SYSTEM AND METHOD FOR SECURE COMMUNICATION CONFIGURATION

US 20090019170A1
Filed: 07/09/2007
Published: 01/15/2009
Est. Priority Date: 07/09/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for connecting a first party at a first network device to a second party at a second network device in a digital communication session comprising the steps of:

maintaining a database of security level ratings associated with a plurality of network segments;

receiving a notification at a server from said first network device corresponding to said digital communication session having an associated security threshold;

determining a network route connecting said first network device and said second network device comprising at least a first network segment selected from said plurality;

determining a route security rating as a function of at least said security level rating associated with said first network segment; and

blocking connection of said communication session over said network route if said route security rating is less than said security threshold.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication system including a routing server and gateway server through which digital communication sessions are established along selected network routes based upon security requirements is disclosed. A digital communication request having a security level required is transmitted to a routing server. The routing server then determines a route, if available, having a route security rating sufficient for the specified communication and initiates the communication using the gateway server. The route security score is calculated based upon a table of security ratings associated with a plurality of connected networks segments which comprise a digital communication network.

42 Citations

View as Search Results

53 Claims

1. A method for connecting a first party at a first network device to a second party at a second network device in a digital communication session comprising the steps of:
- maintaining a database of security level ratings associated with a plurality of network segments;
  
  receiving a notification at a server from said first network device corresponding to said digital communication session having an associated security threshold;
  
  determining a network route connecting said first network device and said second network device comprising at least a first network segment selected from said plurality;
  
  determining a route security rating as a function of at least said security level rating associated with said first network segment; and
  
  blocking connection of said communication session over said network route if said route security rating is less than said security threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 2. The method of claim 1, further comprising the step of:
    - connecting said first digital endpoint to said second digital endpoint over said route using said server if said route security rating is at least equal to said security threshold.
  - 3. The method of claim 1, further comprising the steps of:
    - sending a request from said server to said first party for permission to connect said communication session at a lower security threshold; and
      
      connecting said first digital endpoint to said second digital endpoint over said network route using said server in response to a positive response received from said first party.
  - 4. The method of claim 3, further comprising the steps of:
    - connecting said first digital endpoint to said second digital endpoint over said route using said server; and
      
      presenting an indication of a less than desired security level to at least said first party prior to or during said communication session.
  - 5. The method of claim 4, wherein said indication is presented in a display on said first digital endpoint.
  - 6. The method of claim 4, wherein said indication is an audible indication presented to said first party prior to or during said communication session.
  - 7. The method of claim 6, wherein said indication is presented periodically during said communication session.
  - 8. The method of claim 1, further comprising the steps of:
    - connecting said first digital endpoint to said second digital endpoint over said route using said server; and
      
      presenting an indication of a less than desired security level to at least said first party prior to or during said communication session.
  - 9. The method of claim 1, wherein at least one of said security level ratings comprises a plurality of qualified ratings with an associated plurality of attributes.
  - 10. The method of claim 9, wherein at least one of said attributes must be present in order for said qualified rating to be considered said security level rating of said network segment.
  - 11. The method of claim 9, wherein all of said attributes have to be present for said qualified rating to be considered said security level rating of said network segment.
  - 12. The method of claim 9, wherein one of said attributes indicates unencrypted communication traffic.
  - 13. The method of claim 12, wherein one of said attributes indicates encrypted communication traffic.
  - 14. The method of claim 13, further comprising the steps of:
    - determining a second route security rating associated with said network route as a function of at least said second rating associated with said first network segment; and
      
      connecting said first digital endpoint to said second digital endpoint over said route in an encrypted form using said central server if said second route security rating is at least equal to said security threshold.
  - 15. The method of claim 14, wherein said digital communication session is session initiated protocol (SIP) session.
  - 16. The method of claim 15, wherein said security level ratings comprise numerical scores.
  - 17. The method of claim 1, wherein said route security rating is the highest of the security level ratings associated with the network segments making up said network route.
  - 18. The method of claim 1, wherein said route security rating is calculated as the minimum of the security level ratings associated with one or more network segments making up said network route.
  - 19. The method of claim 1, wherein said security level ratings indicate the vulnerability of their associated network segment.
  - 20. The method of claim 1, wherein said security threshold indicates a sensitivity level of said digital communication session.
  - 21. The method of claim 20, wherein said security threshold is provided by a user.
  - 22. The method of claim 1, wherein said first network device and said second network device are located at remote locations.
  - 23. The method of claim 22, wherein said first network segment is the Internet.
  - 24. The method of claim 1, wherein said digital communication session is a voice over internet protocol session.
  - 25. The method of claim 24, wherein said digital communication session is session initiated protocol (SIP) session.
  - 26. The method of claim 9, wherein one of said attributes indicates a particular encryption scheme.
  - 27. The method of claim 26, wherein one of said attributes indicates SRTP communication traffic.
  - 28. The method of claim 9, wherein one of said attributes indicates the security level associated with said first party.
  - 29. The method of claim 28, wherein at least two of said attributes correspond to encryption schemes.
  - 30. The method of claim 1, wherein said route security rating is determined at least in part upon a security rating associated with said first network device.
  - 31. The method of claim 1, wherein said route security rating is determined at least in part upon a security rating associated with said second network device.
  - 32. The method of claim 30, wherein said route security rating is determined at least in part upon a security rating associated with said second network device.
  - 33. The method of claim 1, wherein said first and said second network devices are digital telephones.
  - 34. The method of claim 32, wherein said first and said second network devices are digital telephones.

