System and method for providing security in a telecommunication network

US 7,069,432 B1
Filed: 01/04/2000
Issued: 06/27/2006
Est. Priority Date: 01/04/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method for establishing a telephone call between a trusted Internet Protocol (IP) telephone and an untrusted device, the method comprising:

receiving a call initiation request from an untrusted device external to a trusted network, the call initiation request indicating a desired communication with a trusted IP telephone coupled to the trusted network;

evaluating the call initiation request;

establishing a telecommunication link between the untrusted device and the trusted IP telephone in response to a positive evaluation of the call initiation request, wherein evaluating the call initiation request comprises determining whether the untrusted device is requesting the establishment of media streaming with the trusted IP telephone;

monitoring communications transmitted between the untrusted device and the trusted IP telephone on the telecommunication link to ensure that the communications are media streaming to maintain the integrity of the trusted network; and

terminating the telecommunication link if the communications transmitted between the untrusted device and the trusted IP telephone are not media streaming to maintain the integrity of the trusted network;

wherein establishing the telecommunication link comprises;

associating a first logical port of a telephony proxy with the trusted IP telephone;

associating a second logical port of the telephony proxy with the untrusted device;

receiving first telecommunication data from the untrusted device at the first logical port;

modifying a first source address information in the first telecommunication data to specify the second logical port of the telephony proxy;

communicating the first telecommunication data with the modified first source address information to the trusted IP telephone;

receiving second telecommunication data from the trusted IP telephone at the second logical port;

modifying a second source address information in the second telecommunication data to specify the first logical port of the telephony proxy; and

communicating the second telecommunication data with the modified second source address information to the untrusted device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for establishing a telephone call between a trusted Internet Protocol (IP) telephone and an untrusted device. The method includes receiving a call initiation request from the untrusted device that indicates a desired communication with the trusted IP telephone. The method evaluates the call initiation request, and establishes a telecommunication link between the untrusted device and the trusted IP telephone in response to a positive evaluation of the call initiation request.

103 Citations

View as Search Results

43 Claims

1. A method for establishing a telephone call between a trusted Internet Protocol (IP) telephone and an untrusted device, the method comprising:
- receiving a call initiation request from an untrusted device external to a trusted network, the call initiation request indicating a desired communication with a trusted IP telephone coupled to the trusted network;
  
  evaluating the call initiation request;
  
  establishing a telecommunication link between the untrusted device and the trusted IP telephone in response to a positive evaluation of the call initiation request, wherein evaluating the call initiation request comprises determining whether the untrusted device is requesting the establishment of media streaming with the trusted IP telephone;
  
  monitoring communications transmitted between the untrusted device and the trusted IP telephone on the telecommunication link to ensure that the communications are media streaming to maintain the integrity of the trusted network; and
  
  terminating the telecommunication link if the communications transmitted between the untrusted device and the trusted IP telephone are not media streaming to maintain the integrity of the trusted network;
  
  wherein establishing the telecommunication link comprises;
  
  associating a first logical port of a telephony proxy with the trusted IP telephone;
  
  associating a second logical port of the telephony proxy with the untrusted device;
  
  receiving first telecommunication data from the untrusted device at the first logical port;
  
  modifying a first source address information in the first telecommunication data to specify the second logical port of the telephony proxy;
  
  communicating the first telecommunication data with the modified first source address information to the trusted IP telephone;
  
  receiving second telecommunication data from the trusted IP telephone at the second logical port;
  
  modifying a second source address information in the second telecommunication data to specify the first logical port of the telephony proxy; and
  
  communicating the second telecommunication data with the modified second source address information to the untrusted device.

