SYSTEM AND METHOD FOR PROVIDING SECURITY IN A TELECOMMUNICATION NETWORK

US 20070186093A1
Filed: 05/26/2006
Published: 08/09/2007
Est. Priority Date: 01/04/2000
Status: Active Grant

First Claim

Patent Images

1. canceled

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for establishing a telephone call between a trusted Internet Protocol (IP) telephone and an untrusted device. The method includes receiving a call initiation request from the untrusted device that indicates a desired communication with the trusted IP telephone. The method evaluates the call initiation request, and establishes a telecommunication link between the untrusted device and the trusted IP telephone in response to a positive evaluation of the call initiation request.

83 Citations

View as Search Results

88 Claims

1. canceled

2. canceled

3. canceled

4. canceled

5. canceled

6. canceled

7. canceled

8. canceled

9. canceled

10. canceled

11. canceled

12. canceled

13. canceled

14. canceled

15. canceled

16. canceled

17. canceled

18. canceled

19. canceled

20. canceled

21. canceled

22. canceled

23. canceled

24. canceled

25. canceled

26. canceled

27. canceled

28. canceled

29. canceled

30. canceled

31. canceled

32. canceled

33. canceled

34. canceled

35. canceled

36. canceled

37. canceled

38. canceled

39. canceled

40. canceled

41. canceled

42. canceled

43. canceled

44. canceled

45. canceled

46. A method for establishing communication between a trusted Internet Protocol (IP) device and an untrusted device, the method comprising:
- receiving an initiation request from an untrusted device external to a trusted network, the initiation request indicating a desired communication with a trusted IP device coupled to the trusted network;
  
  evaluating the initiation request;
  
  establishing a telecommunication link between the untrusted device and the trusted IP device in response to a positive evaluation of the initiation request, wherein evaluating the initiation request comprises determining whether the untrusted device is requesting the establishment of streaming data with the trusted IP device;
  
  monitoring communications transmitted between the untrusted device and the trusted IP device on the telecommunication link to ensure that the communications are streaming data to maintain the integrity of the trusted network; and
  
  terminating the telecommunication link if the communications transmitted between the untrusted device and the trusted IP device are not streaming data to maintain the integrity of the trusted network;
  
  wherein establishing the telecommunication link comprises;
  
  associating a first logical port of a telephony proxy with the trusted IP device;
  
  associating a second logical port of the telephony proxy with the untrusted device;
  
  receiving first telecommunication data from the untrusted device at the first logical port;
  
  modifying a first source address information in the first telecommunication data to specify the second logical port of the telephony proxy;
  
  communicating the first telecommunication data with the modified first source address information to the trusted IP device;
  
  receiving second telecommunication data from the trusted IP device at the second logical port;
  
  modifying a second source address information in the second telecommunication data to specify the first logical port of the telephony proxy; and
  
  communicating the second telecommunication data with the modified second source address information to the untrusted device.

47. A method for establishing communication between a trusted Internet Protocol (IP) device and an untrusted device, the method comprising:
- receiving an initiation request from an untrusted device external to a trusted network, the initiation request indicating a desired communication with a trusted IP device coupled to the trusted network;
  
  evaluating the initiation request;
  
  establishing a telecommunication link between the untrusted device and the trusted IP device in response to a positive evaluation of the initiation request;
  
  monitoring communications transmitted between the untrusted device and the trusted IP device on the telecommunication link to ensure that the communications are streaming data to maintain the integrity of the trusted network; and
  
  terminating the telecommunication link if the communications transmitted between the untrusted device and the trusted IP device are not streaming data to maintain the integrity of the trusted network;
  
  wherein evaluating the initiation request comprises determining whether the untrusted device is requesting the establishment of streaming data with the trusted IP device.
- View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
- - 48. The method of claim 47, wherein receiving a initiation request from the untrusted device comprises intercepting the initiation request at an entry point to the trusted network servicing the trusted IP device, the initiation request sent from outside the trusted network by the untrusted device.
  - 49. The method of claim 47, wherein evaluating the initiation request comprises determining whether the trusted IP device is a proper recipient of a communication from an untrusted device.
  - 50. The method of claim 49, wherein determining whether the trusted IP device is a proper recipient of a communication from an untrusted device comprises determining whether a network address of the trusted IP device is included in a list of approved network addresses.
  - 51. The method of claim 47, wherein evaluating the initiation request comprises determining whether a network address of the untrusted device is included in a list of approved network addresses.
  - 52. The method of claim 47, wherein establishing a telecommunication link between the untrusted device and the trusted IP device comprises establishing a telecommunication link using a telephony proxy, whereby all telecommunications between the trusted IP device and the untrusted device are communicated through the telephony proxy.
  - 53. The method of claim 52, further comprising monitoring the telecommunication link to determine whether the telecommunications being sent by the untrusted device use an appropriate audio format.
  - 54. The method of claim 52, wherein monitoring the communications transmitted between the untrusted device and the trusted IP device comprises monitoring the telecommunication link to determine whether the telecommunications being sent by the untrusted device comprise streaming data.
  - 55. The method of claim 52, wherein establishing a telecommunication link between the untrusted device and the trusted IP device using the telephony proxy comprises:
    - associating a first logical port of the telephony proxy with the trusted IP device;
      
