Patent Grant
10263952
Field of the Disclosure
The technology of the disclosure relates generally to Session Traversal Utilities for Network Address Translation (STUN) methods and protocols for enabling Network Address Translation (NAT) traversal.
Technical Background
The advent of Web Real-Time Communications (WebRTC), an ongoing effort to develop industry standards for integrating real-time communications functionality into web clients such as web browsers, has resulted in a proliferation of web clients capable of direct interaction with other web clients. The real-time communications functionality enabled by WebRTC is accessible by web developers via standard markup tags, such as those provided by version 5 of the Hyper Text Markup Language (HTML5), and client-side scripting Application Programming Interfaces (APIs) such as JavaScript APIs. More information regarding WebRTC may be found in “WebRTC: APIs and RTCWEB Protocols of the HTML5 Real-Time Web,” by Alan B. Johnston and Daniel C. Burnett, 2nd Edition (2013 Digital Codex LLC), which is incorporated in its entirety herein by reference.
Direct interaction among WebRTC-enabled web clients or other real-time communications web clients may be hampered by network traversal issues caused by the presence of Network Address Translation (NAT) devices, such as network traffic routing devices, in the network path between the web clients. A NAT device maps the Internet Protocol (IP) addresses of multiple web clients on a local network to a single publicly exposed IP address. As packets of network traffic pass from each web client to the Internet, the NAT device translates the source address of each packet from the web client's IP address on the local network to the public IP address. When a reply returns to the public IP address from the Internet, the NAT device uses connection tracking data to determine the local network address to which the reply is to be forwarded. Because a web client on the local network may not be aware of the public IP address provided by the NAT device, the web client may be unable to establish a direct connection with another web client outside the local network.
To address these network traversal issues, a network protocol known as Session Traversal Utilities for Network Address Translation (STUN) (defined by the Request for Comments (RFC) 5389, available online at http://www.ietf.org/rfc/rfc5389.txt) has been developed. A WebRTC-enabled web client may use a STUN server to determine the public IP address allocated to it by a NAT device, and may provide the public IP address to a remote endpoint in order to establish real-time communications. An extension to STUN known as Traversal Using Relays around Network Address Translation (TURN) (defined by RFC 5766, available online at http://www.ietf.org/rfc/rfc5766.txt) provides additional network traversal capabilities by relaying network traffic through a TURN server on the Internet.
STUN provides both short-term and long-term credential mechanisms that a STUN server and client may use to authenticate STUN messages. Both mechanisms rely on the STUN server and client exchanging a credential (e.g., a username and password) using some other protocol prior to authenticating a STUN message. However, STUN includes no mechanism for providing STUN services based on an origin of a web application (e.g., a “web origin” as defined by RFC 6454, available online at http://www.ietf.org/rfc/rfc6454.txt) that generates a STUN message. For example, a STUN server may be unable to determine whether a web application that is attempting to send a STUN message to the STUN server originated from a source that is authorized to access the STUN server. This may pose challenges to entities such as enterprises that wish to permit access to enterprise STUN servers only by enterprise web applications or other web applications originating from authorized sources.
Embodiments disclosed in the detailed description provide origin insight for web applications via Session Traversal Utilities for Network Address Translation (STUN) messages. Related methods, systems, and computer-readable media are also disclosed. In some embodiments, a web client is configured to determine an origin identifier that identifies the source of a web application. The web client then generates a STUN message that includes the origin identifier, and transmits the STUN message to a STUN server. The STUN server is configured to extract the origin identifier, and determine whether to provide STUN services to the web application based on the origin identifier. In this manner, access to the STUN server can be regulated based on the origin of web applications requesting STUN services.
In this regard, in one embodiment, a method for providing origin insight for web applications via STUN messages is provided. The method comprises determining, by a web client executing on a computing device, an origin identifier for a web application attempting to send a STUN message to a STUN server. The method further comprises generating the STUN message incorporating the origin identifier for the web application, and transmitting the STUN message to the STUN server.
In another embodiment, a method for providing STUN services by STUN servers to web applications based on origin insight is provided. The method comprises receiving, by a STUN server executing on a computing device, a STUN message from a web client. The method further comprises extracting an origin identifier for a web application from the STUN message. The method additionally comprises determining whether to provide a STUN service to the web application based on the origin identifier for the web application. The method also comprises, responsive to a determination that the STUN service should not be provided, disregarding the STUN message. The method further comprises, responsive to a determination that the STUN service should be provided, processing the STUN message.
