WO2002089415A1 - Procede de communication de donnees audio et video dans un systeme de communication multimedia utilisant le protocole h.323 - Google Patents

Procede de communication de donnees audio et video dans un systeme de communication multimedia utilisant le protocole h.323 Download PDF

Info

Publication number
WO2002089415A1
WO2002089415A1 PCT/KR2001/001648 KR0101648W WO02089415A1 WO 2002089415 A1 WO2002089415 A1 WO 2002089415A1 KR 0101648 W KR0101648 W KR 0101648W WO 02089415 A1 WO02089415 A1 WO 02089415A1
Authority
WO
WIPO (PCT)
Prior art keywords
address
user device
audio
message
port number
Prior art date
Application number
PCT/KR2001/001648
Other languages
English (en)
Inventor
Yoon-Hee Jung
Jong-Baek Park
Original Assignee
N'ser Community Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020010035500A external-priority patent/KR20020083887A/ko
Application filed by N'ser Community Inc. filed Critical N'ser Community Inc.
Publication of WO2002089415A1 publication Critical patent/WO2002089415A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • H04L61/2564NAT traversal for a higher-layer protocol, e.g. for session initiation protocol [SIP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • H04L61/2575NAT traversal using address mapping retrieval, e.g. simple traversal of user datagram protocol through session traversal utilities for NAT [STUN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal
    • H04L61/2578NAT traversal without involvement of the NAT server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1069Session establishment or de-establishment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1101Session protocols
    • H04L65/1106Call signalling protocols; H.323 and related

