Proxy server for internet telephony
First Claim
1. An apparatus for shielding a call processing server in an IP telephony network, the apparatus comprising:
- a network server interposed between a first data network and a second data network, said first data network being an untrusted network, said second data network comprising said call processing server;
a proxy server interposed between said first data network and said second data network, said proxy server comprising filtering rules operative to restrict communication from said first data network to said call processing server, wherein said apparatus presents an external IP address to said first data network and an internal IP address to said second data network;
said proxy server operative to modify said filtering rules to permit proxied communications to said call processing server from a first device on said first data network after said first device is authenticated by said proxy server, wherein said call processing server uses said internal IP address of said apparatus as an IP address of said first device; and
a transport layer security (TLS) front end coupled to said proxy server to provide encryption and decryption of call control and signaling when said apparatus is in a secure mode of operation.
4 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and a method are provided for proxying communications between devices on an IP telephony network. In a preferred embodiment, an appliance comprising a network server and proxy server software includes filtering rules which can be modified to enable proxied communication between an IP phone on a first data network, such as, for example, the internet, and a call processing server located on a second data network. In another embodiment, an appliance comprises a proxy server that proxies call-processing and signaling communications between an authenticated IP phone on a first data network and a call processing server located on a second data network. In another embodiment, the appliance relays voice traffic between IP phones. In another embodiment, the proxy server software operates in a secure mode to permit encryption and decryption of voice and control communications. In another embodiment, the proxy server enables proxied communications between a call processing server and an IP phone by modifying the provisioning data exchanged between the call processing server and the IP phone.
44 Citations
20 Claims
-
1. An apparatus for shielding a call processing server in an IP telephony network, the apparatus comprising:
-
a network server interposed between a first data network and a second data network, said first data network being an untrusted network, said second data network comprising said call processing server; a proxy server interposed between said first data network and said second data network, said proxy server comprising filtering rules operative to restrict communication from said first data network to said call processing server, wherein said apparatus presents an external IP address to said first data network and an internal IP address to said second data network; said proxy server operative to modify said filtering rules to permit proxied communications to said call processing server from a first device on said first data network after said first device is authenticated by said proxy server, wherein said call processing server uses said internal IP address of said apparatus as an IP address of said first device; and a transport layer security (TLS) front end coupled to said proxy server to provide encryption and decryption of call control and signaling when said apparatus is in a secure mode of operation. - View Dependent Claims (2, 3, 4, 18, 19, 20)
-
-
5. An apparatus for enabling secure IP telephony, the apparatus comprising:
-
a network server interposed between a first data network and a second data network, said first data network being an untrusted network, said second data network comprising a call processing server; a proxy server interposed between said first data network and said second data network, said proxy server comprising filtering rules operative to restrict communication from said first data network to said call processing server, wherein said apparatus presents an external IP address to said first data network and an internal IP address to said second data network; said proxy server operative to modify said filtering rules to permit proxied communications between said call processing server and a first device on said first data network after said first device is authenticated by said proxy server, wherein said call processing server uses said internal IP address of said apparatus as an IP address of said first device; and said proxy server operative to exchange communications with said first device in a secure mode, wherein said secure mode uses secure real-time transport protocol (RTP) and a private key encryption algorithm. - View Dependent Claims (6, 7)
-
-
8. An apparatus for shielding a call processing server in an IP telephony networking, the apparatus comprising:
-
a network server interposed between a first data network and a second data network, said first data network being an untrusted network comprising an IP phone, said second data network comprising said call processing server; and a proxy server interposed with said network server between said first data network and said second data network, said proxy server being operative to proxy a provisioning of said IP phone by said call processing server by modifying provisioning data that is exchanged between said IP phone and said call processing server, wherein said apparatus presents an external IP address to said first data network and an internal IP address to said second data network, said proxy server further comprising a transport layer security (TLS) front end to provide encryption and decryption of call control and signaling when said apparatus is in a secure mode of operation.
-
-
9. A method for shielding a call processing server in an IP telephony network, the method comprising the steps of:
-
authenticating a first IP phone in a first data network of said IP telephony network, wherein said IP telephony network comprises a network sever and a proxy server that are interposed between said first data network and a second data network, said first data network being an untrusted network, said second data network comprising a call processing server; using filtering rules in said network server for restricting communications between said first data network and said second data network; modifying said filtering rules to enable proxied communications between said authenticated first IP phone and said call processing server; and encrypting and decrypting call control and signaling related to said proxied communications for a secure mode of operation. - View Dependent Claims (10)
-
-
11. A method for shielding a call processing server in an IP telephony network, the method comprising the steps of:
-
proxying a request to said call processing server to provision a first IP phone, wherein said first IP phone is in a first data network and said call processing server is in a second data network, said first data network being an untrusted network; modifying the provisioning data exchanged between said IP phone and said call processing server using a network server and a proxy server that are interposed between said first data network and said second data network; proxying communications between said IP phone and said call processing server via said proxy server; and encrypting and decrypting call control and signaling related to said proxied communications for a secure mode of operation.
-
-
12. A method for enabling secure communications over an IP telephony network, the method comprising the steps of:
-
proxying provisioning of an IP phone by a call processing server using a network server and a proxy server that are interposed between a first data network and a second data network, said first data network being an untrusted network comprising said first IP phone, said second data network comprising said call processing server; supplying a private key to said IP phone with provisioning data from said call processing server for a secure mode of operation; and communicating with said IP phone using secure real-time transport protocol (RTP) and a private key encryption algorithm with said private key.
-
-
13. An IP telephony system, comprising:
-
a network server and a proxy server that are interposed between a first data network and a second data network, said first data network being an untrusted network; an IP phone connected to said first data network, said IP phone being unauthenticated, wherein said network server and said proxy server present an external IP address to said first data network and an internal IP address to said second data network; a call processing server connected to said second data network; said proxy server comprising filtering rules restricting transmission of data from said first data network to said second data network, said proxy server operative to authenticate said first IP phone, and said proxy server operative to modify said filtering rules to enable proxied communication between said authenticated first IP phone and said call processing server; and a transport layer security (TLS) front end coupled to said proxy server to provide encryption and decryption of call control and signaling when said apparatus is in a secure mode of operation.
-
-
14. A non-transitory computer-readable storage medium embedded with instructions that operate in an IP telephony environment for execution by a processor, and when executed operable to:
-
authenticate a first IP phone in a first data network of said IP telephony network, wherein said IP telephony network comprises a network sever and a proxy server that are interposed between said first data network and a second data network, said first data network being an untrusted network, said second data network comprising a call processing server; use filtering rules in said network server for restricting communications between said first data network and said second data network; modify said filtering rules to enable proxied transmission of data from said authenticated first IP phone to said call processing server; and encrypt and decrypt call control and signaling related to said proxied transmission of data for a secure mode of operation.
-
-
15. An apparatus for shielding a call processing server in an IP telephony network, the apparatus comprising:
-
means for restricting communications between a first data network and a second data network according to filtering rules, said first data network being untrusted and comprising a first IP phone, said second data network comprising a call processing server, wherein a network server and a proxy server are interposed between said first data network and said second data network; means for authenticating said first IP phone using said proxy server; means for modifying said filtering rules to enable proxied communications between said authenticated first IP phone and said call processing server; and means for providing a secure mode of operation for said proxied communications. - View Dependent Claims (16, 17)
-
Specification