In another embodiment, a system for providing origin insight for web applications via STUN messages is provided. The system comprises at least one communications interface, and a computing device associated with the at least one communications interface. The computing device comprises a web client executing a web application attempting to send a STUN message to a STUN server. The web client is configured to determine an origin identifier for the web application and generate the STUN message incorporating the origin identifier for the web application. The web client is also configured to transmit the STUN message to the STUN server.
In another embodiment, a system for providing STUN services by STUN servers to web applications based on origin insight is provided. The system comprises at least one communications interface, and a computing device associated with the at least one communications interface. The computing device comprises a STUN server configured to receive a STUN message from a web client. The STUN server is further configured to extract an origin identifier for a web application from the STUN message. The STUN server is additionally configured to determine whether to provide a STUN service to the web application based on the origin identifier for the web application. The STUN server is also configured to, responsive to a determination that the STUN service should not be provided, disregard the STUN message. The STUN server is further configured to, responsive to a determination that the STUN service should be provided, process the STUN message.
In another embodiment, a non-transitory computer-readable medium is provided, having stored thereon computer-executable instructions to cause a processor to implement a method for providing origin insight for web applications via STUN messages. The method implemented by the computer-executable instructions comprises determining an origin identifier for a web application attempting to send a STUN message to a STUN server. The method implemented by the computer-executable instructions further comprises generating the STUN message incorporating the origin identifier for the web application. The method implemented by the computer-executable instructions also comprises transmitting the STUN message to the STUN server.
In another embodiment, a non-transitory computer-readable medium is provided, having stored thereon computer-executable instructions to cause a processor to implement a method for providing STUN services by STUN servers to web applications based on origin insight. The method implemented by the computer-executable instructions comprises receiving a STUN message from a web client. The method implemented by the computer-executable instructions further comprises extracting an origin identifier for a web application from the STUN message. The method implemented by the computer-executable instructions additionally comprises determining whether to provide a STUN service to the web application based on the origin identifier for the web application. The method implemented by the computer-executable instructions also comprises, responsive to a determination that the STUN service should not be provided, disregarding the STUN message. The method implemented by the computer-executable instructions further comprises, responsive to a determination that the STUN service should be provided, processing the STUN message.
The accompanying drawing figures incorporated in and forming a part of this specification illustrate several aspects of the disclosure, and together with the description serve to explain the principles of the disclosure.
With reference now to the drawing figures, several exemplary embodiments of the present disclosure are described. The word “exemplary” is used herein to mean “serving as an example, instance, or illustration.” Any embodiment described herein as “exemplary” is not necessarily to be construed as preferred or advantageous over other embodiments.
Embodiments disclosed in the detailed description provide origin insight for web applications via Session Traversal Utilities for Network Address Translation (STUN) messages. Related methods, systems, and computer-readable media are also disclosed. In some embodiments, a web client is configured to determine an origin identifier that identifies the source of a web application. The web client then generates a STUN message that includes the origin identifier, and transmits the STUN message to a STUN server. The STUN server is configured to extract the origin identifier, and determine whether to provide STUN services to the web application based on the origin identifier. In this manner, access to the STUN server can be regulated based on the origin of web applications requesting STUN services.
In this regard, in one embodiment, a method for providing origin insight for web applications via STUN messages is provided. The method comprises determining, by a web client executing on a computing device, an origin identifier for a web application attempting to send a STUN message to a STUN server. The method further comprises generating the STUN message incorporating the origin identifier for the web application, and transmitting the STUN message to the STUN server.
In another embodiment, a method for providing STUN services by STUN servers to web applications based on origin insight is provided. The method comprises receiving, by a STUN server executing on a computing device, a STUN message from a web client. The method further comprises extracting an origin identifier for a web application from the STUN message. The method additionally comprises determining whether to provide a STUN service to the web application based on the origin identifier for the web application. The method also comprises, responsive to a determination that that the STUN service should not be provided, disregarding the STUN message. The method further comprises, responsive to a determination that the STUN service should be provided, processing the STUN message.