Definitions

  • the present invention relates to a multimedia communication method, and more particularly, to a multimedia communication method using a firewall.
  • H.32X series refer to multimedia communication over various networks.
  • H.323 is one of recommendations, and it regulates elements, protocols, procedures, etc., necessary for providing audio/video data in real time over packet network including IP-based network.
  • H.323 includes a variety of protocols.
  • H.225 and H.245 are protocols related to call setup and channel setup.
  • G.711, G.722, G.723, G.728 and G.729 that are related to audio codec
  • H.261 and H.263 that are related to video codec.
  • H.225 and H.245 are transmitted over TCP, while video and audio-related data are transmitted over UDP.
  • firewall is one of network elements for protecting inner network, and collectively indicates policies for protecting inner information source from external illegal intrusion and for blocking introduction of harmful information from an outside, and hardware (H/ ) and software (S/W) for supporting these policies.
  • Main function of the firewall is a sole gate operating in combination with external network, and blocks external connection using IP address and port number of a system requesting service every service so as to protect inner network from an outside, or based on user authentication.
  • firewall supervises and records traffic over inner and outer networks connected with each other.
  • a communication network within the firewall is called private data network
  • a communication network outside the firewall is called external network.
  • each of the private user devices in the private data network has to use private address, and use an authorized address so as to communicate with external networks outside the firewall.
  • FIG. 1 shows a conventional multimedia communication environment using an H.323 protocol.
  • first user device 11 is a system or terminal that uses a private address, or may be a system or terminal that uses an authorized address or a private address over which an authorized address is mapped.
  • Second user device 40 is an external device to which the first user device 11 is connected through Internet network, and may be a personal computer (PC), server, and so on.
  • the second user device 40 may be located in the firewall.
  • an H.225 channel, an H.245 channel and a port to which audio and video are transmitted/received should be opened so as to be accessible from an outside so as to use the H.323.
  • the first user device 11 located at a private data network 10 uses a private address
  • an NAT 21 of a firewall 20 functions to change the address of a message that is generated from the user device of the private data network 10 and then transmitted to the outside, into an authorized address.
  • the private address of the private data network 10 uses 191.168.x.x
  • the NAT 21 changes the private address into an authorized address of 203.236.114.x.
  • FIG. 2 is a view depicting that when a subscriber of a user device having a private address in the NAT 21 having the address translation function in the communication network having the structure of FIG. 1 uses H.323 protocol, call setup is not performed.
  • the user device 11 is located in the firewall 20 provided with the NAT 21 having the address translation function, uses a private address of 192.168.51.50, and is mapped over an address of 203.236.114.179 to be transmitted.
  • the first user device 11 creates such a SETUP message shown in FIG. 11A and transmits the created SETUP message to the firewall 20 at the step of 111.
  • the SETUP message as shown in FIGs. 11A and 11B, includes an IP header containing source address and destination address, a TCP header containing source port and destination port for communication, and an H.323 SETUP message containing address and port information for carrying out the H.323 protocol.
  • the SETUP message is transmitted along with a sourceCallSignalAdress field over which the private address of the SETUP message, i.e., 192.168.51.50 and a port (which is arbitrarily allotted among unused ports: it is assumed that the port is 1024 in the present embodiment) to be used for H.225 call setup.
  • the firewall 20 transmits the SETUP message through IP network (Internet network) 30 at the step of 113.
  • the second user device 40 receives the SETUP message from the first user device 11 through the Internet network (IP network) 30 at the step of 113.
  • the second user device 40 can catch from the SETUP message that the address of the first user device 11 is 192.168.51.50 and the first user device 11 uses the port 1024 for the H.225 call setup.
  • the second user device 40 at the step of 115, creates and transmits a CONNECT message having such a structure shown in FIG. 11C to the address and port of the first user device 11 of the field "sourceCallSignalAddress" obtained from the SETUP message transmitted by the first user device 11.
  • the structure of the CONNECT message also includes IP header, TCP header and H.323 CONNECT message.
  • the Internet network 30 does not have the routing table that decides where to route the private address, i.e., 192.168.51.50 of the first user device 11. This is because 192.168.51.50 is a private address. Accordingly, if a user of a private address in the NAT 21 of the firewall 20 uses H.323, routing of a private address in which call is not set up is problematic.
  • FIG. 3 is a view depicting that the firewall blocks data transmission from external node to inner node when audio/video data is transmitted by using port information transmitted to H.245 message.
  • H.323 protocol transmits information on a port (which is a source port through which the first user device 11 transmits audio/video data, and becomes a destination port through which the second user device 40 transmits audio/video data;
  • the transmitting/receiving port is 49000
  • OpenLogicalChannel message that is transmitted from the first user device 11 is transported to the second user device 40 through the steps of 211 and 213, and the second user device 40 creates and transmits an OpenLogicalChannelAck message that is a response message to the received message.
  • the OpenLogicalChannelAck message is transported to the first user device 11 through the steps of 215 and 217.
  • the second user device 40 transmits information on a port (which is a source port of the second user device 40, and becomes a destination port of the first user device 11; In FIG. 4, it is assumed that the transmitting/receiving port is 49100) for transmitting and receiving audio/video data.
  • OpenLogicalChannel that is transmitted from the second user device 40 is transported to the first user device 11 through the steps of 219 and 221, and the first user device 11 creates and transmits an OpenLogicalChannelAck message that is a response message to the received message. By doing so, the OpenLogicalChannelAck message is transported to the second user device 40 through the steps of 223 and 225.
  • ports for transmitting and receiving audio/video data are set up between the first user device 11 and the second user device 40.
  • the second user device 40 to which the first user device 11 transmits audio/video data is in a state where the authorized address (DA: 172.16.3.4) and port (DP: 49100) of the second user device 40 are decided, and the first user device 11 to which the second user device 40 transmits audio/video data is in a state where the authorized address (DA: 203.236.114.179) and port (DP: 49000) of the second user device 40 are decided.
  • the first user device 11 transmits the message of the audio/video data having such a message structure shown in FIG.
  • the firewall 20 transmits the message of the audio/video data to the Internet network 30 at the step of 229. Then, the audio/video data is transported to the second user device 40 through the Internet network 30.
  • the second user device 40 creates a message of audio/video data having such a structure shown in FIG. 12C depending on the address and port information of the message of the received audio/video data, and again outputs the created message to the Internet network 30.
  • the audio/video data transmitted from the second user device 40 are blocked by the firewall of the NAT 21, so that there occurs a problem in that they are not transmitted to the first user device 11. In other words, if the second user device 40 outside the firewall of NAT 21, as shown in FIG.
  • the firewall of the NAT 21 blocks data transmission from external node to inner node. This is because the firewall 20 employs a filtering rule in which all data received from an outside is not received but only data that are construed to be safe are received. Accordingly, the firewall 20 blocks the audio/video data that are transmitted from an outside over UDP.
  • H.323 protocol sets up an H.225 connection using an H.225 message (requests connection using SETUP message, responds using CALL PROCEEDING, ALERTING or CONNECT message).
  • a user device who receives the SETUP message responds to the address of a sourceCallSignalAddress field using CALL PROCEEDING, ALERTING or CONNECT message.
  • the address carried on the sourceCallSignalAddress field is a private address that is used in the private data network, so that there occurs a private address routing problem in that private address cannot be routed through the Internet network 30.
  • the firewall 20 receives only data intended to permit depending on the filtering rule set up by the firewall 20. Most firewalls 20 do not permit an access to other inner node other than server existing in the inner network of the firewall 20, and also do not permit an access of data through a port that is not opened depending on the filtering rule, which causes a blocking problem of the firewall 20. Due to the above two reasons, it is problematic that the user in the firewall 20 having the address translation function cannot carry out multimedia communication using the H.323 protocol.
  • an object of the present invention is to provide a method enabling routing between a user device using a private address within a firewall and user devices outside the firewall in a multimedia communication environment.
  • Another object of the present invention is to provide a method enabling communication of H.323 message between a user device using a private address within a firewall and user devices outside the firewall in a multimedia communication environment.
