Intelligent switching for secure and reliable voice-over-IP PBX service

US 7,920,548 B2
Filed: 08/18/2005
Issued: 04/05/2011
Est. Priority Date: 08/18/2005
Status: Active Grant

First Claim

Patent Images

1. A switching apparatus for selectably switching packetized traffic between a first and a second authenticated communication device connected to the switching apparatus via communication ports of the switching apparatus, said packetized traffic including call control packet traffic processable for establishing a voice-related call session between the first and second authenticated communication devices and medium packet traffic indicative of digitized voice data, the switching apparatus comprising:

a multi-layer switch that performs;

(a) rate policing call control packet traffic received from the first authenticated communication device, wherein a call session is established between the first and second authenticated communication devices through the multi-layer switch based on the call control packet traffic in response to the multi-layer switch determining that a data rate of the call control packet traffic is below a prescribed data rate threshold; and

(b) splitting medium packet traffic communicated from the first authenticated communication device towards the second authenticated communication device via the multi-layer switch during an established call session between the first and second authenticated communication devices, into a first call segment and a second call segment wherein, said splitting of medium packet traffic includes the multi-layer switch performing at least Layer-3 processing of said medium packet traffic such that the first call segment is configured to originate from said first authenticated communication device and terminate at said multi-layer switch, and the second call segment is configured to originate from said multi-layer switch and terminate at said second authenticated communication device;

wherein packetized traffic received by the multi-layer switch during the established call session between the authenticated first and second communication devices is processed by an ingress filter of the multi-layer switch based on at least one switching rule that allows only voice-related call control packet traffic and medium packet traffic received from at least one of the first and second authenticated communication devices, the packetized traffic is processed to be onwardly switched between the first and second authenticated communication devices via the multi-layer switch while restricting non-voice related packetized traffic from being communicated between the first and second authenticated communication devices via the multi-layer switch, and said at least one switching rule allowed automatic activation in response to establishment of the call session and automatic deactivation in response to termination of the call session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A switching apparatus for switching packetized voice traffic between a plurality of communication devices, the switching apparatus comprises a multi-layer switch, a plurality of communication ports, control means and ingress processing means, said packetized voice traffic comprises call control packets and medium packets which are exchanged between the communication devices via said communication ports, wherein medium packet traffic from a first communication device to a second communication device is split into a first call segment and a second call segment, the first call segment originates from said first communication devices and terminates at said switching apparatus, the second call segment originates from said switching apparatus and terminates at said second communication device, each medium packet from said first communication device is processed by said ingress processing means of said switching apparatus before onward transmission to said second communication device.

39 Citations

View as Search Results

20 Claims

1. A switching apparatus for selectably switching packetized traffic between a first and a second authenticated communication device connected to the switching apparatus via communication ports of the switching apparatus, said packetized traffic including call control packet traffic processable for establishing a voice-related call session between the first and second authenticated communication devices and medium packet traffic indicative of digitized voice data, the switching apparatus comprising:
- a multi-layer switch that performs;
  
  (a) rate policing call control packet traffic received from the first authenticated communication device, wherein a call session is established between the first and second authenticated communication devices through the multi-layer switch based on the call control packet traffic in response to the multi-layer switch determining that a data rate of the call control packet traffic is below a prescribed data rate threshold; and
  
  (b) splitting medium packet traffic communicated from the first authenticated communication device towards the second authenticated communication device via the multi-layer switch during an established call session between the first and second authenticated communication devices, into a first call segment and a second call segment wherein, said splitting of medium packet traffic includes the multi-layer switch performing at least Layer-3 processing of said medium packet traffic such that the first call segment is configured to originate from said first authenticated communication device and terminate at said multi-layer switch, and the second call segment is configured to originate from said multi-layer switch and terminate at said second authenticated communication device;
  
