Method and system for providing secure communications between proxy servers in support of interdomain traversal

US 20070019622A1
Filed: 12/30/2005
Published: 01/25/2007
Est. Priority Date: 07/20/2005
Status: Active Grant

First Claim

Patent Images

1. A method for providing packetized communication services, the method comprising:

receiving a request specifying a directory number for establishing a communication session from a first endpoint to a second endpoint, wherein the first endpoint is behind a first network address translator of a first domain, and the second endpoint is within a second domain;

communicating with a service provider network to determine a network address for communicating with the second endpoint based on the directory number, to determine existence of a second network address translator within the second domain, and to establish, if the network address can be determined, a media path between the first endpoint and the second endpoint based on the network address to support the communication session; and

establishing an encrypted session with a proxy server according to a cryptographic protocol to support the media path, the proxy server residing within the second domain.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach provides interdomain traversal to support packetized voice transmissions. A request is received and specifies a directory number for establishing a communication session from a first endpoint to a second endpoint. The first endpoint is behind a first network address translator of a first domain, and the second endpoint is within a second domain. A service provider network is accessed to determine a network address for communicating with the second endpoint based on the directory number, to determine existence of a second network address translator within the second domain, and to establish, if the network address can be determined, a media path between the first endpoint and the second endpoint based on the network address to support the communication session. An encrypted session is established with a proxy server according to a cryptographic protocol to support the media path. The proxy server resides within the second domain.

108 Citations

View as Search Results

30 Claims

1. A method for providing packetized communication services, the method comprising:
- receiving a request specifying a directory number for establishing a communication session from a first endpoint to a second endpoint, wherein the first endpoint is behind a first network address translator of a first domain, and the second endpoint is within a second domain;
  
  communicating with a service provider network to determine a network address for communicating with the second endpoint based on the directory number, to determine existence of a second network address translator within the second domain, and to establish, if the network address can be determined, a media path between the first endpoint and the second endpoint based on the network address to support the communication session; and
  
  establishing an encrypted session with a proxy server according to a cryptographic protocol to support the media path, the proxy server residing within the second domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method according to claim 1, wherein the service provider network includes an ENUM (Electronic Number) server to determine the network address, a STUN (Simple Traversal of UDP (User Datagram Protocol)) server to determine the second network address translator, and a TURN (Traversal Using Relay NAT (Network Address Translation)) server to establish the media path.
  - 3. A method according to claim 1, wherein the encrypted session is established end-to-end from the first endpoint to the second endpoint.
  - 4. A method according to claim 1, wherein the communication session is a Voice over IP (Internet Protocol) call.
  - 5. A method according to claim 1, wherein the first domain and the second domain correspond either to different enterprise networks or autonomous networks.
  - 6. A method according to claim 1, further comprising:
    - converting signaling from another proxy server associated with establishment of the communication session to a format compatible with the proxy server.
  - 7. A method according to claim 6, wherein the proxy server utilizes Session Initiation Protocol (SIP) signaling, and the other proxy server utilizes either a SIP-type signaling or a H.323 signaling.
  - 8. A method according to claim 1, wherein, if the network address cannot be determined, the proxy server communicates with a media gateway coupled to a circuit-switched telephone network for termination of the communication session.
  - 9. A method according to claim 1, wherein the cryptographic protocol includes a Transport Layer Security (TLS) protocol.

10. A network apparatus for providing packetized communication services, the apparatus comprising:
- a first communication interface configured to receive a request specifying a directory number for establishing a communication session from a first endpoint to a second endpoint, wherein the first endpoint is behind a first network address translator of a first domain, and the second endpoint is within a second domain;
  
  a second communication interface configured to communicate with a service provider network to determine a network address for communicating with the second endpoint based on the directory number, to determine existence of a second network address translator within the second domain, and to establish, if the network address can be determined, a media path between the first endpoint and the second endpoint based on the network address to support the communication session; and
  