  • a further object of the present invention is to provide a method in which a private address of a user device carried on an H.323 message is not used to transmit data to the user device using the private address outside a firewall in a multimedia communication environment, but authorized address and port that are translated through the firewall are obtained from connected channel to transmit data through the obtained authorized address and port, thereby enabling the user device in the firewall to receive data transmitted from other user device through Internet network.
  • a method for setting up an H.225 call in a multimedia communication system using an H.323 protocol comprising the steps of: creating and transmitting an H.225 SETUP message including a private address and port number at a private user device of a private data network in the private data network; translating an authorized address and port number in an IP header of the H.225 setup message at a firewall of the private data network, and outputting the translated address and port number to Internet network; creating a CONNECT message at a user device of an incoming side that receives the SETUP message and transmitting the CONNECT message over the address and port number acquired from the presently connected H.225 channel; and translating the address and port number of the received CONNECT message into corresponding private address and port number at the firewall and transmitting the translated private address and port number to the user device of the private data network.
  • a method for communicating audio/video data in a multimedia communication system using an H.323 protocol comprising the steps of: transmitting the audio/video data to a private address and port number of a private device of a private data network at the private device; translating an address and port number of an IP header of the audio/video data transmitted from the user device of the private data network into an authorized address and port number in the IP header at the firewall, and outputting the translated authorized address and port number to Internet network; when a user device of an incoming side connected to the Internet network receives the audio/video data, setting up address and channel number for transmitting the audio/video data from an IP header of the present audio/video data at the user device of the incoming side to transmit the audio/video data to the set address and channel number; and when the firewall receives the audio/video data through the Internet network, translating the address and channel number of the received audio/video
  • a method for communicating data between a user device of a private data network within a firewall, and a user device connected to Internet network, in a multimedia communication system using an H.323 protocol comprising the steps of: creating an H.225 setup message including a private address and port number at the user device of the private data network, translating an authorized address and port number in an IP header of the H.225 setup message to output the converted address and port number to Internet network, and setting up an H.225 channel in an address and port number acquired from the presently connected H.225 channel at the user device connected to the Internet network; transmitting and receiving a logical channel message between the user device of the private data network and the counterpart user device so as to set up a port for transmitting and receiving data upon setting a channel; and transmitting the audio/video data to the private address and port number of the user device of the private data network at the user device of the private data network, translating the private address and port number of the audio/video data to be transmitted into the authorized address and
  • FIG. 1 is a schematic diagram of a conventional multimedia communication environment using an H.323 to which the present invention is applicable;
  • FIG. 2 is a flow chart depicting that a call is not connected to a private address user
  • FIG. 3 is a schematic diagram depicting that UDP data is blocked at an firewall
  • FIG. 4 is a flow chart depicting a routing problem to a private address user
  • FIG. 5 is a schematic view depicting that in case a firewall memorizing its transmitting outgoing UDP packet receives an incoming UDP that is construed as a response to the outgoing UDP packet, the NAT passes the incoming UDP inside the firewall
  • FIG. 6 a flow chart depicting a method that UDP data solves a blocking problem of a firewall
  • FIG. 7A is a schematic view of a firewall system
  • FIG. 7B is a schematic view depicting a software structure of NAT of a firewall
  • FIG. 8A is an exemplary view of an address translation table of NAT
  • FIG. 8B (8C) is an exemplary view of a filtering rule of NAT
  • FIG. 9 is a schematic view depicting a software structure of a user device and an external device.
  • FIG. 10A is a view depicting a partial structure of
  • FIG. 10B is a view depicting a partial structure of CONNECT message (H.225 message)
  • FIG. 10B is a view depicting a partial structure of CONNECT message (H.225 message)
  • FIG. 10B is a view depicting a partial structure of CONNECT message (H.225 message)
  • IOC is a view depicting a partial structure of OpenLogicalChannel message (H.245 message);
  • FIG. 11A is a view depicting a structure of SETUP message that is created at a private user device in a firewall
  • FIG. 11B is a view depicting a structure of SETUP message that is created at a firewall
  • FIG. 11C is a view depicting a structure of CONNECT message that is created at a conventional external device connected through Internet network in response to the SETUP message
  • FIG. 11D is a view depicting a structure of CONNECT message that is created at an inventive external device connected through Internet network in response to the SETUP message;
  • FIG. 12A is a view depicting a message structure of audio/video data that are created at a private user device in a firewall
  • FIG. 12B a view depicting a message structure of audio/video data that are created at a firewall
  • FIG. 12C is a view depicting a message structure of audio/video data that are created at a conventional external device connected through Internet network
  • FIG. 12D is a view depicting a message structure of audio/video data that are created at an inventive external device connected through Internet network
  • FIG. 13 is a view depicting a procedure transmitting and receiving data at a private user device in a firewall in a multimedia communication system according to an embodiment of the present invention
  • FIG. 14 is a view depicting a procedure that an external device connected to Internet network transmits and receives data with a private user device connected to an interior of a firewall in a multimedia communication system according to an embodiment of the present invention
  • FIG. 15 is a flow chart depicting functions to setup an H.323 call and to transmit audio/video data such that an H.323 standard-based multimedia communication protocol passes through a firewall.
  • a multimedia communication device supporting the H.323 protocol receives a SETUP message from a user device, it compares source address contained in the SETUP message with the address of presently connected channel. If the two addresses are different than each other, a user device that has transmitted the present SETUP message is construed as using a private address within the firewall (use of NAT function), and transmits data using address information obtained from channel, thereby solving the private address routing problem. Also, the firewall has a dynamic packet filtering function.
  • the dynamic packet filtering function corresponds to a capability in that the firewall itself memorizes its Outgoing UDP packet and passes Incoming UDP (source address of Outgoing UDP becomes destination address of Incoming UDP, and destination address of Outgoing UDP becomes source address of Incoming UDP) that is construed as a response to the Outgoing UDP packet.
  • the firewall transmits the audio/video data transmitted on the UDP inside the firewall, thereby solving the firewall blocking problem.
  • FIG. 1 shows a conventional multimedia communication environment using an H.323 protocol.
  • the second user device 40 is a device that is connected with a firewall 20 connected with the first user device 11, through Internet network 30, is a system or terminal that uses a private address, or may be a system or terminal that uses an connection-authorized address or a private address over which an authorized address is mapped.
  • the second user device 40 is a server or personal computer (PC) inside a private data network, it may be located in the firewall of the corresponding private data network.
  • PC personal computer
  • the second user device 40 In case the second user device 40 is located in the firewall and uses the private address over which the authorized address is mapped, H.225 channel, the H.245 channel and the port to which audio and video are transmitted/received should be opened so as to be accessible from an outside so as to use H.323.
  • FIG. 4 is a view depicting a method to solve the private address routing problem in that call setup is not performed when the first user device 11 having a private address located in the firewall 20 having the address translation function uses the H.323 protocol.
  • FIG. 5 is a view depicting a characteristic of the firewall 20 in which when the NAT 21 of the firewall 20 memorizing its transmitting outgoing UDP packet receives an incoming UDP (source address of Outgoing UDP becomes destination address of Incoming UDP, and destination address of Outgoing UDP becomes source address of Incoming UDP) that is construed as a response to the outgoing UDP packet, it passes the incoming UDP inside the firewall.
  • FIG. 6 a view depicting a procedure solving a blocking problem of the firewall 20 by using a function to pass the incoming UDP inside the firewall when the NAT 21 of the firewall 20 memorizing address and port information of its transmitting outgoing UDP packet receives an incoming UDP that is construed as a response to the outgoing UDP packet.
  • FIG. 7A is a view showing the construction of the firewall device 20.
  • the firewall device 20 includes a central processing unit (CPU) 611 for controlling general operations of the firewall device 20, a ROM 613 used as a programmable memory, a RAM 615 used for temporarily storing data generated during execution of program, a nonvolatile memory (NVM) 617 for permanently storing data, and a hard disc 619 for storing mass capacitance of information during a long period.
