Distributed application of enterprise policies to Web Real-Time Communications (WebRTC) interactive sessions, and related methods, systems, and computer-readable media

US 9,363,133 B2
Filed: 04/16/2013
Issued: 06/07/2016
Est. Priority Date: 09/28/2012
Status: Active Grant

First Claim

Patent Images

1. A system for applying an enterprise policy to a Web Real-Time Communications (WebRTC) interactive session, comprising:

at least one communications interface; and

a recipient device associated with the at least one communications interface and comprising a distributed policy enforcement agent, the distributed policy enforcement agent configured to;

receive a WebRTC session description object directed to the recipient device originating from a sender device;

determine one or more enterprise policies based on the WebRTC session description object;

determine whether the WebRTC session description object complies with the one or more enterprise policies; and

responsive to determining that the WebRTC session description object complies with the one or more enterprise policies;

establish a secure peer connection between the recipient device and the sender device;

receive, at the recipient device, a first WebRTC interactive flow originating from the sender device via the secure peer connection;

request, by the distributed policy enforcement agent, that a second WebRTC interactive flow including data from the first WebRTC interactive flow be established between the recipient device and an enterprise device;

receive, at the enterprise device, the second WebRTC interactive flow; and

process, by the enterprise device, the second WebRTC interactive flow in accordance with the one or more enterprise policies.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Distributed application of enterprise policies to WebRTC interactive sessions, and related methods, systems, and computer-readable media are disclosed. In this regard, in one embodiment, a method for applying an enterprise policy to a WebRTC interactive session comprises receiving, by a distributed policy enforcement agent of a recipient device, a WebRTC session description object directed to the recipient device originating from a sender device via a secure network connection. The method further comprises determining, by the distributed policy enforcement agent, one or more enterprise policies based on the WebRTC session description object. The method additionally comprises applying the one or more enterprise policies to the WebRTC session description object. In this manner, an enterprise may permit establishment of a WebRTC interactive session that crosses an enterprise network boundary, while at the same time ensuring that the WebRTC interactive session complies with the one or more enterprise policies.

138 Citations

28 Claims

1. A system for applying an enterprise policy to a Web Real-Time Communications (WebRTC) interactive session, comprising:
- at least one communications interface; and
  
  a recipient device associated with the at least one communications interface and comprising a distributed policy enforcement agent, the distributed policy enforcement agent configured to;
  
  receive a WebRTC session description object directed to the recipient device originating from a sender device;
  
  determine one or more enterprise policies based on the WebRTC session description object;
  
  determine whether the WebRTC session description object complies with the one or more enterprise policies; and
  
  responsive to determining that the WebRTC session description object complies with the one or more enterprise policies;
  
  establish a secure peer connection between the recipient device and the sender device;
  
  receive, at the recipient device, a first WebRTC interactive flow originating from the sender device via the secure peer connection;
  
  request, by the distributed policy enforcement agent, that a second WebRTC interactive flow including data from the first WebRTC interactive flow be established between the recipient device and an enterprise device;
  
  receive, at the enterprise device, the second WebRTC interactive flow; and
  
  process, by the enterprise device, the second WebRTC interactive flow in accordance with the one or more enterprise policies.

2. A method for applying an enterprise policy to a Web Real-Time Communications (WebRTC) interactive session, comprising:
- receiving, by a distributed policy enforcement agent of a recipient device, a WebRTC session description object directed to the recipient device originating from a sender device;
  
  determining, by the distributed policy enforcement agent, one or more enterprise policies based on the WebRTC session description object;
  
  applying the one or more enterprise policies to the WebRTC session description object;
  
  determining, by the distributed policy enforcement agent, whether the WebRTC session description object conforms to an expected WebRTC session description object format; and
  
  responsive to determining that the WebRTC session description object does not conform to the expected WebRTC session description object format, discarding the WebRTC session description object.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10)
- - 3. The method of claim 2, wherein receiving the WebRTC session description object comprises receiving the WebRTC session description object via a secure network connection.
  - 4. The method of claim 2, wherein determining the one or more enterprise policies comprises:
    - querying an enterprise policy data store by the distributed policy enforcement agent; and
      
