USOO8184641 B2
`
`(12) United States Patent
`Alt et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 8,184,641 B2
`May 22, 2012
`
`(54) METHOD AND SYSTEM FOR PROVIDING
`SECURE COMMUNICATIONS BETWEEN
`PROXY SERVERS IN SUPPORT OF
`INTERDOMAN TRAVERSAL
`
`(75) Inventors: Wade R. Alt, Arlington, VA (US);
`Kiwan Edward Bae, New York, NY
`(US)
`
`7,770,007 B2 * 8/2010 Bobde et al. .................. T13/169
`2002/0129236 A1* 9, 2002 Nuutinen ...........
`T13/151
`2004/0049701 A1
`3/2004 Le Pennec et al.
`T13 201
`2005/0091407 A1* 4, 2005 Vaziri et al. ........
`TO9,246
`2005/0259637 A1* 11/2005 Chu et al. ....
`370,352
`2006, O165060 A1* 7, 2006 Dua ...................
`370,352
`2006/0203831 A1* 9, 2006 Yoshizawa et al. ........... 370/401
`2006/0230445 A1 * 10/2006 Huang ............................ 726/15
`2006/0272009 A1* 11/2006 Stott ................................. T26/3
`2008.0114898 A1* 5/2008 Takeda et al. ................. 709/245
`
`(73) Assignee: Verizon Business Global LLC, Basking
`Ridge, NJ (US)
`
`OTHER PUBLICATIONS
`
`- r
`c
`(*) Notice:
`
`f thi
`h
`disclai
`b
`tO E.
`als. SW t
`s
`ls:
`e isio
`CC UC
`p
`(b) by
`yS.
`YW-
`M
`(21) Appl. No.: 11/323,863
`
`“Packet-Based Multimedia Communications Systems”. Interna
`tional Telecommunication Union, ITU-T H.323, Jul. 2003.
`Srisuresh et al., “Traditional IP Network Address Translator (Tradi
`tional NAT)'. Internet Engineering Task Force, Request for Com
`ment 3022, Jan. 2001.
`
`(22) Filed:
`
`Dec. 30, 2005
`
`(Continued)
`
`(65)
`
`Prior Publication Data
`US 2007/OO19622 A1
`Jan. 25, 2007
`
`Primary Examiner — Ian N Moore
`Assistant Examiner — Wutchung Chu
`
`Related U.S. Application Data
`(60) Provisional application No. 60/700,949, filed on Jul.
`20, 2005.
`
`(51) Int. Cl.
`(2006.01)
`H04L 2/66
`(52) U.S. Cl. ................... 370/395.54; 370/352; 370/354;
`370/389; 370/392; 370/466; 370/467; 370/401;
`709/245; 726/14; 713/151
`(58) Field of Classification Search .................. 370/466,
`370/467,351,352,395.52, 395.5, 401, 354,
`370/389, 392,395.54; 709/245; 713/151;
`726/14
`See application file for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`7.213,143 B1* 5/2007 Watson et al. ................ T13/151
`7,240,366 B2 * 7/2007 Buch et al. ...
`... 726/14
`7,639,668 B2 * 12/2009 Stott ............................. 370,352
`
`(57)
`ABSTRACT
`An approach provides interdomain traversal to Support pack
`etized Voice transmissions. A request is received and specifies
`a directory number for establishing a communication session
`from a first endpoint to a second endpoint. The first endpoint
`is behind a first network address translator of a first domain,
`and the second endpoint is within a second domain. A service
`provider network is accessed to determine a network address
`for communicating with the second endpoint based on the
`directory number, to determine existence of a second network
`address translator within the second domain, and to establish,
`if the network address can be determined, a media path
`between the first endpoint and the second endpoint based on
`the network address to Support the communication session.
`An encrypted session is established with a proxy server
`according to a cryptographic protocol to Support the media
`path. The proxy server resides within the second domain.
`
`25 Claims, 23 Drawing Sheets
`
`Encrypted session (e.g., TLS)
`22
`
`DOMAIN27
`
`Sp
`Proxy
`207e SERVER
`
`
`
`
`
`
`
`SERVICE POWDER
`NETWORK2
`20
`
`203
`
`205
`
`TURN
`
`OMAIN209
`
`PUBLI
`ATANETWORK
`(e.g., INTERNET). e
`
`ATEWAY
`
`CIRCUI
`SWITCHE
`TELEPHONY
`NETWORK
`(e.g. PSTN)
`
`23
`
`
`
`FRE
`WALL
`
`209a
`
`GOOGLE EXHIBIT 1022
`
`Page 1 of 44
`
`

