System and method for enabling communication sessions in a network environment

US 8,694,658 B2
Filed: 09/19/2008
Issued: 04/08/2014
Est. Priority Date: 09/19/2008
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a policy element operable to receive a query for a policy that pertains to a selected one of first and second endpoints, wherein the first and second endpoints are two distinct entities, each endpoint being associated with a virtual private network (VPN), wherein the VPNs are disjointed, wherein interaction occurs between a session border controller (SBC) and a session initiation protocol (SIP) signaling entity, wherein each SBC makes a mapping between signaling entity information and pre-configured SBC VPN information, wherein credential negotiation occurs between the policy element and the SBC such that a selected policy within the policy element determines that a requested communication session is conducted between the endpoints, wherein the pre-configured SBC VPN information is used for dynamic policy configuration of the communication session, and wherein a local database is checked for a log of an existing call and for a prior configuration between the endpoints.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided in one example implementation and the method includes receiving a query for a policy (e.g., a multi-media session) that pertains to a selected one of first and second endpoints. Each endpoint interfaces with their respective session initiation protocol entity, which interacts with a session border controller (SBC). The method further includes negotiating credentials via a policy element and a selected SBC and determining, via a selected policy within the policy element, whether a requested communication session is prohibited or conducted between the endpoints. In more specific embodiments, each SBC makes a mapping between signaling entity information and pre-configured SBC virtual private network (VPN) information used for dynamic configuration of the communication session, and wherein a SIP [or other communication protocol] adjacency configuration is created, where adjacency characteristics are defined for each enterprise in which the endpoints reside.

447 Citations

19 Claims

1. An apparatus, comprising:
- a policy element operable to receive a query for a policy that pertains to a selected one of first and second endpoints, wherein the first and second endpoints are two distinct entities, each endpoint being associated with a virtual private network (VPN), wherein the VPNs are disjointed, wherein interaction occurs between a session border controller (SBC) and a session initiation protocol (SIP) signaling entity, wherein each SBC makes a mapping between signaling entity information and pre-configured SBC VPN information, wherein credential negotiation occurs between the policy element and the SBC such that a selected policy within the policy element determines that a requested communication session is conducted between the endpoints, wherein the pre-configured SBC VPN information is used for dynamic policy configuration of the communication session, and wherein a local database is checked for a log of an existing call and for a prior configuration between the endpoints.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The apparatus of claim 1, wherein the interaction includes messages that contain specific information about the SIP signaling entity and include an IP address for the signaling entity, and characteristics of respective endpoints.
  - 3. The apparatus of claim 1, wherein a SIP adjacency configuration is created, where adjacency characteristics are defined for each enterprise in which the endpoints reside.
  - 4. The apparatus of claim 1, wherein the selected policy includes a payment plan or a prepayment policy.
  - 5. The apparatus of claim 1, wherein session routing configuration is created and applied in a selected SBC for selected endpoints when the call is authorized via the policy element.
  - 6. The apparatus of claim 1, wherein the selected policy that is accessed provides parameters that include maximum bandwidth, maximum number of sites, or quality of service (QoS) classifications.
  - 7. The apparatus of claim 1, wherein based on a policy result, a selected SBC will elect whether or not to dynamically build and add an input in a session routing table configuration.
  - 8. The apparatus of claim 1, wherein once a configuration is successfully pushed from the policy element, a routing and session table cache entry can be stored on a selected SBC with a timer.
  - 9. The apparatus of claim 1, wherein a selected SBC searches its session routing table to find a route for the communication session, and wherein the selected SBC performs call admission control (CAC) operations such as bandwidth, number of calls, call rate being limited.
  - 10. The apparatus of claim 1, wherein if the communication session is authorized, billing records are generated, or events and alarms are logged.
  - 11. The apparatus of claim 1, wherein the SBC re-initiates a session towards another enterprise.
  - 12. The apparatus of claim 1, wherein the credential negotiation is verified against granular business policies.
  - 13. The apparatus of claim 1, wherein the pre-configured SBC VPN information includes an incoming SBC virtual interface, a source IP address of the signaling entity, and characteristics of the first endpoint and of the second endpoint.