      responsive to the querying, receiving by the distributed policy enforcement agent, the one or more enterprise policies from the enterprise policy data store.
  - 5. The method of claim 2, wherein determining the one or more enterprise policies based on the WebRTC session description object comprises determining the one or more enterprise policies based on an identity associated with the sender device, an identity of an intermediary that forwarded the WebRTC session description object to the recipient device, an exchange of encryption keys, or a type of WebRTC interactive flow, or combinations thereof.
  - 6. The method of claim 2, wherein applying the one or more enterprise policies to the WebRTC session description object comprises determining whether the WebRTC session description object complies with the one or more enterprise policies.
  - 7. The method of claim 6, further comprising, responsive to determining that the WebRTC session description object complies with the one or more enterprise policies, establishing a first WebRTC interactive flow between the sender device and the recipient device.
  - 8. The method of claim 7, wherein establishing the first WebRTC interactive flow comprises:
    - establishing a secure peer connection between the recipient device and the sender device;
      
      receiving, at the recipient device, the first WebRTC interactive flow originating from the sender device via the secure peer connection; and
      
      applying the one or more enterprise policies to the first WebRTC interactive flow.
  - 9. The method of claim 8, wherein establishing the secure peer connection comprises modifying one or more Interactive Connectivity Establishment (ICE) packets based on the one or more enterprise policies.
  - 10. The method of claim 8, wherein the first WebRTC interactive flow is an interactive data interchange;
    - andwherein applying the one or more enterprise policies to the first WebRTC interactive flow comprises examining the contents of the interactive data interchange to determine compliance with the one or more enterprise policies.

11. A system for applying an enterprise policy to a Web Real-Time Communications (WebRTC) interactive session, comprising:
- at least one communications interface; and
  
  a recipient device associated with the at least one communications interface and comprising a distributed policy enforcement agent, the distributed policy enforcement agent configured to;
  
  receive a WebRTC session description object directed to the recipient device originating from a sender device;
  
  determine one or more enterprise policies based on the WebRTC session description object;
  
  determine whether the WebRTC session description object complies with the one or more enterprise policies; and
  
  responsive to determining that the WebRTC session description object does not comply with the one or more enterprise policies, decline to establish a WebRTC interactive flow between the sender device and the recipient device.

12. A system for applying an enterprise policy to a Web Real-Time Communications (WebRTC) interactive session, comprising:
- at least one communications interface; and
  
  a recipient device associated with the at least one communications interface and comprising a distributed policy enforcement agent, the distributed policy enforcement agent configured to;
  
  receive a WebRTC session description object directed to the recipient device originating from a sender device;
  
  determine one or more enterprise policies based on the WebRTC session description object;
  
  determine whether the WebRTC session description object complies with the one or more enterprise policies; and
  
  responsive to determining that the WebRTC session description object does not comply with the one or more enterprise policies, provide one or more options for an alternative WebRTC interactive flow to the sender device.

13. A non-transitory computer-readable medium having stored thereon computer-executable instructions to cause a processor to implement a method, comprising:
- receiving, by a distributed policy enforcement agent of a recipient device, a Web Real-Time Communications (WebRTC) session description object directed to the recipient device originating from a sender device via a secure network connection;
  
  determining, by the distributed policy enforcement agent, one or more enterprise policies based on the WebRTC session description object;
  
  determining whether the WebRTC session description object complies with the one or more enterprise policies; and
  
  responsive to determining that the WebRTC session description object complies with the one or more enterprise policies;
  
  establishing a secure peer connection between the recipient device and the sender device;
  
  receiving, at the recipient device, a first WebRTC interactive flow originating from the sender device via the secure peer connection;
  
  requesting, by the distributed policy enforcement agent, that a second WebRTC interactive flow including data from the first WebRTC interactive flow be established between the recipient device and an enterprise device;
  
  receiving, at the enterprise device, the second WebRTC interactive flow; and
  
  processing, by the enterprise device, the second WebRTC interactive flow in accordance with the one or more enterprise policies.

