(12)
`
`United States Patent
`Jang et al.
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 6,980,526 B2
`Dec. 27, 2005
`
`USOO6980526B2
`
`(54) MULTIPLE SUBSCRIBER
`VIDEOCONFERENCING SYSTEM
`(75) Inventors: Saqib Jang, Woodside, CA (US); Mark
`Kent, Los Altos Hills, CA (US)
`(73) Assignee: Margalla Communications, Inc.,
`Woodside, CA (US)
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 917 days.
`(21) Appl. No.: 09/819,548
`(22) Filed:
`Mar. 26, 2001
`
`(*) Notice:
`
`(65)
`
`Prior Publication Data
`US 2001/0043,571 A1
`Nov. 22, 2001
`
`7
`
`24 - 12
`
`IllC C al. . . . . . . . . . . . . . . . .
`
`6,147,988 A 11/2000 Bartholomew et al.
`6,157,401. A 12/2000 Wiryaman
`6,188,687 B1
`2/2001 Mussman et al. ........... 370/388
`3. R : 32: s s al
`370/260
`6,373,850 B1 * 4/2002 Lecourtier et al. .......... 370/409
`OTHER PUBLICATIONS
`“Next Generation IP Conferencing Services' Ridgeway
`Systems & Software white paper, 1999.
`James Toga and Hani ElGebaly, “Demystifying Multimedia
`Conferencing Over the Internet Using the H.323 Set of
`Standards,” Intel Technology Journal O2 '98, pp. 1-11.
`www.teleconferencemag.com/html/issues/issues2000/
`dec 2000/1200 view.html, Dec. 2000.
`www.teleconferencemag.com/html/issues/issues2000/
`dec 2000/1200 view.html, Nov. 2000.
`www.teleconferencemag.com/html/issues/issues2000/
`dec 2000/1200 view.html, Oct. 2000.
`(Continued)
`Primary Examiner-Phirin Sam
`(74) Attorney, Agent, or Firm-Alleman Hall McCoy
`Russell & Tuttle LLP
`(57)
`ABSTRACT
`
`Related U.S. Application Data
`(60) Provisional application No. 60/191,819, filed on Mar.
`24, 2000.
`(51) Int. Cl." ............................................... H04L 12/16
`(52) U.S. CI.
`370/260; 370/352; 370/401
`(58) Field of Search ................................ 370/260, 261, A System, method, and device for use in Videoconferencing.
`370/262, 264, 265,351,352,353,354, 401,
`The method typically includes installing a videoconferenc
`370/402,494,495
`ing Services Switch at an access point to an IP network, and
`registering a plurality of Subscribers for Videoconferencing
`Services. Each Subscriber typically has a plurality of end
`points. The method further includes receiving Subscriber
`Specific Settings to be applied to multiple videoconferencing
`calls from the plurality of endpoints associated with each
`subscriber. The method further includes storing the Sub
`Scriber-specific Settings at a location accessible to the
`Switch, and configuring the Switch to connect calls from the
`plurality of endpoints at each Subscriber based on the
`corresponding Subscriber-specific Settings.
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`5,838,664 A 11/1998 Polomski
`5,867,494. A 2/1999 Krishnaswamy et al.
`5,867.495 A 2/1999 Elliott et al.
`5,903,302 A *
`5/1999 Browning et al. ....... 348/14.08
`5.999.525 A 12/1999 Krishnaswamy et al.
`5.999,966 A * 12/1999 McDougall et al. ........ 709/204
`6,025,870 A * 2/2000 Hardy ....................... 348/14.1
`6,078,810 A
`6/2000 Olds et al. .................. 455/428
`6,097,719 A 8/2000 Benash et al.
`
`26 Claims, 10 Drawing Sheets
`
`
`
`EOCONFERENCNG
`SERVICESSWITCH
`
`EDGE
`ROUTER
`
`CORE
`ROUTER
`
`22
`
`ACCESSPON18
`
`TERMINAL
`
`18
`Ya
`
`18
`Ya
`
`34a
`40
`as
`ENTERPRISE EULATOR
`34 WO GATEWAY (ENCRPONEERs
`34
`36
`\a ROUTER
`TERMINAL
`ENTERPRISE Elor 38
`WDEO
`ERMINAL F. air at ENTERPRISE
`ROUTER
`\
`34.
`MULTIPLEENTERPRISE SUBSCRIBERNETWORKS 18 / INTERNET
`11
`BACKBONE
`
`20
`
`SERVICE PROVIDERNETWORK14
`134
`a
`
`140
`
`EMULATOR
`NCRYPTION
`
`136
`NTERPRISE
`VIDEO-134
`GATEWAY
`
`TERMINAL
`
`ERNA
`
`118
`/
`
`144
`
`-140
`
`138
`
`1
`
`112 142
`WIDEOCONFERENCING
`SERVICESSWITCH
`
`32
`
`42
`
`CORE
`WOCESWITCH
`OUTER CFF)SWITCH ROUTER
`23
`2
`1241
`-130
`12
`
`
`
`ACCESSPON118
`
`SERVICE PROVIDERNETWORK114
`
`ENERPRISE
`ROR
`
`EMULATORENFE
`
`ENCRYPTION
`
`GATEWAY
`
`3
`ENTERPRISE
`134
`cur 144
`MULTIPLEENTERPRISE SUBSCRIBERNETWORKS 118
`
`TERMINAL
`
`TERMINA.
`
`118
`1/
`
`w 111
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 – 001
`
`

