Method and system for providing secure communications between proxy servers in support of interdomain traversal

US 8,948,200 B2
Filed: 04/24/2012
Issued: 02/03/2015
Est. Priority Date: 07/20/2005
Status: Active Grant

First Claim

Patent Images

1. A method for providing packetized communication services, the method comprising:

receiving a request specifying a directory number for establishing a communication session from a first endpoint to a second endpoint, wherein the first endpoint is behind a first network address translator of a first domain, and the second endpoint is within a second domain;

communicating with a service provider network to determine, via an Electronic Number (ENUM), a network address for communicating with the second endpoint based on the directory number, to determine, via a Simple Traversal of User Datagram Protocol (STUN), existence of a second network address translator within the second domain, and to establish, via a Traversal Using Relay Network Address Translation (TURN), if the network address can be determined, a media path between the first endpoint and the second endpoint based on the network address to support the communication session;

establishing an encrypted session with a proxy server according to a cryptographic protocol to support the media path, the proxy server residing within the second domain; and

converting signaling from another proxy server associated with establishment of the communication session to a format compatible with the proxy server.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach provides interdomain traversal to support packetized voice transmissions. A request is received and specifies a directory number for establishing a communication session from a first endpoint to a second endpoint. The first endpoint is behind a first network address translator of a first domain, and the second endpoint is within a second domain. A service provider network is accessed to determine a network address for communicating with the second endpoint based on the directory number, to determine existence of a second network address translator within the second domain, and to establish, if the network address can be determined, a media path between the first endpoint and the second endpoint based on the network address to support the communication session. An encrypted session is established with a proxy server according to a cryptographic protocol to support the media path. The proxy server resides within the second domain.

Citations

24 Claims

1. A method for providing packetized communication services, the method comprising:
- receiving a request specifying a directory number for establishing a communication session from a first endpoint to a second endpoint, wherein the first endpoint is behind a first network address translator of a first domain, and the second endpoint is within a second domain;
  
  communicating with a service provider network to determine, via an Electronic Number (ENUM), a network address for communicating with the second endpoint based on the directory number, to determine, via a Simple Traversal of User Datagram Protocol (STUN), existence of a second network address translator within the second domain, and to establish, via a Traversal Using Relay Network Address Translation (TURN), if the network address can be determined, a media path between the first endpoint and the second endpoint based on the network address to support the communication session;
  
  establishing an encrypted session with a proxy server according to a cryptographic protocol to support the media path, the proxy server residing within the second domain; and
  
  converting signaling from another proxy server associated with establishment of the communication session to a format compatible with the proxy server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1, wherein the encrypted session is established end-to-end from the first endpoint to the second endpoint.
  - 3. A method according to claim 1, wherein the communication session is a Voice over Internet Protocol (IP) call.
  - 4. A method according to claim 1, wherein the first domain and the second domain correspond either to different enterprise networks or autonomous networks.
  - 5. A method according to claim 1, wherein the proxy server utilizes Session Initiation Protocol (SIP) signaling, and the other proxy server utilizes either a SIP-style signaling or a H.323 signaling.
  - 6. A method according to claim 1, wherein, if the network address cannot be determined, the proxy server communicates with a media gateway coupled to a circuit-switched telephone network for termination of the communication session.
  - 7. A method according to claim 1, wherein the cryptographic protocol includes a Transport Layer Security (TLS) protocol.

8. A network apparatus for providing packetized communication services, the apparatus comprising:
- a first communication interface configured to receive a request specifying a directory number for establishing a communication session from a first endpoint to a second endpoint, wherein the first endpoint is behind a first network address translator of a first domain, and the second endpoint is within a second domain;
  
  a second communication interface configured to communicate with a service provider network to determine, via an Electronic Number (ENUM), a network address for communicating with the second endpoint based on the directory number, to determine, via a Simple Traversal of User Datagram Protocol (STUN), existence of a second network address translator within the second domain, and to establish, via a Traversal Using Relay Network Address Translation (TURN), if the network address can be determined, a media path between the first endpoint and the second endpoint based on the network address to support the communication session; and
  
  a processor configured to establish an encrypted session with a proxy server according to a cryptographic protocol to support the media path, the proxy server residing within the second domain;
  
