpoint.
  - 12. The non-transitory computer-readable medium of claim 7, wherein access tokens are provided by an identity provider hosted by a separate network from the first endpoint and the second endpoint.

13. A system comprising:
- one or more processors;
  
  an identity provider; and
  
  a memory configured to store a process, the process, when executed by the one or more processors, causes the one or more processors to;
  
  receive a first request from a first endpoint of a first network to access a cloud-based conference platform in a cloud network, wherein the first request includes a first access token;
  
  based at least on the first request, provide a first certificate to the first endpoint, wherein the first certificate does not include an identity of the first endpoint;
  
  receive a second request from a second endpoint of a second network to access the cloud-based conference platform in the cloud network, wherein the second request includes a second access token;
  
  based at least on the second request, provide a second certificate to the second endpoint, wherein the second certificate does not include an identity of the second endpoint;
  
  route data within the cloud-based conference platform of the cloud network between the first endpoint and the second endpoint based at least on the first certificate and the second certificate;
  
  receive, via the identity provider proxy, a third request for an identity of one of the first endpoint or the second endpoint, the third request sent from another one of the first endpoint or the second endpoint; and
  
  provide, via the identity provider, the identity of the one of the first endpoint or the second endpoint unless the one of the first endpoint or the second endpoint has not authorized the identity provider to provide the identity of the one of the first endpoint or the second endpoint.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13, wherein access tokens provide at least one of temporary access or one-time access to the cloud-based conference platform of the cloud network.
  - 15. The system of claim 13, wherein the identity provider provides access tokens and is hosted by a third network.
  - 16. The system of claim 13,wherein,the process further causes the one or more processors to receive, via the identity provider, a listing of endpoints,the listing of endpoints is sent from the first endpoint,the listing of endpoints includes all endpoints authorized to receive the identity of the first endpoint, andthe listing of endpoints includes at least the second endpoint.
  - 17. The system of claim 13,wherein,the third request is for the identity of the first endpoint,the third request is sent from the second endpoint, andthe second endpoint is included in a listing of endpoints authorized to receive the identity of the first endpoint.

18. A method comprising:
- receiving a first request from a first endpoint to access a cloud-based conference platform, wherein the first request includes a first access token;
  
  based at least on the first request, providing a first certificate to the first endpoint, wherein the first certificate does not include an identity of the first endpoint;
  
  receiving a second request from a second endpoint to access the cloud-based conference platform, wherein the second request includes a second access token;
  
  based at least on the second request, providing a second certificate to the second endpoint, wherein the second certificate does not include an identity of the second endpoint;
  
  routing data within the cloud-based conference platform between the first endpoint and the second endpoint based at least on the first certificate and the second certificate,receiving, via an identity provider, a third request for an identity of one of the first endpoint or the second endpoint, the third request sent from another one of the first endpoint or the second endpoint; and
  
  providing, via the identity provider, the identity of the one of the first endpoint or the second endpoint unless the one of the first endpoint or the second endpoint has not authorized the identity provider to provide the identity of the one of the first endpoint or the second endpoint.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein access tokens are provided by the identity provider hosted by an enterprise network associated with the first endpoint.
  - 20. The method of claim 18, wherein the identity provider provides access tokens and is hosted by a separate network from the first endpoint and the second endpoint.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Reddy, K Tirumaleswar, Wing, Daniel G., Patil, Prashanth, Rao, Sandeep
Primary Examiner(s)
Leung, Robert B

Application Number

US14/942,898
Publication Number

US 20170142096A1
Time in Patent Office

1,506 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/1813   for computer conferences, e...

H04L 12/1827   Network arrangements for co...

H04L 63/0414   during transmission, i.e. p...

H04L 63/0421   Anonymous communication, i....

H04L 63/0823   using certificates cryptogr...

H04L 63/0884   by delegation of authentica...

H04L 63/101   Access control lists [ACL]

H04L 65/1069   Session establishment or de...

H04L 65/1096   Supplementary features, e.g...

H04L 65/403   Arrangements for multi-part...

Endpoint privacy preservation with cloud conferencing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

431 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Endpoint privacy preservation with cloud conferencing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

431 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links