  • CPU central processing unit
  • ROM 613 used as a programmable memory
  • RAM 615 used for temporarily storing data generated during execution of program
  • NVM nonvolatile memory
  • various storage media including magnetic tape and CD-ROM may be used.
  • Portable storage media may be provided to store data or computer process instructions.
  • the user interface 621 interfaces the communication function between a user and a computer system, and keyboard, mouth, speaker, printer, and so on can be connected to the user interface 621.
  • a display interface 631 processes data for displaying information that is processed in the computer system.
  • a display part (ex. CRT) 633 is connected to the display interface 631.
  • a communication interface 641 is charge of communication function between the computer system and external devices.
  • the communication interface 641 may include modem, LAN card, and so on.
  • FIG. 7B is a view showing functional blocks of the NAT having the address translation function to perform an embodiment of the present invention in the firewall device 20.
  • address translation table 655 is a table storing information for translating private IP address and port into authorized IP address and port and vice versa.
  • Filtering rule table 661 is a table storing filtering rule information for transmitting and receiving message with the Internet network 30 according to the translated address information after the address translation . function is performed.
  • private data network message processing part 651 Upon receiving a message generated from the first user device 11 inside the private data network, private data network message processing part 651 performs a function to write a translation table between private IP address and authorized IP address in the address translation table 655 and to translate the private IP address and port of the private data network into the authorized IP address and port using the written address translation table.
  • Internet network message processing part 653 Upon receiving message generated to the second user device 40 as an external device through the Internet network 30, Internet network message processing part 653 translates authorized IP address and port of the received message into private IP address and port of the private data network using the address translation table 655. Also, the Internet network message processing part 653 applies the received message to the filtering rule table 661, and if the received message is appropriate, the Internet network message processing part 653 controls the received message to be transmitted inside the private data network, while if the received message is inappropriate, the Internet network message processing part 653 controls the received message to be deleted.
  • the NAT 21 may include the private data network message processing part 651, the Internet network message processing part 653 and the address translation table 655.
  • a private data network message transmitting/receiving part 657 receives messages generated from the first user device 11 inside the private data network and outputs the received messages to the private data network message processing part 651, and also outputs the message of the first user device 11 that is processed into authorized IP address from the private data network message processing part 651, to the Internet network 30.
  • An Internet network message transmitting/receiving part 659 receives messages generated from the second user device 40 of an external device connected through the Internet network 30 and outputs the received messages to the Internet network message processing part 653, and also transmits the message which is processed into a private IP address by the Internet network message processing part 653.
  • the second user device 40 that is connected with first user device 11 inside the private data network through the Internet network 30 may be realized into a computer system having the structure of FIG. 7A.
  • the user device has such a structure shown in FIG. 9 so as to perform multimedia communication function according to the embodiment of the present invention.
  • the user device having the structure of FIG. 7A is provided with tasks having the software processing function therein as shown in FIG. 9.
  • the user device is a PC.
  • the user device i.e., a PC includes a user interface part 602, an H.225 processing part 604, an H.245 Processing part 606, an RTP/RTCP processing part 608 for processing audio/video data, and a message transmitting/receiving part 610.
  • the user interface part 602 requests a call connection for Internet communication, captures or plays a video picture, or transmits audio data, or plays received audio data through sound card.
  • the H.225 processing part 604 processes H.225 message related with call setup among H.323 messages.
  • the H.245 processing part 606 processes H.245 message related with channel setup.
  • the RTP/RTCP processing part 608 processes audio/video data transmitted to UDP.
  • FIGs. 10A to IOC are views showing structures of messages used in communication in the embodiments of the present invention.
  • FIG. 10A is a view showing a partial structure of the SETUP message.
  • the SETUP message includes DestinationlPAddress-IP and DestinationlPAddress-port that inform a destination of incoming IP address and port number, and SourcelPAddress-IP and SourcelPAddress-port that inform the destination of outgoing IP address and port number.
  • SourcelPAddress-IP and SourcelPAddress-port in the SETUP message represent private IP address and port number, respectively.
  • FIG. 10B is a view showing a part of CONNECT message that is a response message to the SETUP message.
  • the CONNECT message should set H.245 channel so as to receive H.245 message, in which the H.245 channel has fields of channel address H245Address-ip and port number H245Address-port.
  • H245Address-ip and H245Address-port in the CONNECT message represent private IP address and port number, respectively.
  • FIG. 10C is a view showing a part of OpenLogicalChannel message that is transmitted and received so as to set media channel transmitting and receiving audio/video data.
  • the OpenLogicalChannel message has a LogicalChannelType field representing whether a corresponding channel is audio or video, and a MediaControlChannel-ip and MediaControlChannel- port field representing IP address and port number of a media channel transmitting and receiving real audio/video data.
  • MediaControlChannel-ip and port represent private IP address and port number, respectively.
  • FIGs. 11A, 11B and 11D show SETUP message structures generated in the first user device 11 and the firewall 20, and CONNECT message structure generated in the second user device 40.
  • FIGs. 12A, 12B and 12D are views showing message structures of audio/video data that are transmitted and received between the first user device 11 and the second user device 40 during performing such an operation shown in FIG. 6.
  • FIG. 4 is a view depicting a method to solve a private address routing problem in that call setup is not performed when the first user device 11 having a private address located in the firewall 20 having the address translation function uses H.323 protocol.
  • the first user device 11 Upon reviewing an operation procedure of FIG. 4 with reference to FIGs. 8A and 8B, FIGs. 11A, 11B, and 11D, the first user device 11, at the step of 311, creates a SETUP message shown in FIG. 11A, and outputs the created SETUP message to the firewall 20. At this time, the first user device 11 transmits the SETUP message along with a private address (assumed to be 192.168.51.50 in FIG. 4) of the first user device 11 and port (assumed to be 1024 in FIG. 4) for use in H.225 call setup, carried over the sourceCallSignalAddress field of the SETUP message.
  • a private address assumed to be 192.168.51.50 in FIG. 4
  • port assumed to be 1024 in FIG. 4
  • the NAT 21 of the firewall 20 translates the private IP address into an authorized IP address using an address translation table having the same structure as that of FIG. 8A to create a SETUP message having the same structure as that of FIG. 11B.
  • the NAT 21 of the firewall 20 translates the address information in the IP header (not the message address in the SETUP message), e.g., the private address of the first user device, 192.168.51.50 is translated into an authorized address (which is assumed to be 203.236.114.179 in FIG.
  • the NAT 21 of the firewall 20 has an address translation table for translating the private address and port number into the authorized address and port. Also, the NAT 21 dynamically creates a filtering rule having the same structure as that of FIG. 8B to store the created filtering rule in a filtering rule table, and filters messages received through the Internet network 30. Thereafter, the NAT 21 of the firewall 20 translates the IP address and port number of the received message from IP 203.236.114.179 and 10500 to IP 192.168.51.50 and 1024, and transmits the message having the translated IP address and port number to the first user device 11.
  • the second user device 40 receiving the above message has to know the authorized address that is translated and transmitted by the NAT 21, which can be obtained from the information of the presently connected H.225 channel (over which the SETUP is presently transmitted and received) . Accordingly, once receiving a SETUP message having the same structure as that of FIG. 11B, the second user device 40 sets up the H.225 call.
  • the information obtained from the SETUP message becomes SA: 192.168.51.50, SP: 1024, DA: 172.16.3.4 and DP: 1720, and the second user device 40 confirms SA: 203.236.114.179 and SP: 10500 from the presently connected H.225 channel, and creates a CONNECT message having the same structure as that of FIG. 11D and with the confirmed SA and SP as DA and DP, and then transmits the CONNECT message to the Internet network 30 at the step of 315.
  • the second user device 40 compares source address information (address contained in message is assumed to be message address/message port number) contained in the SETUP message with address information of presently connected channel. If they are different from each other, the second user device 40 determines that an outgoing user is located in the firewall 20 provided with the NAT 21 that uses private address and has the address translation function, and it transmits message not to the private address obtained from the SETUP message but to authorized address (channel address) obtained from channel, thereby solving the private address routing problem.