      receiving telecommunication data from the untrusted device at the first logical port;
      
      modifying source address information in the received telecommunication data to specify a second logical port of the telephony proxy associated with the untrusted device; and
      
      communicating the telecommunication data with the modified source address information to the trusted IP device.
  - 56. The method of claim 55, wherein associating a first logical port of the telephony proxy with the untrusted device comprises associating a User Datagram Protocol (UDP) logical port to enable the streaming of IP packets.
  - 57. The method of claim 56, wherein modifying the source address information in the received telecommunication data comprises modifying a source IP address and a source port in a header of each IP packet.

58. A communication network for establishing communication between a trusted Internet Protocol (IP) device and an untrusted device, the communication network comprising:
- a first trusted network;
  
  a trusted IP device coupled to the first trusted network;
  
  an authentication controller coupled to the first trusted network and operable to evaluate an initiation request received from an untrusted device external to the first trusted network, the initiation request indicating a desired communication with the trusted IP device, wherein evaluating the initiation request comprises determining whether the untrusted device is requesting the establishment of streaming data with the trusted IP device; and
  
  a manager operable to initiate the creation of a telecommunication link between the trusted IP device and the untrusted device in response to a positive evaluation of the initiation request;
  
  wherein the authentication controller is further operable to;
  
  monitor communications transmitted between the untrusted device and the trusted IP device on the telecommunication link to ensure that the communications are streaming data to maintain the integrity of the trusted network; and
  
  terminate the telecommunication link if the communications transmitted between the untrusted device and the trusted IP device are not streaming data to maintain the integrity of the trusted network.
- View Dependent Claims (59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69)
- - 59. The communication network of claim 58, wherein the call manager is further operable to initiate the creation of a telecommunication link between the trusted IP device and the untrusted device using a telephony proxy, whereby all telecommunications between the trusted IP device and the untrusted device are communicated through the telephony proxy.
  - 60. The communication network of claim 59, wherein the telephony proxy, the authentication controller, and the call manager comprise software executed on one or more devices in the first trusted network.
  - 61. The communication network of claim 58, wherein the authentication controller is a component of the call manager.
  - 62. The communication network of claim 58, wherein:
    - the first trusted network comprises an Internet Protocol (IP) network; and
      
      the trusted IP device comprises an IP telephone.
  - 63. The communication network of claim 58, wherein the first trusted network and the untrusted device are coupled to the Internet.
  - 64. The communication network of claim 58, wherein:
    - the first trusted network is coupled to the Public Switched Telephone Network (PSTN) using a gateway; and
      
      the untrusted device is coupled to the PSTN.
  - 65. The communication network of claim 58, further comprising:
    - a second trusted network, the untrusted device coupled to the second trusted network; and
      
      an untrusted network coupling the first trusted network to the second trusted network.
  - 66. The communication network of claim 58, wherein the authentication controller comprises a list of addresses of network devices permitted to receive communications from untrusted devices, the authentication controller evaluating the initiation request positively if the initiation request indicates a desired communication with a network device having an address in the list of network addresses.
  - 67. The communication network of claim 58, wherein the authentication controller comprises a list of network addresses of untrusted devices permitted to communicate with the trusted IP device, the authentication controller evaluating the initiation request positively if the initiation request originates from an untrusted device having an address on the list of network addresses.
  - 68. The communication network of claim 58, wherein the authentication controller is further operable to monitor the telecommunication link between the trusted IP device and the untrusted device to determine whether telecommunications being sent by the untrusted device use an appropriate audio format.
  - 69. The communication network of claim 58, wherein the authentication controller is further operable to monitor the communications transmitted between the untrusted device and the trusted IP device to determine whether telecommunications being sent by the untrusted device comprise streaming data.

70. Software embodied in a computer-readable medium and operable to perform the following steps:
- receiving an initiation request from an untrusted device external to a trusted network, the initiation request indicating a desired communication with a trusted Internet Protocol (IP) device coupled to the trusted network;
  
  evaluating the initiation request;
  
  establishing a telecommunication link between the untrusted device and the trusted IP device in response to a positive evaluation of the initiation request;
  
  monitoring communications transmitted between the untrusted device and the trusted IP device on the telecommunication link to ensure that the communications are streaming data to maintain the integrity of the trusted network; and
  
  terminating the telecommunication link if the communications transmitted between the untrusted device and the trusted IP device are not streaming data to maintain the integrity of the trusted network;
  