`

`US 8,184,641 B2
`Page 2
`
`OTHER PUBLICATIONS
`Falstrom, P. “E. 164 Number and DNS., Internet Engineering Task
`Force, Request for Comments: 2916, Sep. 2000.
`Falstrom et al., “The E. 164 to Uniform Resource Idnetifiers (URI)
`Dynamic Delegation Discovery System (DDDS) Application
`(ENUM), Internet Engineering Task Force, Request for Comments:
`3761, Apr. 2004.
`Levin, O... “TelephoneNumber Mapping (ENUM) Service Registra
`tion for H.323”. Internet Engineering Task Force, Request for Com
`ments: 3762, Apr. 2004.
`Peterson, J., “Enumservice Registration for Session Intiation Proto
`col (SIP) Addresses-of-Record”. Internet Engineering Task Force,
`Request for Comments: 3764, Apr. 2004.
`Dierks et al., “The TLS Protocol Version 1.0, Falstrom et al., “The
`E. 164 to Uniform Resource Idnetifiers (URI) Dynamic Delegation
`Discovery System (DDDS) Application (ENUM), Internet Engi
`neering Task Force, Request for Comments: 2246, Jan. 1999.
`Blake-Wilson et al., “Transport Layer Security (TLS) Extensions'.
`Internet Engineering Task Force, Request for Comments: 3546, Jun.
`2003.
`Loughney et al., “Authentication, Authorization, and Accounting
`Requirements for the Session Initiation Protocol (SIP). Internet
`Engineering Task Force, Request for Comments: 3702, Feb. 2004.
`Rosenberg et al., “SIP: Session Initiation Protocol”, Internet Engi
`neering Task Force, Request for Comments: 3261, Jun. 2002.
`Rigney et al., “Remote Authentication Dial in User Service
`(RADIUS)”, Internet Engineering Task Force, Request for Com
`ments: 2865, Jun. 2000.
`Rosenberg et al., "STUN Simple Traversal of User Datagram Pro
`tocol (UDP) Through Network Address Translators (NATs),
`
`Internet Engineering Task Force, Request for Comments: 3489, Mar.
`2003.
`Johnston et al., “Session Initiation Protocol: (SIP) Basic Call Flow
`Examples'. Internet Engineering Task Force, Request for Com
`ments: 3665, Dec. 2003.
`Johnston et al., “Session Initiation Protocol (SIP) Public Switched
`Telephone Network (PSTN) Call Flows'. Internet Engineering Task
`Force, Request for Comments: 3666, Dec. 2003.
`Rosenberg, J., “A Presence Event Package for the Session Intiation
`Protocol (SIP). Internet Engineering Task Force, Internet Draft, Jan.
`31, 2003.
`Khartabil et al., “Functional Description of Event Notification Fil
`tering”, Internet Engineering Task Force, Internet Draft, Feb. 3, 2004.
`Rosenberg, J., “A Watcher Information Event Template-Package for
`the Session Initiation Protocol (SIP)'. Internet Engineering Task
`Force, Internet Draft, Jan. 31, 2003.
`Rosenberg et al., “The Extensible Markup Language (XML) Con
`figuration Access Protocol (XCAP)'. Internet Engineering Task
`Force, Internet Draft, Jul. 2004.
`Schulzrinne, H., “CIPID: Contact Information in Presence Informa
`tion Data Format”. Internet Engineering Task Force, Internet Draft,
`Jul. 12, 2004.
`Schulzrinne et al., “RPID' Rich Presences Extensions to the Pres
`ence Information Data Format (PIDF), Internet Engineering Task
`Force, Internet Draft, Mar. 20, 2004.
`Schulzrinne et al., “Timed Presence Extensions to the Presence Infor
`mation DataFormat (PIDF) to Indicate Presence Information for Past
`and Future Time Intervals'. Internet Engineering Task Force, Internet
`Draft, Jul. 12, 2004.
`* cited by examiner
`
`Page 2 of 44
`
`

`

`|
`
`Sheet 1 of 23
`
`=|
`NOISHSANOO
`ONITWNDIS
`ZOL
`
`ULL
`
`ANOHd3TALdl
`
`MYOMLAN
`
`dell
`
`|}
`
`JdIS
`JaISYACIAOUd
`YAElHOSENS/HAWOLSNO
`SDIAYSS
`
`_\
`
`eh
`00}WALSAS
`LOANNOOH3IN!di
`
`US 8,184,641 B2
`
`\2
`iE
`ue
`ch
`TWSHAAVHL
`TIVMSUuls/LVN
`|!
`|
`601
`LOL
`
`i 1
`
`—!
`’|z|'
`
`4i
`
`May
`
`22,
`
`\2
`lz
`EG:
`AYSAODSIOE01
`!
`!
`
`= I
`
`eeeeeeeeeeeeeeeeeeeeeeweewewewwweo=wa
`
`PEL|
`
`ELLL
`
`ANOHd43131dl
`
`MYOMLSN
`
`U.S. Patent
`
`
`
`
`
`
`
`L ‘
`
`Sis
`
`Page 3 of 44
`
`|=\a|=Je
`
`ALILNSGISOl
`;
`
`2012
`
`Gibb
`
`7131dl
`ANOHd43
`
`MYOMLAN
`
`
`!
`
`
`
`Page 3 of 44
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`May 22, 2012
`
`Sheet 2 of 23
`
`US 8,184,641 B2
`
`GOZ
`
`/
`•
`
`_ - - - ~
`
`||f|OHIO
`
`
`
`CJEHO LIMS
`
`MNOHdETEL
`
`}{{HOWALEN
`
`
`
`
`
`
`
`
`
`
`
`
`
`ÅXOHd
`
`HHAHES
`
`
`
`Z?Z NIWWOG
`
`SSETEHIM
`
`ENOHd
`
`Page 4 of 44
`
`

`

`SNVNOIS
`JONVHOXA
`SS¢
`
`AXOUd
`dIS$ONV
`LN3IM9
`
`US 8,184,641 B2
`
`NOISSSS
`YSAO0
`G3LdAYON3
`
`Sheet 3 of 23
`
`NOISSAS
`G4LdAYONANVoS¢
`
`INIOdON3
`HLIM(S188
`‘“6'a)
`
`SSHSMNEVLSA
`AXOuddi$
`
`2012
`
`May
`
`22,
`
`INIOdGN440
`Ker
`
`NOILVYLSIDSY
`SLVILINI
`
`U.S. Patent
`
`dé
`Sls
`
`5 of 44
`
`Page
`
`Page 5 of 44
`
`
`