14. A non-transitory computer-readable medium having stored thereon computer-executable instructions to cause a processor to implement a method, comprising:
- receiving, by a distributed policy enforcement agent of a recipient device, a Web Real-Time Communications (WebRTC) session description object directed to the recipient device originating from a sender device via a secure network connection;
  
  determining, by the distributed policy enforcement agent, one or more enterprise policies based on the WebRTC session description object;
  
  determining whether the WebRTC session description object complies with the one or more enterprise policies; and
  
  responsive to determining that the WebRTC session description object does not comply with the one or more enterprise policies, declining to establish a WebRTC interactive flow between the sender device and the recipient device.

15. A system for applying an enterprise policy to a Web Real-Time Communications (WebRTC) interactive session, comprising:
- at least one communications interface; and
  
  a recipient device associated with the at least one communications interface and comprising a distributed policy enforcement agent, the distributed policy enforcement agent configured to;
  
  receive a WebRTC session description object directed to the recipient device originating from a sender device;
  
  determine one or more enterprise policies based on the WebRTC session description object;
  
  apply the one or more enterprise policies to the WebRTC session description object;
  
  determine whether the WebRTC session description object conforms to an expected WebRTC session description object format; and
  
  responsive to determining that the WebRTC session description object does not conform to the expected WebRTC session description object format, discard the WebRTC session description object.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The system of claim 15, wherein the distributed policy enforcement agent is configured to determine the one or more enterprise policies by:
    - querying an enterprise policy data store; and
      
      responsive to the querying, receiving the one or more enterprise policies from the enterprise policy data store.
  - 17. The system of claim 15, wherein the distributed policy enforcement agent is configured to apply the one or more enterprise policies to the WebRTC session description object by determining whether the WebRTC session description object complies with the one or more enterprise policies.
  - 18. The system of claim 17, wherein the distributed policy enforcement agent is further configured to, responsive to determining that the WebRTC session description object complies with the one or more enterprise policies, establish a first WebRTC interactive flow between the sender device and the recipient device.
  - 19. The system of claim 18, wherein the distributed policy enforcement agent is configured to establish the first WebRTC interactive flow by:
    - establishing a secure peer connection between the recipient device and the sender device;
      
      receiving, at the recipient device, the first WebRTC interactive flow originating from the sender device via the secure peer connection; and
      
      applying the one or more enterprise policies to the first WebRTC interactive flow.

20. A non-transitory computer-readable medium having stored thereon computer-executable instructions to cause a processor to implement a method, comprising:
- receiving, by a distributed policy enforcement agent of a recipient device, a Web Real-Time Communications (WebRTC) session description object directed to the recipient device originating from a sender device via a secure network connection;
  
  determining, by the distributed policy enforcement agent, one or more enterprise policies based on the WebRTC session description object;
  
  determining whether the WebRTC session description object complies with the one or more enterprise policies; and
  
  responsive to determining that the WebRTC session description object does not comply with the one or more enterprise policies, providing one or more options for an alternative WebRTC interactive flow to the sender device.

21. A non-transitory computer-readable medium having stored thereon computer-executable instructions to cause a processor to implement a method, comprising:
- receiving, by a distributed policy enforcement agent of a recipient device, a Web Real-Time Communications (WebRTC) session description object directed to the recipient device originating from a sender device via a secure network connection;
  
  determining, by the distributed policy enforcement agent, one or more enterprise policies based on the WebRTC session description object;
  
  applying the one or more enterprise policies to the WebRTC session description object;
  
  determining whether the WebRTC session description object conforms to an expected WebRTC session description object format; and
  
  responsive to determining that the WebRTC session description object does not conform to the expected WebRTC session description object format, discarding the WebRTC session description object.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The non-transitory computer-readable medium of claim 21 having stored thereon the computer-executable instructions to cause the processor to implement the method, wherein determining the one or more enterprise policies comprises:
    - querying an enterprise policy data store by the distributed policy enforcement agent; and
      