  wherein packetized traffic received by the multi-layer switch during the established call session between the authenticated first and second communication devices is processed by an ingress filter of the multi-layer switch based on at least one switching rule that allows only voice-related call control packet traffic and medium packet traffic received from at least one of the first and second authenticated communication devices, the packetized traffic is processed to be onwardly switched between the first and second authenticated communication devices via the multi-layer switch while restricting non-voice related packetized traffic from being communicated between the first and second authenticated communication devices via the multi-layer switch, and said at least one switching rule allowed automatic activation in response to establishment of the call session and automatic deactivation in response to termination of the call session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The switching apparatus according to claim 1, wherein the multi-layer switch is adapted to divide a call connection from the second authenticated communication device to the first authenticated communication device into a first call segment and a second call segment based on to at least Layer-3 processing of medium packets received by the multi-layer switch, the first and second authenticated communication devices are respectively connected to a first communication port and a second communication port, the first call segment contains an address identification of the second authenticated communication device as source, address identification of the switching apparatus as destination and port identification of the switching apparatus as an intermediate listening port, the second call segment contains address identification of the switching apparatus as source, address information of the first authenticated communication device as destination, and port identification of the first authenticated communication device as a destination listening port.
  - 3. The switching apparatus according to claim 2, wherein said address identification is an IP-address.
  - 4. The switching apparatus according to claim 3, wherein said port identification is a Layer-4 port number.
  - 5. The switching apparatus according to claim 1, wherein a call connection between the first authenticated communication device and the second authenticated communication device is established by passage of call control packets between said first authenticated communication device and a processing means and between said processing means and said second communication device to establish a call session.
  - 6. The switching apparatus according to claim 5, wherein said switching apparatus precludes communication between the first and second authenticated communication devices unless a call session has been established.
  - 7. The switching apparatus according to claim 6, wherein said processing means comprises a server co-located with said switching apparatus.
  - 8. The switching apparatus according to claim 7, wherein said server comprises a Session Initiation Protocol server.
  - 9. The switching apparatus according to claim 8, wherein medium packets are switched between the first and second authenticated communication devices based on Internet Protocol addresses and ports established for said call session.
  - 10. The switching apparatus according to claim 9, wherein medium packets are network address translated by the multi-layer switch via at least Layer-3 processing to switch to a destination device.
  - 11. The switching apparatus according to claim 1, wherein the prescribed data rate threshold to a telephone device is 100 kbps.
  - 12. The switching apparatus according to claim 1, wherein said ingress filter comprises device authentication means for ascertaining the identities of one of more communication devices from which each incoming data packets of a voice traffic are admitted by said switching apparatus for onward transmission to another communication device.
  - 13. The switching apparatus according to claim 1, wherein said device authentication means comprises means for ascertaining the Media Access Control address of an originating communication device, only packets from a device with an authenticated Media Access Control address are admitted into the network.
  - 14. The switching apparatus according to claim 1, wherein said ingress filter comprises means for policing bandwidth of data packets and means to block data packets exceeding a predetermined threshold data bandwidth which is indicative of non-voice traffic.
  - 15. The switching apparatus according to claim 1, wherein voice traffic is based on Session Initiation Protocol.
  - 16. The switching apparatus according to claim 1, wherein in a voice Virtual Local Area Network formed by at least said switching apparatus and said first and second authenticated communication devices, said switching apparatus precludes broadcast and multi-cast by any one of the first and second authenticated communication devices.
  - 17. The switching apparatus according to claim 1, wherein in a voice Virtual Local Area Network formed by at least said multi-layer switch and said first and second authenticated communication devices, said multi-layer switch precludes unknown unicast.
  - 18. The communication network comprising segregated voice and data networks and a switching apparatus of claim 1, wherein all data packets transiting from said data network to said voice network pass through said multi-layer switch.
  - 19. The communication network according to claim 18, wherein a plurality of Internet Protocol phone devices are connected to said switching apparatus for Voice over Internet Protocol applications.

20. A method of selectably switching packetized traffic from a first authenticated communication device to a second authenticated communication device via an intermediate multi-layer switching apparatus, said packetized traffic including call control packet traffic processable by the intermediate multi-layer switching apparatus to establish a voice-related call session between the first and second authenticated communication devices and medium packet traffic indicative of digitized voice data, said method including the steps of:
- (i) establishing a call session between the first and second authenticated communication devices via the intermediate multi-layer switching apparatus based on call control packet traffic received from the first authenticated communication device where the intermediate multi-layer switching apparatus determines that a data rate of said call control packet traffic is below a prescribed data rate threshold; and
  
  (ii) splitting medium packet traffic communicated from the first authenticated communication device towards the second authenticated communication device via the intermediate multi-layer switching apparatus during the established call session between the first and second authenticated communication devices, into a first call segment and a second call segment wherein said splitting of medium packet traffic includes performing at least Layer-3 processing of said medium packet traffic such that the first call segment is configured to originate from said first authenticated communication device and terminate at said intermediate multi-layer switching apparatus, and the second call segment is configured to originate from said intermediate multi-layer switching apparatus and terminate at said second authenticated communication device,wherein packetized traffic received by the multi-layer switch during the established call session between the authenticated first and second communication devices is processed by an ingress filter of the multi-layer switch based on at least one switching rule that allows only voice-related call control packet traffic and medium packet traffic received from the first and/or second authenticated communication devices, the packetized traffic is processed to be onwardly switched between the first and second authenticated communication devices via the multi-layer switch while restricting non-voice related packetized traffic from being communicated between the first and second authenticated communication devices via the multi-layer switch, and said at least one switching rule allowed automatic activation in response to establishment of the call session and automatic deactivation in response to termination of the call session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hong Kong Applied Science And Technology Research Institute Co., Ltd.
Original Assignee
Hong Kong Applied Science And Technology Research Institute Co., Ltd.
Inventors
Lor, Kar-Wing Edward, Luk, Wing Hei, Shum, Kwan
Primary Examiner(s)
Matar, Ahmad F
Assistant Examiner(s)
Nguyen, Khai N

Application Number

US11/206,085
Publication Number

US 20070041373A1
Time in Patent Office

2,056 Days
Field of Search

370/338, 370352-354, 379/220.01, 379/229
US Class Current

370/352
CPC Class Codes

H04L 45/00   Routing or path finding of ...

H04L 47/20   Traffic policing

H04L 47/2416   Real-time traffic

H04L 47/32   by discarding or delaying d...

H04L 65/1069   Session establishment or de...

H04L 65/1101   Session protocols

H04M 3/42314   in private branch exchanges

H04M 7/006   Networks other than PSTN/IS...

Intelligent switching for secure and reliable voice-over-IP PBX service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Intelligent switching for secure and reliable voice-over-IP PBX service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links