Method and apparatus for transporting encrypted media streams over a wide area network
First Claim
Patent Images
1. A method comprising:
- receiving a call request over a packet switched network at a first gateway that is located between the packet switched network and a circuit switched network;
comparing a phone number included in the call request with entries in a local dial plan located at the first gateway;
sending one or more signals from the first gateway to a source endpoint when the phone number included in the request matches one of the entries in the local dial plan, the signals directing the source endpoint to encrypt media packets for the requested call using a protocol for encrypting real-time media;
receiving the encrypted media packets from the source endpoint responsive to sending the signals;
when a transfer path for the requested call includes a leg traversing the circuit switched network, determining whether a remote second gateway that is located on the transfer path and between the circuit switched network and the same or another packet switched network is configured for end-to-end secure transport;
establishing an Internet Protocol (IP) link that traverses the circuit switched network when the second gateway is configured for end-to-end secure transport, the IP link extending from the first gateway to the second gateway;
reformatting the encrypted media packets for transport over the IP link when the second gateway is configured for end-to-end secure transport, said reformatting occurring without decrypting an encrypted payload attached to the encrypted media packets; and
transferring the reformatted encrypted media packets over the established IP link.
1 Assignment
0 Petitions
Accused Products
Abstract
A network processing device identifies call requests that require secure media connections and that also require transport over both a packet switched network and a circuit switched network. The network processing device establishes an IP link over the circuit switched network and directs endpoints for the media connection to use Internet Protocol (IP) media encryption. The same IP encrypted media is then transported end-to-end over both the packet switched network and the IP link in the circuit switched network.
66 Citations
21 Claims
-
1. A method comprising:
-
receiving a call request over a packet switched network at a first gateway that is located between the packet switched network and a circuit switched network; comparing a phone number included in the call request with entries in a local dial plan located at the first gateway; sending one or more signals from the first gateway to a source endpoint when the phone number included in the request matches one of the entries in the local dial plan, the signals directing the source endpoint to encrypt media packets for the requested call using a protocol for encrypting real-time media; receiving the encrypted media packets from the source endpoint responsive to sending the signals; when a transfer path for the requested call includes a leg traversing the circuit switched network, determining whether a remote second gateway that is located on the transfer path and between the circuit switched network and the same or another packet switched network is configured for end-to-end secure transport; establishing an Internet Protocol (IP) link that traverses the circuit switched network when the second gateway is configured for end-to-end secure transport, the IP link extending from the first gateway to the second gateway; reformatting the encrypted media packets for transport over the IP link when the second gateway is configured for end-to-end secure transport, said reformatting occurring without decrypting an encrypted payload attached to the encrypted media packets; and transferring the reformatted encrypted media packets over the established IP link. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A network processing device, comprising:
- a processor configured to establish an Internet Protocol (IP) link for transferring received encrypted IP packets over a circuit switched network, the IP link extending across the circuit switched network and between the network processing device and a remote gateway that is located between a packet switched network and the same or another circuit switched network;
the processor configured to identify one or more IP headers included in the received IP packets, to remove the IP headers while preserving encryption on one or more Secure Real-time Transport Protocol (SRTP) headers and a corresponding payload, to locally generate on or more new IP headers, to attach the generated IP headers to the encrypted SRTP headers and the encrypted corresponding payload, to forward the IP packets having the locally generated IP headers, the encrypted STRP headers and the encrypted corresponding payload over the IP link;
wherein the IP packets are forwarded over the IP link without decrypting the payload. - View Dependent Claims (9, 10, 11, 12, 13, 17)
- a processor configured to establish an Internet Protocol (IP) link for transferring received encrypted IP packets over a circuit switched network, the IP link extending across the circuit switched network and between the network processing device and a remote gateway that is located between a packet switched network and the same or another circuit switched network;
-
14. A method comprising:
- receiving encrypted packets from a packet switched network;
establishing an Internet Protocol (IP) link for transferring received encrypted packets over a circuit switched network;
identifying one or more addressing headers included in the received encrypted packets;
removing the addressing headers while preserving encryption on one or more Secure Real-time Transport Protocol (SRTP) headers and a corresponding payload;
attaching new addressing headers to the encrypted SRTP headers and the encrypted corresponding payload;
forwarding the packets having the new addressing headers, the encrypted SRTP headers and the encrypted corresponding payload over the IP link; and
wherein the packets are forwarded over the IP link without decrypting the payload. - View Dependent Claims (15, 16)
- receiving encrypted packets from a packet switched network;
-
18. A system, comprising:
- means for receiving encrypted packets from a packet switched network;
means for establishing an Internet Protocol (IP) link for transferring received encrypted packets over a circuit switched network;
means for identifying one or more addressing headers included in the received encrypted packets;
means for removing the addressing headers while preserving encryption on one or more secure real time protocol headers and a corresponding payload;
means for attaching new addressing headers to the encrypted secure real time protocol headers and the encrypted corresponding payload; and
means for forwarding the packets having the new addressing headers, the encrypted secure real time protocol headers and the encrypted corresponding payload over the IP link;
wherein the packets are forwarded over the IP link without decrypting the payload. - View Dependent Claims (19, 20, 21)
- means for receiving encrypted packets from a packet switched network;
Specification