`

`
`
`US 8,184,641 B2
`
`Y3A0VIVOG92
`QaLdAYONS
`
`NOISS3S
`
`LINSNVYL
`AXOUdd/S
`
`O)NIAYSS)
`AXOHd
`CNS-HV
`
`(TWNINH3L
`NOILYNILSSC
`
`
`
`Sheet 4 of 23
`
`G31dAYON]NY
`SAHSMavisal~&9¢
`
`HLIM
`(S71L1SS
`“6'8)
`NOISSAS
`
`May
`
`2012
`
`22,
`
`(IWNINH3L
`SOMNOS
`ONIAYAS)
`
`AXOUddIS
`GN3-HVAN
`
`NOLLVNILSSGCNV
`TWNINHAL
`
`TWNINHAL
`
`
`
`|
`3OuNOS
`NASML3¢
`INSW9c
`
`U.S. Patent
`
`TIVO
`-HSIM@VLS3
`ALVILINI
`
`Je
`Ols
`
`Page 6 of 44
`
`Page 6 of 44
`
`
`

`

`U.S. Patent
`
`May
`
`22,
`
`2012
`
`Sheet 5 of 23
`
`AXOHddS
`$4¢
`
`8202
`
`SASS
`
`US 8,184,641 B2
`
`dé
`Dis
`
`Lle
`
`NOILdAYONS
`OisdVYL
`
`433d
`NOILVILODAN
`
`SSNVHOXSAdy
`
`L9¢ NOLLdAYONS
`AXOuddi$ de
`
`AXOHddlS
`69¢
`
`4
`
`360
`
`H3AWaS
`
`Lde
`
`NOILVILODANYd
`
`ADNVHOXSAdy
`
`OldsVeL
`
`8102
`
`YAAYAS
`
`Dis
`
`7 of 44
`
`Page
`
`Page 7 of 44
`
`

`

`10JOAIaS
`JONESqISa
`
`pallpayYWANA“
`
`Soea
`
`
`
`Sheet 6 of 23
`
`dIS01€z6°H
`uoieonuaUyny/AXOlq/
`
`LYN/M
`,
`
`eon,tfJON8S)
`
`diS%
`diS
`
`<=
`LOE
`/
`
`io
`
`|ZJ81LSNOWANA
`NOLS
`—_fe
`
`May
`
`|
`
`22,
`
`(OSI
`
`LYN‘Jdpua)DTTonnngee
`
`aeie
`NN
`
`2012
`
`a
`
`10J8N@S
`al0ls
`OLE
`
`i
`
`w4OWMS
`}OS,,
`—=
`
`LLE
`
`609
`60€
`
`US 8,184,641 B2
`
`ye
`uso
`
`(a
`CO
`
`rsLN
`
`[ 0
`
`
`
`
`
`;JOOYSNOWANS
`ne
`
`/18
`
`009
`
`& O
`
`ld
`
`8 of 44
`
`Page
`
`U.S. Patent
`U.S. Patent
`
`|
`
`0e
`
`00
`
`[?00H SNO WTNE
`
`LOE
`
`
`
`
`
`Page 8 of 44
`
`
`

`

`‘SN|NIAWLOO!
`:diS60r
`
`yupidion®9969S9ET1Z1
`SLIANI
`:dlSLov
`
`——_—_—___—_—_—_—________-
`
`
`woo'yoqUuoaiajuidi'p91'l212°6'9'S|9'6'9'9
`oe
`c
`Lp
`
`
`icospuejsidi@Sore
`‘SNQ|BIAOWJEL|
`
`JON8S
`
`>C
`
`‘jwodpu32AxOlddIS|Axolddis“Wrocbug
`joupyomauydionyou
`3yKD
`.:
`Pome
`
`U.S. Patent
`U.S. Patent
`
`le=
`jsanbey
`tein)7_
`Buipuig
`‘NLS
`
`LOv
`
`yp
`Dls
`
`9 of 44
`
`Page
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`(pSusey
`SQWpiomssed)
`UOHesqUaUINYpUe
`:dqL
`exeyspueH
`
`aWOREUalinypueyeyspueH
`“ADL”
`SOP
`
`MO002‘dIS$
`SOr
`
`(paysey
`SOWPomssedym)
`jeubigaby‘dlS
`
`
`pamojje
`soujay
`
`May 22, 2012
`May
`2012
`22,
`
`Sheet 7 of 23
`Sheet 7 of 23
`
`
`
`
`
`‘diS
`sey9p010)
`poulw
`
`ONIONIYO81-diS
`
`‘dIS
`ONIONIY|O8!
`
`(e6ue,
`
`Lovof
`HOY‘dIS
`
`US 8,184,641 B2
`US 8,184,641 B2
`
`HO00z-diS
`
`MOV
`:diS
`
`aSue,
`eAdqndiy
`poulwwajapaid
`pauluuajapaud
`6eb
`
`
`
`
`
`
`
`MO002-dlS
`
`eA
`dandu
`
`ebues
`
`
`
`yod
`NHN
`
`
`
`CLP
`
`
`Page 9 of 44
`
`
`
`
`

`

`n(s
`it
`99695962121
`SLIANI
`‘diSGIS
`5
`
`
`
`
`
`
` 2:
`
`
`
`BLS
`
`€eS
`
`‘lS
`ONIDNIY|O8!
`
`MO00¢‘dS
`
`LeemZ.
`
`Puno
`JON
`-SNd
`
`‘SNO
`
`ELS
`
`BIA
`dandl
`
`ebues
`000‘09~
`
`
`
`Sheet 8 of 23
`Sheet 8 of 23
`
`US 8,184,641 B2
`US 8,184,641 B2
`
`625
`MOV-diS
`
`Woo
`P91."
`aUUODEIUId!
`stoc+
`osco.
`b'Z"L'2"S"9°S/9°6'9'9
`
`:1o
`
`JeUTPHOMEYIGOA
`JeM8§
`|AxOlddIS
`NUNL
`JeMaSNNLSlau'ppomaydion@Gog=
`S
`(3ia
`
`U.S. Patent
`U.S. Patent
`
`May 22, 2012
`May
`2012
`22,
`
`G
`(3
`
`C3
`
`
`
`(peysey
`SQWpiomssed)
`UoNed_UeuINypuesyeyspueY“4d
`
`vojeoUadinypik
`“4OL
`syeqspueH
`
`MO002‘diS
`
`pemoyje
`seuay
`
`
`
`LOS
`
`£0S
`
`ysanbay
`buipulg
`‘NALS
`+
`
`___
`(ald)7
`
`Kemayed
`eipey,
`
`JAS
`WINS
`
`: G‘
`
`Old
`g
`
`SSPy
`
`op
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 10 of 44
`
`
`
`
`

