System and method for providing security in a telecommunication network

US 7,890,749 B2
Filed: 05/26/2006
Issued: 02/15/2011
Est. Priority Date: 01/04/2000
Status: Active Grant

First Claim

Patent Images

1. A method for establishing communication between a trusted Internet Protocol (IP) device and an untrusted device, the method comprising:

receiving an initiation request from an untrusted device external to a trusted network, the initiation request indicating a desired communication with a trusted IP device coupled to the trusted network;

using at least one computer to evaluate the initiation request;

using at least one computer to establish a telecommunication link between the untrusted device and the trusted IP device in response to a positive evaluation of the initiation request, wherein evaluating the initiation request comprises determining whether the untrusted device is requesting the establishment of streaming data with the trusted IP device;

using at least one computer to monitor communications transmitted between the untrusted device and the trusted IP device on the telecommunication link to ensure that the communications are streaming data to maintain the integrity of the trusted network; and

using at least one computer to terminate the telecommunication link if the communications transmitted between the untrusted device and the trusted IP device are not streaming data to maintain the integrity of the trusted network;

wherein establishing the telecommunication link comprises;

associating a first logical port of a telephony proxy with the trusted IP device;

associating a second logical port of the telephony proxy with the untrusted device;

receiving first telecommunication data from the untrusted device at the first logical port;

modifying a first source address information in the first telecommunication data to specify the second logical port of the telephony proxy;

communicating the first telecommunication data with the modified first source address information to the trusted IP device;

receiving second telecommunication data from the trusted IP device at the second logical port;

modifying a second source address information in the second telecommunication data to specify the first logical port of the telephony proxy; and

communicating the second telecommunication data with the modified second source address information to the untrusted device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for establishing a telephone call between a trusted Internet Protocol (IP) telephone and an untrusted device. The method includes receiving a call initiation request from the untrusted device that indicates a desired communication with the trusted IP telephone. The method evaluates the call initiation request, and establishes a telecommunication link between the untrusted device and the trusted IP telephone in response to a positive evaluation of the call initiation request.

81 Citations

View as Search Results

43 Claims

1. A method for establishing communication between a trusted Internet Protocol (IP) device and an untrusted device, the method comprising:
- receiving an initiation request from an untrusted device external to a trusted network, the initiation request indicating a desired communication with a trusted IP device coupled to the trusted network;
  
  using at least one computer to evaluate the initiation request;
  
  using at least one computer to establish a telecommunication link between the untrusted device and the trusted IP device in response to a positive evaluation of the initiation request, wherein evaluating the initiation request comprises determining whether the untrusted device is requesting the establishment of streaming data with the trusted IP device;
  
  using at least one computer to monitor communications transmitted between the untrusted device and the trusted IP device on the telecommunication link to ensure that the communications are streaming data to maintain the integrity of the trusted network; and
  
  using at least one computer to terminate the telecommunication link if the communications transmitted between the untrusted device and the trusted IP device are not streaming data to maintain the integrity of the trusted network;
  
  wherein establishing the telecommunication link comprises;
  
  associating a first logical port of a telephony proxy with the trusted IP device;
  
  associating a second logical port of the telephony proxy with the untrusted device;
  
  receiving first telecommunication data from the untrusted device at the first logical port;
  
  modifying a first source address information in the first telecommunication data to specify the second logical port of the telephony proxy;
  
  communicating the first telecommunication data with the modified first source address information to the trusted IP device;
  
  receiving second telecommunication data from the trusted IP device at the second logical port;
  
  modifying a second source address information in the second telecommunication data to specify the first logical port of the telephony proxy; and
  
  communicating the second telecommunication data with the modified second source address information to the untrusted device.

2. A method for establishing communication between a trusted Internet Protocol (IP) device and an untrusted device, the method comprising:
- receiving an initiation request from an untrusted device external to a trusted network, the initiation request indicating a desired communication with a trusted IP device coupled to the trusted network;
  
  using at least one computer to evaluate the initiation request;
  
  using at least one computer to establish a telecommunication link between the untrusted device and the trusted IP device in response to a positive evaluation of the initiation request;
  
  using at least one computer to monitor communications transmitted between the untrusted device and the trusted IP device on the telecommunication link to ensure that the communications are streaming data to maintain the integrity of the trusted network; and
  
  using at least one computer to terminate the telecommunication link if the communications transmitted between the untrusted device and the trusted IP device are not streaming data to maintain the integrity of the trusted network;
  
  wherein evaluating the initiation request comprises determining whether the untrusted device is requesting the establishment of streaming data with the trusted IP device.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 3. The method of claim 2, wherein receiving a initiation request from the untrusted device comprises intercepting the initiation request at an entry point to the trusted network servicing the trusted IP device, the initiation request sent from outside the trusted network by the untrusted device.
  - 4. The method of claim 2, wherein evaluating the initiation request comprises determining whether the trusted IP device is a proper recipient of a communication from an untrusted device.
  - 5. The method of claim 4, wherein determining whether the trusted IP device is a proper recipient of a communication from an untrusted device comprises determining whether a network address of the trusted IP device is included in a list of approved network addresses.
  - 6. The method of claim 2, wherein evaluating the initiation request comprises determining whether a network address of the untrusted device is included in a list of approved network addresses.
  - 7. The method of claim 2, wherein establishing a telecommunication link between the untrusted device and the trusted IP device comprises establishing a telecommunication link using a telephony proxy, whereby all telecommunications between the trusted IP device and the untrusted device are communicated through the telephony proxy.
  - 8. The method of claim 7, further comprising monitoring the telecommunication link to determine whether the telecommunications being sent by the untrusted device use an appropriate audio format.
  - 9. The method of claim 7, wherein monitoring the communications transmitted between the untrusted device and the trusted IP device comprises monitoring the telecommunication link to determine whether the telecommunications being sent by the untrusted device comprise streaming data.
  - 10. The method of claim 7, wherein establishing a telecommunication link between the untrusted device and the trusted IP device using the telephony proxy comprises:
    - associating a first logical port of the telephony proxy with the trusted IP device;
      
      receiving telecommunication data from the untrusted device at the first logical port;
      
      modifying source address information in the received telecommunication data to specify a second logical port of the telephony proxy associated with the untrusted device; and
      
      communicating the telecommunication data with the modified source address information to the trusted IP device.
  - 11. The method of claim 10, wherein associating a first logical port of the telephony proxy with the untrusted device comprises associating a User Datagram Protocol (UDP) logical port to enable the streaming of IP packets.
  - 12. The method of claim 11, wherein modifying the source address information in the received telecommunication data comprises modifying a source IP address and a source port in a header of each IP packet.

13. A communication network for establishing communication between a trusted Internet Protocol (IP) device and an untrusted device, the communication network comprising:
- a first trusted network;
  
  a trusted IP device coupled to the first trusted network;
  
  an authentication controller coupled to the first trusted network and operable to evaluate an initiation request received from an untrusted device external to the first trusted network, the initiation request indicating a desired communication with the trusted IP device, wherein evaluating the initiation request comprises determining whether the untrusted device is requesting the establishment of streaming data with the trusted IP device; and
  
  a manager operable to initiate the creation of a telecommunication link between the trusted IP device and the untrusted device in response to a positive evaluation of the initiation request;
  
  wherein the authentication controller is further operable to;
  
  monitor communications transmitted between the untrusted device and the trusted IP device on the telecommunication link to ensure that the communications are streaming data to maintain the integrity of the trusted network; and
  
  terminate the telecommunication link if the communications transmitted between the untrusted device and the trusted IP device are not streaming data to maintain the integrity of the trusted network.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The communication network of claim 13, wherein the call manager is further operable to initiate the creation of a telecommunication link between the trusted IP device and the untrusted device using a telephony proxy, whereby all telecommunications between the trusted IP device and the untrusted device are communicated through the telephony proxy.
  - 15. The communication network of claim 14, wherein the telephony proxy, the authentication controller, and the call manager comprise software executed on one or more devices in the first trusted network.
  - 16. The communication network of claim 13, wherein the authentication controller is a component of the call manager.
  - 17. The communication network of claim 13, wherein:
    - the first trusted network comprises an Internet Protocol (IP) network; and
      
      the trusted IP device comprises an IP telephone.
  - 18. The communication network of claim 13, wherein the first trusted network and the untrusted device are coupled to the Internet.
  - 19. The communication network of claim 13, wherein:
    - the first trusted network is coupled to the Public Switched Telephone Network (PSTN) using a gateway; and
      
      the untrusted device is coupled to the PSTN.
  - 20. The communication network of claim 13, further comprising:
    - a second trusted network, the untrusted device coupled to the second trusted network; and
      
      an untrusted network coupling the first trusted network to the second trusted network.
  - 21. The communication network of claim 13, wherein the authentication controller comprises a list of addresses of network devices permitted to receive communications from untrusted devices, the authentication controller evaluating the initiation request positively if the initiation request indicates a desired communication with a network device having an address in the list of network addresses.
  - 22. The communication network of claim 13, wherein the authentication controller comprises a list of network addresses of untrusted devices permitted to communicate with the trusted IP device, the authentication controller evaluating the initiation request positively if the initiation request originates from an untrusted device having an address on the list of network addresses.
  - 23. The communication network of claim 13, wherein the authentication controller is further operable to monitor the telecommunication link between the trusted IP device and the untrusted device to determine whether telecommunications being sent by the untrusted device use an appropriate audio format.
  - 24. The communication network of claim 13, wherein the authentication controller is further operable to monitor the communications transmitted between the untrusted device and the trusted IP device to determine whether telecommunications being sent by the untrusted device comprise streaming data.

25. Software embodied in a non-transitory computer-readable medium and operable to perform the following steps:
- receiving an initiation request from an untrusted device external to a trusted network, the initiation request indicating a desired communication with a trusted Internet Protocol (IP) device coupled to the trusted network;
  
  evaluating the initiation request;
  
  establishing a telecommunication link between the untrusted device and the trusted IP device in response to a positive evaluation of the initiation request;
  
  monitoring communications transmitted between the untrusted device and the trusted IP device on the telecommunication link to ensure that the communications are streaming data to maintain the integrity of the trusted network; and
  
  terminating the telecommunication link if the communications transmitted between the untrusted device and the trusted IP device are not streaming data to maintain the integrity of the trusted network;
  
  wherein evaluating the initiation request comprises determining whether the untrusted device is requesting the establishment of streaming data with the trusted IP device.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 26. The software of claim 25, wherein receiving the initiation request from the untrusted device comprises intercepting the initiation request at an entry point to the trusted network servicing the trusted IP device, the initiation request sent from outside the trusted network by the untrusted device.
  - 27. The software of claim 25, wherein evaluating the initiation request comprises determining whether the trusted IP device is a proper recipient of a communication from an untrusted device.
  - 28. The software of claim 27, wherein determining whether the trusted IP device is a proper recipient of a communication from an untrusted device comprises determining whether a network address of the trusted IP device is included in a list of approved network addresses.
  - 29. The software of claim 25, wherein evaluating the initiation request comprises determining whether a network address of the untrusted device is included in a list of approved network addresses.
  - 30. The software of claim 25, wherein establishing a telecommunication link between the untrusted device and the trusted IP device comprises establishing a telecommunication link using a telephony proxy, whereby all telecommunications between the trusted IP device and the untrusted device are communicated through the telephony proxy.
  - 31. The software of claim 30, further operable to monitor the telecommunication link to determine whether the telecommunications being sent by the untrusted device use an appropriate audio format.
  - 32. The software of claim 30, further operable to monitor the telecommunication link to determine whether the telecommunications being sent by the untrusted device comprise streaming data.
  - 33. The software of claim 30, wherein establishing a telecommunication link between the untrusted device and the trusted IP device using the telephony proxy comprises:
    - associating a first logical port of the telephony proxy with the trusted IP device;
      
      receiving telecommunication data from the untrusted device at the first logical port;
      
      modifying source address information in the received telecommunication data to specify a second logical port of the telephony proxy associated with the untrusted device; and
      
      communicating the telecommunication data with the modified source address information to the trusted IP device.
  - 34. The software of claim 33, wherein associating a first logical port of the telephony proxy with the untrusted device comprises associating a User Datagram Protocol (UDP) logical port to enable the streaming of IP packets.
  - 35. The software of claim 34, wherein modifying the source address information in the received telecommunication data comprises modifying a source IP address and a source port in a header of each IP packet.

36. An apparatus for establishing communication between a trusted Internet Protocol (IP) device and an untrusted device, the apparatus comprising:
- at least one computer comprising an authentication controller operable to evaluate an initiation request received from an untrusted device external to a trusted network, the initiation request indicating a desired communication with a trusted IP device coupled to the trusted network, wherein evaluating the initiation request comprises determining whether the untrusted device is requesting the establishment of streaming data with the trusted IP device;
  
  the at least one computer comprising a call manager operable to;
  
  initiate the creation of a telecommunication link between the trusted IP device and the untrusted device in response to a positive evaluation of the initiation request;
  
  monitor communications transmitted between the untrusted device and the trusted IP device on the telecommunication link to ensure that the communications are streaming data to maintain the integrity of the trusted network; and
  
  terminate the telecommunication link if the communications transmitted between the untrusted device and the trusted IP device are not streaming data to maintain the integrity of the trusted network; and
  
  a telephony proxy, the telecommunication link between the trusted IP device and the untrusted device created using the telephony proxy such that all telecommunications between the trusted IP device and the untrusted device are communicated through the telephony proxy.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43)
- - 37. The apparatus of claim 36, wherein the authentication controller comprises a list of addresses of network devices permitted to receive communications from untrusted devices, the authentication controller evaluating the initiation request positively if the initiation request indicates a desired communication with a network device having an address in the list of network addresses.
  - 38. The apparatus of claim 36, wherein the authentication controller comprises a list of network addresses of untrusted devices permitted to communicate with the trusted IP device, the authentication controller evaluating the initiation request positively if the initiation request originates from an untrusted device having an address on the list of network addresses.
  - 39. The apparatus of claim 36, wherein the authentication controller is further operable to monitor the telecommunication link between the trusted IP device and the untrusted device to determine whether telecommunications being sent by the untrusted device use an appropriate audio format.
  - 40. The apparatus of claim 36, wherein the authentication controller is further operable to monitor the telecommunication link between the trusted IP device and the untrusted device to determine whether telecommunications being sent by the untrusted device comprise streaming data.
  - 41. The apparatus of claim 36, wherein the telephony proxy comprises:
    - a first logical port associated with the trusted IP device;
      
      a second logical port associated with the untrusted device;
      
      an address modification module operable to modify source address information in telecommunication data received at the first logical port from the untrusted device to specify the second logical port of the telephony proxy; and
      
      a transmission module operable to communicate the telecommunication data with the modified source address information to the trusted IP device.
  - 42. The apparatus of claim 41, wherein the first and second logical ports are User Datagram Protocol (UDP) logical ports.
  - 43. The apparatus of claim 41, wherein the address modification module is operable to modify a source IP address and port information in a header of an IP packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Tighe, James R., Higgins, Ronald D., Platt, Richard B., Bell, Robert T.
Primary Examiner(s)
COLIN, CARL G

Application Number

US11/420,506
Publication Number

US 20070186093A1
Time in Patent Office

1,726 Days
Field of Search

713/151, 370/352, 709/218, 709/227, 709/231, 709/232, 379/87, 379/95, 379/229
US Class Current

713/151
CPC Class Codes

H04L 63/101 Access control lists [ACL]

H04M 1/2535 adapted for voice communica...

System and method for providing security in a telecommunication network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

81 Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing security in a telecommunication network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links