Before discussing details of the web client 12 and the STUN server 18, the establishment of an exemplary real-time interaction in the interactive communications system 10 of
The web client 12 in this example may be a web browser application, a dedicated communications application, or an interface-less application such as a daemon or service application, as non-limiting examples. In some embodiments, the web client 12 is configured to execute client-side applications written in a scripting language, such as JavaScript. The web client 12 also provides application programming interfaces (APIs) to facilitate real-time communications (e.g., video, audio, and/or data interactive flows) with other web clients, user devices, or web servers. As non-limiting examples, the web client 12 may be a WebRTC client that implements the protocols, codecs, and APIs necessary to enable real-time communications via WebRTC. It is to be understood that the remote endpoint 20 of
An application server 32 is provided for serving a web-based real-time communications application to the web client 12 and the remote endpoint 20, and for relaying an initiation dialogue 34 during establishment of real-time communications. In some embodiments, the application server 32 may be a single server, while in some applications the application server 32 may comprise multiple servers that are communicatively coupled to each other. It is to be understood that the application server 32 may reside within the same public or private network as the computing devices 22 and/or 24, or may be located within a separate, communicatively coupled public or private network. In the example of
The exemplary interactive communications system 10 optionally may further include a Network Address Translation (NAT) device 36, such as a network traffic routing device, in the network path between the computing device 22 and the remote endpoint 20. The NAT device 36 may map an Internet Protocol (IP) address of the computing device 22 to a single publicly exposed IP address. It is to be understood that, in some embodiments, the NAT device 36 may reside within the same public or private network as the computing devices 22 and/or 24, or may be located within a separate, communicatively coupled public or private network.
Once the initiation dialogue 34 is complete, the web client 12 and the remote endpoint 20 may engage in “hole punching” to determine the best way to establish direct communications. Hole punching is a technique, often using protocols such as Interactive Connectivity Establishment (ICE), in which the web client 12 and/or the remote endpoint 20 may establish a connection with an unrestricted third-party server that uncovers external and internal address information for use in direct communications. In the example of
Typically, a server such as the STUN server 18 provides short-term and long-term credential mechanisms that may be used to provide authentication of the STUN message 16, respectively. However, STUN does not provide an inherent mechanism for indicating the origin of a client application such as the web application 14. As a result, an entity operating the STUN server 18 may find it impossible or impractical to provide STUN services only to web applications that originate from an approved source. For instance, an enterprise may wish to allow only enterprise web applications originating from enterprise-controlled application servers to access to the STUN server 18.
In this regard, the web client 12 and the STUN server 18 of
The origin identifier 42 identifies the application server 32 as the origin of the web application 14, and may include a related protocol indicated by a URL scheme, a Domain Name System (DNS) name an IP address, and/or an optional port number, as non-limiting examples. In some embodiments, the origin identifier 42 may be related to HTTP origin of a web page or browser content, and may include all of the contents of the HTTP origin or only a subset. In some embodiments, the origin identifier 42 may also include other information useful for identifying the application server 32 or local file system file access as the origin of the web application 14 and/or other applications, browser plug-ins, or browser extensions, as non-limiting examples.
When requesting a STUN service from the STUN server 18, the web client 12 incorporates the origin identifier 42 into the STUN message 16. The web client 12 disallows the web application 14 from setting or modifying the origin identifier 42 in the STUN message 16. Some embodiments may provide that the origin identifier 42 is included as a comprehension-optional attribute (not shown) of the STUN message 16, as provided in RFC 5389. In this manner, a STUN server that receives the STUN message 16 but is not configured to utilize the origin identifier 42 may safely ignore the attribute containing the origin identifier 42.
Upon receiving the STUN message 16 containing the origin identifier 42 from the web client 12, the STUN server 18 is configured to extract the origin identifier 42. This may be accomplished in some embodiments by accessing the comprehension-optional attribute of the STUN message 16 in which the origin identifier 42 is stored. The STUN server 18 may then determine whether to provide STUN services to the web application 14 based on the origin identifier 42. As non-limiting examples, the STUN server 18 may compare the origin identifier 42 to a whitelist of approved origins and/or a blacklist of disapproved origins that are specified by an enterprise policy (not shown). If the web application 14 is determined to originate from an approved source based on the origin identifier 42, the STUN message 16 may be processed by the STUN server 18. However, if the web application 14 does not originate from an approved source, the STUN message 16 may be disregarded or discarded by the STUN server 18. In some embodiments, the STUN server 18 may generate an error response 44 to the web application 14.
It is to be understood that, in some embodiments, the web client 12 may interact with the TURN server 30 in the same manner described above with respect to the STUN server 18. Thus, the web client 12 may provide the origin identifier 42 of the web application 14 to the TURN server 30 via the TURN message 40. The TURN server 30 may then choose to provide or refuse TURN services to the web application 14 based on the origin identifier 42.