  • source address information address contained in message is assumed to be message address/message port number
  • FIG. 5 is a view depicting a characteristic of the firewall 20 in which when the NAT 21 of the firewall 20 memorizing its transmitting outgoing UDP packet receives an incoming UDP (source address of Outgoing UDP becomes destination address of Incoming UDP, and destination address of Outgoing UDP becomes source address of Incoming UDP) that is construed as a response to the outgoing UDP packet, it passes the incoming UDP inside the firewall.
  • the NAT 21 is provided with a table 422 having information on addresses and ports.
  • the NAT 21 transmits the UDP message into the interior of the firewall 20 like a block 424 that is construed as a response to the transmission of the first user device 11 while the UDP message is transmitted from the authorized address 172.16.3.4 and port 1525 to the private address 192.168.51.50 and port 3264, but does not transmit UDP message that is not construed as a response to the transmission of the first user device 11, into the interior of the firewall 20. Also, as aforementioned, FIG.
  • FIG. 12A is a view depicting a message structure of audio/video data that the first user device 11 transmits into the firewall 20
  • FIG. 12B a view depicting a message structure of audio/video data that NAT of the firewall 20 receiving such a message shown in FIG. 12A translates the port information of the first user device into authorized port information and creates
  • FIG. 12D is a view depicting a message structure of audio/video data that the second user device 40 receiving such a message shown in FIG. 12B transmits.
  • H.323 protocol transmits information on a port (49000 of FIG. 6) over which respective communication devices transmit and receive data, using a channel-related message expressed in OpenLogicalChannel.
  • the OpenLogicalChannel message transmitted from the first user device 11 is transported to the second user device through the steps of 451 and 453, and the second user device 40 creates and transmits OpenLogicalChannelAck message in response to the received message. Then, the OpenLogicalChannelAck message is transported to the first user device 11 through the steps of 455 and 457. Afterwards, the second user device 40 transmits information on a port (49100 of FIG. 6) for transmitting and receiving audio/video data.
  • the OpenLogicalChannel message that is transmitted from the second user device 40 is transported to the first user device 11 through the steps of 459 and 461, and the first user device 11 creates and transmits OpenLogicalChannelAck message that is a response message to the received message. Then, the OpenLogicalChannelAck message is transported to the second user device 40 through the steps of 463 and 465.
  • ports for transmitting and receiving audio/video data are set between the first user device 11 and the second user device 40.
  • the first user device 11 at the step of 467, creates a message of audio/video data, the message having the second user device 40 as the destination and such a structure shown in FIG. 12A, and transmits the created message to the firewall 20.
  • the first user device that is the source and the second user device that is the destination have addresses and ports of SA: 192.168.51.50, SP: 49000, DA: 172.16.3.4, and DP: 49100.
  • the NAT 21 of the firewall 20 receiving such a message shown in FIG.
  • the NAT 21 of the firewall 20 performs address and port translation functions in the information of the first user device 11, specifically, it translates the private address and port information of the first user device 11 shown in FIG. 12A into the authorized address and port shown in FIG. 12B.
  • the SA: 192.168.51.50 is translated into the SA: 203.236.114.179
  • the SP: 49000 is translated into the SP: 10507.
  • the channel information transmitted from the NAT 21 is SA: 203.236.114.179, SP: 10507, DA: 172.16.3.4, and DP: 49100.
  • the NAT 21 makes an address translation table for transporting audio/video data received through the Internet network 30 to the first user device 11. In other words, there is made the table in which addresses of 192.168.51.50 and 203.236.114.179 are mapped and ports of 49000 and 10507 are mapped.
  • the second user device 40 that receives the audio/video data obtain and multiplies the port information from the presently connected channel that transmits audio/video data, instead of a port that is intended to transmit and receive data upon setting the H.245 channel.
  • the second user device 40 receives message of the audio/video data shown in FIG. 12B through the Internet network 30, it decides DA and DP of audio/video data that are intended to presently transmit from SA and DP of the presently received channel information and then creates a message of audio/video data shown in FIG. 12D.
  • the transmitting and receiving port is set to be 9100', but since real transmission is obtained from the channel information of when receiving the audio/video data, the port to transmit and receive audio/video data becomes '10507'. Accordingly, the second user device 40 has a message of audio/video data that are created and transmitted at the step of 531, i.e., SA: 172.16.3.4, SP: 49100, DA: 203.236.114.179 and DP: 10507.
  • the audio/video data transmitted from the second user device 40 are received to the NAT 21 through the Internet network.
  • the NAT 21 confirms DA and DP of the received audio/video data, and translates them into address and port of a user device of corresponding private data network. Accordingly, the NAT 21, at the step of 533, translates the DA of the received audio/video data from 203.236.114.179 to 172.16.3.4, and the DP from 10507 to 49000, and outputs the translated DA and DP. Accordingly, the audio/video data transmitted from the second user device 40 is transported to the first user device 11 that is s subscriber of the private data network in the firewall 40 through the Internet network 30.
  • FIG. 13 is a view depicting a procedure transmitting and receiving data at a user device of a private data network in the NAT 21 of the firewall 40.
  • the user device may be the first user device shown in FIG. 1.
  • the first user device 11 may have the same structure as those of FIGs. 7A and 9.
  • the H.225 processing part 604 of the first user device 11 detects this matter at the step of 701, creates SETUP message at the step of 703, and transmits the created SETUP message to the NAT 21 of the firewall 40.
  • the SETUP message includes information, such as SourcelPAddress-ip: SA that is the address thereof, SourcelPAddress-port: SP that is the port thereof, DestinationlPAddress-ip: DA that is the destination address, port number of 1720 (DestinationlPAddress-port: DP which is defined in H.323 standards), and so on.
  • the NAT 21 of the firewall translates the address into an authorized address and transmits the authorized address to the Internet network 30.
  • the first user device 11 receives CALL PROCEEDING message, ALERTING message, or CONNECT message.
  • the H.225 processing part 604 of the first user device 11 detects it at the step of 705 and decides H.225 channel address from the received CONNECT message.
  • the CONNECT message has a structure shown in FIG. 10B, and contains information of H.245 message address (H.245 Address-ip) and message port number (H.245 Address-port).
  • H.225 channel address (if the counterpart is a private address user in NAT 21, H.225 channel address means authorized address of the counterpart translated through the NAT 21) of counterpart can be known from presently connected channel.
  • the H.245 processing part 606 of the first user device 11 After receiving the CONNECT message, the H.245 processing part 606 of the first user device 11, at the step of 709, transmits OpenLogicalChannel (H.245 message) to the H.225 channel address and H.245 message port number.
  • the OpenLogicalChannel message as shown in FIG. IOC, is transmitted to the audio and video address (MediaControlChannel-ip) and port number (MediaControlChannel-port) at which the OpenLogicalChannel message listens so as to receive audio/video data, and this information is carried in the OpenLogicalChannel message.
  • the counterpart user device transmits OpenLogicalChannelAck message that is a response message according to the OpenLogicalChannel message of the first user device 11, and the user device transmits OpenLogicalChannel message including audio and video, address and port number information of the counterpart user device. Also, the H.245 processing part 606 of the first user device 11, at the steps of 711 and 713, detects receipt of the OpenLogicalChannelAck message and the OpenLogicalChannel message.
  • the H.245 processing part 606 of the first user device 11 sets address and port number of audio and video message in which the counterpart user listens so as to receive audio and video, and transmits, at the step of 715, OpenLogicalChannelAck message as a response to the received OpenLogicalChannel message.
  • the RTP/RTCP processing part 608 of the first user device 11 detects audio/video data intended to transmit if they exist, at the step of 717, captures the audio/video data intended to transmit, and transmits the audio/video data to the H.225 channel address and port number of the counterpart at the step of 719.
  • the RTP/RTCP processing part 608 receives audio/video data from the counterpart, it detects the receipt at the step of 721, plays them through sound card and screen, and transmits the captured audio/video data to the H.225 channel address and audio and video message port number of the counterpart. The communication of the audio/video data is continuously carried out until it is completed.
  • FIG. 14 is a view depicting a procedure that a user device connected to Internet network communicates with a private user device of a private data network arranged at an interior of a firewall and requesting call connection.
  • the user device may be the second user device 40 of FIG. 1.
  • the second user device may have such a structure shown in FIGs. 7A and 9.
  • a user who receives call connection request should open TCP channel having a port number of 1720 to receive H.225 message from an outside, one TCP channel to receive H.245 message, and two UDP channels (one RTP channel and the other RTCP channel) to receive audio/video data.