      responsive to the querying, receiving by the distributed policy enforcement agent, the one or more enterprise policies from the enterprise policy data store.
  - 23. The non-transitory computer-readable medium of claim 21 having stored thereon the computer-executable instructions to cause the processor to implement the method, wherein applying the one or more enterprise policies to the WebRTC session description object comprises determining whether the WebRTC session description object complies with the one or more enterprise policies.
  - 24. The non-transitory computer-readable medium of claim 23 having stored thereon the computer-executable instructions to cause the processor to implement the method further comprising, responsive to determining that the WebRTC session description object complies with the one or more enterprise policies, establishing a first WebRTC interactive flow between the sender device and the recipient device.
  - 25. The non-transitory computer-readable medium of claim 24 having stored thereon the computer-executable instructions to cause the processor to implement the method, wherein establishing the first WebRTC interactive flow comprises:
    - establishing a secure peer connection between the recipient device and the sender device;
      
      receiving, at the recipient device, the first WebRTC interactive flow originating from the sender device via the secure peer connection; and
      
      applying the one or more enterprise policies to the first WebRTC interactive flow.

26. A method for applying an enterprise policy to a Web Real-Time Communications (WebRTC) interactive session, comprising:
- receiving, by a distributed policy enforcement agent of a recipient device, a WebRTC session description object directed to the recipient device originating from a sender device;
  
  determining, by the distributed policy enforcement agent, one or more enterprise policies based on the WebRTC session description object;
  
  determining whether the WebRTC session description object complies with the one or more enterprise policies; and
  
  responsive to determining that the WebRTC session description object complies with the one or more enterprise policies;
  
  establishing a secure peer connection between the recipient device and the sender device;
  
  receiving, at the recipient device, a first WebRTC interactive flow originating from the sender device via the secure peer connection;
  
  requesting, by the distributed policy enforcement agent, that a second WebRTC interactive flow including data from the first WebRTC interactive flow be established between the recipient device and an enterprise device;
  
  receiving, at the enterprise device, the second WebRTC interactive flow; and
  
  processing, by the enterprise device, the second WebRTC interactive flow in accordance with the one or more enterprise policies.

27. A method for applying an enterprise policy to a Web Real-Time Communications (WebRTC) interactive session, comprising:
- receiving, by a distributed policy enforcement agent of a recipient device, a WebRTC session description object directed to the recipient device originating from a sender device;
  
  determining, by the distributed policy enforcement agent, one or more enterprise policies based on the WebRTC session description object;
  
  determining whether the WebRTC session description object complies with the one or more enterprise policies; and
  
  responsive to determining that the WebRTC session description object does not comply with the one or more enterprise policies, declining to establish a WebRTC interactive flow between the sender device and the recipient device.

28. A method for applying an enterprise policy to a Web Real-Time Communications (WebRTC) interactive session, comprising:
- receiving, by a distributed policy enforcement agent of a recipient device, a WebRTC session description object directed to the recipient device originating from a sender device;
  
  determining, by the distributed policy enforcement agent, one or more enterprise policies based on the WebRTC session description object;
  
  determining whether the WebRTC session description object complies with the one or more enterprise policies; and
  
  responsive to determining that the WebRTC session description object does not comply with the one or more enterprise policies, providing one or more options for an alternative WebRTC interactive flow to the sender device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Avaya Incorporated
Inventors
Yoakum, John H., Johnston, Alan B.
Primary Examiner(s)
KATSIKIS, KOSTAS J

Application Number

US13/863,662
Publication Number

US 20140095724A1
Time in Patent Office

1,148 Days
Field of Search

709/228
US Class Current

1/1
CPC Class Codes

H04L 63/0218   Distributed architectures, ...

H04L 63/20   for managing network securi...

H04L 65/1101   Session protocols

H04L 65/1108   Web based protocols, e.g. w...

H04L 67/56   Provisioning of proxy servi...

H04L 69/327   in the session layer [OSI l...

Y04S 40/20   Information technology spec...

Distributed application of enterprise policies to Web Real-Time Communications (WebRTC) interactive sessions, and related methods, systems, and computer-readable media

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

138 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed application of enterprise policies to Web Real-Time Communications (WebRTC) interactive sessions, and related methods, systems, and computer-readable media

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

138 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links