2. A method for establishing a telephone call between a trusted Internet Protocol (IP) telephone and an untrusted device, the method comprising:
- receiving a call initiation request from an untrusted device external to a trusted network, the call initiation request indicating a desired communication with a trusted IP telephone coupled to the trusted network;
  
  evaluating the call initiation request;
  
  establishing a telecommunication link between the untrusted device and the trusted IP telephone in response to a positive evaluation of the call initiation request;
  
  monitoring communications transmitted between the untrusted device and the trusted IP telephone on the telecommunication link to ensure that the communications are media streaming to maintain the integrity of the trusted network; and
  
  terminating the telecommunication link if the communications transmitted between the untrusted device and the trusted IP telephone are not media streaming to maintain the integrity of the trusted network;
  
  wherein evaluating the call initiation request comprises determining whether the untrusted device is requesting the establishment of media streaming with the trusted IP telephone.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 3. The method of claim 2, wherein receiving a call initiation request from the untrusted device comprises intercepting a call initiation request at an entry point to the trusted network servicing the trusted IP telephone, the call initiation request sent from outside the trusted network by the untrusted device.
  - 4. The method of claim 2, wherein evaluating the call initiation request comprises determining whether the trusted IP telephone is a proper recipient of a telephone call from an untrusted device.
  - 5. The method of claim 4, wherein determining whether the trusted IP telephone is a proper recipient of a telephone call from an untrusted device comprises determining whether a network address of the trusted IP telephone is included in a list of approved network addresses.
  - 6. The method of claim 2, wherein evaluating the call initiation request comprises determining whether a network address of the untrusted device is included in a list of approved network addresses.
  - 7. The method of claim 2, wherein establishing a telecommunication link between the untrusted device and the trusted IP telephone comprises establishing a telecommunication link using a telephony proxy, whereby all telecommunications between the trusted IP telephone and the untrusted device are communicated through the telephony proxy.
  - 8. The method of claim 7, further comprising monitoring the telecommunication link to determine whether the telecommunications being sent by the untrusted device use an appropriate audio format.
  - 9. The method of claim 7, wherein monitoring the communications transmitted between the untrusted device and the trusted IP telephone comprises monitoring the telecommunication link to determine whether the telecommunications being sent by the untrusted device comprise media streaming.
  - 10. The method of claim 7, wherein establishing a telecommunication link between the untrusted device and the trusted IP telephone using the telephony proxy comprises:
    - associating a first logical port of the telephony proxy with the trusted IP telephone;
      
      receiving telecommunication data from the untrusted device at the first logical port;
      
      modifying source address information in the received telecommunication data to specify a second logical port of the telephony proxy associated with the untrusted device; and
      
      communicating the telecommunication data with the modified source address information to the trusted IP telephone.
  - 11. The method of claim 10, wherein associating a first logical port of the telephony proxy with the untrusted device comprises associating a User Datagram Protocol (UDP) logical port to enable the streaming of IP packets.
  - 12. The method of claim 11, wherein modifying the source address information in the received telecommunication data comprises modifying a source IP address and a source port in a header of each IP packet.

13. A communication network for establishing a telephone call between a trusted telephone and an untrusted device, the communication network comprising:
- a first trusted network;
  
  a trusted telephone coupled to the first trusted network;
  
  an authentication controller coupled to the first trusted network and operable to evaluate a call initiation request received from an untrusted device external to the first trusted network, the call initiation request indicating a desired communication with the trusted telephone, wherein evaluating the call initiation request comprises determining whether the untrusted device is requesting the establishment of media streaming with the trusted telephone; and
  
  a call manager operable to initiate the creation of a telecommunication link between the trusted telephone and the untrusted device in response to a positive evaluation of the call initiation request;
  
  wherein the authentication controller is further operable to;
  
  monitor communications transmitted between the untrusted device and the trusted telephone on the telecommunication link to ensure that the communications are media streaming to maintain the integrity of the trusted network; and
  
  terminate the telecommunication link if the communications transmitted between the untrusted device and the trusted telephone are not media streaming to maintain the integrity of the trusted network.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The communication network of claim 13, wherein the call manager is further operable to initiate the creation of a telecommunication link between the trusted telephone and the untrusted device using a telephony proxy, whereby all telecommunications between the trusted telephone and the untrusted device are communicated through the telephony proxy.
  - 15. The communication network of claim 14, wherein the telephony proxy, the authentication controller, and the call manager comprise software executed on one or more devices in the first trusted network.
  - 16. The communication network of claim 13, wherein the authentication controller is a component of the call manager.
  - 17. The communication network of claim 13, wherein:
    - the first trusted network comprises an Internet Protocol (IP) network; and
      