  • the H.225 processing part 604 of the second user device 40 detects the receipt at the step of 761, confirms the H.225 channel address and channel port number of the counterpart from the channel that has received the SETUP message, and creates and transmits CONNECT message by using the confirmed matters at the step of 765.
  • the H.245 processing part 606 of the second user device 40 After transmitting the CONNECT message, if receiving OpenLogicalChannel message, the H.245 processing part 606 of the second user device 40 detects the receipt at the step of 767. The second user device 40 may catch the port number of the H.245 channel of the counterpart from the channel over which the OpenLogicalChannel message is presently transmitted. After receiving the OpenLogicalChannel message, the H.245 processing part 608 of the second user device 40 transmits OpenLogicalChannelAck at the step of 771, and transmits, at the step of 773, audio and video port number that listens so as to receive audio/video data thereof, with the audio and video port number being carried on the OpenLogicalChannel message. After transmitting the OpenLogicalChannel message, once the OpenLogicalChannelAck message responding to the OpenLogicalChannel message is received, the H.245 processing part 606 of the second user device 40 detects the receipt at the step of 775.
  • the RTP/RTCP processing part of the second user device 40 detects the receipt at the step of 777. At this time, the second user device 40 can catch the audio and video channel port number of the counterpart (first user device 11) from the transmitted channel information. Accordingly, once receiving the audio/video data from the counterpart, the second user device 40 plays the received audio/video data through sound card and screen at the step of 779, and sets, at the step of 781, the address and port number of the audio and video channel of the counterpart from the channel of the received audio/video data.
  • the RTP/RTCP processing part 608 of the second user device 40 detects the transmission at the step of 783, and transmits the audio/video data to the address and port number of the set audio and video channel. The steps are repeatedly performed till the communication operation ends.
  • FIG. 15 is a flow chart depicting a function to transmit audio and vide data by performing H.323 call setup and channel setup so as to pass through the firewall provided with NAT 21 even by using H.323-based multimedia communication protocol.
  • a user device that request call connection is the first user device 11 that is a subscriber of a private data network in the firewall 20, and a counterpart subscriber is the second user device 40 connected to the Internet network 30.
  • the first user device 11 creates SETUP message including the address and port number thereof, SA and SP, and destination address and 1720 port number (defined in H.323 standards) for call connection, DA and DP, like FIG. 10A and transmits the created addresses and port numbers to the firewall 40.
  • the address SA is a private address
  • the SP is a private port number.
  • the NAT 21 of the firewall 20 translates the address and port number information in IP header of the SETUP message into authorized address and port number, and transmits the SETUP message to the Internet network.
  • the NAT 21 stores the translated address and port number in a translation table.
  • the second user device 40 receives the SETUP message through the Internet network 30.
  • the second user device 40 which receives call connection request should open TCP channel having the port number of 1720 to receive H.225 message from an outside, one TCP channel to receive H.245 message, and two UDP channels (one RTP channel and the other RTCP channel) to receive audio/video data.
  • the second user device 40 can catch the address and port number of the H.225 channel of the counterpart.
  • the second user device 40 compares the address information contained in the SETUP message with the address information of the presently connected channel, and if they are different from each other, the second user device 40 can catch that the first user device 11 is a user device of a private data network arranged in the firewall 40. In this case, the second user device 40 sets the H.225 channel address and port number of the counterpart user device not by using the address information in the SETUP message but by using the address information of the IP header of the SETUP message. Afterwards, the second user device 40, at the step of 855, creates and transmits CONNECT message having such a structure shown in FIG. 10b. The DA and DP of the CONNECT message become authorized address and port number translated in the NAT 21 of the firewall 20.
  • the CONNECT message transmitted from the second user device 40 is transported to the firewall 20 through the Internet network 30. Then, the NAT 21 of the firewall 20 confirms the private address corresponding to the DA and DP of the received CONNECT message from the translation table, and translates the DA and DP of the received message into the private address and port of the first user device.
  • H.225 channel address of the counterpart (if the counterpart is a private address user in the NAT 21, the H.225 channel address means the authorized address of the counterpart translated through the NAT 21) can be known from the presently connected channel.
  • the above operations are carried out in the H.225 processing part 604 of the first user device 11 and the second user device 40.
  • the first user device 11 After receiving the CONNECT message, the first user device 11, at the step of 817, creates OpenLogicalChannel (H.245 message) message having such a structure shown in FIG. 10C, and transmits the created message to the H.225 channel address and port number.
  • the OpenLogicalChannel message is transmitted to audio and video port number at which the OpenLogicalChannel message listen so as to receive audio/video data.
  • the audio and video port number information is also transmitted with carried on the OpenLogicalChannel message.
  • the OpenLogicalChannel message is transported to the second user device 40 through the firewall 20 and the Internet network 30.
  • the second user device 40 After transmitting the CONNECT message, the second user device 40, at the step of 857, receives the OpenLogicalChannel message, and may catch address and port number of the audio and video message of the counterpart from the received OpenLogicalChannel message. Also, the second user device 40 may know the port number of the H.245 channel of the counterpart from the channel to which the OpenLogicalChannel message has been transmitted.
  • the second user device 40 transmits OpenLogicalChannelAck, and at the step of 861, transmits OpenLogicalChannel message along with audio and video port number carried on the OpenLogicalChannel message, to the H.245 channel address and the H.245 channel port of the counterpart, in which the audio and video port number listens so as to receive audio/video data.
  • the first user device 11 at the step of 819, receives OpenLogicalChannelAck that is transmitted from the second user device 40, and also at the step of 821, receives OpenLogicalChannel.
  • the first user device 11 may know audio and video message port number at which the counterpart listens so as to receive audio/video data, from the data carried on the OpenLogicalChannel.
  • the first user device 11 transmits OpenLogicalChannelAck as a response to the received OpenLogicalChannel, and the second user device 40 receives the transmitted OpenLogicalChannelAck at the step of 863.
  • the first user device 11, at the step of 825 transmits the audio/video data to the H.225 channel address and the audio and video message port number of the counterpart.
  • the NAT 21 of the firewall 20 translates the private address and port number of the first user device 11 into authorized address and port number, transmits the translated address and port number to the Internet network 30, and stores them in the table. Also, once receiving the audio/video data transmitted from the first user device 11 at the step of 865, the second user device 40 can know the audio and video channel port number of the first user device 11 from the received channel information. After that, in case of receiving the audio/video data from the counterpart, the second user device 40 plays them through sound card and screen, and at the step of 869, transmits the captured audio/video data to the audio and video channel address and the port number of the counterpart.
  • the address and the port number of the audio/video data transmitted at the step of 869 are transmitted not to the port number intended to transmit upon the setup of the H.245 channel, but to the port number that is confirmed from the presently transmitted channel. In other words, they are transmitted not to the port number of the first user device 11 but to the port number translated in the NAT 21 of the firewall 20. Then, the NAT 21 of the firewall confirms the address and channel number of the received audio/video data from the translation table, translates them into corresponding private address and port number, and outputs them to the interior of the firewall 20.
  • the first user device 11 receives the audio/video data transmitted from the second user device 40 by the translation of the address and port in the NAT 21 of the firewall 20. Subsequently, the first user device 11 plays the received audio/video data through sound card and screen, respectively, and at the step of 827, transmits the captured audio/video data to the H.225 channel address and the audio and video message port number of the counterpart.
  • an H.225 call is set up depending not on the user address information in an H.225 message, but on the presently connected H.225 channel information.
  • H.245 message is transmitted depending not on the user address and port information in the H.245 message but on the address and port information of the presently connected H.245 channel, thereby enabling H.323 call setup even though the user is located in the NAT.
  • audio/video data are transmitted not by using the video and audio receipt channel information received in H.245 message, but by using the port information obtained from a channel to which the audio/video data are actually transmitted, thereby enabling the user in the firewall to receive the audio/video data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