  a processor configured to establish an encrypted session with a proxy server according to a cryptographic protocol to support the media path, the proxy server residing within the second domain.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. An apparatus according to claim 10, wherein the service provider network includes an ENUM (Electronic Number) server to determine the network address, a STUN (Simple Traversal of UDP (User Datagram Protocol)) server to determine the second network address translator, and a TURN (Traversal Using Relay NAT (Network Address Translation)) server to establish the media path.
  - 12. An apparatus according to claim 10, wherein the encrypted session is established end-to-end from the first endpoint to the second endpoint.
  - 13. An apparatus according to claim 10, wherein the communication session is a Voice over IP (Internet Protocol) call.
  - 14. An apparatus according to claim 10, wherein the first domain and the second domain correspond either to different enterprise networks or autonomous networks.
  - 15. An apparatus according to claim 10, wherein signaling is converted from another proxy server associated with establishment of the communication session to a format compatible with the proxy server.
  - 16. An apparatus according to claim 15, wherein the proxy server utilizes Session Initiation Protocol (SIP) signaling, and the other proxy server utilizes either a SIP-type signaling or a H.323 signaling.
  - 17. An apparatus according to claim 10, wherein, if the network address cannot be determined, the proxy server communicates with a media gateway coupled to a circuit-switched telephone network for termination of the communication session.
  - 18. An apparatus according to claim 10, wherein the cryptographic protocol includes a Transport Layer Security (TLS) protocol.

19. A system for providing packetized communication services, the system comprising:
- an address server configured to receive a request for a network address for communicating with a destination endpoint based on a directory number, wherein the directory number is specified in a call establishment request to establish a communication session from a source endpoint behind a first network address translator of a first domain, and the destination endpoint is within a second domain;
  
  a STUN (Simple Traversal of UDP (User Datagram Protocol)) server configured to support determination of existence of a second network address translator within the second domain; and
  
  a TURN (Traversal Using Relay NAT (Network Address Translation)) server configured to establish, if the network address can be determined, a media path between the source endpoint and the destination endpoint based on the network address to support the communication session, wherein the media path includes an encrypted session between a first proxy server residing within the first domain and a second proxy server residing within the second domain.
- View Dependent Claims (20, 21, 22, 23)
- - 20. A system according to claim 19, wherein the communication session is a Voice over IP (Internet Protocol) call, and the cryptographic protocol is a Transport Layer Security (TLS) protocol.
  - 21. A system according to claim 19, wherein the first domain and the second domain correspond either to different enterprise networks or autonomous networks.
  - 22. A system according to claim 19, further comprising:
    - a gateway configured to convert signaling from second proxy server associated with establishment of the communication session to a format compatible with the first proxy server.
  - 23. A system according to claim 19, wherein the first proxy server utilizes Session Initiation Protocol (SIP) signaling, and the second proxy server utilizes either a SIP-type signaling or a H.323 signaling.

24. A method for providing packetized communication services, the method comprising:
- transmitting a request to a near-end proxy server for establishing a communication session with a destination endpoint, wherein the request is transmitted through a first network address translator of a first domain, and the destination endpoint is within a second domain, wherein the near-end proxy server is configured communicate with a service provider network to determine a network address for communicating with the second endpoint based on the directory number, to determine existence of a second network address translator within the second domain, and to establish, if the network address can be determined, a media path with the destination endpoint based on the network address to support the communication session; and
  
  establishing an encrypted session with the near-end proxy server according to a cryptographic protocol to support the media path.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. A method according to claim 24, wherein the service provider network includes an ENUM (Electronic Number) server to determine the network address, a STUN (Simple Traversal of UDP (User Datagram Protocol)) server to determine the second network address translator, and a TURN (Traversal Using Relay NAT (Network Address Translation)) server to establish the media path.
  - 26. A method according to claim 24, wherein the near-end proxy server is further configured to establish an encrypted session with a far-end proxy server that is within the second domain.
  - 27. A method according to claim 26, wherein the near-end proxy server utilizes Session Initiation Protocol (SIP) signaling, and the far-end proxy server utilizes either a SIP-type signaling or a H.323 signaling.
  - 28. A method according to claim 24, wherein the communication session is a Voice over IP (Internet Protocol) call.
  - 29. A method according to claim 24, wherein the first domain and the second domain correspond either to different enterprise networks or autonomous networks.
  - 30. A method according to claim 24, wherein the cryptographic protocol includes a Transport Layer Security (TLS) protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
MCI Incorporated (Verizon Communications Inc.)
Inventors
Bae, Kiwan, Alt, Wade

Granted Patent

US 8,184,641 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/352
CPC Class Codes

H04L 61/2564   for a higher-layer protocol...

H04L 61/2578   without involvement of the ...

H04L 65/103   in the network

H04L 65/104   in the network

H04L 65/1043   Gateway controllers, e.g. m...

H04L 65/1101   Session protocols

H04L 65/1108   Web based protocols, e.g. w...

H04L 65/65   Network streaming protocols...

Method and system for providing secure communications between proxy servers in support of interdomain traversal

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

108 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing secure communications between proxy servers in support of interdomain traversal

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

108 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links