`

`US 6,980,526 B2
`Page 2
`
`OTHER PUBLICATIONS
`www.q...A.,720,00.html?printVersion=1&XmlFilename=2000
`May 11274
`&storyId=27, May 2000.
`biz.yahoo.com/prnews/010207/ca interna.html.
`“Multiprotocol Label Switching Architecture,” ftp.lisi.edu/
`in-notes/rfc3031.txt, Jan. 2001.
`“BGP/MPLS VPNs," ftp.lisi.edu/in-notes/rfc2547.txt, Jan.
`2001.
`“Firewall Vulnerability and Network Protection for Stream
`ing and Emerging UDP Applications,” Networking Systems
`Laboratory NEC USA, Inc., Aug. 2000.
`
`“High Performance H.323 Firewalling for VoIP Solutions,”
`AravOX Technologies.
`“IP Service Intelligence at the Edge,” Copper Mountain
`Networks, Inc. and Spring Tide Networks, Inc.
`“IP and Frame Relay: Bridging the Gap for Seamless and
`Secure Virtual Private Networking,” CoSine Communica
`tions white paper.
`“H.323 and Firewalls: Problem Statement and Solution
`Framework,” ftp.yars.free.net/pub/doc/Drafts/draft-shore
`h323-firewalls-00.txt.gz, Feb. 3, 2000.
`“H.323 and Firewalls: The problems and pitfalls of getting
`H.323 safely through firewalls,” Intel Corporation, Revision
`2.0, Mar. 21, 2001.
`* cited by examiner
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 – 002
`
`

`

`U.S. Patent
`
`Dec. 27, 2005
`
`Sheet 1 of 10
`
`US 6,980,526 B2
`
`
`
`
`
`
`Lb,BFFSRIONBNWaaIHOSANS3S!YaeSLNASTALLL‘OiFITWHOMLANHSCINOHdSOMES
`of[saraeaeona]
`
`
`8aAWNIWYALqsiudlsingaLYOLVINWSgelHOLIMSSAOIANAS
`zz‘O¢0zfoment~9zSOLVING
`YaLNOY|HOLIMSNaA|YANOvc
`
`
`relfaTrrlwainowTTLNIOdSS300V
`SOIANAS~—gz
`
`
`
`BOIOA39044aLNOW0ASIUdMALNS309HOLIMS“WNIWMAL
`
`
`TWNINMALFSIMAYSLNS
`TWNINSALAsidualNa
`ONIONSMSANOQOAIATWNIWYSL|8b
`
`
`
`v(tOblppt¥BLNOYHOLIMSNeAYaLNOY
`
`DPMHOMLANYSCIAOUd
`3C)NOILdANONa|=AVMALVO
`
`OELNIOduaINOYSSa00¥
`
`
`NOLLGAHONACaO3AIA yOLYInNST|ozol”yeZZi
`
`AVMALVYS|
`SOLOpONIONSYS4NODOZAIA
`AVMALVD—|NOLLGAYONSCO)
`
`
`(a_~2ceCulay
`
`
`YaLNOY3903HOLINGSOIOA5Y00
`ALa¥rOre~,
`ASMCHALNSWNIWMAL
`()veaN
`
`BeASIedHaLNATWNIWual|@L
`
`
`
`
`GTSMHOMLANYASMOSENSASINGHALNAFTdLLIAWgol
`
`
`
`
`HOLIMSSSOIANAS
`
`ge
`
`él
`
`Bre
`
`Brel
`
`PelOAdlA
`
`
`
`ETanoayova
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 — 003
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 – 003
`
`
`
`
`
`

`

`U.S. Patent
`
`Dec. 27, 2005
`
`Sheet 2 of 10
`
`US 6,980,526 B2
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 – 004
`
`

