Inspection of data channels and recording of media streams

US 9,369,491 B2
Filed: 11/10/2014
Issued: 06/14/2016
Est. Priority Date: 11/10/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, from a first endpoint, a request for communication with a second endpoint, using browser based real time communication;

identifying, using a processor, a control protocol based on the request for communication;

receiving one or more write keys from the first endpoint;

monitoring, using the processor, communication between the first endpoint and the second endpoint using the one or more write keys;

generating a key request listing the control protocol;

sending the key request to the first endpoint; and

starting a timer in response to the key request, wherein the communication between the first endpoint and the second endpoint is blocked if the one or more write keys from the first endpoint are not received before the timer reaches a predetermined time period or if the key request is declined.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one implementation, two or more endpoints or client devices communication uses a peer-to-peer, browser based, real time communication protocol. One example of such a protocol is Web Real-Time Communication (WebRTC). An intermediary device receives from a first endpoint, a request for communication with a second endpoint, using the browser based real time communication. The intermediary device identifies a control protocol based on the request for communication, and receives one or more write keys from the first endpoint. The intermediary device monitors communication between the first endpoint and the second endpoint using the one or more write keys. Examples for the intermediary devices include servers, firewalls, and other network devices.

Citations

16 Claims

1. A method comprising:
- receiving, from a first endpoint, a request for communication with a second endpoint, using browser based real time communication;
  
  identifying, using a processor, a control protocol based on the request for communication;
  
  receiving one or more write keys from the first endpoint;
  
  monitoring, using the processor, communication between the first endpoint and the second endpoint using the one or more write keys;
  
  generating a key request listing the control protocol;
  
  sending the key request to the first endpoint; and
  
  starting a timer in response to the key request, wherein the communication between the first endpoint and the second endpoint is blocked if the one or more write keys from the first endpoint are not received before the timer reaches a predetermined time period or if the key request is declined.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - enforcing a security policy on the communication between the first endpoint and the second endpoint.
  - 3. The method of claim 2, wherein the security policy includes the identification or removal of malicious packets or malicious software.
  - 4. The method of claim 2, wherein the security policy includes recording or forwarding the communication between the first endpoint and the second endpoint.
  - 5. The method of claim 2, wherein the security policy includes filtering data based on the type of data or content of the communication between the first endpoint and the second endpoint.
  - 6. The method of claim 1, wherein the control protocol is port control protocol (PCP) and the key request is included in a PCP option of a MAP or PEER response.
  - 7. The method of claim 1, wherein the control protocol is a traversal around relays using network address translation (TURN) protocol and the key request is included in a session traversal utilities for network address translation (STUN) attribute of a permission response.
  - 8. The method of claim 1, further comprising:
    - starting a timer in response to the key request, wherein the communication between the first endpoint and the second endpoint is blocked if the one or more write keys from the first endpoint are not received before the timer reaches a predetermined time period or if the key request is declined.
  - 9. The method of claim 1, wherein receiving one or more write keys from the first endpoint further comprises:
    - receiving a first write key for a media channel; and
      
      receiving a second write key for a data channel.

10. An apparatus comprising:
- a communication interface configured to receive, from a first endpoint, a request for communication with a second endpoint, using browser based real time communication; and
  
  a processor configured to identify a control protocol based on the request for communication and monitor communication between the first endpoint and the second endpoint using one or more write keys received from the first endpoint,wherein the processor is configured to generate a key request for the first endpoint and the key request lists the control protocol,wherein the processor is configured to start a timer in response to the key request, wherein the communication between the first endpoint and the second endpoint is blocked if the one or more write keys from the first endpoint are not received before the timer reaches a predetermined time period or if the key request is declined.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The apparatus of claim 10, wherein the processor is configured to enforce a security policy on the communication between the first endpoint and the second endpoint.
  - 12. The apparatus of claim 11, wherein the security policy requires portions of the communication between the first endpoint and the second endpoint to be recorded.
  - 13. The apparatus of claim 11, wherein the security policy includes the identification or removal of malicious packets or malicious software.
  - 14. The apparatus of claim 11, wherein the security policy includes filtering data based on the type of data or content of the communication between the first endpoint and the second endpoint.

15. A method comprising:
- sending, from a first endpoint, a communication initiation message with a second endpoint, using browser based real time communication;
  
  receiving, from an intermediary device, a request to advertise write keys in response to the communication initiation message;
  
  sending one or more write keys in response to the request to advertise write keys; and
  
  sending communications to a second endpoint, wherein the communications are monitored by the intermediary device using the one or more write keys,wherein a timer is started in response to the request, wherein communication between the first endpoint and the second endpoint is blocked if the one or more write keys from the first endpoint are not received before the timer reaches a predetermined time period.

16. An apparatus comprising:
- a processor; and
  
  a memory storing instructions that when executed are configured to cause the processor to;
  
  generate a communication initiation message from a first endpoint to a second endpoint, using browser based real time communication;
  
  receive, from an intermediary device, a request to advertise write keys in response to the communication initiation message;
  
  send one or more write keys in response to the request to advertise write keys; and
  
  send communication to a second endpoint, wherein the communication is checked under a security policy by the intermediary device using the one or more write keys,wherein a timer is started in response to the request,wherein communication between the first endpoint and the second endpoint is blocked if the one or more write keys from the first endpoint are not received before the timer reaches a predetermined time period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Reddy, Tirumaleswar, Wing, Daniel, Patil, Prashanth
Primary Examiner(s)
Tabor, Amare F

Application Number

US14/537,336
Publication Number

US 20160134659A1
Time in Patent Office

582 Days
Field of Search

726/1
US Class Current

1/1
CPC Class Codes

H04L 61/2514   between local and global IP...

H04L 61/2575   using address mapping retri...

H04L 61/2589   over a relay server, e.g. t...

H04L 63/0245   Filtering by information in...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/1408   by monitoring network traff...

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

H04L 63/30   for supporting lawful inter...

H04L 67/02   based on web technology, e....

Inspection of data channels and recording of media streams

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Inspection of data channels and recording of media streams

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links