35. A method for connecting a first party at a first network device to a second party at a second network device in a digital communication session of comprising the steps of:
- maintaining a database of security level ratings associated with a plurality of network segments, wherein said security level ratings include a first score corresponding to unsecured communication and a second score corresponding to secured communication;
  
  receiving a notification at a server from said first network device corresponding to said digital communication session having an associated security threshold;
  
  determining a network route connecting said first network device and said second network device comprising at least a first network segment selected from said plurality;
  
  determining a first route security rating as a function of at least said first score associated with said first network segment; and
  
  blocking said communication session in an unencrypted format if said first route security rating is less than said security threshold.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 36. The method of claim 35, wherein said first route security rating is determined as a function of said first score associated with each network segment within said network route.
  - 37. The method of claim 35, further comprising the step of connecting said first network device to said second network device in an unsecured communication session over said network route using said server if said route first security rating is at least equal to said security threshold.
  - 38. The method of claim 36, further comprising the step of connecting said first digital endpoint to said second digital endpoint in an unsecured communication session over said network route using said server if said first security rating is at least equal to said security threshold.
  - 39. The method of claim 35, further comprising the step of:
    - determining a second route security rating as a function of at least said second score associated with said first network segment; and
      
      blocking said communication session in an encrypted format if said second route security rating is less than said security threshold.
  - 40. The method of claim 39, wherein said second route security rating is determined as a function of said second score associated with each network segment within said network route.
  - 41. The method of claim 39, further comprising the step of connecting said first digital endpoint to said second digital endpoint in a secured communication session over said network route using said server if said route first security rating is at least equal to said security threshold.
  - 42. The method of claim 40, further comprising the step of connecting said first digital endpoint to said second digital endpoint in a secured communication session over said network route using said server if said route first security rating is at least equal to said security threshold.
  - 43. The method of claim 41, wherein said secured communication session conforms to the SRTP protocol.
  - 44. The method of claim 35, further comprising the step of:
    - sending a request from said server to said first network device for permission to connect said communication session at a lower security threshold; and
      
      connecting said first network device to said second network device over said network route using said server in response to a positive response received from said first network device.

45. A data network for handling digital communications comprising:
- a first and second network device, wherein each device is configured to send and receive digital communication packets;
  
  a data network comprising a plurality of network segments connected to said first and second network devices;
  
  a database connected to said data network maintaining a plurality of scores, each score corresponding to a network segment selected from said plurality; and
  
  a server connected to said network, said server being configured to receive a network communication request having a security threshold from said first network device, determine a route comprising a selected number of said plurality of network segments, wherein said route is determined based upon said plurality of scores and said security threshold, and connecting said first and said second network devices in a digital communication session.

46. A method for connecting a first party associated with a first network device to a second party associated with second network device in a digital communication session comprising the steps of:
- maintaining a database of security level ratings associated with a plurality of network segments and user security ratings associated with at least said first and said second parties;
  
  receiving a notification at a server from said first network device corresponding to said digital communication session having an associated security threshold;
  
  determining a network route connecting said first network device and said second network device comprising at least a first network segment selected from said plurality;
  
  determining a route security rating as a function of at least said security level rating associated with said first network segment; and
  
  blocking connection of said communication session over said network route if any of said route security rating, said user security rating of said first party, or said user security rating of said second party is less than said security threshold.

47. The method of clam 46, wherein said second user is logged into said second device.

48. The method of clam 47, wherein said first user is logged into said first device.
- View Dependent Claims (49)
- - 49. The method of claim 48, further comprising the step of:
    - selecting a third network device accessible to said second party having a second route from said first network device having a security rating greater than said security threshold;
      
      notifying said second party of an incoming communication on said third device;
      
      receiving a notification that said second party is associated with said third device; and
      
      connecting said first device and said third device in a digital communication session over said second route.

50. A method for connecting a first party associated with a first network device to a digital conference comprising the steps of:
- maintaining a database of security level ratings associated with a plurality of network segments and user security ratings associated with at least said first party;
  
  receiving a notification at a server from said first network device corresponding to a request to join said digital conference;
  
  receiving a security threshold associated with said digital conference;
  
  determining at least one network route connecting said first network device to said digital conference comprising at least a first network segment selected from said plurality;
  
  determining a route security rating as a function of at least said security level rating associated with said first network segment; and
  
  blocking connection of said communication session over said network route if either of said route security rating or said user security rating of said first party is less than said security threshold.
- View Dependent Claims (51, 52, 53)
- - 51. The method of claim 50, further comprising the steps of:
    - selecting a second network device accessible to said first party having an second route to said digital conference having a security rating greater than said security threshold;
      
      inviting said first party to join said digital conference from said second device;
      
      receiving a notification that said first party is associated with said second device; and
      
      connecting said second device to said digital conference using at least said second route.
  - 52. The method of claim 50, further comprising the steps of:
    - sending a request from said server to a participant in said digital conference to allow said first party to join said digital conference at a lower security threshold; and
      
      connecting said first network device to said digital conference over said network route using said server in response to a positive response received from said participant.
  - 53. The method of claim 52, wherein said participant is a moderator of said digital conference.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Interactive Intelligence Incorporated (Genesys Cloud Services Incorporated)
Original Assignee
Interactive Intelligence Incorporated (Genesys Cloud Services Incorporated)
Inventors
Snyder, Michael D., Cunningham, Gregory P., Wyss, Felix Immanuel, Szilagyi, Michael L.

Application Number

US11/774,845
Publication Number

US 20090019170A1
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

H04L 12/66   Arrangements for connecting...

H04L 63/105   Multiple levels of security

H04L 65/1069   Session establishment or de...

H04L 65/1095   Inter-network session trans...

H04L 67/14   Session management for real...

SYSTEM AND METHOD FOR SECURE COMMUNICATION CONFIGURATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

53 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHOD FOR SECURE COMMUNICATION CONFIGURATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

53 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others