`

`U.S. Patent
`
`Dec. 27, 2005
`
`Sheet 3 of 10
`
`US 6,980,526 B2
`
`
`chnoeATINGONSNV1dTONLNOO
`
`soe
`ole
`oze——_BLE\AMOWAINJYOSSIOOUd
`
`AMONAINHOSSIIOUdLSOHSVRINCALN
`
`
`
`
`
`
`HOLIMSSSOIAMASONIONSYASNODOICIA
`
`90¢
`
`ZLe
`
`sng
`
`SLYOdLNdLNOQLE—S1YOdLNdNI
`
`
`
`
`
` pOs‘\TINGOWSNV1dViva
`
`vile
`
`MHOMSN
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 — 005
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 – 005
`
`
`

`

`U.S. Patent
`
`Dec. 27, 2005
`
`Sheet 4 of 10
`
`US 6,980,526 B2
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 – 006
`
`

`

`U.S. Patent
`
`Dec. 27, 2005
`
`Sheet 5 of 10
`
`US 6,980,526 B2
`
`VIDEOCONFERENCING SERVICESSWITCH 12
`
`QUALITY OF SERVICE
`MODULE
`
`420
`
`
`
`
`
`ENGINEERING
`408h-SETTINGS
`
`
`
`
`BANDWDTH
`MANAGEMENT
`408 - SETTINGS
`DFF-SERV
`- SETTINGS
`408
`POWER ATM
`408k-SETTINGS
`
`
`
`VIDEO
`TRANSMISSION
`All-SS
`N SETTINGS
`
`
`
`FROM
`
`SP/H.323 FREWALL
`408m
`SETTINGS
`
`
`
`432
`
`SPH.323
`NAT MODULE-408.
`SETTINGS
`
`434
`ESTION 08
`Ul
`408O
`SETTINGS
`
`VIRTUAL PRIVATE
`NETWORK -408p
`SETTINGS
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`428
`
`430
`
`POLICY ENGINE
`SUBSCRIBER
`SPECIFIC SETTINGS
`
`
`
`438
`
`|
`
`
`
`
`
`
`
`20
`
`408
`
`DATABASE
`
`404
`
`FIG. 4B
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 – 007
`
`

`

`U.S. Patent
`
`Dec. 27, 2005
`
`Sheet 6 of 10
`
`US 6,980,526 B2
`
`
`
`NSTAL. VIDEOCONFERENCNG
`SERVICESSWITCHAT ACCESS POINT TO
`INTERNET PROTOCOL (IP) NETWORK
`
`5OO
`
`REGISTER SUBSCRIBERS FORP
`VIDEOCONFERENCNG SERVICES
`
`RECEIVE SUBSCRIBER-SPECIFIC
`SETTINGS OBE APPLIED TO MULTIPLE
`VIDEOCONFERENCING CALLS
`
`STORE SUBSCRIBER-SPECIFIC SETTINGS
`AT LOCATION ACCESSIBLE TO SWITCH
`
`CONFIGURE SWITCH TO CONNECT
`CALLS BETWEEN SUBSCRIBERS BASED
`ON CORRESPONDING SUBSCRIBER
`SPECIFIC SETTINGS
`
`RECEIVE AND PROCESS CALL
`
`514
`
`(RECEIVE CALLCONNECTION - l M
`REQUEST
`
`1.
`516
`( CONNECT REQUESTED CALL - 1
`USING H.323/SIP PROTOCOL
`- - -
`-
`- - - - - - -
`518
`, - - -
`- - - -
`-
`MONITOR CALL
`- 1
`520
`y
`RECEIVE CALL
`- M
`?
`TERMINATION REQUEST
`1.
`- - - - -
`- -
`- - - -
`522
`y
`- -
`- -
`- - -
`/
`LOG CALL RECORD
`H- 1
`
`um am am am -m-, m- m a
`
`rea 1.
`
`F.G. 5
`
`-
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 – 008
`
`

`

`U.S. Patent
`
`Dec. 27, 2005
`
`Sheet 7 of 10
`
`US 6,980,526 B2
`
`
`
`CREATE IPSEC TUNNE
`BETWEENSWITCH AND
`ENTERPRISE VIDEO GATEWAY
`
`-
`
`-
`
`CONFIGURE VIRTUAL ROUTER (VR)
`
`?
`
`CREATE WRWTHIN
`SWITCH FOR SUBSRBER
`- - - - - - - - -1.
`
`-
`
`?
`
`CONFIGURE ROUTING
`SERVICES FOR SUBSCRIBER
`
`CONFIGURE H.323
`GATEKEEPER AND/OR
`SIP PROXY FOR SUBSCRIBER
`
`-
`
`CONFIGURE SECURITY MODULE
`
`CONFIGURE OUALITY
`OF SERVICE MODULE
`
`CONFIGURE USER-SPECIFIC
`AND SUBSCRIBER-SPECIFIC
`SETTINGS ON POLICY ENGINE
`
`FIG. 6
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 – 009
`
`

`

`U.S. Patent
`
`Dec. 27, 2005
`
`Sheet 8 of 10
`
`US 6,980,526 B2
`
`616
`
`618
`
`702
`
`704
`
`708
`
`802
`
`804
`
`806
`
`808
`
`810
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`CONFIGURE H.323/SESSION INITIATION
`PROTOCOL (SIP) FIREWALL
`
`CONFIGURE H.323/SPNETWORK
`ADDRESSTRANSLATION (NAT) MODULE
`
`CONFIGURE ENCRYPTION MODULE
`
`CONFIGURE VIRTUAL PRIVATE
`NETWORK (VPN) MODULE
`
`FIG. 7
`
`CONFIGURE MULTIPROTOCOLLABEL
`SWITCHING (MPLS) TRAFFIC
`ENGINEERING (TE) MODULE
`
`CONFIGURE BANDWDTH
`MANAGEMENT MODULE
`
`CONFIGURE OFFERENTATED
`SERVICES (DIFF-SERV) MODULE
`
`CONFIGURE POVER ASYNCHRONOUS
`TRANSFERMODE (ATM) MODULE
`
`CONFIGURE WIDEO
`TRANSMISSION ANALYSIS MODULE
`
`FIG. 8
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 – 010
`
`

`

`U.S. Patent
`
`Dec. 27, 2005
`
`Sheet 9 of 10
`
`US 6,980,526 B2
`
`902
`
`904
`
`906
`
`908
`
`910
`
`912
`
`914
`
`916
`
`918
`
`SET ACCESS PRIVILEGES
`
`SET INBOUND/OUTBOUND
`CALLING PRIVLEGES
`
`SET TIME OF DAY PRIVILEGES
`
`SET MAXIMUM WIDEO
`QUALITY PRIVILEGES
`
`
`
`SET 2-WAY SUPPORT PRIVILEGES
`
`SETAUDIO ONLY RESTRICTIONS
`
`SET ENCRYPTION REQUIREMENTS
`
`
`
`
`
`
`
`
`
`
`
`SET PRIORITY PRIVILEGES
`
`SET CALL SCREENING
`
`FIG. 9
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 – 011
`
`

`

`U.S. Patent
`U.S. Patent
`
`
`
`Dec. 27, 2005
`
`Sheet 10 of 10
`
`€¢eH AVMALVS
`TIVMadIsAXOX'ddlISTIVMadls/aeaddsayalvy9
`
`
`
`
`
`OACIAASIddyaLNa
`
`
`
`NOILdAYONA/NOILVOILNSAHLNVOS5SdlI
`
`US 6,980,526 B2
`US 6,980,526 B2
`
`OlSls
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 — 012
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 – 012
`
`

