Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2003-02-11
2003-10-14
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S161000, C713S165000, C713S168000
Reexamination Certificate
active
06633985
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to videoconferencing, and more particularly to videoconferencing across networks separated by a firewall.
2. Description of Related Art
Security is a major concern for people and companies using the Internet. Security systems that prevent unauthorized people from entering an Internet site and causing damage are constantly being developed, implemented, and, inevitably, circumvented.
Developing security measures is a complicated and tricky business because Internet security systems must be secure enough to keep out trespassers while at the same time allowing legitimate users easy access. Since high security systems require more checks and verification than do lower security systems, it is typically more difficult to use a system with security features than one without security features. Additionally, highly secured systems are more limiting than unsecured systems because these systems restrict the types of activities allowed in order to increase the security.
Typically, firewalls are used by companies to protect their intranet from outside intruders because the firewalls provide a reasonable level of security while, at the same time, not being too difficult and limiting to use. Firewalls are widely used by companies to give employees access to the Internet in a secure fashion as well as to separate a company's public Web server from its internal network. Typically, the firewall is placed between a company's intranet servers and internal computing resources and its publicly accessible websites, as illustrated in FIG.
1
.
FIG. 1
shows an intranet
130
having internal computers
150
and an intranet server
180
separated by a conventional firewall
120
from a public Internet
140
having external computers
160
and a web server
170
. In order to increase security, the conventional firewall
120
limits the type of access allowed to users. For example, the conventional firewall
120
allows certain types of IP packets to pass through while limiting other types of IP packets.
Restrictions imposed by the conventional firewall
120
may limit users so that they cannot access all parts of the Internet
140
and therefore make full use of the Internet
140
. For example, some videoconferences cannot be setup across the conventional firewall
120
because conventional firewalls are designed to only work with very specific protocols which are not compatible with newer videoconferencing techniques. Further, newer videoconferencing techniques using an H.323 protocol, which is an ITU standard for real time, interactive voice and videoconferencing over Local Area Networks (LANs) and the Internet, may not be recognized by the conventional firewall
120
and, consequently, not allowed through the convention firewall
120
. Alternatively, some conventional firewalls
120
do support H.323, but typically drop packets and have low throughput because these conventional firewalls
120
do not distinguish priority requirements of voice and video data. These conventional firewalls
120
also are not designed to handle loads for real-time voice and video traffic.
Although a limitation of only permitting H.320 protocols in videoconferencing achieves design goals of enhancing a firewall's security, the limitation also restricts an intranet user's access to the Internet
140
. If the firewall implementation includes network address translation using the H.323 protocol for videoconferencing, the implementation cannot penetrate the conventional firewall
120
. For example, having the destination party's address embedded in the IP packet makes it impossible to decode with the H.323 protocol used by the conventional firewall
120
.
Since many videoconferencing techniques use the H.323 protocol, conducting videoconferences has become very difficult for users that have the conventional firewall
120
. This difficulty has resulted in slowing the growth of the videoconferencing market. Therefore, a system and method is needed for videoconferencing across networks separated by the conventional firewall
120
, while preserving all security features provided by the conventional firewall
120
.
SUMMARY OF THE INVENTION
In order to provide a system for videoconferencing across a conventional firewall, a multimedia firewall adapter may be used to supplement the conventional firewall or may be integrated into the conventional firewall forming a new firewall that functions as a stand-alone unit.
The multimedia firewall adapter may supplement the conventional firewall by running in parallel with the conventional firewall so that signals addressed to videoconferencing systems are routed to the multimedia firewall adapter instead of to the conventional firewall. In one embodiment, the multimedia firewall adapter attempts to decompose and authenticate incoming signals according to an H.323 protocol. Alternatively, other protocols may be used or contemplated for use in the present invention. If the incoming decomposed signal is authenticated to contain videoconferencing data, such as video, audio, T.120, or configuration data, then the multimedia firewall adapter negotiates and establishes a connection across the multimedia firewall adapter between a caller and a call recipient, and allows the videoconferencing data to go through, thus circumventing the conventional firewall. If, on the other hand, the incoming signal is not authenticated to contain videoconferencing data, then the multimedia firewall adapter does not pass the incoming signal. In addition, signals which are blocked from passing through the multimedia firewall adapter are presumed to be non-video/audio signals, and are subsequently routed to the conventional firewall, which analyzes the signals to determine if Internet Protocol (IP) data packets comprising the signals are authorized to pass through. If the IP packets are unauthorized, then they are rejected by the conventional firewall. Conversely, authorized IP packets are allowed to pass through the conventional firewall.
REFERENCES:
patent: 6304967 (2001-10-01), Braddy
patent: 6321267 (2001-11-01), Donaldson
patent: 6324648 (2001-11-01), Grantges, Jr.
Peeso Thomas R.
Polycom, Inc.
Wong, Cabello, Lutsch, Rutherford & Brucculeri L.L.P.
LandOfFree
System and method for videoconferencing across networks... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for videoconferencing across networks..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for videoconferencing across networks... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3130285