Method for securing RTS communications across middleboxes
First Claim
Patent Images
1. A method for a call server to support a media session between a local endpoint and a remote endpoint, the local endpoint belonging to a local network that includes a middlebox which comprises a NAT, the method comprising:
- a) in a signaling session, receiving a message from the local endpoint or the remote endpoint, wherein the message requests to establish a connection for the media session and contains local and remote address information for the requested media session, and the local address information comprises private address information;
b) forwarding the local and remote address information to the middlebox so that the middlebox will be able to identify packets associated with the media session from at least said information and will thereby be able to appropriately process said packets;
c) receiving a mapping from the NAT which relates the private address information to public address information for the local endpoint;
d) forwarding the mapping to the local endpoint;
e) receiving a revised version of the message from the local endpoint, wherein the public address information has been substituted for the private address information; and
f) forwarding the revised version of the message to a host computer associated with, respectively, the remote endpoint or the local endpoint.
12 Assignments
0 Petitions
Accused Products
Abstract
A new method is provided for establishing real-time services that can coexist with NAT and firewalls, even when the signaling protocol uses cryptography. A communication channel between the call server and the middlebox passes information between them about the bearer channels associated with each signaling session.
-
Citations
4 Claims
-
1. A method for a call server to support a media session between a local endpoint and a remote endpoint, the local endpoint belonging to a local network that includes a middlebox which comprises a NAT, the method comprising:
- a) in a signaling session, receiving a message from the local endpoint or the remote endpoint, wherein the message requests to establish a connection for the media session and contains local and remote address information for the requested media session, and the local address information comprises private address information;
b) forwarding the local and remote address information to the middlebox so that the middlebox will be able to identify packets associated with the media session from at least said information and will thereby be able to appropriately process said packets;
c) receiving a mapping from the NAT which relates the private address information to public address information for the local endpoint;
d) forwarding the mapping to the local endpoint;
e) receiving a revised version of the message from the local endpoint, wherein the public address information has been substituted for the private address information; and
f) forwarding the revised version of the message to a host computer associated with, respectively, the remote endpoint or the local endpoint. - View Dependent Claims (2, 3)
- a) in a signaling session, receiving a message from the local endpoint or the remote endpoint, wherein the message requests to establish a connection for the media session and contains local and remote address information for the requested media session, and the local address information comprises private address information;
-
4. A method for a call server to support a media session between a local endpoint and a remote endpoint, the local endpoint belonging to a local network that includes a middlebox which comprises a NAT, the method comprising:
- a) in a signaling session, receiving a message from the local endpoint or the remote endpoint, wherein the message requests to establish a connection for the media session and contains local and remote address information for the requested media session, and the local address information comprises private address information;
b) selecting public address information for the local endpoint from a stored block of public address information;
c) creating a mapping which relates the private address information to the selected public address information;
d) forwarding the mapping and the local and remote address information to the middlebox so that the middlebox will be able to identify packets associated with the media session from at least said information and will thereby be able to appropriately process said packets;
e) causing the NAT to activate the mapping;
f) forwarding the mapping to the local endpoint;
g) receiving a revised version of the message from the local endpoint, wherein the public address information has been substituted for the private address information; and
h) forwarding the revised version of the message to a host computer associated with, respectively, the remote endpoint or the local endpoint.
- a) in a signaling session, receiving a message from the local endpoint or the remote endpoint, wherein the message requests to establish a connection for the media session and contains local and remote address information for the requested media session, and the local address information comprises private address information;
Specification