`

`U.S. Patent
`
`May 22, 2012
`
`Sheet 9 of 23
`
`US 8,184,641 B2
`
`009
`
`| AHISIOBH
`
`
`
`
`
`
`
`BOH-JO
`
`Page 11 of 44
`
`

`

`U.S. Patent
`
`May
`
`22,
`
`2012
`
`Sheet 10 of 23
`
`US 8,184,641 B2
`
`my
`
`624
`nond|
`
`|a
`
`Sod
`
`bbe
`(NLSd
`‘6'9)
`
`ANOHd314.
`
`MYOMLAN
`
`LINDHID
`
`Q3SHOLIMS
`
`€0Z
`YHOMLSN
`yv1NT130
`JIGOW
`HOLIMS
`
`Gel
`
`wz.|
`avmaiva[L-
`S22
`
`AVM3LV9
`
`ANSON
`
`AXOuddlS
`
`H3AYNAS
`
`Y3aAdaS
`
`YYOMLSNVLVa
`
`‘“6°8
`(L3NH3LNI
`
`)
`
`JONSASAud
`
`ONaNd
`101
`
`SSI
`TSIM
`
`eS
`LiSlAn
`
`ANIOd
`
`$S399V
`
`“LTNW
`
`3ACOW
`
`JIIGOW
`
`H3GIAOUd
`ADIAYSS
`
`60Z
`YYOMLIN
`
`INNLS
`
`NYNL
`
`H3AYSS
`
`Lt
`
`WV
`
`YH3AWAS
`
`StL
`aauas|
`
`|u
`
`Ww
`
`Z°Old
`
`12 of 44
`
`Page
`
`Page 12 of 44
`
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`May 22, 2012
`
`Sheet 11 of 23
`
`US 8,184,641 B2
`
`
`
`IN?NE ‘?NlddIS ‘BTdIAIS ‘dIS
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`908
`
`Page 13 of 44
`
`

`

`U.S. Patent
`
`May 22, 2012
`
`Sheet 12 of 23
`
`US 8,184,641 B2
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`T05 TWN|WH31 ETIGOWEGOWILTOW
`
`(??’Z08 “fiº) SSETEHIM
`
`
`
`HEAIBOSNWHL
`
`
`
`
`ÅBOWE'W
`
`555898
`
`
`
`HOSSE OOHd
`
`
`
`BOW- HELNI
`
`
`
`(OIN) CHWO
`
`XHONALEN
`
`TWNO||WHEdO
`
`ECJOW
`
`HETTIOHINOO
`
`Page 14 of 44
`
`

`

`Ya
`1S!O3y
`
`3O
`002
`
`616
`
`::i
`
`EStet
`
`sitooo
`
`SNIPeY
`JB8A0d¥4
`
`||I
`
`dva
`Xl'Z08
`
`°,
`snipes}pov,AAulog
`Lb'ZO8
`ssesoyy
`P8HSIAspoJeng
`aTIGoA)
`
`JaniagAxold
`
`dis
`
`NYNUNNALS
`
`JaAIES
`
`JOAISSyy
`
`YIM
`JoWAeLRy
`uoners
`
`U.S. Patent
`U.S. Patent
`
`6 S
`
`ls
`
`15 of 44
`
`Page
`
`
`
`May 22, 2012
`May
`2012
`22,
`
`Sheet 13 of 23
`Sheet 13 of 23
`
`US 8,184,641 B2
`US 8,184,641 B2
`
`L16
`
`Jomsuy
`
`jsenbexy
`
`S06
`II{|'||I||II|||I|
`
`NYNUNNLS
`l|I||\606
`
`esuodsey
`
`£06
`!''!!'|\|
`
`LL6
`
`SS899NSdW
`
`dOHO
`48)JO/MBAOISIQ.
`
`'1
`
`Page 15 of 44
`
`
`
`

`

`aelsfl|pay
`—==-
`i)
`
`N1SdyemasAxOld
`dis
`KemayesyysneIS
`ayqoly
`uoney
`aIqoWs2IN}}85SIGOW
`
`May 22, 2012
`May
`2012
`22,
`
`U.S. Patent
`U.S. Patent
`
`
`
`apoy
`jeng
`
`Ol
`Sls
`
`Page 16 of 44
`
`UMIdwany
`(led
`
`Sheet 14 of 23
`Sheet 14 of 23
`
`Z001
`s}6Ip
`paleipyy(~~
`SooldesJoWy!
`sibippare
`
`SLIANI
`LOO|
`
`6101
`
`MO
`002
`
`SLIANI
`
`LEOL
`
`US 8,184,641 B2
`US 8,184,641 B2
`
`d]
`
`Jeno/eIpayy
`
`Mov
`
`|t
`
`t
`
`6001
`J9A0
`spy
`i
`BIPAI|
`SS
`ZO<—_—_——_—_—_
`J@AO
`BIPOYy
`—_—__—
`
`paloauu0D
`
`se|N]}e2
`
`|!'t|I{ltttt|I
`
`Page 16 of 44
`
`
`
`
`
`
`