      the trusted telephone comprises an IP telephone.
  - 18. The communication network of claim 13, wherein the first trusted network and the untrusted device are coupled to the Internet.
  - 19. The communication network of claim 13, wherein:
    - the first trusted network is coupled to the Public Switched Telephone Network (PSTN) using a gateway; and
      
      the untrusted device is coupled to the PSTN.
  - 20. The communication network of claim 13, further comprising:
    - a second trusted network, the untrusted device coupled to the second trusted network; and
      
      an untrusted network coupling the first trusted network to the second trusted network.
  - 21. The communication network of claim 13, wherein the authentication controller comprises a list of addresses of network devices permitted to receive telephone calls from untrusted devices, the authentication controller evaluating a call initiation request positively if the call initiation request indicates a desired communication with a network device having an address in the list of network addresses.
  - 22. The communication network of claim 13, wherein the authentication controller comprises a list of network addresses of untrusted devices permitted to communicate with the trusted telephone, the authentication controller evaluating a call initiation request positively if the call initiation request originates from an untrusted device having an address on the list of network addresses.
  - 23. The communication network of claim 13, wherein the authentication controller is further operable to monitor the telecommunication link between the trusted telephone and the untrusted device to determine whether telecommunications being sent by the untrusted device use an appropriate audio format.
  - 24. The communication network of claim 13, wherein the authentication controller is further operable to monitor the communications transmitted between the untrusted device and the trusted telephone to determine whether telecommunications being sent by the untrusted device comprise media streaming.

25. Software embodied in a computer-readable medium and operable to perform the following steps:
- receiving a call initiation request from an untrusted device external to a trusted network, the call initiation request indicating a desired communication with a trusted Internet Protocol (IP) telephone coupled to the trusted network;
  
  evaluating the call initiation request;
  
  establishing a telecommunication link between the untrusted device and the trusted IP telephone in response to a positive evaluation of the call initiation request;
  
  monitoring communications transmitted between the untrusted device and the trusted IP telephone on the telecommunication link to ensure that the communications are media streaming to maintain the integrity of the trusted network; and
  
  terminating the telecommunication link if the communications transmitted between the untrusted device and the trusted IP telephone are not media streaming to maintain the integrity of the trusted network;
  
  wherein evaluating the call initiation request comprises determining whether the untrusted device is requesting the establishment of media streaming with the trusted IP telephone.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 26. The software of claim 25, wherein receiving a call initiation request from the untrusted device comprises intercepting a call initiation request at an entry point to the trusted network servicing the trusted IP telephone, the call initiation request sent from outside the trusted network by the untrusted device.
  - 27. The software of claim 25, wherein evaluating the call initiation request comprises determining whether the trusted IP telephone is a proper recipient of a telephone call from an untrusted device.
  - 28. The software of claim 27, wherein determining whether the trusted IP telephone is a proper recipient of a telephone call from an untrusted device comprises determining whether a network address of the trusted IP telephone is included in a list of approved network addresses.
  - 29. The software of claim 25, wherein evaluating the call initiation request comprises determining whether a network address of the untrusted device is included in a list of approved network addresses.
  - 30. The software of claim 25, wherein establishing a telecommunication link between the untrusted device and the trusted IP telephone comprises establishing a telecommunication link using a telephony proxy, whereby all telecommunications between the trusted IP telephone and the untrusted device are communicated through the telephony proxy.
  - 31. The software of claim 30, further operable to monitor the telecommunication link to determine whether the telecommunications being sent by the untrusted device use an appropriate audio format.
  - 32. The software of claim 30, further operable to monitor the telecommunication link to determine whether the telecommunications being sent by the untrusted device comprise media streaming.
  - 33. The software of claim 30, wherein establishing a telecommunication link between the untrusted device and the trusted IP telephone using the telephony proxy comprises:
    - associating a first logical port of the telephony proxy with the trusted IP telephone;
      