To illustrate exemplary operations for providing origin insight for web applications via STUN messages by the web client 12 of
The web client 12 next generates the STUN message 16 incorporating the origin identifier 42 for the web application 14 (block 48). In some embodiments, the origin identifier 42 may be provided as a comprehension-optional attribute of the STUN message 16 (block 50). The STUN message 16 may include all of the information constituting the origin identifier 42, or may include only a subset. The web client 12 then transmits the STUN message 16 to the STUN server 18 for processing (block 52).
At this point, the STUN server 18 has identified the origin of the web application 14 from which the STUN message 16 was sent. Thus, the STUN server 18 determines whether to provide STUN services to the web application 14 based on the origin identifier 42. In some embodiments, the STUN server 18 compares the origin identifier 42 for the web application 14 to a whitelist of approved origins and/or a blacklist of disapproved origins specified by an enterprise policy (block 60). For example, in the context of an enterprise network, the whitelist may include identifying information for domains or web application servers that are authorized to utilize the STUN server 18, while the blacklist may include domains or servers from which the STUN message 16 will be disregarded.
The STUN server 18 then determines whether to provide a STUN service to the web application 14 based on the origin identifier 42 for the web application 14 (block 62). If so, the STUN server 18 continues with processing the STUN message 16 (block 64). However, if the STUN server 18 determines at block 62 that STUN services should not be provided to the web application 14 based on the origin identifier 42, the STUN server 18 disregards the STUN message 16 (block 66). In some embodiments, the STUN server 18 may also generate an error response 44, which may be transmitted back to the web client 12 (block 68).
The exemplary computer system 72 includes a processing device or processor 74, a main memory 76 (as non-limiting examples, read-only memory (ROM), flash memory, dynamic random access memory (DRAM) such as synchronous DRAM (SDRAM), etc.), and a static memory 78 (as non-limiting examples, flash memory, static random access memory (SRAM), etc.), which may communicate with each other via a bus 80. Alternatively, the processing device 74 may be connected to the main memory 76 and/or the static memory 78 directly or via some other connectivity means.
The processing device 74 represents one or more processing devices such as a microprocessor, central processing unit (CPU), or the like. More particularly, the processing device 74 may be a complex instruction set computing (CISC) microprocessor, a reduced instruction set computing (RISC) microprocessor, a very long instruction word (VLIW) microprocessor, a processor implementing other instruction sets, or processors implementing a combination of instruction sets. The processing device 74 is configured to execute processing logic in instructions 82 and/or cached instructions 84 for performing the operations and steps discussed herein.
The computer system 72 may further include a communications interface in the form of a network interface device 86. It also may or may not include an input 88 to receive input and selections to be communicated to the computer system 72 when executing the instructions 82, 84. It also may or may not include an output 90, including but not limited to display(s) 92. The display(s) 92 may be a video display unit (as non-limiting examples, a liquid crystal display (LCD) or a cathode ray tube (CRT)), an alphanumeric input device (as a non-limiting example, a keyboard), a cursor control device (as a non-limiting example, a mouse), and/or a touch screen device (as a non-limiting example, a tablet input device or screen).
The computer system 72 may or may not include a data storage device 94 that includes using drive(s) 96 to store the functions described herein in a computer-readable medium 98, on which is stored one or more sets of instructions 100 (e.g., software) embodying any one or more of the methodologies or functions described herein. The functions can include the methods and/or other functions of the processing system 70, a participant user device, and/or a licensing server, as non-limiting examples. The one or more sets of instructions 100 may also reside, completely or at least partially, within the main memory 76 and/or within the processing device 74 during execution thereof by the computer system 72. The main memory 76 and the processing device 74 also constitute machine-accessible storage media. The instructions 82, 84, and/or 100 may further be transmitted or received over a network 102 via the network interface device 86. The network 102 may be an intra-network or an inter-network.
While the computer-readable medium 98 is shown in an exemplary embodiment to be a single medium, the term “machine-accessible storage medium” should be taken to include a single medium or multiple media (as non-limiting examples, a centralized or distributed database, and/or associated caches and servers) that store the one or more sets of instructions 100. The term “machine-accessible storage medium” shall also be taken to include any medium that is capable of storing, encoding, or carrying a set of instructions for execution by the machine, and that cause the machine to perform any one or more of the methodologies disclosed herein. The term “machine-accessible storage medium” shall accordingly be taken to include, but not be limited to, solid-state memories, optical and magnetic media, and carrier wave signals.
The embodiments disclosed herein may be embodied in hardware and in instructions that are stored in hardware, and may reside, as non-limiting examples, in Random Access Memory (RAM), flash memory, Read Only Memory (ROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), registers, a hard disk, a removable disk, a CD-ROM, or any other form of computer readable medium known in the art. An exemplary storage medium is coupled to the processor such that the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an Application Specific Integrated Circuit (ASIC). The ASIC may reside in a remote station. In the alternative, the processor and the storage medium may reside as discrete components in a remote station, base station, or server.
