Method and system for providing secure communications between proxy servers in support of interdomain traversal
First Claim
1. A method for providing packetized communication services, the method comprising:
- receiving a request specifying a directory number for establishing a communication session from a first endpoint to a second endpoint, wherein the first endpoint is behind a first network address translator of a first domain, and the second endpoint is within a second domain;
communicating with a service provider network to determine a network address for communicating with the second endpoint based on the directory number, to determine existence of a second network address translator within the second domain, and to establish, if the network address can be determined, a media path between the first endpoint and the second endpoint based on the network address to support the communication session; and
establishing an encrypted session with a proxy server according to a cryptographic protocol to support the media path, the proxy server residing within the second domain.
5 Assignments
0 Petitions
Accused Products
Abstract
An approach provides interdomain traversal to support packetized voice transmissions. A request is received and specifies a directory number for establishing a communication session from a first endpoint to a second endpoint. The first endpoint is behind a first network address translator of a first domain, and the second endpoint is within a second domain. A service provider network is accessed to determine a network address for communicating with the second endpoint based on the directory number, to determine existence of a second network address translator within the second domain, and to establish, if the network address can be determined, a media path between the first endpoint and the second endpoint based on the network address to support the communication session. An encrypted session is established with a proxy server according to a cryptographic protocol to support the media path. The proxy server resides within the second domain.
108 Citations
30 Claims
-
1. A method for providing packetized communication services, the method comprising:
-
receiving a request specifying a directory number for establishing a communication session from a first endpoint to a second endpoint, wherein the first endpoint is behind a first network address translator of a first domain, and the second endpoint is within a second domain;
communicating with a service provider network to determine a network address for communicating with the second endpoint based on the directory number, to determine existence of a second network address translator within the second domain, and to establish, if the network address can be determined, a media path between the first endpoint and the second endpoint based on the network address to support the communication session; and
establishing an encrypted session with a proxy server according to a cryptographic protocol to support the media path, the proxy server residing within the second domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A network apparatus for providing packetized communication services, the apparatus comprising:
-
a first communication interface configured to receive a request specifying a directory number for establishing a communication session from a first endpoint to a second endpoint, wherein the first endpoint is behind a first network address translator of a first domain, and the second endpoint is within a second domain;
a second communication interface configured to communicate with a service provider network to determine a network address for communicating with the second endpoint based on the directory number, to determine existence of a second network address translator within the second domain, and to establish, if the network address can be determined, a media path between the first endpoint and the second endpoint based on the network address to support the communication session; and
a processor configured to establish an encrypted session with a proxy server according to a cryptographic protocol to support the media path, the proxy server residing within the second domain. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for providing packetized communication services, the system comprising:
-
an address server configured to receive a request for a network address for communicating with a destination endpoint based on a directory number, wherein the directory number is specified in a call establishment request to establish a communication session from a source endpoint behind a first network address translator of a first domain, and the destination endpoint is within a second domain;
a STUN (Simple Traversal of UDP (User Datagram Protocol)) server configured to support determination of existence of a second network address translator within the second domain; and
a TURN (Traversal Using Relay NAT (Network Address Translation)) server configured to establish, if the network address can be determined, a media path between the source endpoint and the destination endpoint based on the network address to support the communication session, wherein the media path includes an encrypted session between a first proxy server residing within the first domain and a second proxy server residing within the second domain. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A method for providing packetized communication services, the method comprising:
-
transmitting a request to a near-end proxy server for establishing a communication session with a destination endpoint, wherein the request is transmitted through a first network address translator of a first domain, and the destination endpoint is within a second domain, wherein the near-end proxy server is configured communicate with a service provider network to determine a network address for communicating with the second endpoint based on the directory number, to determine existence of a second network address translator within the second domain, and to establish, if the network address can be determined, a media path with the destination endpoint based on the network address to support the communication session; and
establishing an encrypted session with the near-end proxy server according to a cryptographic protocol to support the media path. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification