US006980526B2
`
`a2, United States Patent
`US 6,980,526 B2
`(10) Patent No.:
`Dec. 27, 2005
`(45) Date of Patent:
`Janget al.
`
`(54)
`
`(75)
`
`MULTIPLE SUBSCRIBER
`VIDEOCONFERENCING SYSTEM
`
`Inventors: Saqib Jang, Woodside, CA (US); Mark
`Kent, Los Altos Hills, CA (US)
`
`(73)
`
`Assignee:
`
`Margalla Communications, Inc.,
`Woodside,
`CA (US)
`
`(*)
`
`Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`US.C. 154
`(b) by 917 days.
`
`(21)
`
`(22)
`
`(65)
`
`(60)
`
`(61)
`(52)
`(58)
`
`(56)
`
`Appl. No.: 09/819,548
`
`Filed:
`
`Mar. 26, 2001
`
`Prior Publication Data
`
`US 2001/0043571 Al
`
`Nov. 22, 2001
`
`Related U.S. Application Data
`
`Provisional application No. 60/191,819, filed on Mar.
`24, 2000.
`
` HO4L 12/16
`
`370/260; 370/352; 370/401
`Field of Search ...............cc eee 370/260, 261,
`370/262, 264, 265, 351, 352, 353, 354, 401,
`370/402, 494, 495
`
`References Cited
`
`U.S. PATENT
`
`DOCUMENTS
`
`11/1998
`5,838,664 A
`2/1999
`5,867,494 A
`2/1999
`5,867,495 A
`5/1999
`5,903,302 A *
`12/1999
`5,999,525 A
`5,999,966 A * 12/1999
`6,025,870 A *
`2/2000
`6,078,810 A *
`6/2000
`6,097,719 A
`8/2000
`
`Polomski
`Krishnaswamyet al.
`Elliott et al.
`....... 348/14.08
`Browninget al.
`Krishnaswamyet al.
`McDougall et al.
`........ 709/204
`Hardy ......cccceeeeceeeee 348/14.1
`Olds et al. we 455/428
`Benashetal.
`
`6,147,988 A
`6,157,401 A
`6,188,687 B1*
`6,205,135 B1
`6,262,978 B1*
`6,373,850 B1*
`
`11/2000 Bartholomewetal.
`12/2000 Wiryaman
`2/2001 Mussmanetal. ........... 370/388
`3/2001 Chinniet al.
`7/2001 Brunoetal... 370/260
`4/2002 Lecourtier etal. .......... 370/409
`
`OTHER PUBLICATIONS
`
`“Next Generation IP Conferencing Services” Ridgeway
`Systems & Software white paper, 1999.
`James Toga and Hani ElGebaly, “Demystifying Multimedia
`Conferencing Over the Internet Using the H.323 Set of
`Standards,” Intel Technology Journal Q2 °98, pp. 1-11.
`www.teleconferencemag.com/html/issues/issues2000/
`dec_2000/1200view.html, Dec. 2000.
`www.teleconferencemag.com/html/issues/issues2000/
`dec__2000/1200view.html, Nov. 2000.
`www.teleconferencemag.com/html/issues/issues2000/
`dec_2000/1200 view.html, Oct. 2000.
`
`(Continued)
`
`Primary Examiner—Phirin Sam
`(74) Attorney, Agent, or Firm—Alleman Hall McCoy
`Russell & Tuttle LLP
`
`(57)
`
`ABSTRACT
`
`Asystem, method, and device for use in videoconferencing.
`The method typically includes installing a videoconferenc-
`ing services switch at an access point to an IP network, and
`registering a plurality of subscribers for videoconferencing
`services. Each subscriber typically has a plurality of end-
`points. The method further includes receiving subscriber-
`specific settings to be applied to multiple videoconferencing
`calls from the plurality of endpoints associated with each
`subscriber. The method further includes storing the sub-
`scriber-specific settings at a location accessible to the
`switch, and configuring the switch to connect calls from the
`plurality of endpoints at each subscriber based on the
`corresponding subscriber-specific settings.
`
`26 Claims, 10 Drawing Sheets
`
`36 40
`
`VIDECCONFERENCING
`348
`INAL
`SERVICES SWITCH
`TERM
`18
`
`
`ENTERPRISE [EMOLATOR]VIDEO
`34
`\!
`GATEWAY—|ENCRYPTION
`
`ENTERPRISE
`TERMINAL
`ROUTER
`34
`38
`
`36
`4o~.
`~44
`TERMINAL =
`ENTERPRISE aaa]
`VIDEO
`\
`ENTERPRISE
`GATEWAY—|ENCRYPTION |
`TERMINAL -4b
`ROUTER
`ACCESS POINT 18
`44
`
`
`
`18 XX
`
`
`
`INTERNETYC2° SERVICE PROVIDER NETWORK14
`
`MULTIPLE ENTERPRISE SUBSCRIBER NETWORKS 18
`uv
`a
`
`142
`BACKBONE
`7
`
`32
`440
`436
`a
`142
`
` TERMINAL|118
`
`VIDEOCONFERENCING
`SERVICES SWITCH
`
`ENTERPRISE
`
`|__1134-
`a!
`EMULATOR
`VIDEO
`ENCRYPTION|GATEWAY
`
`TERMINAL
`
`
`
`ENTERPRISE
`ROUTER
`4
`140
`144
`VOICE SWITCH
`CORE
`136
`‘OUTER ? VPN SWITCH -128
`TERMINAL|118
`ENTERPRISE
`12
`|_|
`fa!
`VIDEO
`EMULATOR
`2.
`124-4
`130
`GATEWAY
`ENCRYPTION
`144
`
`ACCESS POINT 116
`
`ENTERPRISE
`ROUTER
`XQ
`
`__PTeRMINAL
`134b
`
`SERVICE PROVIDER NETWORK114
`
`MULTIPLE ENTERPRISE SUBSCRIBER NETWORKS 218
`
`xX 411
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 1 of 20
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 1 of 20
`
`

`

`US 6,980,526 B2
`
`Page 2
`
`OTHER PUBLICATIONS
`
`wwwaq...A,720,,00.html?printVersion=1&xmlFilename=2000
`May11274
`&storyId=27, May 2000.
`biz.yahoo.com/prnews/010207/ca_interna.html.
`“Multiprotocol Label Switching Architecture,” ftp.isi.edu/
`in-notes/rfc3031.txt, Jan. 2001.
`“BGP/MPLS VPNs,” ftp.isi.edu/in-notes/rfc2547.txt, Jan.
`2001.
`
`“Firewall Vulnerability and Network Protection for Stream-
`ing and Emerging UDP Applications,” Networking Systems
`Laboratory NEC USA,Inc., Aug. 2000.
`
`“High Performance H.323 Firewalling for VoIP Solutions,”
`Aravox Technologies.
`the Edge,” Copper Mountain
`“IP Service Intelligence at
`Networks, Inc. and Spring Tide Networks, Inc.
`“IP and Frame Relay: Bridging the Gap for Seamless and
`Secure Virtual Private Networking,” CoSine Communica-
`tions white paper.
`“H.323 and Firewalls: Problem Statement and Solution
`Framework,”
` ftp.yars.free.net/pub/doc/Drafts/draft-shore-
`h323-firewalls-00.txt.gz, Feb. 3, 2000.
`“H.323 and Firewalls: The problems andpitfalls of getting
`H.323 safely through firewalls,” Intel Corporation, Revision
`2.0, Mar. 21, 2001.
`
`* cited by examiner
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 2 of 20
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 2 of 20
`
`

`

`U.S. Patent
`
`Dec. 27, 2005
`
`Sheet 1 of 10
`
`US 6,980,526 B2
`
`
`
`
`
`
`Lb,BFFSRIONBNWaaIHOSANS3S!YaeSLNASTALLL‘OiFITWHOMLANHSCINOHdSOMES
`of[saraeaeona]
`
`
`8aAWNIWYALqsiudlsingaLYOLVINWSgelHOLIMSSAOIANAS
`OIAGe“TOge02OLVINNS|SojmenaNa\
`YaLNOYOLIMSNd/\YANOvc
`
`
`
`relfaTrrlwainowTTLNIOdSS300V
`SOIANAS~—gz
`
`
`TDLINSOIOA5903YaLNOY0aghddaiNS3409TWNIWMAL
`
`
`TWNINMALFSIMAYSLNS
`TWNINSALAsidualNa
`[_roumenan|*wwinual|8h
`ONIONSMSANOQOAIATWNIWaaL|8h
`
`
`
`v(tOblppt¥BLNOYHOLIMSNeAYaLNOY
`
`DPMHOMLANYSCIAOUd
`3C)NOILdANONa|=AVMALVO
`
`OLLNIOdwainowSS300V¥
`
`
`NOLLGAHONACaO3AIA yOLYInNST|ozol”yeZZi
`
`AVMALVYS|
`SOLOpONIONSYS4NODOZAIA
`AVMALVD—|NOLLGAYONSCO)
`
`
` (a_~2ceCulay
`
`
`YaLNOY3903HOLINGSOIOA5Y00
`ALa¥rOre~,
`
`ASIdcALNaTWNIWMAL
`()veaN
`
`
`
`
`GTSMHOMLANYASMOSENSASINGHALNAFTdLLIAWgol
`
`
`
`
`HOLIMSSSOIAUSS
`
`ae
`
`él
`
`Bye
`
`Brel
`
`PelOAdlA
`
`
`
`ETanoayova
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 3 of 20
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 3 of 20
`
`
`
`
`
`

`

`Dec. 27, 2005
`
`U.S. Patent
`
`A
`
`ZLZ
`
`pez
`
`ogzar
`
`©NIONSYSINODOAGIACOVE92
`HOLIMSSSOIAMSSTWNIWGAL
`
`
`
`pez
`
`9ezLz
`INAveeATWNINMAL
`
`3SIMda
`
`
`912AYMALY9OAAIA
`ATWNIWYAL
`
`
`
`
`
`CS.LVYOSLNIJNOgOVEOLWLYWv'sdFSIWdYSLNAvee
`
`
`
`
`
`
`
`
`
`HOLIMSJOGSSIOOVAYMALY9OFGIA
`
`Sheet 2 of 10
`
`US 6,980,526 B2
`
`YALNONdsl
`
`ZSZ
`
`WNINMAL
`
`=812SHMOMLIN
`
`
`
`
`
`
`ashcMaINaIZMYOMLINYSCIAONdJOINS1SSAaMOsaNS
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 4 of 20
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 4 of 20
`
`
`

`

`U.S. Patent
`
`Dec. 27, 2005
`
`Sheet 3 of 10
`
`US 6,980,526 B2
`
`
`chnoeATINGONSNV1dTONLNOO
`
`soe
`ole
`oze——_BLE\AMOWAINJYOSSIOOUd
`
`AMONAINHOSSIIOUdLSOHSVRINCALN
`
`
`
`
`
`
`HOLIMSSSOIAMASONIONSYASNODOICIA
`
`90¢
`
`ZLe
`
`sng
`
`SLYOdLNdLNOQLE—S1YOdLNdNI
`
`
`
`
`
` pOs‘\TINGOWSNV1dViva
`
`vile
`
`MHOMSN
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 5 of 20
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 5 of 20
`
`
`

`

`U.S. Patent
`
`Dec. 27, 2005
`
`Sheet 4 of 10
`
`US 6,980,526 B2
`
`OF
`
`AXOUddl
`
`2807
`
`blywaLnoySOIAMASAMLYO
`
`
`
`€ZEHTWALHIA71nd0Wssn
`SONILLAS|=ONDANNAL
`
`SONILISSTSoySONILLASSONILLAS
`
`
`YadSIMALVO3e0rbear
`
`
`TALIAASIHdYALNSTWNIWYSL
`
`
`TOMLNODTVD
`
`TINGOW
`
`
`
`
`
`
`
`MYOMLANYSglwOSENS
`
`
`
`ddV¥LNAWSJDVNVA
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 6 of 20
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 6 of 20
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Dec.27, 2005
`
`Sheet 5 of 10
`
`US 6,980,526 B2
`
`SECURITY MODULE
`
`|
`
`
`
`
`
`
`
`430
`
`VIDEOCONFERENCING SERVICES SWITCH 12 ~ \
`
`
`QUALITY OF SERVICE
`|
`420
`420
`MODULE
`
`
`
`
`
`
`Ny!|MPLS TRAFFIC SIP/H.323 FIREWALL |
`
`
`
`
`
`ENGINEERING
`|
`408n
`
`
`
`408h—{
`SETTINGS
`SETTINGS
`424
`|
`BANDWIDTH
`432
`
`
`
`|
`MANAGEMENT
`SIP/H323
`
`
`
`
`
`
`408]—|406||NAT MODULE-4081SETTINGS |
`
`
`
`
`SETINGS]
`DIERSERV
`|
`
`108
`|
`408)
`{SETTINGS
`:
`Le?
`ENCRYPTION
`IP OVERATM
`
`MODUL
`4089
`408k~Y
`SETTINGS
`
`SETTINGS
`Le
`
`VIDEO
`|
`TRANSMISSION
`
`VIRTUAL PRIVATE
`|
`ANRLYSIS
`NETWORK
`--408p
`|
`20
`FROM
`M~Y
`SETTINGS
`
`po
`~
`
`
` Le
`SETTINGS
`438 POLICY ENGINE
`
`
`
`
`
`
`SUBSCRIBER
`SPEGIFIC SETTINGS
`
`FROM
`A
`
`N\
`
`a
`(— -N- S _
`NS
`Le
`= \
`Uc
`
`408
`FROM™
`*
`<
`
`
` 36, 236
`SETTINGS
`VIDEQCONFERENCING
`
`
`
`SERVICES MANAGEMENT APP
`402
`
`
`a
`
`“a
`
`406
`
`DATABASE
`
`404
`
`FIG. 4B
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 7 of 20
`
`| | | | | | 4
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 7 of 20
`
`

`

`U.S. Patent
`
`Dec.27, 2005
`
`Sheet 6 of 10
`
`INSTALL VIDEOCONFERENCING
`SERVICES SWITCH AT ACCESS POINT TO
`INTERNET PROTOCOL(IP) NETWORK
`
`REGISTER SUBSCRIBERSFORIP
`VIDEOCONFERENCING SERVICES
`
`US 6,980,526 B2
`
`500
`
`
`
`RECEIVE SUBSGRIBER-SPECIFIG
`SETTINGS TO BE APPLIED TO MULTIPLE
`VIDEOCONFERENCING CALLS
`
`
`
`STORE SUBSCRIBER-SPECIFIC SETTINGS
`AT LOCATION ACCESSIBLE TO SWITCH
`
`
`
`CONFIGURE SWITCH TO CONNECT
`CALLS BETWEEN SUBSCRIBERS BASED
`ON CORRESPONDING SUBSCRIBER-
`
`RECEIVE AND PROCESSCALL
`
`514
`
`(RECEIVECALLCONNECTION AL | /
`
`SPECIFIC SETTINGS
`
`
`|
`
`REQUEST
`
`4
`516
`( CONNECT REQUESTEDCALL, aL L?7
`USING H.323/SIP PROTOCOL
`|
`Taya a a|8B
`y
`~YL y
`MONITOR CALL
`be
`TTT yr TTT 520
`RECEIVE CALL
`“L 4
`TERMINATION REQUEST
`1
`satay | 522
`Y
`a ee y
`LOG CALL RECORD
`ae
`weeee a7
`
`(
`|
`
`FIG. 5
`
`7
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 8 of 20
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 8 of 20
`
`

`

`U.S. Patent
`
`Dec.27, 2005
`
`Sheet 7 of 10
`
`US 6,980,526 B2
`
`CONFIGURE TUNNELING MODULE
`
`CREATE IPSEC TUNNEL
`[7
`|
`BETWEEN SWITCH AND
`\ ENTERPRISE VIDEO GATEWAY __,
`
`510
`
`_”
`
`CONFIGURE VIRTUAL ROUTER(VR)
`
`CREATE VR WITHIN
`SWITCH FOR SUBSRIBER
`— —_~
`
`(
`"
`
`CONFIGURE ROUTING
`SERVICES FOR SUBSCRIBER
`
`|"
`
`
`
`CONFIGURE H.323
`~
`GATEKEEPER AND/OR
`|
`\__SIPPROXYFORSUBSCRIBER_
`
`CONFIGURE SECURITY MODULE
`
`CONFIGURE QUALITY
`OF SERVICE MODULE
`
`CONFIGURE USER-SPECIFIC
`AND SUBSCRIBER-SPECIFIC
`SETTINGS ON POLICY ENGINE
`
`FIG. 6
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 9 of 20
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 9 of 20
`
`

`

`U.S. Patent
`
`Dec.27, 2005
`
`Sheet 8 of 10
`
`US 6,980,526 B2
`
`616
`
`Ny
`
`702 CONFIGURE H.323/SESSION INITIATION
`
`PROTOCOL (SIP) FIREWALL
` 706 108
`
`
`
`CONFIGURE H.323/SIP NETWORK
`
`ADDRESS TRANSLATION (NAT) MODULE
`
`104
`
`CONFIGURE ENCRYPTION MODULE
`
`
`CONFIGURE VIRTUAL PRIVATE
`
`NETWORK(VPN) MODULE
`
`FIG. 7
`
`618
`
` 802
`
`
`CONFIGURE MULTIPROTOCOLLABEL
`SWITCHING (MPLS) TRAFFIC
`ENGINEERING (TE) MODULE
`
`
`CONFIGURE BANDWIDTH
`MANAGEMENT MODULE
`
`804
`
`
`
`
`
`
`806
`
`CONFIGURE DIFFERENTIATED
`
`
`SERVICES (DIFF-SERV) MODULE
`
`
`
`
`
`
`CONFIGURE IP OVER ASYNCHRONOUS
`TRANSFER MODE (ATM) MODULE
`
`808
`
`
`
`810
`
`CONFIGURE VIDEO
`TRANSMISSION ANALYSIS MODULE
`
`FIG. 8
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 10 of 20
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 10 of 20
`
`

`

`U.S. Patent
`
`Dec. 27, 2005
`
`Sheet 9 of 10
`
`US 6,980,526 B2
`
`620
`
`\
`
`
`
`902
`
`904
`
`906
`
`SET INBOUND/OUTBOUND
`CALLING PRIVILEGES
`
`SET TIME OF DAY PRIVILEGES
`
`908
`
`
`
`
`910
` 914
`918 SET CALL SCREENING
`
`
`
` SET MAXIMUM VIDEO
`
`
`QUALITY PRIVILEGES
`
`SET 2-WAY SUPPORTPRIVILEGES
`
`SET AUDIO ONLY RESTRICTIONS
`
`
`
`SET ENCRYPTION REQUIREMENTS
`
`SET PRIORITY PRIVILEGES
`
`912
`
`916
`
`FIG. 9
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 11 of 20
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 11 of 20
`
`

`

`US 6,980,526 B2
`
`OlSls
`
`Dec. 27, 2005
`
`Sheet 10 of 10
`
`
`
`NOILdAYONA/NOILVOILNSAHLNVOS5SdlI
`
`U.S. Patent
`
`
`
`OACIAASIddyaLNa
`
`€¢eH AVMALVS
`TIVMadIsAXOX'ddlISTIVMadls/aeaddsayalvy9
`
`
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 12 of 20
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 12 of 20
`
`

`

`US 6,980,526 B2
`
`1
`MULTIPLE SUBSCRIBER
`VIDEOCONFERENCING SYSTEM
`
`CROSS REFERENCE TO RELATED
`APPLICATIONS
`
`This application claims priority under 35 U.S.C. § 119(e)
`to U.S. Provisional Patent Application No. 60/191,819
`entitled “System and Method for Security and Management
`of Streaming Data Communications on a Computer Network
`System,” filed Mar. 24, 2000, the disclosure of which is
`herein incorporated by reference.
`
`TECHNICAL FIELD
`
`The present invention relates generally to videoconfer-
`encing, and more particularly to a system, method, and
`device for implementing a multiple subscriber videoconfer-
`encing service for use on Internet Protocol (IP) networks.
`
`BACKGROUND OF THE INVENTION
`
`Videoconferencing over IP networks has a number of
`fundamental problems, including security, bandwidth utili-
`zation, quality of service, and deployment and management.
`Regarding security, H.323 and SIP are difficult to implement
`with current firewalls. The difficulty lies in the fact that
`H.323 and SIP are complex protocols and use multiple
`dynamically allocated ports for each call. Because of the
`heavy use of dynamically allocated ports, it is not possible
`to preconfigure firewalls to allow SIP- or H.323-signaled
`traffic without opening up large numbers of holes in the
`firewall. This represents a more lax firewall policy than
`would be acceptable at most enterprises. In addition, SIP or
`H.323 video endpoints behind a firewall typically cannot
`receive calls from external parties due to firewall policies in
`place at most enterprises.
`
`2
`Manyenterprises also deploy Network Address Transla-
`tion (NAT) devices, often implementedaspart of a firewall
`application, to connect the enterprise network having private
`IP unregistered addresses to a public IP network with
`globally unique registered addresses. NAT is generally used
`for two purposes: 1) as a mechanism to work around the
`problem of IPv4 address space depletion, and 2) for security
`purposes(to hide internal IP addressing policy from outside
`entities. A NAT device rewrites IP headers as packets pass
`through the device. The NAT device maintains a table of
`mappings between IP addresses and port numbers. The
`problem with sending H.323 and SIPtraffic through a NAT
`device is that these protocols make heavy use of embedded
`IP addresses, while normal data traffic contain IP address in
`the header of each packet. While configuring a NAT to
`rewrite packet headers to change addresses is relatively
`straightforward, it is very difficult to configure a NAT to
`translate addresses that are embedded in H.323 and SIP
`traffic, because the location of these address in these data
`stream is difficult to calculate.
`Regarding bandwidth utilization, in order to achieve a
`quality sufficient for business videoconferencing, a mini-
`mum of 384 Kbps bandwidth is generally required per
`Videoconferencing provides a convenient way for users in
`videoconferencing participant. Multiple users
`simulta-
`distant locations to participate in a face-to-face meeting,
`neously engaged in videoconferencing applications may use
`without having to spend time and money traveling to a
`up available bandwidth on a local area network (LAN),
`central meeting site. Many prior videoconferencing systems
`slowing down other critical network operations. Current
`have been based on circuit switched Integrated Services
`systems do not allow a network administrator to control
`Digital Networks (ISDN) standards. ISDN lines typically
`easily the bandwidth usage of multiple network users.
`offer guaranteed quality of service, with specialized lines
`Therefore, network administrators are reluctant to deploy
`having high transmission rates. This enables high-quality
`videoconferencing systems.
`video and audio signals to be delivered to the conferencing
`Regarding quality of service, typical IP networks do not
`
`
`participants. However, ISDN_videoconferencing is
`provide guaranteed transmission speeds for videoconferenc-
`extremely expensive, because ISDN lines are costly to
`ing data. Videoconferencing data generally is indistinguish-
`install and lease, and because specialized hardware is
`able from other data on IP networks, such as email and web
`required at the sites of the users. Because of this expense,
`page data. Data on IP networks may be delayed due to
`ISDN videoconferencing systems are typically offered in a
`network congestion. While small delays are generally not a
`specialized videoconferencing room, rather than at each
`problem for less time sensitive data such as email, it can
`desktop computer of each employee in an enterprise. In
`severely affect picture and audio quality for videoconference
`addition, ISDN can be complicated to set up, and unreliable.
`participants.
`ISDNcalls on average take more than 10 minutesto set-up,
`The above discussed issues lead to another problem with
`and greater than 10% of calls are dropped without being
`current videoconferencing systems, namely, that enterprises
`completed.
`cannot easily outsource videoconferencing services to out-
`Recently, another approach to videoconferencing has
`side service providers. Currently, service providers are not
`emerged for use on packet-switched Internet Protocol (IP)
`able to cost-effectively provide videoconferencing services
`networks, using the H.323 and Session Initiation Protocol
`to a large numberof subscribers, because specialized equip-
`(SIP) standards. H.323 is a standard approved by the Inter-
`ment must be deployed or existing equipment must be
`national Telecommunication Union (ITU) in 1996 to pro-
`upgraded at every subscriber site. This results in an expen-
`mote compatibility in videoconference transmissions over IP
`sive up-front capital investmentas well as significant opera-
`networks. SIP is a proposed Internet Engineering Task Force
`tional expensesfor the service provider. Up-front equipment
`(IETF) standard for multimedia communication over IP
`installations take time at each subscriber, resulting in a slow
`networks.
`deployment of the videoconferencing capabilities to sub-
`scribers.
`In addition,
`the high up-front costs result
`in
`decreased service provider profit margins. It is difficult to
`grow such a service because each subscriber adds to an
`incremental growth in the capital equipment pool because
`these resources are not shared.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`Because of the cost and reliability issues with ISDN,and
`because of the security, bandwidth utilization, quality of
`service, and deployment and managementissues with H.323
`and SIP, it is difficult for the average enterprise to upgrade
`and customize its network to enable videoconferencing. In
`addition, it is difficult for service providers to cost-effec-
`tively provide an outsourced videoconferencing service on a
`per-subscriber basis. Thus there exists a need for a video-
`conferencing system, method, and device for delivering
`secure, high-quality videoconferencing services over an IP
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 13 of 20
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 13 of 20
`
`

`

`US 6,980,526 B2
`
`3
`network to multiple enterprise subscribers in a mannerthat
`does not require expensive upgrading and customization of
`the enterprise network.
`
`SUMMARYOF THE INVENTION
`
`Asystem, method, and device for use in videoconferenc-
`ing are provided. The method typically includesinstalling a
`videoconferencing switch at an access point to an IP net-
`work, and registering a plurality of subscribers for video-
`conferencing services. Each subscriber typically has a plu-
`rality of endpoints. The method further includes receiving
`subscriber-specific settings to be applied to multiple video-
`conferencing calls from the plurality of endpoints associated
`with each subscriber. The method further includes storing
`the subscriber-specific settings at a location accessible to the
`switch, and configuring the switch to connect calls from the
`plurality of endpoints at each subscriber based on the
`corresponding subscriber-specific settings.
`According to another embodiment of the invention, the
`method may includeinstalling a video services switch on a
`service provider network at an access point configured to
`enable multiple enterprise subscribers to access a global
`packet-switched computer network to exchange data,
`including videoconferencing data and non-videoconferenc-
`ing data. The video services switch is typically configured to
`process videoconferencing data from multiple enterprise
`subscribers. The method further includes, at the video ser-
`vices switch, receiving a request for a videoconferencing
`call from an origination endpoint of one of the multiple
`enterprise subscribers, and connecting the videoconferenc-
`ing call to a destination endpoint, the videoconferencingcall
`having associated videoconferencing data. The method may
`further include securing the videoconferencing call based on
`subscriber-specific security settings.
`The device typically includes a control plane module
`configured to receive subscriber-specific videoconferencing
`call settings for each of a plurality of video services sub-
`scribers, the videoconferencing call settings being for mul-
`tiple calls placed from each video services subscriber, and a
`data plane module configured to receive videoconferencing
`data streams from multiple subscribers and manage these
`videoconferencing data streams according to the subscriber-
`specific videoconferencing call settings for each subscriber.
`The system typically includes a service provider network
`configured to enable users of multiple enterprise subscriber
`networksto transfer data via a global computer network, the
`service provider network having an access point. The system
`also includes a videoconferencing services switch located on
`the access point of the service provider network. The vid-
`eoconferencing services switch is configured to process
`videoconferencing calls from terminals on each of the
`multiple subscriber networks, based on subscriber-specific
`settings.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a schematic view of a videoconferencing system
`according to one embodiment of the present invention.
`FIG. 2 is a schematic view of a videoconferencing system
`according to another embodimentof the present invention.
`FIG. 3 is a schematic representation of a hardware con-
`figuration of a videoconferencing switch of FIG. 1.
`FIG. 4A is a software architecture of the videoconferenc-
`
`ing system of FIG. 1.
`FIG. 4Bis a continuation of the software architecture of
`FIG. 4A.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`FIG. 5 is a flowchart of a videoconferencing method
`according to one embodiment of the present invention.
`FIG. 6 is a flowchart of one exemplary method for
`accomplishing the step of configuring the switch of the
`method of FIG. 5.
`
`FIG. 7 is a flowchart of one exemplary method for
`accomplishing the step of configuring the security module of
`the method of FIG. 6.
`FIG. 8 is a flowchart of one exemplary method for
`accomplishing the step of configuring the quality of service
`module of the method of FIG. 6.
`FIG. 9 is a flowchart of one exemplary method for
`accomplishing the step of configuring the user-specific and
`subscriber-specific settings of the method of FIG. 6.
`FIG. 10 is a schematic view of an enterprise video
`gateway of FIG. 1.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`Referring initially to FIG. 1, a videoconferencing system
`according to one embodiment of the present invention is
`shown generally at 10. System 10 typically includes a
`videoconferencing services switch (VSS) 12 positioned on a
`service provider network 14 at an access point 16, typically
`a point of presence (POP). Switch 12 is configured to
`register multiple enterprise subscriber networks 18 for vid-
`eoconferencing services, receive subscriber-specific settings
`for each subscriber 18 related to security and managementof
`the videoconferencing calls from that subscriber, and pro-
`cess videoconferencing calls from each subscriber based on
`the associated subscriber-specific settings.
`Service provider network 14 typically includes a packet-
`switched Internet Protocol
`(IP) network through which
`multiple enterprise subscriber networks 18 may access a
`global IP network 20, such as the Internet 20. Typically, the
`service provider network 14 includes an access point 16,
`such as a POP 16. The POP has a unique IP address and/or
`dial-up telephone number that a device on the enterprise
`subscriber network 18 may contact to access network 20.
`POP 16 typically includes an edge router 20 and a core
`router 22 configured to route IP traffic into and out of POP
`16. POP 16 also includesa plurality of services switches 24,
`including videoconferencing services switch 12, described
`above, Voice Over Internet Protocol (VOIP) services switch
`26, and Virtual Private Network (VPN)services switch 28.
`Uponinstruction, edge router 20 is configuredto route traffic
`coming into POP 16 to an appropriate services switch for
`service-specific processing, or to core router 22 via direct
`link 30. Core router 22, in turn, is configured to route traffic
`from either of the services switches 24, or from direct link
`30 out to the Internet 20. The traffic may be routed across a
`metropolitan area or long-haul backbone, which may be
`leased or owned by the service provider.
`Traffic coming into the POP can beclassified into video-
`conferencing data and non-videoconferencing data. Video-
`conferencing data typically includes control data and
`streaming voice and audio data according to the H.323 or
`SIP standards. H.323 refers to International Telecommuni-
`cations Union, Telecommunications Sector, Recommenda-
`tion H.323 (version 1, published November 1996; version 2,
`published 1998, entitled, “Visual Telephone Systems and
`Equipment for Local Area Networks Which Provide a Non-
`guaranteed Quality of Service,” the disclosures of which are
`herein incorporated herein by reference. SIP refers to Ses-
`sion Initiation Protocol Proposed Standard (RFC 2543),
`Internet Engineering Task Force (IETF) (published March
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 14 of 20
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 14 of 20
`
`

`

`US 6,980,526 B2
`
`5
`the disclosure of which is incorporated herein by
`1999),
`reference. Non-videoconferencing
`data
`includes,
`for
`example, email, web pages, VOIPtraffic, VPN traffic,etc.
`Videoconferencing data is typically routed through POP 16
`via videoconferencing services switch 12, while non-video-
`conferencing data is routed around the switch.
`Each of enterprise subscriber networks 18 typically
`includesa plurality of terminals 34. Terminals 34, along with
`video conferencing service switch 12 and the various other
`components of system 10, are typically H.323 or SIP com-
`pliant. Terminals 34are typically videoconferencing devices
`configured to display and record both video and audio.
`Terminals 34 may be desktop computers, laptop computers,
`mainframes and/or workstation computers, or other video-
`conferencing devices. Terminals 34 mayalso be described as
`“endpoints” in a videoconferencing call. The terminal 34a
`originating the videoconferencing call is referred to as an
`origination endpoint 34a, and the other terminals requested
`to join in the call are referred to as destination terminals,
`shown at 34b, 1344, 134b. Terminal 34b is a local zone
`destination terminal, while terminals 134a, 1345 are remote
`zone destination terminals. Local and remote zones are
`defined below.
`
`Each enterprise subscriber network 18 also typically
`includes an enterprise video gateway 36 and enterprise edge
`router 38. Enterprise edge router 38 is configured to route
`data traffic between terminals 34 and service provider net-
`work 14, based on source and destination IP addresses.
`Enterprise video gateway 36 typically includes an emu-
`lation module 40 which emulates H.323/SIP call control and
`firewall functionality and an encryption module 44. The
`gatewayalso typically has a globally routable IP address and
`is configured to manage secure communication between
`terminals 34 and the videoconferencing services switch 12.
`Typically, emulation module 40 appears to terminals 34 as
`H.323 gatekeeper/SIP proxy and H.323/SIP application
`proxy firewall which includes network address translation
`(NAT)capability, which hides internal address from outside
`devices.
`
`As shown in FIG. 10, enterprise video gateway 36
`includes an encryption module 44. Encryption module 44is
`typically an IP Security (IPSec) authentication and encryp-
`tion module 44 configured to encrypt videoconferencing
`data coming from terminals 34 and send the encrypted data
`to videoconferencing switch 12. The IPSec protocols have
`been adopted by the Internet Engineering Task Force, and
`are described in the RFC 2411 entitled “IP Security Docu-
`ment Roadmap”(published November 1998), the disclosure
`of which is herein incorporated by reference. By using
`IPSec, a Virtual Private Network (VPN) may be created
`between the gateway 36 and the switch 12. VPNrefers to a
`network that is carried over public networks, but which is
`encrypted to make it secure from outside access and inter-
`ference.
`
`Videoconferencing data may be carried from terminal 34
`to service provider network 14 via one of two routes. First,
`the videoconferencing data may be routed by edge router 38
`via a direct network connection 42, such as a T1 connection,
`to the videoconferencing services switch 12 of the service
`provider network 14. In this case, the direct network con-
`nection is dedicated to videotraffic. Second,firewall 40 may
`be configured to pass encrypted videoconferencing data
`through the firewall unexamined. Typically, the encrypted
`videoconferencing data is encrypted by the encryption mod-
`ule 44 of the enterprise video gateway 36 using the IPSec
`protocols, discussed above.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`System 10 is divided into local metropolitan zone 11 and