`

`US 6,980,526 B2
`
`1
`MULTIPLE SUBSCRIBER
`VIDEOCONFERENCING SYSTEM
`
`CROSS REFERENCE TO RELATED
`APPLICATIONS
`
`This application claims priority under 35 U.S.C. S 119(e)
`to U.S. Provisional Patent Application No. 60/191,819
`entitled “System and Method for Security and Management
`of Streaming Data Communications on a Computer Network
`System,” filed Mar. 24, 2000, the disclosure of which is
`herein incorporated by reference.
`
`TECHNICAL FIELD
`
`15
`
`The present invention relates generally to Videoconfer
`encing, and more particularly to a System, method, and
`device for implementing a multiple Subscriber Videoconfer
`encing service for use on Internet Protocol (IP) networks.
`
`BACKGROUND OF THE INVENTION
`
`Videoconferencing provides a convenient way for users in
`distant locations to participate in a face-to-face meeting,
`without having to spend time and money traveling to a
`central meeting site. Many prior Videoconferencing Systems
`have been based on circuit Switched Integrated Services
`Digital Networks (ISDN) standards. ISDN lines typically
`offer guaranteed quality of Service, with Specialized lines
`having high transmission rates. This enables high-quality
`Video and audio signals to be delivered to the conferencing
`participants. However, ISDN videoconferencing is
`extremely expensive, because ISDN lines are costly to
`install and lease, and because Specialized hardware is
`required at the Sites of the users. Because of this expense,
`ISDN videoconferencing systems are typically offered in a
`Specialized Videoconferencing room, rather than at each
`desktop computer of each employee in an enterprise. In
`addition, ISDN can be complicated to set up, and unreliable.
`ISDN calls on average take more than 10 minutes to Set-up,
`and greater than 10% of calls are dropped without being
`completed.
`Recently, another approach to Videoconferencing has
`emerged for use on packet-switched Internet Protocol (IP)
`networks, using the H.323 and Session Initiation Protocol
`(SIP) standards. H.323 is a standard approved by the Inter
`national Telecommunication Union (ITU) in 1996 to pro
`mote compatibility in Videoconference transmissions over IP
`networks. SIP is a proposed Internet Engineering Task Force
`(IETF) standard for multimedia communication over IP
`networks.
`Videoconferencing over IP networks has a number of
`fundamental problems, including Security, bandwidth utili
`Zation, quality of Service, and deployment and management.
`Regarding security, H.323 and SIP are difficult to implement
`with current firewalls. The difficulty lies in the fact that
`H.323 and SIP are complex protocols and use multiple
`dynamically allocated ports for each call. Because of the
`heavy use of dynamically allocated ports, it is not possible
`to preconfigure firewalls to allow SIP- or H.323-signaled
`traffic without opening up large numbers of holes in the
`firewall. This represents a more lax firewall policy than
`would be acceptable at most enterprises. In addition, SIP or
`H.323 video endpoints behind a firewall typically cannot
`receive calls from external parties due to firewall policies in
`place at most enterprises.
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`Many enterprises also deploy Network Address Transla
`tion (NAT) devices, often implemented as part of a firewall
`application, to connect the enterprise network having private
`IP unregistered addresses to a public IP network with
`globally unique registered addresses. NAT is generally used
`for two purposes: 1) as a mechanism to work around the
`problem of IPv4 address space depletion, and 2) for security
`purposes (to hide internal IP addressing policy from outside
`entities. A NAT device rewrites IP headers as packets pass
`through the device. The NAT device maintains a table of
`mappings between IP addresses and port numbers. The
`problem with sending H.323 and SIP traffic through a NAT
`device is that these protocols make heavy use of embedded
`IP addresses, while normal data traffic contain IP address in
`the header of each packet. While configuring a NAT to
`rewrite packet headers to change addresses is relatively
`straightforward, it is very difficult to configure a NAT to
`translate addresses that are embedded in H.323 and SIP
`traffic, because the location of these address in these data
`Stream is difficult to calculate.
`Regarding bandwidth utilization, in order to achieve a
`quality Sufficient for busineSS Videoconferencing, a mini
`mum of 384. Kbps bandwidth is generally required per
`Videoconferencing participant. Multiple users Simulta
`neously engaged in Videoconferencing applications may use
`up available bandwidth on a local area network (LAN),
`Slowing down other critical network operations. Current
`Systems do not allow a network administrator to control
`easily the bandwidth usage of multiple network users.
`Therefore, network administrators are reluctant to deploy
`Videoconferencing Systems.
`Regarding quality of service, typical IP networks do not
`provide guaranteed transmission Speeds for Videoconferenc
`ing data. Videoconferencing data generally is indistinguish
`able from other data on IP networks, such as email and web
`page data. Data on IP networks may be delayed due to
`network congestion. While Small delays are generally not a
`problem for less time Sensitive data Such as email, it can
`Severely affect picture and audio quality for Videoconference
`participants.
`The above discussed issues lead to another problem with
`current Videoconferencing Systems, namely, that enterprises
`cannot easily outsource Videoconferencing Services to out
`Side Service providers. Currently, Service providers are not
`able to cost-effectively provide videoconferencing Services
`to a large number of Subscribers, because Specialized equip
`ment must be deployed or existing equipment must be
`upgraded at every Subscriber Site. This results in an expen
`Sive up-front capital investment as well as Significant opera
`tional expenses for the Service provider. Up-front equipment
`installations take time at each Subscriber, resulting in a slow
`deployment of the videoconferencing capabilities to Sub
`Scribers. In addition, the high up-front costs result in
`decreased Service provider profit margins. It is difficult to
`grow Such a Service because each Subscriber adds to an
`incremental growth in the capital equipment pool because
`these resources are not shared.
`Because of the cost and reliability issues with ISDN, and
`because of the Security, bandwidth utilization, quality of
`Service, and deployment and management issues with H.323
`and SIP, it is difficult for the average enterprise to upgrade
`and customize its network to enable videoconferencing. In
`addition, it is difficult for service providers to cost-effec
`tively provide an outsourced Videoconferencing Service on a
`per-Subscriber basis. Thus there exists a need for a video
`conferencing System, method, and device for delivering
`Secure, high-quality Videoconferencing Services over an IP
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 – 013
`
`