14. A method, comprising:
- receiving a query for a policy that pertains to a selected one of first and second endpoints, wherein interaction occurs between a session initiation protocol (SIP) entity and a session border controller (SBC), and wherein the first and second endpoints are two distinct entities, each endpoint being associated with a virtual private network (VPN), wherein the VPNs are disjointed, and wherein each SBC makes a mapping between signaling entity information and pre-configured SBC VPN information;
  
  negotiating credentials via a policy element and a selected SBC;
  
  determining via a selected policy within the policy element whether a requested communication session is prohibited or conducted between the endpoints, wherein the pre-configured SBC VPN information is used for dynamic policy configuration of the communication session if the communication session is conducted; and
  
  evaluating a local database for a log of an existing call and for a prior configuration between the endpoints, and wherein if an entry exists for the existing call, an expire timer is reset and the requested communication session is authorized.
- View Dependent Claims (15)
- - 15. The method of claim 14, wherein a SIP adjacency configuration is created, where adjacency characteristics are defined for each enterprise in which the endpoints reside.

16. Logic encoded in one or more non-transitory tangible media for execution and when executed by a processor operable to:
- receive a query for a policy that pertains to a selected one of first and second endpoints, each endpoint being associated with a virtual private network (VPN), wherein the VPNs are disjointed, wherein interaction occurs between a session initiation protocol entity and a session border controller (SBC), and wherein the first and second endpoints are two distinct entities, and wherein each SBC makes a mapping between signaling entity information and pre-configured SBC VPN information;
  
  negotiate credentials via a policy element and a selected SBC;
  
  determine via a selected policy within the policy element whether a requested communication session is prohibited or conducted between the endpoints, wherein the pre-configured SBC VPN information is used for dynamic policy configuration of the communication session if the communication session is conducted; and
  
  evaluate a local database for a log of an existing call and for a prior configuration between the endpoints, and wherein if an entry exists for the existing call, an expire timer is reset and the requested communication session is authorized.
- View Dependent Claims (17, 18)
- - 17. The logic of claim 16, wherein a SIP adjacency configuration is created, where adjacency characteristics are defined for each enterprise in which the endpoints reside.
  - 18. The logic of claim 16, wherein session routing configuration is created and applied in a selected SBC for selected endpoints when the call is authorized via the policy element, and wherein the selected policy that is accessed provides parameters that include maximum bandwidth, maximum number of sites, or quality of service (QoS) classifications, and wherein based on a policy result, a selected SBC will elect whether or not to dynamically build and add an input in a session routing table configuration, and wherein once a configuration is successfully pushed from the policy element, a routing and session (establishment) entry can be stored on a selected SBC with a timer.

19. A system, comprising:
- means for receiving a query for a policy that pertains to a selected one of first and second endpoints, wherein interaction occurs between a session initiation protocol (SIP) entity and a session border controller (SBC), and wherein the first and second endpoints are two distinct entities that belong to two different enterprises, each endpoint being associated with a virtual private network (VPN), wherein the VPNs are disjointed;
  
  means for negotiating credentials via a policy element and a selected SBC;
  
  means for determining via a selected policy within the policy element whether a requested communication session is prohibited or conducted between the endpoints, wherein each SBC makes a mapping between signaling entity information and pre-configured SBC VPN information used for dynamic policy configuration of the communication session, and wherein a SIP adjacency configuration is created, where adjacency characteristics are defined for each enterprise in which the endpoints reside; and
  
  means for evaluating a local database for a log of an existing call and for a prior configuration between the endpoints, and wherein if an entry exists for the existing call, an expire timer is reset and the requested communication session is authorized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Gao, Yifan, Andrieux, Laure F., Aziz, Zaheer, Besrour, Hymed
Primary Examiner(s)
SHAW, PELING ANDREW

Application Number

US12/234,291
Publication Number

US 20100082557A1
Time in Patent Office

2,027 Days
Field of Search

709217-219, 709/223, 709/224, 709/225, 709/226, 709/227, 709/228, 709/229, 709/230, 709/238, 709/245
US Class Current

709/229
CPC Class Codes

H04L 63/20 for managing network securi...

System and method for enabling communication sessions in a network environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

447 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for enabling communication sessions in a network environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

447 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links