`remote metropolitan zone 111 separated by backbone 32.
`Local metropolitan zone 11 includesall devices that connect
`to POP 16, and remote metropolitan zone 111 includesall
`devices that connect to POP 116. Components within remote
`metropolitan zone 11 are similar to those in local metropoli-
`tan zone 11 and are numbered correspondingly, and there-
`fore will not be redescribed in detail.
`System 10 may be configured to connect a two-party or
`multiparty videoconference call from an origination termi-
`nal 34a to a destination terminal 345 on local zone 11, and/or
`one or more destination terminals 134a@ and 1346 on remote
`
`zone 111. A destination terminal on local zone 11 may be
`referred to as a local destination terminal, and a destination
`terminal on remote zone 111 maybereferred to as a remote
`destination terminal.
`
`FIG. 2 shows another embodimentof a videoconferencing
`system 210 having a local zone 211. It will be appreciated
`that a remote zone of system 2 10 is a mirror image of zone
`211, similar to that described above for system 10. Local
`zone 211 includes multiple enterprise subscriber networks
`218 linked to a Digital Subscriber Line (DSL) service
`provider network 214 via an access point 216, typically
`called a central office.
`
`Each enterprise subscriber network 218 includes a plu-
`rality of terminals 234 which are similar to terminals 34
`described above. Integrated Access Device (IAD) 246 is
`configured to receive traffic from enterprise subscriber net-
`works 218 and forward thetraffic to the Digital Subscriber
`Line Access Multiplexor (DSLAM) 248. The DSLAM is
`configured to multiplex the traffic from the IADs and for-
`ward it to Asynchronous Transmission Mode (ATM) switch
`250, where the signals are demultiplexed for transmission
`over a long-haul backbone. ATM switch 250 is configured to
`route videoconferencing data to and from terminals 234 and
`the backbone via videoconferencing services switch 212,
`and non-videoconferencing data via ISP router 252, or
`another services switch.
`
`FIG. 3 shows an exemplary hardware configuration for
`videoconferencing services switch 12. One switch that may
`be purchased and programmed to implement the present
`invention is the Intel Exchange Architecture (IXA) WAN/
`Access switch, commercially available from Intel Corpora-
`tion, of Santa Clara, Calif. and Radisys Corporation of
`Hillsboro, Oreg.
`Switch 12 typically includes a control plane module 302
`and a data plane module 304. Control plane module 302
`includes a host processor, linked to an input/output network
`interface 308 and a memory 310. Typically, memory 310
`includes RAM and ROM, although another form of memory
`may also be used, such as flash memory. Alternatively, a
`storage device such as a hard drive may also be attached to
`host processor 306. Control plane module 302 is configured
`to receive control data such as call set-up information
`through network interface 308, data plane ingress port 318,
`or data plane egress port 320. The call set-up informationis
`processed according to H.323 or SIP specifications by host
`processor 306. Typically, the programs and data necessary
`for processing the call are stored in memory 310 and
`implemented by host processor 306. For example, the virtual
`router, call control module, quality of service module, policy
`engine, and security module are typically stored in memory
`310.
`
`Control plane module 302 is linked to data plane module
`304 via a bus 312. Data plane module 304 includes a
`network processor 314 and memory configured to receive
`and manage transfer of real-time audio and video data
`
`CSCO-1018
`CISCO SYSTEMS, INC. / Page 15 of 20
`
`CSCO-