`

`d|48A0
`eIPo
`GLLL1yOUUODJOWINY
`Jejnyjas3LoLkL
`
`
`US 8,184,641 B2
`
`!IIJ||
`
`i1|l||
`
`6011
`
`|||||
`
`J@A0
`BIPaVy
`
`||I||||lI||t'i||
`
`SEEie:
`
`2012
`
`eesaniegAxold
`dis
`Kemayeg
`yams
`SH!G0V
`B[IGOW
`s2INI}aD
`
`May
`
`22,
`
`U.S. Patent
`
`epoy
`jeng
`
`syiqoyy
`
`UoNeIS
`
`I}
`Sls
`
`17 of 44
`
`Page
`
`Sheet 15 of 23
`
`dnyasJoWy1
`
`SOLL
`
`!1!!l
`
`l
`
`Bulualy
`
`JOMSUY
`
`||'|''|||'|||
`
`ZOOL
`
`Page 17 of 44
`
`
`
`

`

`Ee===za
`====|
`JOAOBIPS|
`JOAOBIPSl'
`
`22,
`
`May
`
`YIUMS
`JOUWIjS
`UOHEIS
`
`Aemayes)
`YoUMsS
`fulog
`sseooy
`aIIGoyy
`
`U.S. Patent
`U.S. Patent
`
`alIqoWSIAC
`JBINIPD11-zO8
`peusiA
`apowieng
`
`ol
`Old
`
`18 of 44
`
`Page
`
`
`
`
`
`
`
`uinyX1'Z08
`
`2012
`
`
`
`BIpayyWOL
`sein]|}a9
`>>
`
`S0cl
`uonensibe1dis;
`
`Sheet 16 of 23
`
`US 8,184,641 B2
`US 8,184,641 B2
`
`seoe|dey
`SLIANI
`
`Nan
`‘NALS
`
`yauuoosiq
`
`asee|ey
`
`
`
`Page 18 of 44
`
`
`
`
`
`

`

`NisaJeniagAxold
`dis
`Aemayesy
`Y2MSYUMJoule5oe
`a|G0Waliqoyy
`seinyjag—-AUIOd
`uone
`SS8207rae
`
`LE
`zogpeusi,
`PPOWTeng
`
`U.S. Patent
`U.S. Patent
`
`=
`
`
`
`el
`Old
`
`19 of 44
`
`Page
`
`May 22, 2012
`May
`2012
`22,
`
`Sheet 17 of 23
`Sheet 17 of 23
`
`US 8,184,641 B2
`US 8,184,641 B2
`
`disano
`eipeyy|
`
`
`SHIBIP
`payeipwim
`
`dnjas10
`Wy
`
`Yimidweny
`led}oe
`
`Page 19 of 44
`
`

`

`!W
`
`||JaaoeIpay|J9A0
`peJOABIDSJ9A0BIDS
`al
`—_
`———————an
`BIpayy|
`dejn||a9
`
`WOL
`se|nyjas!
`
`|I
`
`US 8,184,641 B2
`US 8,184,641 B2
`
`|
`
`Sheet 18 of 23
`Sheet 18 of 23
`
`|!/|
`
`|
`|
`
`>—
`
`sJI5Ip
`dmiess0Wl)|Corl
`payjeipym
`60
`
`dis
`SIIGOWS[IGow
`4e(N|]aD
`
`U.S. Patent
`U.S. Patent
`
`JanesAxOld
`Kemayes
`YoyMs
`
`!301|dmessoWl
`
`|
`s}I6Ip
`pajeipym
`
`| l
`
`May 22, 2012
`May
`2012
`22,
`
`g@
`UOHR}S
`s|IGo/A)
`Y¥
`UOHeIS
`sIGoVy
`
`apojeng
`spo
`jeng
`
`YIM
`Jdweny
`12D
`
`SUBIP
`paleip
`
`LOvl
`
`
`
`
`
`
`
`bl
`Old
`
`Page 20 of 44
`
`Page 20 of 44
`
`
`
`
`
`

`

`|
`
`|
`
`,
`!
`
`62SAO00¢|J@A0
`\
`BIPay
`Lest|
`Gest
`
`Sheet 19 Of 23
`Sheet 19 of 23
`
`||
`
`|||
`
`\
`
`|}
`|
`
`|
`
`3A
`
`LeS|—!
`
`}|
`LeSt
`3Ag|€eSh
`yaaseajay
`|
`
`OV
`
`ply
`
`|
`
`JOAO
`BIPSyJeno
`vipayy|0SuInyXLZ08
`
`
`
`WOL
`Jena
`
`Iny
`XL
`
`gw
`=aEg=g
`WL
`MORE' jaaoBipey_!!
`—<—<——
`eSafo
`aenyjean1
`OSI
`P<
`
`—[
`
`May 22, 2012
`May
`2012
`22,
`
`| |
`
`S}IGOWy
`SIIGQOW
`JPIN|PDapojeng
`/LE-Z08Spon
`jeng
`
`dis
`
`Aemayes
`YyowMs@UOHEIS
`SIIGOW
`youseunyV"ones
`slIqoyy
`
`JaniagAxold
`
`U.S. Patent
`U.S. Patent
`
`
`
`
`
`S}
`Old
`
`21 of 44
`
`Page
`
`US 8,184,641 B2
`US 8,184,641 B2
`
`¢L
`
`NYNLNALS
`SOS
`
`WOL
`
`Jejn|ja9
`
`J9A0
`BIPA}y
`
`I||I
`
`ZtSt
`
`|
`
`|
`
`|
`
`SES|
`
`
`
`Page 21 of 44
`
`
`
`
`
`
`
`