L'invention concerne un système de communication multimédia utilisant le protocole H.323 et notamment un appareil et un procédé pour établir une communication H.225 en fonction non pas des informations d'adresse de l'utilisateur dans un message H.225 mais des informations sur le canal H.225 connecté en ce moment, et pour établir un canal H.245 en fonction non pas des informations d'adresse de l'utilisateur et de port dans un message H.245 mais des informations d'adresse et de port dans le canal H.245 connecté en ce moment, ce qui permet d'établir une communication H.323 même si l'utilisateur se trouve dans NAT. En outre, l'appareil transmet aussi des informations audio et vidéo non pas au moyen des informations de canal reçues par audio ou vidéo dans un message H.245 mais par l'acquisition des informations de port à partir d'un canal par lequel les données audio et vidéo ont été réellement transmises; de cette manière, même un utilisateur derrière une paroi coupe-feu peut recevoir des données audio et vidéo.
PCT/KR2001/001648 2001-04-26 2001-09-29 Procede de communication de donnees audio et video dans un systeme de communication multimedia utilisant le protocole h.323 WO2002089415A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR20010022743 2001-04-26
KR2001/22743 2001-04-26
KR2001/35500 2001-06-21
KR1020010035500A KR20020083887A (ko) 2001-04-26 2001-06-21 에이치.323기반의 멀티미디어 통신 시스템에서 오디오 및비디오 데이터를 통신하는 방법

