SECURITY AND SUPPORT FOR FLEXIBLE CONFERENCING TOPOLOGIES SPANNING PROXIES, FIREWALLS AND GATEWAYS

US 20080298279A1
Filed: 06/05/2008
Published: 12/04/2008
Est. Priority Date: 03/02/1999
Status: Active Grant

First Claim

Patent Images

1. A method for setting up a conference over a computer network, said method comprising:

communicating with a potential-new-node using a decentralized protocol for establishing a link and a discovered address spanning gateways, proxies or firewalls;

using the discovered detailed address to invoke a centralized protocol to add the potential-new-node to the conference; and

setting up a plurality of tear-down procedures for releasing resources in accordance with the centralized protocol.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for setting up and managing secure data/audio/video conferences with a wide range of topologies is described. The disclosed method and system allow extending the range of topologies possible with the H.323 conferencing standards while overcoming T.120 negotiating constraints. Security in such conferences may be based on a trusted node system or on more complex security procedures. Furthermore, the taught conference topologies fully utilize the T.120 standards while also permitting the reach of the conferences to the extent enabled by the H.323 standards by implementing additional modules to manage the setting up and tearing down of one or more conference connections. In addition, the method and system allow for dynamically adjusting conference connections to improve bandwidth usage and utilize H.323 support for gatekeepers.

Citations

34 Claims

1. A method for setting up a conference over a computer network, said method comprising:
- communicating with a potential-new-node using a decentralized protocol for establishing a link and a discovered address spanning gateways, proxies or firewalls;
  
  using the discovered detailed address to invoke a centralized protocol to add the potential-new-node to the conference; and
  
  setting up a plurality of tear-down procedures for releasing resources in accordance with the centralized protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1 wherein a neighbor of a particular-conference node is either upstream or downstream of the particular-conference node.
  - 3. The method of claim 2 further having the step of causing, responsive to a node exiting the conference, conference nodes downstream to the exiting node to exit the conference.
  - 4. The method of claim 1 wherein the method is H.323 compliant.
  - 5. The method of claim 4 wherein a gatekeeper may alter the discovered address of the potential-new node transparently.
  - 6. The method of claim 1 wherein the conference is a secure conference requiring authentication of a new entrant to the conference.
  - 7. The method of claim 6 further having the step of issuing, by a trusted certificate authority, an authenticating-certificate for the new entrant to the conference.
  - 8. The method of claim 1 wherein a proxy simulates the potential-new-node in the step of communicating.
  - 9. The method of claim 8 wherein the proxy is located inside a firewall.
  - 10. The method of claim 9 wherein a secure-encrypted port is dynamically assigned by the firewall to expand the conference.
  - 11. The method of claim 1 wherein the conference has a daisy-chain, cascade or star topology.
  - 12. The method of claim 1 wherein the conference has a T.120 compliant topology.
  - 13. The method of claim 11 wherein encryption/decryption is carried out at each leg of the conference.
  - 14. The method of claim 13 wherein the conference uses a commonly shared set of keys.
  - 15. The conference of claim 1 wherein at least one leg of the secure conference permits audio and/or video communications.
  - 16. The secure conference of claim 15 wherein the audio and/or video communications are encrypted.

17. A method for setting up a dynamic-secure-conference over a computer network wherein said method comprises:
- communicating with a potential new node from an existing-trusted-conference node;
  
  authenticating a potential new-entrant-to-the-conference by examining a certificate corresponding to the new node;
  
  permitting the potential new-entrant-to-the-conference to become an additional conference node if the certificate is valid; and
  
  recalculating a dynamic-secure-conference topology to minimize network traffic.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The method of claim 17 wherein the dynamic-secure-conference topology is adjusted by a gatekeeper-software-module to reduce the number of hops between a top-provider and the new-entrant-to-the-conference.
  - 19. The method of claim 17 wherein the dynamic-secure-conference topology is adjusted by a gatekeeper.
  - 20. The method of claim 17 wherein the dynamic-secure-conference uses a common key for encryption/decryption.
  - 21. The method of claim 17 wherein the dynamic-secure-conference has a common identifier.
  - 22. The method of claim 17 wherein the dynamic-secure-conference members are identified by a smart gatekeeper.
  - 23. The method of claim 17 wherein a gateway may handle connections for more than one conference path.
  - 24. The method of claim 23 wherein the gateway encapsulates connections from each other within the dynamic-secure-conference.

25. A system for managing conferences across diverse connections, the system including computer readable-medium having computer executable modules comprising:
- a negotiating module, said negotiating module compatible with decentralized conference setup, for establishing a connection spanning proxies, firewalls and intermediaries and obtaining an address for a target node;
  
  an enrolling module for using said address to establish a node in a conference with centralized control; and
  
  a releasing module for releasing resources used, including the resources used by the negotiating module, upon release of said node from said conference.
- View Dependent Claims (26)
- - 26. The computer readable media of claim 25 further comprising computer executable instructions for identifying nodes in the conference with centralized control to a gatekeeper.

27. A plurality of computers connected by secure communication links, wherein a first computer in the plurality of computers being connected, via secure communication links spanning intermediaries, the intermediaries including proxies, routers, firewalls, gateways and gatekeepers, to a second computer in the plurality of computers, the second computer being either upstream or downstream of the first computer, and wherein a top provider computer in the plurality of computers is always upstream of each of remaining computers in the plurality of computers, and wherein furthermore, the secure communication link is negotiated by a decentralized conferencing protocol.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34)
- - 28. The plurality of computers of claim 27 wherein no loops or closed circuits are formed by the secure communication links.
  - 29. The plurality of computers of claim 27 wherein if an exiting computer of the plurality of computers is disconnected from an upstream computer, all computers downstream of the exiting computer are also disconnected from the plurality of computers.
  - 30. The plurality of computers of claim 27 wherein at least two of the computers in the plurality of computers are connected by additional audio/video communication links.
  - 31. The plurality of computers of claim 27 wherein at least one pair of computers in the plurality of computers connected by the secure communication links use encryption/decryption.
  - 32. The plurality of computers of claim 31 wherein the secure communication links employ asymmetric keys for encryption and decryption.
  - 33. The plurality of computers of claim 31 wherein a single set of keys is used in all secure communication links.
  - 34. The plurality of computers of claim 33 wherein symmetric keys are used for encryption/decryption.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Giloi, Claus T., Morris, Max, Maclin, Markham F.

Granted Patent

US 8,346,849 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/260
CPC Class Codes

G06F 2203/04804   Transparency, e.g. transpar...

G06F 3/038   Control and interface arran...

G06F 3/0481   based on specific propertie...

H04L 12/1822   Conducting the conference, ...

H04L 63/02   for separating internal fro...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0823   using certificates cryptogr...

H04L 63/104   Grouping of entities

H04L 63/166   at the transport layer

H04L 63/168   above the transport layer

H04L 65/1101   Session protocols

H04L 65/1106   Call signalling protocols; ...

H04L 65/403   Arrangements for multi-part...

H04L 65/4038   with floor control

H04L 67/131   Protocols for games, networ...

H04L 9/40   Network security protocols

H04M 2203/609   Secret communication

H04M 3/567   Multimedia conference systems

H04M 7/006   Networks other than PSTN/IS...

SECURITY AND SUPPORT FOR FLEXIBLE CONFERENCING TOPOLOGIES SPANNING PROXIES, FIREWALLS AND GATEWAYS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY AND SUPPORT FOR FLEXIBLE CONFERENCING TOPOLOGIES SPANNING PROXIES, FIREWALLS AND GATEWAYS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links