`

`US 6,980,526 B2
`
`3
`network to multiple enterprise Subscribers in a manner that
`does not require expensive upgrading and customization of
`the enterprise network.
`
`SUMMARY OF THE INVENTION
`
`A System, method, and device for use in Videoconferenc
`ing are provided. The method typically includes installing a
`Videoconferencing Switch at an access point to an IP net
`work, and registering a plurality of Subscribers for Video
`conferencing Services. Each Subscriber typically has a plu
`rality of endpoints. The method further includes receiving
`Subscriber-specific Settings to be applied to multiple video
`conferencing calls from the plurality of endpoints associated
`with each subscriber. The method further includes storing
`the Subscriber-specific Settings at a location accessible to the
`Switch, and configuring the Switch to connect calls from the
`plurality of endpoints at each Subscriber based on the
`corresponding Subscriber-specific Settings.
`According to another embodiment of the invention, the
`method may include installing a Video Services Switch on a
`Service provider network at an acceSS point configured to
`enable multiple enterprise Subscribers to access a global
`packet-Switched computer network to exchange data,
`including videoconferencing data and non-Videoconferenc
`ing data. The Video Services Switch is typically configured to
`proceSS Videoconferencing data from multiple enterprise
`Subscribers. The method further includes, at the video ser
`vices Switch, receiving a request for a Videoconferencing
`call from an origination endpoint of one of the multiple
`enterprise Subscribers, and connecting the Videoconferenc
`ing call to a destination endpoint, the videoconferencing call
`having associated Videoconferencing data. The method may
`further include Securing the Videoconferencing call based on
`Subscriber-specific Security Settings.
`The device typically includes a control plane module
`configured to receive Subscriber-specific videoconferencing
`call Settings for each of a plurality of Video Services Sub
`Scribers, the Videoconferencing call Settings being for mul
`tiple calls placed from each Video Services Subscriber, and a
`data plane module configured to receive Videoconferencing
`data Streams from multiple Subscribers and manage these
`Videoconferencing data Streams according to the Subscriber
`Specific Videoconferencing call Settings for each Subscriber.
`The System typically includes a Service provider network
`configured to enable users of multiple enterprise Subscriber
`networks to transfer data via a global computer network, the
`Service provider network having an access point. The System
`also includes a videoconferencing Services Switch located on
`the access point of the service provider network. The vid
`eoconferencing Services Switch is configured to proceSS
`Videoconferencing calls from terminals on each of the
`multiple Subscriber networks, based on Subscriber-specific
`Settings.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a Schematic view of a Videoconferencing System
`according to one embodiment of the present invention.
`FIG. 2 is a Schematic view of a Videoconferencing System
`according to another embodiment of the present invention.
`FIG. 3 is a Schematic representation of a hardware con
`figuration of a videoconferencing Switch of FIG. 1.
`FIG. 4A is a Software architecture of the videoconferenc
`ing system of FIG. 1.
`FIG. 4B is a continuation of the Software architecture of
`FIG. 4A.
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`FIG. 5 is a flowchart of a videoconferencing method
`according to one embodiment of the present invention.
`FIG. 6 is a flowchart of one exemplary method for
`accomplishing the Step of configuring the Switch of the
`method of FIG. 5.
`FIG. 7 is a flowchart of one exemplary method for
`accomplishing the Step of configuring the Security module of
`the method of FIG. 6.
`FIG. 8 is a flowchart of one exemplary method for
`accomplishing the Step of configuring the quality of Service
`module of the method of FIG. 6.
`FIG. 9 is a flowchart of one exemplary method for
`accomplishing the Step of configuring the user-specific and
`subscriber-specific settings of the method of FIG. 6.
`FIG. 10 is a schematic view of an enterprise video
`gateway of FIG. 1.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`Referring initially to FIG. 1, a Videoconferencing System
`according to one embodiment of the present invention is
`shown generally at 10. System 10 typically includes a
`videoconferencing services switch (VSS) 12 positioned on a
`Service provider network 14 at an access point 16, typically
`a point of presence (POP). Switch 12 is configured to
`register multiple enterprise subscriber networks 18 for vid
`eoconferencing Services, receive Subscriber-specific Settings
`for each Subscriber 18 related to Security and management of
`the videoconferencing calls from that Subscriber, and pro
`ceSS Videoconferencing calls from each Subscriber based on
`the associated Subscriber-specific settings.
`Service provider network 14 typically includes a packet
`switched Internet Protocol (IP) network through which
`multiple enterprise Subscriber networkS 18 may access a
`global IP network 20, such as the Internet 20. Typically, the
`Service provider network 14 includes an access point 16,
`such as a POP 16. The POP has a unique IP address and/or
`dial-up telephone number that a device on the enterprise
`subscriber network 18 may contact to access network 20.
`POP16 typically includes an edge router 20 and a core
`router 22 configured to route IP traffic into and out of POP
`16. POP16 also includes a plurality of services switches 24,
`including Videoconferencing Services Switch 12, described
`above, Voice Over Internet Protocol (VOIP) services switch
`26, and Virtual Private Network (VPN) services switch 28.
`Upon instruction, edge router 20 is configured to route traffic
`coming into POP 16 to an appropriate services Switch for
`Service-Specific processing, or to core router 22 Via direct
`link 30. Core router 22, in turn, is configured to route traffic
`from either of the services Switches 24, or from direct link
`30 out to the Internet 20. The traffic may be routed across a
`metropolitan area or long-haul backbone, which may be
`leased or owned by the service provider.
`Traffic coming into the POP can be classified into video
`conferencing data and non-Videoconferencing data. Video
`conferencing data typically includes control data and
`Streaming voice and audio data according to the H.323 or
`SIP standards. H.323 refers to International Telecommuni
`cations Union, Telecommunications Sector, Recommenda
`tion H.323 (version 1, published November 1996; version 2,
`published 1998, entitled, “Visual Telephone Systems and
`Equipment for Local Area Networks Which Provide a Non
`guaranteed Quality of Service, the disclosures of which are
`herein incorporated herein by reference. SIP refers to Ses
`sion Initiation Protocol Proposed Standard (RFC 2543),
`Internet Engineering Task Force (IETF) (published March
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 – 014
`
`

