Audio-video telephony with firewalls and network address translation

US 20040037268A1
Filed: 06/10/2003
Published: 02/26/2004
Est. Priority Date: 07/28/2000
Status: Active Grant

First Claim

Patent Images

1. A communications system (1) for making a multimedia call, comprising, a first multimedia terminal (10), a second multimedia terminal (12), communication means for making a multimedia call over a shared communications network (20), said communication means including a first communication means and a second communication means associated respectively with the first multimedia terminal (10) and the second multimedia terminal (12), the first communication means including a first firewall (26) through which the multimedia call must pass, in which:

i) the first firewall (26) is configured to restrict certain types of communication between the first terminal (10) and the shared communications network (20);

ii) each terminal (10,12) has a number of logical communication ports (27,29) for transmitting and/or receiving the multimedia call, including at least one dynamically assigned port (31,35);

iii) in the course of setting up a multimedia call, at least one of the terminals (10,12) is adapted to send a request (62) to the other of the terminals to open up one or more of the dynamic ports (35) in the terminal receiving said request;

characterised in that;

iv) the system (1) includes a proxy server (40) between the first terminal (10) and the second terminal (12) that acts for each terminal (10,12) as a proxy for the other terminal during the course of a multimedia call;

v) the proxy server (40) has logical communication ports (33) for communication with the terminals (10,12) including one or more pre-assigned ports (41,55) for communication with the first terminal (10);

vi) the first firewall (26) is configured not to restrict communication between the first terminal (10) and the pre-assigned port(s) (41,55) of the proxy server (40); and

vii) the proxy server (40) is configured to receive and forward (64) the request(s) (62) to open up said dynamic port(s) (35) via one of its pre-assigned ports (41,55).

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a communications system (1) for making multimedia calls. The system comprises two multimedia terminals (10,12) and communication means for making a multimedia call over a shared communications network (20), including a firewall (26) through which the multimedia call must pass, and which restricts certain types of communication. Each terminal (10,12) has a number of logical communication ports for the multimedia call, including at least one dynamically assigned port. In the course of setting up the multimedia call, at least one of the terminals (10,12) is adapted to send a request to the other of the terminals to open up one or more of the dynamic ports in the other terminal. The system includes a proxy server (40) between the terminals (10,12) that acts for each terminal as a proxy for the other terminal during the course of the call. The proxy server (40) has logical communication ports for communication with the terminals including one or more pre-assigned ports. The firewall (26) is configured not to restrict communication between one or both terminals (10,12) and the pre-assigned port(s) of the proxy server (40). The proxy server (40) is configured to receive and forward the request(s) to open up said dynamic port(s) via one of its pre-assigned ports.

84 Citations

View as Search Results

19 Claims

1. A communications system (1) for making a multimedia call, comprising, a first multimedia terminal (10), a second multimedia terminal (12), communication means for making a multimedia call over a shared communications network (20), said communication means including a first communication means and a second communication means associated respectively with the first multimedia terminal (10) and the second multimedia terminal (12), the first communication means including a first firewall (26) through which the multimedia call must pass, in which:
- i) the first firewall (26) is configured to restrict certain types of communication between the first terminal (10) and the shared communications network (20);
  
  ii) each terminal (10,12) has a number of logical communication ports (27,29) for transmitting and/or receiving the multimedia call, including at least one dynamically assigned port (31,35);
  
  iii) in the course of setting up a multimedia call, at least one of the terminals (10,12) is adapted to send a request (62) to the other of the terminals to open up one or more of the dynamic ports (35) in the terminal receiving said request;
  
  characterised in that;
  
  iv) the system (1) includes a proxy server (40) between the first terminal (10) and the second terminal (12) that acts for each terminal (10,12) as a proxy for the other terminal during the course of a multimedia call;
  
  v) the proxy server (40) has logical communication ports (33) for communication with the terminals (10,12) including one or more pre-assigned ports (41,55) for communication with the first terminal (10);
  
  vi) the first firewall (26) is configured not to restrict communication between the first terminal (10) and the pre-assigned port(s) (41,55) of the proxy server (40); and
  
  vii) the proxy server (40) is configured to receive and forward (64) the request(s) (62) to open up said dynamic port(s) (35) via one of its pre-assigned ports (41,55).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. A communication system (1) as claimed in claim 1, in which:
    - viii) the second communication means includes a second firewall (28) through which the multimedia call must pass;
      
      ix) the second firewall (28) is configured to restrict certain types of communication between the second terminal (12) and the shared communications network (20);
      
      x) the proxy server (40) has logical communication ports (33) for communication with the terminals (10,12) including one or more pre-assigned ports (41,55) for communication with the second terminal (12); and
      
      xi) the second firewall (28) is configured not to restrict communication between the second terminal (12) and the pre-assigned port(s) (41,55) of the proxy server (40).
  - 3. A communication system (1) as claimed in claim 1 or claim 2, in which the number of pre-assigned ports (41,55) of the proxy server (40) is less than or equal to the total number of dynamically assigned ports (31,35) for the terminal(s) (10,12).
  - 4. A communication system (1) as claimed in claim 3, in which the proxy server (40) has at least one pre-assigned port number.
  - 5. A communication system (1) as claimed in claim 4, in which the proxy server (40) has two pre-assigned port numbers.
  - 6. A communication system (1) as claimed in any preceding claim, in which the terminals (10,12) are adapted to transmit and/or receive multimedia media signals together with associated multimedia control signals (59,60), the control signals being sent to one of the pre-assigned ports (41) and the media signals being sent to the other of the pre-assigned ports (55).
  - 7. A communication system (1) as claimed in any preceding claim, in which at least one of the logical communications ports is a pre-assigned port, said request (62) being sent to the pre-assigned port (41) as an initial request to initiate communication over the communication link.
  - 8. A communication system (1) as claimed in any preceding claim, in which the communication means is adapted for making a multimedia call at least in part via the internet, and the proxy server (40) has one or multiple public internet protocol address(es) by which the or each of the terminals (10,12) communicate with the proxy server (40), the firewall(s) (26,28) being configured not to restrict communication between the terminal(s) (10,12) and the internet protocol address(es) and pre-assigned logical port numbers (41,55) of the proxy server (40).
  - 9. A communication system (1) as claimed in any preceding claim, in which there is a plurality of pairs of first terminals (10) and of second terminals (12).
  - 10. A communication system (1) as claimed in any preceding claim, in which the system (1) is for making a multimedia call according to the H.323 standard of the International Telecommunications Union.
  - 11. A communications system (1) as claimed in any preceding claim, in which the system (1) is for making a multimedia call according to the SIP standard of the Internet Engineering Task Force.
  - 12. A communications system (1) as claimed in any preceding claim, in which the system (1) is for making a multimedia call according to the MGCP standard of the Internet Engineering Task Force.
  - 13. A communications system (1) as claimed in any preceding claim, in which the system (1) is for making a multimedia call according to the H.248 standard of the ITU.
  - 14. A communications system (1) as claimed in any preceding claim, in which the second terminal (12) is another proxy server (40) serving a remote community of terminals and endpoints.
  - 15. A communications system (1) as claimed in any preceding claim, in which a third party deploys the proxy server (40) for the provision of communication services between enterprises.
  - 16. A communications system (1) as claimed in any preceding claim, in which the first terminal'"'"'s enterprise deploys the proxy server (40) for the provision of external communication service with other enterprises, service providers or its remote branches.
  - 17. A communications system (1) as claimed in any preceding claim, in which the gatekeeper function is co-resident with the proxy server (40).

18. A communications system (1) as claimed in any of clams 1 to 16, in which the gatekeeper function is a separate system from the proxy server (40).

19. A method of making a multimedia call using a communications system (1) that comprises a first multimedia terminal (10), a second multimedia terminal (12), communication means including a first communication means and a second communication means associated respectively with the first multimedia terminal (10) and the second multimedia terminal (12), wherein each terminal (10,12) has a number of logical communication ports (11,13) for transmitting and/or receiving the multimedia call, including at least one dynamically assigned port (31,35), and the first communication means includes a first firewall (26) configured to restrict certain types of communication between the first terminal (10) and the shared communications network (20), in which the method comprises the steps of:
- a) setting up a multimedia call over a shared communications network (20) with the first communications means and the second communications means between the first multimedia terminal (10) and the second multimedia via the first firewall (26);
  
  b) in the course of setting up a multimedia call, at least one of the terminals (10,12) sends a request (62) to the other of the terminals to open up one or more of the dynamic ports (35) in the terminal receiving said request;
  
  characterised in that the method comprises the steps of;
  
  c) including a proxy server (40) between the first terminal (10) and the second terminal (12) that acts for each terminal (10,12) as a proxy for the other terminal during the course of a multimedia call, the proxy server (40) having logical communication ports (33) for communication with the terminals (10,12) including one or more pre-assigned ports (41,55) for communication with the first terminal (10);
  
  d) configuring the first firewall (26) not to restrict communication between the first terminal (10) and the pre-assigned port(s) (41,55) of the proxy server (40); and
  
  e) configuring the proxy server (40) to receive and forward (64) the request(s) (62) to open up said dynamic port(s) (35) via one of its pre-assigned ports (41,55).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Read, Stephen Michael

Granted Patent

US 8,499,344 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/352
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/2514   between local and global IP...

H04L 61/2517   using port numbers

H04L 61/2535   Multiple local networks, e....

H04L 61/2564   for a higher-layer protocol...

H04L 61/2567   for reachability, e.g. inqu...

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 65/103   in the network

H04L 65/104   in the network

H04L 65/1043   Gateway controllers, e.g. m...

H04L 65/1069   Session establishment or de...

H04L 65/1101   Session protocols

H04L 65/1104   Session initiation protocol...

H04L 65/1106   Call signalling protocols; ...

H04L 9/40   Network security protocols

H04M 7/0078   Security; Fraud detection; ...

Audio-video telephony with firewalls and network address translation

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

84 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Audio-video telephony with firewalls and network address translation

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links