  wherein signaling is converted from another proxy server associated with establishment of the communication session to a format compatible with the proxy server.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. An apparatus according to claim 8, wherein the encrypted session is established end-to-end from the first endpoint to the second endpoint.
  - 10. An apparatus according to claim 8, wherein the communication session is a Voice over IP (Internet Protocol) call.
  - 11. An apparatus according to claim 8, wherein the first domain and the second domain correspond either to different enterprise networks or autonomous networks.
  - 12. An apparatus according to claim 8, wherein the proxy server utilizes Session Initiation Protocol (SIP) signaling, and the other proxy server utilizes either a SIP-type signaling or a H.323 signaling.
  - 13. An apparatus according to claim 8, wherein, if the network address cannot be determined, the proxy server communicates with a media gateway coupled to a circuit-switched telephone network for termination of the communication session.
  - 14. An apparatus according to claim 8, wherein the cryptographic protocol includes a Transport Layer Security (TLS) protocol.

15. A system for providing packetized communication services, the system comprising:
- an address server configured to receive a request for a network address for communicating with a destination endpoint based on a directory number, wherein the directory number is specified in a call establishment request to establish a communication session from a source endpoint behind a first network address translator of a first domain, and the destination endpoint is within a second domain;
  
  an Electronic Number (ENUM) server to determine the network address;
  
  a Simple Traversal of User Datagram Protocol (STUN) server configured to support determination of existence of a second network address translator within the second domain;
  
  a Traversal Using Relay Network Address Translation (TURN) server configured to establish, if the network address can be determined, a media path between the source endpoint and the destination endpoint based on the network address to support the communication session,wherein the media path includes an encrypted session between a first proxy server residing within the first domain and a second proxy server residing within the second domain; and
  
  a gateway configured to convert signaling from the second proxy server associated with establishment of the communication session to a format compatible with the first proxy server.
- View Dependent Claims (16, 17, 18)
- - 16. A system according to claim 15, wherein the communication session is a Voice over Internet Protocol (IP) call, and the cryptographic protocol is a Transport Layer Security (TLS) protocol.
  - 17. A system according to claim 15, wherein the first domain and the second domain correspond either to different enterprise networks or autonomous networks.
  - 18. A system according to claim 15, wherein the first proxy server utilizes Session Initiation Protocol (SIP) signaling, and the second proxy server utilizes either a SIP-type signaling or a H.323 signaling.

19. A method for providing packetized communication services, the method comprising:
- transmitting a request to a near-end proxy server for establishing a communication session with a destination endpoint, wherein the request is transmitted through a first network address translator of a first domain, and the destination endpoint is within a second domain,wherein the near-end proxy server is configured communicate with a service provider network to determine, via an Electronic Number (ENUM), a network address for communicating with the second endpoint based on the directory number, to determine, via a Simple Traversal of User Datagram Protocol (STUN), existence of a second network address translator within the second domain, and to establish, via a Traversal Using Relay Network Address Translation (TURN), if the network address can be determined, a media path with the destination endpoint based on the network address to support the communication session;
  
  establishing an encrypted session with the near-end proxy server according to a cryptographic protocol to support the media path; and
  
  converting signaling from another proxy server associated with establishment of the communication session to a format compatible with the near-end proxy server.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. A method according to claim 19, wherein the near-end proxy server is further configured to establish an encrypted message data session with the far-end proxy server that is within the second domain.
  - 21. A method according to claim 20, wherein the near-end proxy server utilizes Session Initiation Protocol (SIP) signaling, and the far-end proxy server utilizes either a SIP-type signaling or a H.323 signaling.
  - 22. A method according to claim 19, wherein the communication session is a Voice over Internet Protocol (IP) call.
  - 23. A method according to claim 19, wherein the first domain and the second domain correspond either to different enterprise networks or autonomous networks.
  - 24. A method according to claim 19, wherein the cryptographic protocol includes a Transport Layer Security (TLS) protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Alt, Wade R., Bae, Kiwan Edward
Primary Examiner(s)
MILLS, DONALD L

Application Number

US13/454,837
Publication Number

US 20120207151A1
Time in Patent Office

1,015 Days
Field of Search

None
US Class Current

370/466
CPC Class Codes

H04L 61/2564   for a higher-layer protocol...

H04L 61/2578   without involvement of the ...

H04L 65/103   in the network

H04L 65/104   in the network

H04L 65/1043   Gateway controllers, e.g. m...

H04L 65/1101   Session protocols

H04L 65/1108   Web based protocols, e.g. w...

H04L 65/65   Network streaming protocols...

Method and system for providing secure communications between proxy servers in support of interdomain traversal

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing secure communications between proxy servers in support of interdomain traversal

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links