`

`15
`
`S
`1999), the disclosure of which is incorporated herein by
`reference. Non-Videoconferencing data includes, for
`example, email, web pages, VOIP traffic, VPN traffic, etc.
`Videoconferencing data is typically routed through POP 16
`Via Videoconferencing Services Switch 12, while non-video
`conferencing data is routed around the Switch.
`Each of enterprise subscriber networks 18 typically
`includes a plurality of terminals 34. Terminals 34, along with
`Video conferencing Service Switch 12 and the various other
`components of system 10, are typically H.323 or SIP com
`pliant. Terminals 34 are typically Videoconferencing devices
`configured to display and record both video and audio.
`Terminals 34 may be desktop computers, laptop computers,
`mainframes and/or WorkStation computers, or other video
`conferencing devices. Terminals 34 may also be described as
`“endpoints' in a videoconferencing call. The terminal 34a
`originating the Videoconferencing call is referred to as an
`origination endpoint 34a, and the other terminals requested
`to join in the call are referred to as destination terminals,
`shown at 34b, 134a, 134b. Terminal 34b is a local Zone
`destination terminal, while terminals 134a, 134b are remote
`Zone destination terminals. Local and remote Zones are
`defined below.
`Each enterprise subscriber network 18 also typically
`includes an enterprise Video gateway 36 and enterprise edge
`router 38. Enterprise edge router 38 is configured to route
`data traffic between terminals 34 and service provider net
`work 14, based on Source and destination IP addresses.
`Enterprise Video gateway 36 typically includes an emu
`lation module 40 which emulates H.323/SIP call control and
`firewall functionality and an encryption module 44. The
`gateway also typically has a globally routable IP address and
`is configured to manage Secure communication between
`terminals 34 and the Videoconferencing Services Switch 12.
`Typically, emulation module 40 appears to terminals 34 as
`H.323 gatekeeper/SIP proxy and H.323/SIP application
`proxy firewall which includes network address translation
`(NAT) capability, which hides internal address from outside
`devices.
`As shown in FIG. 10, enterprise video gateway 36
`includes an encryption module 44. Encryption module 44 is
`typically an IPSecurity (IPSec) authentication and encryp
`tion module 44 configured to encrypt Videoconferencing
`data coming from terminals 34 and Send the encrypted data
`to videoconferencing Switch 12. The IPSec protocols have
`been adopted by the Internet Engineering Task Force, and
`are described in the RFC 2411 entitled “IP Security Docu
`ment Roadmap' (published November 1998), the disclosure
`of which is herein incorporated by reference. By using
`IPSec, a Virtual Private Network (VPN) may be created
`between the gateway 36 and the Switch 12. VPN refers to a
`network that is carried over public networks, but which is
`encrypted to make it Secure from outside access and inter
`ference.
`Videoconferencing data may be carried from terminal 34
`to service provider network 14 via one of two routes. First,
`the videoconferencing data may be routed by edge router 38
`via a direct network connection 42, Such as a T1 connection,
`to the videoconferencing Services Switch 12 of the Service
`provider network 14. In this case, the direct network con
`nection is dedicated to video traffic. Second, firewall 40 may
`be configured to pass encrypted Videoconferencing data
`through the firewall unexamined. Typically, the encrypted
`Videoconferencing data is encrypted by the encryption mod
`65
`ule 44 of the enterprise video gateway 36 using the IPSec
`protocols, discussed above.
`
`45
`
`50
`
`55
`
`60
`
`US 6,980,526 B2
`
`25
`
`35
`
`40
`
`6
`System 10 is divided into local metropolitan Zone 11 and
`remote metropolitan Zone 111 separated by backbone 32.
`Local metropolitan Zone 11 includes all devices that connect