Publications (1)

Publication Number Publication Date
WO2002089415A1 true WO2002089415A1 (fr) 2002-11-07

Family

ID=26639029

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2001/001648 WO2002089415A1 (fr) 2001-04-26 2001-09-29 Procede de communication de donnees audio et video dans un systeme de communication multimedia utilisant le protocole h.323

Country Status (1)

Country Link
WO (1) WO2002089415A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1513312A1 (fr) * 2003-09-02 2005-03-09 Siemens Aktiengesellschaft Téléphonie Vidéo multimédia
WO2005081499A1 (fr) * 2004-02-23 2005-09-01 Telefonaktiebolaget L.M. Ericsson (Publ) Reseaux de telecommunication voix sur ip
WO2005117346A1 (fr) * 2004-05-28 2005-12-08 Zte Corporation Procede d'enregistrement de terminal de reseau prive aupres du controleur fonde sur le protocole h.323
CN100525202C (zh) * 2004-05-28 2009-08-05 中兴通讯股份有限公司 一种基于h.323协议的私网终端向网守注册的方法

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001237838A (ja) * 1999-10-30 2001-08-31 Tlc Transport Informatik & Logistik-Consulting Gmbh 端末器を一元化して制御するための方法および設備
US6324279B1 (en) * 1998-08-04 2001-11-27 At&T Corp. Method for exchanging signaling messages in two phases

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6324279B1 (en) * 1998-08-04 2001-11-27 At&T Corp. Method for exchanging signaling messages in two phases
JP2001237838A (ja) * 1999-10-30 2001-08-31 Tlc Transport Informatik & Logistik-Consulting Gmbh 端末器を一元化して制御するための方法および設備

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
FUNG K.P., CHANG R.K.C.: "A transport-level proxy for secure multimedia streams", IEEE INTERNET COMPUTING, vol. 4, no. 6, November 2000 (2000-11-01) - December 2000 (2000-12-01), pages 57 - 67 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1513312A1 (fr) * 2003-09-02 2005-03-09 Siemens Aktiengesellschaft Téléphonie Vidéo multimédia
WO2005081499A1 (fr) * 2004-02-23 2005-09-01 Telefonaktiebolaget L.M. Ericsson (Publ) Reseaux de telecommunication voix sur ip
WO2005117346A1 (fr) * 2004-05-28 2005-12-08 Zte Corporation Procede d'enregistrement de terminal de reseau prive aupres du controleur fonde sur le protocole h.323
CN1299476C (zh) * 2004-05-28 2007-02-07 中兴通讯股份有限公司 一种h.323代理服务器代理网络地址转换后的终端向网守注册的方法
CN100525202C (zh) * 2004-05-28 2009-08-05 中兴通讯股份有限公司 一种基于h.323协议的私网终端向网守注册的方法

Similar Documents

Publication Publication Date Title
US6674758B2 (en) Mechanism for implementing voice over IP telephony behind network firewalls
US8605728B2 (en) Method of implementing traversal of multimedia protocols through network address translation device
US7340771B2 (en) System and method for dynamically creating at least one pinhole in a firewall
EP1430682B1 (fr) Protection d'un reseau contre un acces non autorise
US7773580B2 (en) Apparatus and method for voice processing of voice over internet protocol (VoIP)
KR100738567B1 (ko) 동적 네트워크 보안 시스템 및 그 제어방법
JP2004147349A (ja) ローカルipネットワークを通した多重通話システム及び方法
US20060167871A1 (en) Method and system for blocking specific network resources
JP2005278077A (ja) ルータ及びsipサーバ
CA2670510A1 (fr) Interception de communications voip et autres transmissions de donnees
US20100031339A1 (en) Streaming Media Service For Mobile Telephones
US6922786B1 (en) Real-time media communications over firewalls using a control protocol
US20040133772A1 (en) Firewall apparatus and method for voice over internet protocol
JP4074851B2 (ja) 通信中継方法および中継装置
WO2002089415A1 (fr) Procede de communication de donnees audio et video dans un systeme de communication multimedia utilisant le protocole h.323
JP2008078822A (ja) 管理端末、ポート開閉制御方法およびポート開閉制御プログラム
JP2007028096A (ja) マルチプロトコルアドレス登録方法、マルチプロトコルアドレス登録システム、マルチプロトコルアドレス登録サーバおよびマルチプロトコルアドレス通信端末
Ackermann et al. Vulnerabilities and Security Limitations of current IP Telephony Systems
US7457884B2 (en) Network environment notifying method, network environment notifying system, and program
KR20020083887A (ko) 에이치.323기반의 멀티미디어 통신 시스템에서 오디오 및비디오 데이터를 통신하는 방법
JP2007519356A (ja) セキュリティを備えた遠隔制御ゲートウェイ管理
JP2009135577A (ja) 情報中継システム、情報中継装置、方法及びプログラム
WO2002017035A2 (fr) Procede et systeme servant a etablir des connexions entre des terminaux connectes a des environnements de reseaux possedant des modalites differentes d'adressage de protocole internet
JP4313707B2 (ja) 通信装置、通信方法及びそのプログラム
US20050177718A1 (en) Systems and methods for video transport service

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP