Securing telephony communications between remote and enterprise endpoints

US 20060092945A1
Filed: 11/03/2004
Published: 05/04/2006
Est. Priority Date: 11/03/2004
Status: Active Grant

First Claim

Patent Images

1. A system for securing telephony communications between an enterprise telephony endpoint and a remote telephony endpoint, comprising:

an isolated packet-based network having a plurality of enterprise telephony endpoints;

an exposed packet-based network coupled to a public packet-based network and having a call management device operable to receive an unsecured session request from a remote telephony endpoint coupled to the public packet-based network, to determine that the unsecured session request identifies one of the enterprise telephony endpoints, and to establish a media link between the remote telephony endpoint and an isolation device; and

the isolation device coupled between the isolated packet-based network and the exposed packet-based network and operable to receive unsecured media associated with the media link, to translate the unsecured media to reduce the likelihood of harmful code communicated by the remote telephony endpoint from reaching the identified enterprise telephony endpoint, and to transmit the translated media to the isolated packet-based network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for securing telephony communications between an enterprise telephony endpoint and a remote telephony endpoint includes an isolated packet-based network, an exposed packet-based network, and an isolation device. The isolated packet-based network has a plurality of enterprise telephony endpoints. The exposed packet-based network is coupled to a public packet-based network and has a call management device that can receive an unsecured session request from a remote telephony endpoint coupled to the public packet-based network, determine that the unsecured session request identifies one of the enterprise telephony endpoints, and establish a media link between the remote telephony endpoint and the isolation device. The isolation device is coupled between the isolated packet-based network and the exposed packet-based network and can receive unsecured media associated with the media link, translate the unsecured media to reduce the likelihood of harmful code communicated by the remote telephony endpoint from reaching the identified enterprise telephony endpoint, and transmit the translated media to the isolated packet-based network.

Citations

36 Claims

1. A system for securing telephony communications between an enterprise telephony endpoint and a remote telephony endpoint, comprising:
- an isolated packet-based network having a plurality of enterprise telephony endpoints;
  
  an exposed packet-based network coupled to a public packet-based network and having a call management device operable to receive an unsecured session request from a remote telephony endpoint coupled to the public packet-based network, to determine that the unsecured session request identifies one of the enterprise telephony endpoints, and to establish a media link between the remote telephony endpoint and an isolation device; and
  
  the isolation device coupled between the isolated packet-based network and the exposed packet-based network and operable to receive unsecured media associated with the media link, to translate the unsecured media to reduce the likelihood of harmful code communicated by the remote telephony endpoint from reaching the identified enterprise telephony endpoint, and to transmit the translated media to the isolated packet-based network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein translating the unsecured media comprises transmitting the unsecured media through a switched facility.
  - 3. The system of claim 1, wherein:
    - the isolation device includes a packet-based interface operable to couple to the isolated packet-based network and the exposed packet-based network, and a switched interface operable to couple to a loopback cable; and
      
      the loopback cable is operable to loop the unsecured media back to the isolation device to remove the harmful code.
  - 4. The system of claim 3, wherein the isolation device is further operable to convert the unsecured media between a first protocol associated with the packet-based interface and a second protocol associated with the switched interface.
  - 5. The system of claim 4, wherein the first protocol is Internet Protocol (IP) and the second protocol is T1.
  - 6. The system of claim 1, wherein the isolation device is further operable to receive unsecured signaling associated with the media link, to translate the unsecured signaling to reduce the likelihood of harmful code communicated by the remote telephony endpoint from reaching the identified enterprise telephony endpoint, and to transmit the translated signaling to the isolated packet-based network.
  - 7. The system of claim 6, wherein:
    - the isolation device is further operable to transmit the translated signaling to a second call management device in the isolated packet-based network; and
      
      the second call management device is operable to process the translated signaling to support the identified enterprise telephony endpoint.
  - 8. The system of claim 6, wherein the isolation device is further operable to transmit the translated media and the translated signaling directly to the identified enterprise telephony endpoint in the isolated packet-based network.
  - 9. The system of claim 1, further comprising a firewall operable to couple to the exposed packet-based network, to receive the unsecured session request and the unsecured media transmitted from the remote telephony endpoint, to direct the unsecured session request to the call management device, and to direct the unsecured media to the isolation device.

10. A method for securing telephony communications between an enterprise telephony endpoint and a remote telephony endpoint, comprising:
- receiving at a call management device in an exposed packet-based network an unsecured session request from a remote telephony endpoint coupled to a public packet-based network;
  
  determining that the unsecured session request identifies one of a plurality of enterprise telephony endpoints in an isolated packet-based network;
  
  establishing a media link between the remote telephony endpoint and an isolation device coupled between the isolated packet-based network and the exposed packet-based network;
  
  receiving unsecured media associated with the media link at the isolation device;
  
  translating the unsecured media to reduce the likelihood of harmful code communicated by the remote telephony endpoint from reaching the identified enterprise telephony endpoint; and
  
  transmitting the translated media from the isolation device to the isolated packet-based network.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein translating the unsecured media comprises transmitting the unsecured media through a switched facility.
  - 12. The method of claim 10, further comprising:
    - looping the unsecured media through a loopback cable to remove the harmful code;
      
      wherein the isolation device includes a packet-based interface operable to couple to the isolated packet-based network and the exposed packet-based network, and a switched interface operable to couple to the loopback cable.
  - 13. The method of claim 12, wherein the isolation device is further operable to convert the unsecured media between a first protocol associated with the packet-based interface and a second protocol associated with the switched interface.
  - 14. The method of claim 13, wherein the first protocol is Internet Protocol (IP) and the second protocol is T1.
  - 15. The method of claim 10, further comprising:
    - receiving unsecured signaling associated with the media link at the isolation device;
      
      translating the unsecured signaling to reduce the likelihood of harmful code communicated by the remote telephony endpoint from reaching the identified enterprise telephony endpoint; and
      
      transmitting the translated signaling from the isolation device to the isolated packet-based network.
  - 16. The method of claim 15, further comprising:
    - transmitting the translated signaling from the isolation device to a second call management device in the isolated packet-based network; and
      
      processing the translated signaling at the second call management device to support the identified enterprise telephony endpoint.
  - 17. The method of claim 15, further comprising transmitting the translated media and the translated signaling directly from the isolation device to the identified enterprise telephony endpoint in the isolated packet-based network.
  - 18. The method of claim 10, further comprising:
    - receiving the unsecured session request and the unsecured media transmitted from the remote telephony endpoint at a firewall coupled to the exposed packet-based network;
      
      directing the unsecured session request from the firewall to the call management device; and
      
      directing the unsecured media from the firewall to the isolation device.

19. Logic for securing telephony communications between an enterprise telephony endpoint and a remote telephony endpoint, the logic encoded in media and operable when executed to:
- receive at a call management device in an exposed packet-based network an unsecured session request from a remote telephony endpoint coupled to a public packet-based network;
  
  determine that the unsecured session request identifies one of a plurality of enterprise telephony endpoints in an isolated packet-based network;
  
  establish a media link between the remote telephony endpoint and an isolation device coupled between the isolated packet-based network and the exposed packet-based network;
  
  receive unsecured media associated with the media link at the isolation device;
  
  translate the unsecured media to reduce the likelihood of harmful code communicated by the remote telephony endpoint from reaching the identified enterprise telephony endpoint; and
  
  transmit the translated media from the isolation device to the isolated packet-based network.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The logic of claim 19, wherein translating the unsecured media comprises transmitting the unsecured media through a switched facility.
  - 21. The logic of claim 19, further operable when executed to:
    - loop the unsecured media through a loopback cable to remove the harmful code;
      
      wherein the isolation device includes a packet-based interface operable to couple to the isolated packet-based network and the exposed packet-based network, and a switched interface operable to couple to the loopback cable.
  - 22. The logic of claim 21, wherein the isolation device is further operable to convert the unsecured media between a first protocol associated with the packet-based interface and a second protocol associated with the switched interface.
  - 23. The logic of claim 22, wherein the first protocol is Internet Protocol (IP) and the second protocol is T1.
  - 24. The logic of claim 19, further operable when executed to:
    - receive unsecured signaling associated with the media link at the isolation device;
      
      translate the unsecured signaling to reduce the likelihood of harmful code communicated by the remote telephony endpoint from reaching the identified enterprise telephony endpoint; and
      
      transmit the translated signaling from the isolation device to the isolated packet-based network.
  - 25. The logic of claim 24, further operable when executed to:
    - transmit the translated signaling from the isolation device to a second call management device in the isolated packet-based network; and
      
      process the translated signaling at the second call management device to support the identified enterprise telephony endpoint.
  - 26. The logic of claim 24, further operable when executed to transmit the translated media and the translated signaling directly from the isolation device to the identified enterprise telephony endpoint in the isolated packet-based network.
  - 27. The logic of claim 19, further operable when executed to:
    - receive the unsecured session request and the unsecured media transmitted from the remote telephony endpoint at a firewall coupled to the exposed packet-based network;
      
      direct the unsecured session request from the firewall to the call management device; and
      
      direct the unsecured media from the firewall to the isolation device.

28. A system for securing telephony communications between an enterprise telephony endpoint and a remote telephony endpoint, comprising:
- means for receiving at a call management device in an exposed packet-based network an unsecured session request from a remote telephony endpoint coupled to a public packet-based network;
  
  means for determining that the unsecured session request identifies one of a plurality of enterprise telephony endpoints in an isolated packet-based network;
  
  means for establishing a media link between the remote telephony endpoint and an isolation device coupled between the isolated packet-based network and the exposed packet-based network;
  
  means for receiving unsecured media associated with the media link at the isolation device;
  
  means for translating the unsecured media to reduce the likelihood of harmful code communicated by the remote telephony endpoint from reaching the identified enterprise telephony endpoint; and
  
  means for transmitting the translated media from the isolation device to the isolated packet-based network.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36)
- - 29. The system of claim 28, wherein the means for translating the unsecured media comprises means for transmitting the unsecured media through a switched facility.
  - 30. The system of claim 28, further comprising:
    - means for looping the unsecured media through a loopback cable to remove the harmful code;
      
      wherein the isolation device includes a packet-based interface operable to couple to the isolated packet-based network and the exposed packet-based network, and a switched interface operable to couple to the loopback cable.
  - 31. The system of claim 30, wherein the isolation device is further operable to convert the unsecured media between a first protocol associated with the packet-based interface and a second protocol associated with the switched interface.
  - 32. The system of claim 31, wherein the first protocol is Internet Protocol (IP) and the second protocol is T1.
  - 33. The system of claim 28, further comprising:
    - means for receiving unsecured signaling associated with the media link at the isolation device;
      
      means for translating the unsecured signaling to reduce the likelihood of harmful code communicated by the remote telephony endpoint from reaching the identified enterprise telephony endpoint; and
      
      means for transmitting the translated signaling from the isolation device to the isolated packet-based network.
  - 34. The system of claim 33, further comprising:
    - means for transmitting the translated signaling from the isolation device to a second call management device in the isolated packet-based network; and
      
      means for processing the translated signaling at the second call management device to support the identified enterprise telephony endpoint.
  - 35. The system of claim 33, further comprising means for transmitting the translated media and the translated signaling directly from the isolation device to the identified enterprise telephony endpoint in the isolated packet-based network.
  - 36. The system of claim 28, further comprising:
    - means for receiving the unsecured session request and the unsecured media transmitted from the remote telephony endpoint at a firewall coupled to the exposed packet-based network;
      
      means for directing the unsecured session request from the firewall to the call management device; and
      
      means for directing the unsecured media from the firewall to the isolation device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Hallmark, Addis Eli, Ayres, Marc Coiner

Granted Patent

US 7,613,207 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/395.2
CPC Class Codes

H04L 12/66   Arrangements for connecting...

H04L 63/0209   Architectural arrangements,...

H04L 63/0227   Filtering policies mail mes...

H04L 63/145   the attack involving the pr...

H04L 65/1101   Session protocols

H04L 65/765   intermediate

Securing telephony communications between remote and enterprise endpoints

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Securing telephony communications between remote and enterprise endpoints

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links