Multimedia communication control unit as a secure device for multimedia communication between LAN users and other network users

US 8,706,893 B2
Filed: 08/14/2001
Issued: 04/22/2014
Est. Priority Date: 08/15/2000
Status: Active Grant

First Claim

Patent Images

1. An apparatus for communicating multimedia data streams between a first endpoint communicatively coupled to a secured network, wherein the secured network is secured by a firewall, and a second endpoint external to the secured network, the apparatus comprising:

a first logical port monitoring traffic flow through the apparatus;

a second logical port monitoring traffic flow through the apparatus; and

a common interface communicatively coupling the first logical port to the second logical port;

the first logical port being communicatively coupled to the first endpoint, the first endpoint within the secured network;

the first logical port operative to select, from the common interface, a selected multimedia data stream, the selection based on conformance with a first communication protocol from a plurality of data streams received by the first logical port and initiate a transfer of the selected multimedia data streams to the first endpoint, the selected multimedia data streams bypassing the firewall;

the first logical port further operative to receive multimedia data streams conforming to the first communication protocol from the first endpoint and inject them into the common interface;

the second logical port communicatively coupled to the second endpoint and configured to receive input data streams from the second endpoint; and

the second logical port operative to select a portion of the input data streams, the selection based on conformance to the first communication protocol and allow only multimedia data streams conforming to the first communication protocol to be injected into the common interface, and, to select multimedia data streams conforming to the first communication protocol from the common interface and initiate transfer of the selected multimedia data streams to the second endpoint, the selected multimedia data streams bypassing the firewall.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing multimedia communication between a firewall protected, LAN based endpoint and an endpoint that is external to the LAN. A logical port of a multimedia communications control unit is attached to the LAN behind the firewall. Another logical port of the multimedia communications control unit is attached to the external endpoint. Multimedia communication data, consisting of call management data and media data, can be exchanged between the endpoints via the multimedia communications control unit. The multimedia communications control unit allows only multimedia communication data that strictly adheres to a particular communications protocol to pass through. Thus, the security afforded by the firewall is not compromised.

Citations

16 Claims

1. An apparatus for communicating multimedia data streams between a first endpoint communicatively coupled to a secured network, wherein the secured network is secured by a firewall, and a second endpoint external to the secured network, the apparatus comprising:
- a first logical port monitoring traffic flow through the apparatus;
  
  a second logical port monitoring traffic flow through the apparatus; and
  
  a common interface communicatively coupling the first logical port to the second logical port;
  
  the first logical port being communicatively coupled to the first endpoint, the first endpoint within the secured network;
  
  the first logical port operative to select, from the common interface, a selected multimedia data stream, the selection based on conformance with a first communication protocol from a plurality of data streams received by the first logical port and initiate a transfer of the selected multimedia data streams to the first endpoint, the selected multimedia data streams bypassing the firewall;
  
  the first logical port further operative to receive multimedia data streams conforming to the first communication protocol from the first endpoint and inject them into the common interface;
  
  the second logical port communicatively coupled to the second endpoint and configured to receive input data streams from the second endpoint; and
  
  the second logical port operative to select a portion of the input data streams, the selection based on conformance to the first communication protocol and allow only multimedia data streams conforming to the first communication protocol to be injected into the common interface, and, to select multimedia data streams conforming to the first communication protocol from the common interface and initiate transfer of the selected multimedia data streams to the second endpoint, the selected multimedia data streams bypassing the firewall.
- View Dependent Claims (2, 3, 4)
- - 2. The apparatus of claim 1, wherein the first logical port and the second logical port each have a unique Internet Protocol address.
  - 3. The apparatus of claim 1, wherein the first communication protocol is H.323.
  - 4. The apparatus of claim 1, wherein the first communication protocol is SIP.

5. An apparatus for communicating multimedia data streams between a first endpoint and a second endpoint, the apparatus communicatively coupled to a first network and a second network, the first endpoint communicatively coupled to the first network, and the second endpoint communicatively coupled to the second network, the first network being secured by a firewall and the second network being a public network, the apparatus comprising:
- a first logical port monitoring traffic flow through the apparatus;
  
  a second logical port communicatively coupled to the second endpoint within the public network and monitoring traffic flow through the apparatus; and
  
  a common interface communicatively coupling the first logical port to the second logical port;
  
  the first logical port operative to receive call management data streams from said first network and to establish a multimedia communications session between the first endpoint and the second endpoint;
  
  the first logical port further operative to select a media data stream from a plurality of data streams received by the first logical port, the selection based on the media data stream conforming to a first communication protocol;
  
  the first logical port further operative to select the media data stream from the common interface and initiate transfer of the media data stream to the first endpoint;
  
  the first logical port further operative to receive media data streams conforming to the first communication protocol from the first endpoint and inject them into the common interface;
  
  the second logical port communicatively coupled to the second endpoint and operative to receive input data from the second endpoint, select at least a portion of the input data conforming to the first communication protocol and allow only multimedia data streams conforming to the first communication protocol to be injected into the common interface; and
  
  the second logical port further operative to select conforming media data streams from the common interface and initiate transfer of the selected conforming media data streams to the second endpoint;
  
  wherein conforming multimedia data streams selected by the first and second logical port via the common interface bypass the firewall.
- View Dependent Claims (6, 7, 8)
- - 6. The apparatus of claim 5, wherein the first logical port and the second logical port each have a unique Internet protocol address.
  - 7. The apparatus of claim 5, wherein the first communication protocol is H.323.
  - 8. The apparatus of claim 5, wherein the first communication protocol is SIP.