`to POP 16, and remote metropolitan Zone 111 includes all
`devices that connect to POP116. Components within remote
`metropolitan Zone 11 are similar to those in local metropoli
`tan Zone 11 and are numbered correspondingly, and there
`fore will not be redescribed in detail.
`System 10 may be configured to connect a two-party or
`multiparty Videoconference call from an origination termi
`nal 34a to a destination terminal 34b on local Zone 11, and/or
`one or more destination terminals 134a and 134b on remote
`Zone 111. A destination terminal on local Zone 11 may be
`referred to as a local destination terminal, and a destination
`terminal on remote Zone 111 may be referred to as a remote
`destination terminal.
`FIG.2 shows another embodiment of a videoconferencing
`system 210 having a local Zone 211. It will be appreciated
`that a remote Zone of System 2 10 is a mirror image of Zone
`211, similar to that described above for system 10. Local
`Zone 211 includes multiple enterprise Subscriber networks
`218 linked to a Digital Subscriber Line (DSL) service
`provider network 214 via an acceSS point 216, typically
`called a central office.
`Each enterprise subscriber network 218 includes a plu
`rality of terminals 234 which are similar to terminals 34
`described above. Integrated Access Device (IAD) 246 is
`configured to receive traffic from enterprise Subscriber net
`works 218 and forward the traffic to the Digital Subscriber
`Line Access Multiplexor (DSLAM) 248. The DSLAM is
`configured to multiplex the traffic from the IADs and for
`ward it to Asynchronous Transmission Mode (ATM) switch
`250, where the signals are demultiplexed for transmission
`over a long-haul backbone. ATM Switch 250 is configured to
`route videoconferencing data to and from terminals 234 and
`the backbone via Videoconferencing Services Switch 212,
`and non-videoconferencing data via ISP router 252, or
`another Services Switch.
`FIG. 3 shows an exemplary hardware configuration for
`Videoconferencing Services Switch 12. One Switch that may
`be purchased and programmed to implement the present
`invention is the Intel Exchange Architecture (IXA) WAN/
`Access Switch, commercially available from Intel Corpora
`tion, of Santa Clara, Calif. and Radisys Corporation of
`Hillsboro, Oreg.
`Switch 12 typically includes a control plane module 302
`and a data plane module 304. Control plane module 302
`includes a host processor, linked to an input/output network
`interface 308 and a memory 310. Typically, memory 310
`includes RAM and ROM, although another form of memory
`may also be used, Such as flash memory. Alternatively, a
`Storage device Such as a hard drive may also be attached to
`host processor 306. Control plane module 302 is configured
`to receive control data Such as call Set-up information
`through network interface 308, data plane ingress port 318,
`or data plane egreSS port 320. The call Set-up information is
`processed according to H.323 or SIP specifications by host
`processor 306. Typically, the programs and data necessary
`for processing the call are stored in memory 310 and
`implemented by host processor 306. For example, the virtual
`router, call control module, quality of Service module, policy
`engine, and Security module are typically Stored in memory
`310.
`Control plane module 302 is linked to data plane module
`304 via a bus 312. Data plane module 304 includes a
`network processor 314 and memory configured to receive
`and manage transfer of real-time audio and Video data
`
`Zoho Corp. and Zoho Corp. Pvt., Ltd.
`Exhibit 1020 – 015
`
`

`

`US 6,980,526 B2
`
`1O
`
`15
`
`25
`
`35
`
`40
`
`7
`streams from ingress ports 318 to egress ports 320. Data
`plane module 304 typically includes a wire-Speed Switching
`fabric, capable of processing real-time data Streams with
`Virtually no appreciable latency.
`The wire-Speed Switching fabric is configured to enable
`transport of Streaming data traffic