      receiving telecommunication data from the untrusted device at the first logical port;
      
      modifying source address information in the received telecommunication data to specify a second logical port of the telephony proxy associated with the untrusted device; and
      
      communicating the telecommunication data with the modified source address information to the trusted IP telephone.
  - 34. The software of claim 33, wherein associating a first logical port of the telephony proxy with the untrusted device comprises associating a User Datagram Protocol (UDP) logical port to enable the streaming of IP packets.
  - 35. The software of claim 34, wherein modifying the source address information in the received telecommunication data comprises modifying a source IP address and a source port in a header of each IP packet.

36. An apparatus for establishing a telephone call between a trusted Internet Protocol (IP) telephone and an untrusted device, the apparatus comprising:
- an authentication controller operable to evaluate a call initiation request received from an untrusted device external to a trusted network, the call initiation request indicating a desired communication with a trusted IP telephone coupled to the trusted network, wherein evaluating the call initiation request comprises determining whether the untrusted device is requesting the establishment of media streaming with the trusted IP telephone;
  
  a call manager operable to;
  
  initiate the creation of a telecommunication link between the trusted IP telephone and the untrusted device in response to a positive evaluation of the call initiation request;
  
  monitor communications transmitted between the untrusted device and the trusted IP telephone on the telecommunication link to ensure that the communications are media streaming to maintain the integrity of the trusted network; and
  
  terminate the telecommunication link if the communications transmitted between the untrusted device and the trusted IP telephone are not media streaming to maintain the integrity of the trusted network; and
  
  a telephony proxy, the telecommunication link between the trusted IP telephone and the untrusted device created using the telephony proxy such that all telecommunications between the trusted IP telephone and the untrusted device are communicated through the telephony proxy.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43)
- - 37. The apparatus of claim 36, wherein the authentication controller comprises a list of addresses of network devices permitted to receive telephone calls from untrusted devices, the authentication controller evaluating a call initiation request positively if the call initiation request indicates a desired communication with a network device having an address in the list of network addresses.
  - 38. The apparatus of claim 36, wherein the authentication controller comprises a list of network addresses of untrusted devices permitted to communicate with the trusted IP telephone, the authentication controller evaluating a call initiation request positively if the call initiation request originates from an untrusted device having an address on the list of network addresses.
  - 39. The apparatus of claim 36, wherein the authentication controller is further operable to monitor the telecommunication link between the trusted IP telephone and the untrusted device to determine whether telecommunications being sent by the untrusted device use an appropriate audio format.
  - 40. The apparatus of claim 36, wherein the authentication controller is further operable to monitor the telecommunication link between the trusted IP telephone and the untrusted device to determine whether telecommunications being sent by the untrusted device comprise media streaming.
  - 41. The apparatus of claim 36, wherein the telephony proxy comprises:
    - a first logical port associated with the trusted IP telephone;
      
      a second logical port associated with the untrusted device;
      
      an address modification module operable to modify source address information in telecommunication data received at the first logical port from the untrusted device to specify the second logical port of the telephony proxy; and
      
      a transmission module operable to communicate the telecommunication data with the modified source address information to the trusted IP telephone.
  - 42. The apparatus of claim 41, wherein the first and second logical ports are User Datagram Protocol (UDP) logical ports.
  - 43. The apparatus of claim 41, wherein the address modification module is operable to modify a source IP address and port information in a header of an IP packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Tighe, James R., Higgins, Ronald D., Platt, Richard B., Bell, Robert T.
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Colin, Carl G.

Application Number

US09/477,193
Time in Patent Office

2,366 Days
Field of Search

713/201, 713/151, 709/218, 709/227, 709/231, 709/232, 379/229, 379/87, 379/95
US Class Current

713/151
CPC Class Codes

H04L 63/101 Access control lists [ACL]

H04M 1/2535 adapted for voice communica...

System and method for providing security in a telecommunication network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

103 Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing security in a telecommunication network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links