SECURITY AND SUPPORT FOR FLEXIBLE CONFERENCING TOPOLOGIES SPANNING PROXIES, FIREWALLS AND GATEWAYS
First Claim
1. A method for setting up a conference over a computer network, said method comprising:
- communicating with a potential-new-node using a decentralized protocol for establishing a link and a discovered address spanning gateways, proxies or firewalls;
using the discovered detailed address to invoke a centralized protocol to add the potential-new-node to the conference; and
setting up a plurality of tear-down procedures for releasing resources in accordance with the centralized protocol.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for setting up and managing secure data/audio/video conferences with a wide range of topologies is described. The disclosed method and system allow extending the range of topologies possible with the H.323 conferencing standards while overcoming T.120 negotiating constraints. Security in such conferences may be based on a trusted node system or on more complex security procedures. Furthermore, the taught conference topologies fully utilize the T.120 standards while also permitting the reach of the conferences to the extent enabled by the H.323 standards by implementing additional modules to manage the setting up and tearing down of one or more conference connections. In addition, the method and system allow for dynamically adjusting conference connections to improve bandwidth usage and utilize H.323 support for gatekeepers.
-
Citations
34 Claims
-
1. A method for setting up a conference over a computer network, said method comprising:
- communicating with a potential-new-node using a decentralized protocol for establishing a link and a discovered address spanning gateways, proxies or firewalls;
using the discovered detailed address to invoke a centralized protocol to add the potential-new-node to the conference; and
setting up a plurality of tear-down procedures for releasing resources in accordance with the centralized protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- communicating with a potential-new-node using a decentralized protocol for establishing a link and a discovered address spanning gateways, proxies or firewalls;
-
17. A method for setting up a dynamic-secure-conference over a computer network wherein said method comprises:
- communicating with a potential new node from an existing-trusted-conference node;
authenticating a potential new-entrant-to-the-conference by examining a certificate corresponding to the new node;
permitting the potential new-entrant-to-the-conference to become an additional conference node if the certificate is valid; and
recalculating a dynamic-secure-conference topology to minimize network traffic. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- communicating with a potential new node from an existing-trusted-conference node;
-
25. A system for managing conferences across diverse connections, the system including computer readable-medium having computer executable modules comprising:
- a negotiating module, said negotiating module compatible with decentralized conference setup, for establishing a connection spanning proxies, firewalls and intermediaries and obtaining an address for a target node;
an enrolling module for using said address to establish a node in a conference with centralized control; and
a releasing module for releasing resources used, including the resources used by the negotiating module, upon release of said node from said conference. - View Dependent Claims (26)
- a negotiating module, said negotiating module compatible with decentralized conference setup, for establishing a connection spanning proxies, firewalls and intermediaries and obtaining an address for a target node;
- 27. A plurality of computers connected by secure communication links, wherein a first computer in the plurality of computers being connected, via secure communication links spanning intermediaries, the intermediaries including proxies, routers, firewalls, gateways and gatekeepers, to a second computer in the plurality of computers, the second computer being either upstream or downstream of the first computer, and wherein a top provider computer in the plurality of computers is always upstream of each of remaining computers in the plurality of computers, and wherein furthermore, the secure communication link is negotiated by a decentralized conferencing protocol.
Specification