9. A method for providing multimedia communication data between a first endpoint communicatively coupled to a secure network secured by a firewall and a second endpoint external to the secure network without compromising the security of the secure network, the method comprising the steps of:
- communicatively coupling a multimedia communications control unit to a network secured by a firewall and to a public network, thereby bypassing the firewall of the secure network;
  
  receiving, at the multimedia control unit control data from the first endpoint addressed to the second endpoint, the first endpoint communicatively coupled to the secure network and the second endpoint external to the secure network;
  
  if the control data does not conform to a particular protocol, blocking the control data;
  
  if the control data conforms to the particular protocol, processing the control data to establish a multimedia communications session between the first endpoint and the second endpoint; and
  
  receiving media data from the second endpoint addressed to the first endpoint;
  
  if the media data does not conform to the particular protocol, blocking the media data; and
  
  if the media data conforms to the particular protocol, initiating transfer of the media data to the first endpoint.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein the multimedia communications control unit has a first Internet Protocol (IP) address to be used by the first endpoint and a second IP address to be used by the second endpoint.
  - 11. The method of claim 9, wherein said particular protocol is H.323.
  - 12. The method of claim 9, wherein said particular protocol is SIP.

13. A non-transitory computer readable medium storing instructions thereon to cause a programmable apparatus to communicate multimedia data streams between a first endpoint communicatively coupled to a secured network and a second endpoint external to the secured network, wherein the secured network is secured by a firewall, comprising instructions to cause the programmable apparatus to configure:
- a first logical port for monitoring traffic flow through the apparatus;
  
  a second logical port for monitoring traffic flow through the apparatus; and
  
  a common interface communicatively coupling the first logical port to the second logical port;
  
  the first logical port being communicatively coupled to the first endpoint, the first endpoint within the secured network;
  
  the first logical port operative to select, from the common interface, a selected first multimedia data stream, the selection based on conformance with a first communication protocol from a plurality of data streams received by the first logical port and initiate a transfer of the selected first multimedia data stream to the first endpoint, the selected first multimedia data stream bypassing the firewall;
  
  the first logical port further operative to receive multimedia data streams conforming to the first communication protocol from the first endpoint and inject them into the common interface;
  
  the second logical port communicatively coupled to the second endpoint and configured to receive input data streams from the second endpoint; and
  
  the second logical port operative to select a portion of the input data streams, the selection based on conformance to the first communication protocol and allow only multimedia data streams conforming to the first communication protocol to be injected into the common interface, and, to select second multimedia data streams conforming to the first communication protocol from the common interface and initiate transfer of the selected second multimedia data streams to the second endpoint, the selected second multimedia data streams bypassing the firewall.
- View Dependent Claims (14, 15, 16)
- - 14. The non-transitory computer readable medium of claim 13, wherein the first logical port and the second logical port each have a unique Internet Protocol address.
  - 15. The non-transitory computer readable medium of claim 13, wherein the first communication protocol is H.323.
  - 16. The non-transitory computer readable medium of claim 13, wherein the first communication protocol is SIP.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Polycom Israel Limited (HP Inc.)
Original Assignee
Polycom Israel Limited (HP Inc.)
Inventors
Even, Roni, Rabinerzon, Uri
Primary Examiner(s)
Daftuar, Saket K

Application Number

US10/362,382
Publication Number

US 20040114612A1
Time in Patent Office

4,634 Days
Field of Search

709/200, 709/201, 709/202, 709/203, 709/217, 709/218, 709/219, 709/220, 709/221, 709/222, 709/223, 709/224, 709/225, 709/226, 709/230, 709/232, 709/238, 709/239, 709/240, 709/241, 709/242, 709/243, 709/244, 709/245, 370/465, 370/522, 370/261, 370/469, 370/395.52, 370/356, 370/391, 370/474, 370/352, 370/524, 370/354, 370/401, 370/467, 370/410, 370/353, 370/400, 370/389, 370/397, 370/244, 370/248, 370/250, 713/201, 713/150, 713/200, 713/152
US Class Current

709/231
CPC Class Codes

H04L 12/2801   Broadband local area networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 65/1043   Gateway controllers, e.g. m...

H04L 65/1046   Call controllers; Call servers

H04L 65/1069   Session establishment or de...

H04L 65/1101   Session protocols

H04L 65/1104   Session initiation protocol...

H04L 65/1106   Call signalling protocols; ...

H04L 65/60   Network streaming of media ...

H04L 65/65   Network streaming protocols...

H04L 65/70   Media network packetisation

Multimedia communication control unit as a secure device for multimedia communication between LAN users and other network users

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Multimedia communication control unit as a secure device for multimedia communication between LAN users and other network users

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links