Enabling incoming VoIP calls behind a network firewall

US 8,391,453 B2
Filed: 09/17/2010
Issued: 03/05/2013
Est. Priority Date: 10/22/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a firewall and from a private user device, a registration message including a private internet protocol (IP) address associated with the private user device;

associating, by the firewall, the private user device with a public IP address and a discrete port number;

modifying, by the firewall, the registration message to include the public IP address and the discrete port number;

receiving, by the firewall, a call invitation message associated with a public user device, the call invitation message being directed to the public IP address and the discrete port number associated with the private user device;

identifying a communications message type to be received from the public user device;

determining, by the firewall, whether the call invitation message satisfies a security policy, the call invitation message satisfying the security policy when the communications message type corresponds to one of a plurality of particular communications message types;

modifying, by the firewall and when the call invitation message satisfies the security policy, the call invitation message to include the private IP address associated with the private user device; and

forwarding the call invitation message to the private user device based on the private IP address associated with the private user device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network device is configured to receive a registration message from a private user device including a private internet protocol (IP) address associated with the private user device. A public IP address and discrete port number are assigned to the private user device and private IP address and stored in an incoming call table. The registration message is translated to include the public IP address and discrete port number. The registration message is forwarded to a proxy server for registration. An incoming call invitation message is received from a public user device, where the call invitation message is directed to the public IP address and discrete port number associated with the private user device. The call invitation message is translated to include the private IP address associated with the private user device based on the received public IP address and discrete port number and the incoming call table. The call invitation message is forwarded to the private user device.

30 Citations

20 Claims

1. A method comprising:
- receiving, by a firewall and from a private user device, a registration message including a private internet protocol (IP) address associated with the private user device;
  
  associating, by the firewall, the private user device with a public IP address and a discrete port number;
  
  modifying, by the firewall, the registration message to include the public IP address and the discrete port number;
  
  receiving, by the firewall, a call invitation message associated with a public user device, the call invitation message being directed to the public IP address and the discrete port number associated with the private user device;
  
  identifying a communications message type to be received from the public user device;
  
  determining, by the firewall, whether the call invitation message satisfies a security policy, the call invitation message satisfying the security policy when the communications message type corresponds to one of a plurality of particular communications message types;
  
  modifying, by the firewall and when the call invitation message satisfies the security policy, the call invitation message to include the private IP address associated with the private user device; and
  
  forwarding the call invitation message to the private user device based on the private IP address associated with the private user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - forwarding the registration message to a proxy server for registration, andwhere the call invitation message is routed through the proxy server.
  - 3. The method of claim 1, where the proxy server is one of a session initiation protocol (SIP) proxy or an H.323 gatekeeper.
  - 4. The method of claim 1, where associating the private user device with a public IP address and a discrete port number further includes:
    - generating an entry in an incoming call table, the entry including data associated with the private IP address, the public IP address, and the discrete port number, andwhere modifying the call invitation message includes;
      
      locating the entry in the incoming call table based on the public IP address and the discrete port number,accessing the entry to acquire the private IP address for the private user device, andinserting the private IP address into the call invitation message.
  - 5. The method of claim 4, where the entry, in the incoming call table, further includes an expiration time,where the entry is removed from the incoming call table after the expiration time, andwhere the firewall rejects the call invitation message when the call invitation message is received after the entry in removed from the incoming call table.
  - 6. The method of claim 1, where determining whether the call invitation message satisfies the security policy further comprises:
    - identifying an IP address associated with the public user device, anddetermining whether the call invitation message satisfies the security policy based on the identified IP associated with the public user device.
  - 7. The method of claim 1, further comprising:
    - determining that the call invitation message does not satisfy the security policy;
      
      retrieving, based on the call invitation message not satisfying the security policy, a different private IP address associated with the private user device;
      
      modifying the call invitation message to include the different private IP address; and
      
      forwarding the call invitation message to the private user device based on the different private IP address.

8. A device comprising:
- a memory to store instructions; and
  
  a processor to implement the instructions to;
  
  receive, via a public network, a call invitation message associated with a public user device, the call invitation message being directed to a public IP address and a discrete port number associated with a private user device,identify a communications message type associated with the public user device,determine whether the call invitation message satisfies a security policy, the call invitation message satisfying the security policy when the communications message type corresponds to a particular communications message type,modify, when the call invitation message satisfies the security policy, the call invitation message to include a private IP address associated with the private user device, andforward, via a private network, the call invitation message to the private user device based on the private IP address associated with the private user device.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The device of claim 8, where the processor is further to:
    - store an incoming call table that associates the private IP address with the public IP address and the discrete port number.
  - 10. The device of claim 8, where the call invitation message is received, via the public network, from a proxy server on behalf of the public user device.
  - 11. The device of claim 10, where the processor is further to:
    - associate the public IP address and the discrete port number with the private IP address based on a registration message received from the private user device, andforward the registration message to the proxy server.
  - 12. The device of claim 11, where the proxy server is one of a session initiation protocol (SIP) proxy or an H.323 gatekeeper, and where the proxy server is to process the registration message.
  - 13. The device of claim 11, where the processor, when associating the private IP address with the public IP address and the discrete port number, is further to:
    - generate an entry in an incoming call table, the entry including data associated with the private IP address, the public IP address, and the discrete port number.
  - 14. The device of claim 13, where the entry, in the incoming call table, further includes an expiration time, and where the processor is further to:
    - remove the entry from the incoming call table after the expiration time, andreject the call invitation message when the call invitation message is received afterremoving the entry from the incoming call table.
  - 15. The device of claim 8, where the processor, when determining whether the call invitation message satisfies the security policy, is further to:
    - identify an IP address associated with the public user device, anddetermine whether the call invitation message satisfies the security policy based on the identified IP associated with the public user device.
  - 16. The device of claim 8, where the processor is further to:
    - determine that the call invitation message does not satisfy the security policy;
      
      retrieve, based on the call invitation message not satisfying the security policy, a different private IP address associated with the private user device;
      
      modify the call invitation message to include the different private IP address; and
      
      forward the call invitation message to the private user device based on the different private IP address.

17. A non-transitory computer-readable memory to store instructions, the instructions comprising:
- one or more instructions that, when executed by a processor, cause the processor toreceive, via a public network, a call invitation message associated with a public user device, the call invitation message being directed to a public IP address and a discrete port number associated with a private user device,identify a communications message type associated with the public user device,determine whether the call invitation message satisfies a security policy,the call invitation message satisfying the security policy when the communications message type corresponds to a particular communications message type,modify, when the call invitation message satisfies the security policy, the call invitation message to include a private IP address associated with the private user device, andforward, via a private network, the call invitation message to the private user device based on the private IP address associated with the private user device.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-readable memory of claim 17, where the call invitation message is received, via the public network, from a proxy server on behalf of the public user device, andwhere the instructions further comprise:
    - one or more instructions to;
      
      store data associating the private IP address with the public IP address and the discrete port number,associate the public IP address and the discrete port number with the private IP address based on a registration message received from the private user device, andforward the registration message to the proxy server.
  - 19. The computer-readable memory of claim 17, where at least one instruction, of the one or more instructions, to determine whether the call invitation message satisfies the security policy, further includes:
    - one or more instructions to;
      
      identify an IP address associated with the public user device, anddetermine whether the call invitation message satisfies the security policy based on the identified IP associated with the public user device.
  - 20. The computer-readable memory of claim 17, where the instructions further comprise:
    - one or more instructions to;
      
      determine that the call invitation message does not satisfy the security policy,retrieve, based on the call invitation message not satisfying the security policy, a different private IP address associated with the private user device,modify the call invitation message to include the different private IP address, andforward the call invitation message to the private user device based on the different private IP address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Xie, Chunsheng, Zhu, Xiaodong, Hunyady, Attila J, Zhou, Feng
Primary Examiner(s)
Anwah, Olisa

Application Number

US12/884,595
Publication Number

US 20110010752A1
Time in Patent Office

900 Days
Field of Search

726/1, 726/11, 726/12, 726/13, 726/14, 709/245, 709/227, 370/352, 370/401, 370/389, 379/93.09
US Class Current

379/93.09
CPC Class Codes

H04L 61/255   Maintenance or indexing of ...

H04L 61/2564   for a higher-layer protocol...

H04L 61/2585   through application level g...

H04L 63/029   Firewall traversal, e.g. tu...

Enabling incoming VoIP calls behind a network firewall

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Enabling incoming VoIP calls behind a network firewall

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links