  wherein evaluating the initiation request comprises determining whether the untrusted device is requesting the establishment of streaming data with the trusted IP device.
- View Dependent Claims (71, 72, 73, 74, 75, 76, 77, 78, 79, 80)
- - 71. The software of claim 70, wherein receiving the initiation request from the untrusted device comprises intercepting the initiation request at an entry point to the trusted network servicing the trusted IP device, the initiation request sent from outside the trusted network by the untrusted device.
  - 72. The software of claim 70, wherein evaluating the initiation request comprises determining whether the trusted IP device is a proper recipient of a communication from an untrusted device.
  - 73. The software of claim 72, wherein determining whether the trusted IP device is a proper recipient of a communication from an untrusted device comprises determining whether a network address of the trusted IP device is included in a list of approved network addresses.
  - 74. The software of claim 70, wherein evaluating the initiation request comprises determining whether a network address of the untrusted device is included in a list of approved network addresses.
  - 75. The software of claim 70, wherein establishing a telecommunication link between the untrusted device and the trusted IP device comprises establishing a telecommunication link using a telephony proxy, whereby all telecommunications between the trusted IP device and the untrusted device are communicated through the telephony proxy.
  - 76. The software of claim 75, further operable to monitor the telecommunication link to determine whether the telecommunications being sent by the untrusted device use an appropriate audio format.
  - 77. The software of claim 75, further operable to monitor the telecommunication link to determine whether the telecommunications being sent by the untrusted device comprise streaming data.
  - 78. The software of claim 75, wherein establishing a telecommunication link between the untrusted device and the trusted IP device using the telephony proxy comprises:
    - associating a first logical port of the telephony proxy with the trusted IP device;
      
      receiving telecommunication data from the untrusted device at the first logical port;
      
      modifying source address information in the received telecommunication data to specify a second logical port of the telephony proxy associated with the untrusted device; and
      
      communicating the telecommunication data with the modified source address information to the trusted IP device.
  - 79. The software of claim 78, wherein associating a first logical port of the telephony proxy with the untrusted device comprises associating a User Datagram Protocol (UDP) logical port to enable the streaming of IP packets.
  - 80. The software of claim 79, wherein modifying the source address information in the received telecommunication data comprises modifying a source IP address and a source port in a header of each IP packet.

81. An apparatus for establishing communication between a trusted Internet Protocol (IP) device and an untrusted device, the apparatus comprising:
- an authentication controller operable to evaluate an initiation request received from an untrusted device external to a trusted network, the initiation request indicating a desired communication with a trusted IP device coupled to the trusted network, wherein evaluating the initiation request comprises determining whether the untrusted device is requesting the establishment of streaming data with the trusted IP device;
  
  a call manager operable to;
  
  initiate the creation of a telecommunication link between the trusted IP device and the untrusted device in response to a positive evaluation of the initiation request;
  
  monitor communications transmitted between the untrusted device and the trusted IP device on the telecommunication link to ensure that the communications are streaming data to maintain the integrity of the trusted network; and
  
  terminate the telecommunication link if the communications transmitted between the untrusted device and the trusted IP device are not streaming data to maintain the integrity of the trusted network; and
  
  a telephony proxy, the telecommunication link between the trusted IP device and the untrusted device created using the telephony proxy such that all telecommunications between the trusted IP device and the untrusted device are communicated through the telephony proxy.
- View Dependent Claims (82, 83, 84, 85, 86, 87, 88)
- - 82. The apparatus of claim 81, wherein the authentication controller comprises a list of addresses of network devices permitted to receive communications from untrusted devices, the authentication controller evaluating the initiation request positively if the initiation request indicates a desired communication with a network device having an address in the list of network addresses.
  - 83. The apparatus of claim 81, wherein the authentication controller comprises a list of network addresses of untrusted devices permitted to communicate with the trusted IP device, the authentication controller evaluating the initiation request positively if the initiation request originates from an untrusted device having an address on the list of network addresses.
  - 84. The apparatus of claim 81, wherein the authentication controller is further operable to monitor the telecommunication link between the trusted IP device and the untrusted device to determine whether telecommunications being sent by the untrusted device use an appropriate audio format.
  - 85. The apparatus of claim 81, wherein the authentication controller is further operable to monitor the telecommunication link between the trusted IP device and the untrusted device to determine whether telecommunications being sent by the untrusted device comprise streaming data.
  - 86. The apparatus of claim 81, wherein the telephony proxy comprises:
    - a first logical port associated with the trusted IP device;
      
      a second logical port associated with the untrusted device;
      
      an address modification module operable to modify source address information in telecommunication data received at the first logical port from the untrusted device to specify the second logical port of the telephony proxy; and
      
      a transmission module operable to communicate the telecommunication data with the modified source address information to the trusted IP device.
  - 87. The apparatus of claim 86, wherein the first and second logical ports are User Datagram Protocol (UDP) logical ports.
  - 88. The apparatus of claim 86, wherein the address modification module is operable to modify a source IP address and port information in a header of an IP packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Tighe, James, Bell, Robert, Higgins, Ronald, Platt, Richard

Granted Patent

US 7,890,749 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

H04L 63/101 Access control lists [ACL]

H04M 1/2535 adapted for voice communica...

SYSTEM AND METHOD FOR PROVIDING SECURITY IN A TELECOMMUNICATION NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

83 Citations

88 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR PROVIDING SECURITY IN A TELECOMMUNICATION NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

88 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links