`

`U.S. Patent
`U.S. Patent
`
`May
`
`22,
`
`2012
`
`Sheet 20 of 23
`
`US 8,184,641 B2
`US 8,184,641 B2
`
`6091
`eM
`
`SIdIAIaS
`
`Aemayep
`
`payusuoC
`uojesiddysssas0ly
`
`‘B's
`‘saounosal*
`
`SEIIAlesef
`
`YSlL
`
`LOST
`
`YalL
`
`091
`
`SAOIAYSAS
`
`Y3IL
`
`S09
`
`JOENOSAY
`
`sewoisnaEGE
`JOSMOIG
`
`SNAISAS
`dilH/
`ONUSH[cis"SNwersisisd
`d¥OSI|aLLH/WWLH
`L291
`SS30OV 9b
`
`
`
`adepalul
`
`Old
`
`22 of 44
`
`Page
`
`Page 22 of 44
`
`

`

`Sheet 21 of 23
`Sheet 21 of 23
`
`uno33e
`JBUIOIERDebay)
`suogdoN\
`ONFeUUOISnDapa
`ponpord10;
`sates
`~epluojsnsAtend
`coud
`a¢eaq16
`oqrauaanioeLIL
`qunroosip39G
`
`SILI
`
`AUBSU!
`—_srawopona398JoveGUO)
`SWOld])
`onufunoaiasnTKHOS
`LLZL
`|4euojsn
`an,
`suns
`saan
`uoonpone\oo
`pajatel
`+
`
`189%USLUBIIAD
`2063
`
`JAMOPNILP
`MAOD
`
`48shLOZ
`Buyig
`
`60LI
`Guluoisiaos
`IUOISIAOd
`3101er
`qUSW9]e}Sfq185
`inland
`
`US 8,184,641 B2
`US 8,184,641 B2
`
`OLZL-
`UNONS
`
`saujua
`
`SNG
`LOZ|
`sa mae
`
`ajepd
`
`6cZI
`Rowen
`aoWes
`
`€."[
`
`ejord
`
`May 22, 2012
`May
`2012
`22,
`
`/ u
`
`biseq
`
`GOZL
`6091
`
`pnpad
`
`BugeneroSM
`eons
`eanasxes|_,
`eO
`
`fi
`auucyorLol
`
`(Gliesndoinsppe
`Su8al95|
`@21N8S
`“98S
`jeuod
`Gana
`feUod
`
`
`
`TEETH
`it
`
`(OOM
`
`JewWoysn>
`
`SU3ISAS
`
`ELOl
`
`oS
`tm-
`
`U.S. Patent
`U.S. Patent
`
`cozt
` ZO9LWet
`
`JOSMOIG\
`
`LLOL
`
`sJeluoysnyD
`
`ade
`L9IUIO
`
`Zi
`Old
`
`Page 23 of 44
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 23 of 44
`
`
`
`
`
`

`

`U.S. Patent
`U.S. Patent
`
`May
`
`22,
`
`2012
`
`Sheet 22 of 23
`
`US 8,184,641 B2
`US 8,184,641 B2
`
`£081
`
`pebeuey\
`
`se2snosey
`
`OQOQ00
`~~4fo
`“BIOADyt}
`\Supoou
`
`‘218
`
`08
`
`-ginuu
`Aygissod]
`
`Len
`
`quswaeBbeueyy
`
`Jahe7
`
`S08!
`
`juawaBeueyy
`
`gjOSu04y
`
`sr
`208}
`
`
`
`
`
`
`
`
`
`8}
`‘Sls
`
`24 of 44
`
`Page
`
`Page 24 of 44
`
`
`
`
`

`

`U.S. Patent
`
`May 22, 2012
`
`Sheet 23 of 23
`
`US 8,184,641 B2
`
`&
`92
`
`
`
`R
`
`39WHOISNIWW
`
`
`
`EO||ABC]Å HOWEW
`
`Page 25 of 44
`
`

`

`US 8,184,641 B2
`
`1.
`METHOD AND SYSTEM FOR PROVIDING
`SECURE COMMUNICATIONS BETWEEN
`PROXY SERVERS IN SUPPORT OF
`INTERDOMAN TRAVERSAL
`
`RELATED APPLICATIONS
`
`This application is related to, and claims the benefit of the
`earlier filing date under 35 U.S.C. S 119(e) of, U.S. Provi
`sional Patent Application (Ser. No. 60/700.949), filed Jul. 20,
`10
`2005, entitled “Security for an Inter-Domain VoIP Commu
`nications Network'; the entirety of which is incorporated
`herein by reference.
`
`FIELD OF THE INVENTION
`
`15
`
`The present invention, according to various embodiments,
`relates to communications, and more particularly, to trans
`mitting a packetized Voice call across different domains.
`
`BACKGROUND OF THE INVENTION
`
`25
`
`30
`
`35
`
`45
`
`Internet Protocol (IP) telephony has changed the business
`model and engineering approaches of how Voice services are
`provisioned and delivered. The attractive economics of IP
`telephony (stemming largely from the global connectivity
`and accessibility of the Internet) along with innovative pro
`ductivity tools for users have triggered adoption of this tech
`nology by numerous businesses, organizations, enterprises
`and the like. Unfortunately, this adoption primarily has been
`uncoordinated, and driven by the needs of the specific enter
`prise little regard to a “global” approach for IP telephony
`deployment. Interestingly, the prevailing IP telephony imple
`mentations have confined the particular enterprises, as to
`make communications outside the enterprise difficult and
`impractical. Moreover, security concerns are an impediment
`to wide spread deployment of IP telephony systems.
`As enterprises implement Internet telephony as well as
`messaging systems and associated applications, closed com
`munities of IP enabled users are created i.e., “IP islands'.
`40
`That is, because of systems and applications constraints and
`incompatibilities, these IP enable users are isolated, and thus,
`cannot readily communicate with each other. Moreover, as
`Internet Service Providers (ISPs), cable, and mobile network
`operators begin to provide Internet telephony services. The IP
`islands grow even larger into a “constellation of non-con
`nected communities. While such communities can in some
`cases be linked using the Public Switched Telephone Net
`work (PSTN), the benefits of IP telephony—e.g., user pres
`ence, unified communications, user preference, and lower
`costs may be sacrificed.
`Unlike the PSTN in which users and carriers are easily
`reachable by anyone on the network, IP telephony is subject
`to several constraints. First, users are required to have knowl
`edge of whether an IP endpoint is available if the full capa
`bilities of IP telephony are to be realized. Also, the knowledge
`of whether there are multiple IP enabled devices is being used
`by the called party as well as how to reach such devices is
`needed. Another constraint is that a single IP “telephone”
`number is not available among the various IP enabled
`devices; instead, these devices utilize diverse and complex
`addresses. Additionally, determining the identity of the call
`ing party (e.g., caller ID) is an important function. Further, IP
`networks are vulnerable to a variety of security threats, which
`are non-existent in circuit-switched telephony networks.
`Based on the foregoing, there is a clear need for an
`approach that facilitates securely bridging of the IP islands,
`
`50
`
`55
`
`60
`
`65
`
`2
`thereby enabling greater deployment of IP telephony. There is
`also a need for a mechanism to ensure compatibility and
`coordination of IP telephony services among service provid
`ers. There is a further need for an approach to exploit the full
`capabilities of Internet telephony technologies.
`
`SUMMARY OF THE INVENTION
`
`These and other needs are addressed by the present inven
`tion, in which an approach for performing network based
`packetized Voice call processing is provided.
`According to one aspect of the present invention, a method
`for providing packetized communication services is dis
`closed. The method includes receiving a request specifying a
`directory number for establishing a communication session
`from a first endpoint to a second endpoint, wherein the first
`endpoint is behind a first network address translator of a first
`domain, and the second endpoint is within a second domain.
`The method also includes communicating with a service pro
`vider network to determine a network address for communi
`cating with the second endpoint based on the directory num
`ber, to determine existence of a second network address
`translator within the second domain, and to establish, if the
`network address can be determined, a media path between the
`first endpoint and the second endpoint based on the network
`address to Support the communication session. Further, the
`method includes establishing an encrypted session with a
`proxy server according to a cryptographic protocol to Support
`the media path, the proxy server residing within the second
`domain.
`According to another aspect of the present invention, a
`network apparatus for Supporting managed communication
`services is disclosed. The apparatus includes a first commu
`nication interface configured to receive a request specifying a
`directory number for establishing a communication session
`from a first endpoint to a second endpoint, wherein the first
`endpoint is behind a first network address translator of a first
`domain, and the second endpoint is within a second domain.
`Additionally, the apparatus includes a second communication
`interface configured to communicate with a service provider
`network to determine a network address for communicating
`with the second endpoint based on the directory number, to
`determine existence of a second network address translator
`within the second domain, and to establish, if the network
`address can be determined, a media path between the first
`endpoint and the second endpoint based on the network
`address to Support the communication session. Further, the
`apparatus includes a processor configured to establish an
`encrypted session with a proxy server according to a crypto
`graphic protocol to support the media path, the proxy server
`residing within the second domain.
`According to another aspect of the present invention, a
`system for providing managed communication services is
`disclosed. The system includes an address server configured
`to receive a request for a network address for communicating
`with a destination endpoint based on a directory number,
`wherein the directory number is specified in a call establish
`ment request to establish a communication session from a
`source endpoint behind a first network address translator of a
`first domain, and the destination endpoint is within a second
`domain. The system also includes a STUN (Simple Traversal
`of UDP (User Datagram Protocol)) server configured to sup
`port determination of existence of a second network address
`translator within the second domain. Additionally, the system
`includes a TURN (Traversal Using Relay NAT (Network
`Address Translation)) server configured to establish, if the
`network address can be determined, a media path between the
`
`Page 26 of 44
`
`

`

`3
`Source endpoint and the destination endpoint based on the
`network address to support the communication session. The
`media path includes an encrypted session between a first
`proxy server residing within the first domain and a second
`proxy server residing within the second domain.
`According to yet another aspect of the present invention, a
`method for providing packetized communication services is
`disclosed. The method includes transmitting a request to a
`near-end proxy server for establishing a communication ses
`sion with a destination endpoint, wherein the request is trans
`mitted through a first network address translator of a first
`domain, and the destination endpoint is within a second
`domain. The near-end proxy server is configured communi
`cate with a service provider network to determine a network
`address for communicating with the second endpoint based
`on the directory number, to determine existence of a second
`network address translator within the second domain, and to
`establish, if the network address can be determined, a media
`path with the destination endpoint based on the network
`address to Support the communication session. Further, the
`method includes establishing an encrypted session with the
`near-end proxy server according to a cryptographic protocol
`to Support the media path.
`Still other aspects, features, and advantages of the present
`invention are readily apparent from the following detailed
`description, simply by illustrating a number of particular
`embodiments and implementations, including the best mode
`contemplated for carrying out the present invention. The
`present invention is also capable of other and different
`embodiments, and its several details can be modified in vari
`ous obvious respects, all without departing from the spirit and
`Scope of the present invention. Accordingly, the drawings and
`description are to be regarded as illustrative in nature, and not
`as restrictive.
`
`10
`
`15
`
`25
`
`30
`
`35
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`US 8,184,641 B2
`
`4
`FIGS. 8A and 8B are diagrams of exemplary multimodal
`wireless and wired devices, according to various embodi
`ments of the present invention;
`FIG. 9 is a diagram of a process for authentication and
`registration of a multimodal device in a data network, accord
`ing to one embodiment of the present invention;
`FIG. 10 is a diagram of a process for establishing a call
`from a multimodal device to the PSTN, according to one
`embodiment of the present invention;
`FIG. 11 is a diagram of a process for establishing a call to
`a multimodal device from the PSTN, according to one
`embodiment of the present invention;
`FIG. 12 is a diagram of a process for cellular-to-IP mode
`switching during a call supported by the PSTN, according to
`one embodiment of the present invention;
`FIG. 13 is a diagram of a process for IP-to-cellular mode
`switching during a call supported by the PSTN, according to
`one embodiment of the present invention;
`FIG. 14 is a diagram of a process for call establishment by
`a multimodal device operating in cellular mode, according to
`one embodiment of the present invention;
`FIG. 15 is a diagram of a process for cellular-to-IP mode
`Switching mid-call, according to one embodiment of the
`present invention;
`FIG. 16 is a diagram of an Operational Support System
`(OSS) architecture, according to one embodiment of the
`present invention;
`FIG. 17 is a diagram of a financial system for supporting IP
`Interconnect service, according to one embodiment of the
`present invention;
`FIG. 18 is a diagram of a service assurance infrastructure
`components capable of Supporting the Interconnect services,
`in accordance with an embodiment of the present invention;
`and
`FIG. 19 is a diagram of a computer system that can be used
`to implement various embodiments of the present invention.
`
`The present invention is illustrated by way of example, and
`not by way of limitation, in the figures of the accompanying
`drawings and in which like reference numerals refer to similar
`elements and in which:
`FIG. 1 is a functional diagram of a communication system
`for Supporting interconnectivity of disparate packetized Voice
`networks, according to one embodiment of the present inven
`tion;
`FIGS. 2A-2E are diagrams of a communication system and
`associated processes for providing interdomain traversal by
`utilizing secure proxy servers, according to one embodiment
`of the present invention;
`FIG. 3 is a diagram of an exemplary architecture for Sup
`porting ENUM (Electronic Number) services in the system of
`FIG. 1, according to one embodiment of the present inven
`tion;
`FIG. 4 is a diagram of an exemplary Session Initiation
`Protocol (SIP)-to-SIP call flow, according to an embodiment
`of the present invention;
`FIG. 5 is a diagram of an exemplary SIP-to-PSTN (Public
`Switched Telephone Network) call flow, according to an
`embodiment of the present invention;
`FIG. 6 is a diagram of anarchitecture utilizing a centralized
`data store Supporting communication among remote end
`points, according to an embodiment of the present invention;
`FIG. 7 is a diagram of a wireless communication system for
`providing application mobility, according to one embodiment
`of the present invention;
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`DESCRIPTION OF THE PREFERRED
`EMBODIMENT
`
`An apparatus, method, and Software for providing interdo
`main traversal to Support secure packetized Voice transmis
`sions are described. In the following description, for the pur
`poses of explanation, numerous specific details are set forthin
`order to provide a thorough understanding of the present
`invention. It is apparent, however, to one skilled in the art that
`the present invention may be practiced without these specific
`details or with an equivalent arrangement. In other instances,
`well-known structures and devices are shown in block dia
`gram form in order to avoid unnecessarily obscuring the
`present invention.
`Although the various embodiments of the present inven
`tion are described with respect to the Internet Protocol (IP)
`based Voice sessions, it is contemplated that these embodi
`ments have applicability to other communication protocols.
`FIG. 1 is a functional diagram of a communication system
`for Supporting interconnectivity of disparate packetized Voice
`networks, according to one embodiment of the present inven
`tion. An IP interconnect system 100 defines an architecture
`for a “bridging service (IP interconnect (IP-IC)), for
`example, to enterprises and service providers for enabling
`Internet Protocol (IP) telephony communications among
`these enterprises. The term “IP interconnect as used herein is
`a mechanism that facilitates IP calling by discovering IP users
`within a registry 101 maintained, for example, by a service
`provider. The registry is used to determine how IP calls are
`
`Page 27 of 44
`
`

`

`US 8,184,641 B2
`
`10
`
`25
`
`30
`
`40
`
`5
`routed over the Internet, or where no Internet or alternate IP
`paths are available, to the PSTN or mobile phones.
`It is recognized that development of new Internet technolo
`gies has enabled creation of new communication services. As
`a result, strictly traditional communication services over the
`Public Switched Telephone Network (PSTN) are becoming
`less attractive economically and functionally. Coincident
`with greater accessibility to the “constellation of IP end
`points (e.g., VoIP/IM users across enterprise, carrier/ISP and
`wireless networks), it is recognized that new features for
`enhancing the IP calling experience can be developed. In
`various embodiments, the term “endpoint represents a node,
`station, or application that can receive and/or initiate a com
`munication session.
`15
`The approach, according to an embodiment of the present
`invention, provides seamless Internet interconnect between
`enterprise IP islands, and management of the routing and
`services offered between such islands. Also, the approach
`supports traffic between IP enabled Private Branch Exchange
`(PBX) systems and endpoints (e.g., Session Initiation Proto
`col (SIP) clients) over the global Internet and IP islands of
`other service providers—e.g., cable operators, Internet Ser
`vice Providers (ISPs), Virtual VoIP service providers, etc.
`The IP interconnect service system 100, according to one
`embodiment of the present invention, encompasses the fol
`lowing functional components: a discovery component 103.
`an identity component 105, a signaling conversion compo
`nent 107, and a Network Address Translation (NAT)/Firewall
`traversal component 109. As use