It is also noted that the operational steps described in any of the exemplary embodiments herein are described to provide examples and discussion. The operations described may be performed in numerous different sequences other than the illustrated sequences. Furthermore, operations described in a single operational step may actually be performed in a number of different steps. Additionally, one or more operational steps discussed in the exemplary embodiments may be combined. It is to be understood that the operational steps illustrated in the flow chart diagrams may be subject to numerous different modifications as will be readily apparent to one of skill in the art. Those of skill in the art would also understand that information and signals may be represented using any of a variety of different technologies and techniques. As non-limiting examples, data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof.
The previous description of the disclosure is provided to enable any person skilled in the art to make or use the disclosure. Various modifications to the disclosure will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other variations without departing from the spirit or scope of the disclosure. Thus, the disclosure is not intended to be limited to the examples and designs described herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
| Number | Name | Date | Kind |
|---|---|---|---|
| 6714967 | Horvitz | Mar 2004 | B1 |
| 7107316 | Brown et al. | Sep 2006 | B2 |
| 7145898 | Elliott | Dec 2006 | B1 |
| 7266591 | Johnston | Sep 2007 | B1 |
| 7379993 | Valdes et al. | May 2008 | B2 |
| 7636348 | Bettis et al. | Dec 2009 | B2 |
| 7730309 | Zimmermann | Jun 2010 | B2 |
| 8015484 | Backer | Sep 2011 | B2 |
| 8250635 | Chari et al. | Aug 2012 | B2 |
| 8300632 | Davis et al. | Oct 2012 | B2 |
| 8467308 | Johnston | Jun 2013 | B2 |
| 8494507 | Tedesco et al. | Jul 2013 | B1 |
| 8601144 | Ryner | Dec 2013 | B1 |
| 8605711 | Sinnreich et al. | Dec 2013 | B1 |
| 8606950 | Glatron et al. | Dec 2013 | B2 |
| 8693392 | Cooper et al. | Apr 2014 | B2 |
| 8695077 | Gerhard et al. | Apr 2014 | B1 |
| 8737596 | Kelley et al. | May 2014 | B2 |
| 8744147 | Torti | Jun 2014 | B2 |
| 8832271 | McCarty | Sep 2014 | B2 |
| 8856236 | Moore et al. | Oct 2014 | B2 |
| 8861692 | Phelps et al. | Oct 2014 | B1 |
| 8867731 | Lum et al. | Oct 2014 | B2 |
| 8996662 | Butler | Mar 2015 | B2 |
| 20020161685 | Dwinnell | Oct 2002 | A1 |
| 20030112766 | Riedel et al. | Jun 2003 | A1 |
| 20030120599 | Agboatwalla et al. | Jun 2003 | A1 |
| 20030131245 | Linderman | Jul 2003 | A1 |
| 20030188193 | Venkataramappa | Oct 2003 | A1 |
| 20040019494 | Ridgeway et al. | Jan 2004 | A1 |
| 20040081173 | Feather | Apr 2004 | A1 |
| 20040093515 | Reeves, Jr. | May 2004 | A1 |
| 20040167984 | Herrman | Aug 2004 | A1 |
| 20040216173 | Horoszowski et al. | Oct 2004 | A1 |
| 20050084082 | Horvitz et al. | Apr 2005 | A1 |
| 20050177380 | Pritchard et al. | Aug 2005 | A1 |
| 20060104526 | Gringeler et al. | May 2006 | A1 |
| 20060155814 | Bennett et al. | Jul 2006 | A1 |
| 20060159063 | Kumar | Jul 2006 | A1 |
| 20060200855 | Willis | Sep 2006 | A1 |
| 20060230438 | Shappir et al. | Oct 2006 | A1 |
| 20070083929 | Sprosts et al. | Apr 2007 | A1 |
| 20070143408 | Daigle | Jun 2007 | A1 |
| 20070255662 | Tumminaro | Nov 2007 | A1 |
| 20070283423 | Bradley et al. | Dec 2007 | A1 |
| 20080046414 | Haub et al. | Feb 2008 | A1 |
| 20080046457 | Haub et al. | Feb 2008 | A1 |
| 20080046838 | Haub et al. | Feb 2008 | A1 |
| 20080127137 | Becker et al. | May 2008 | A1 |
| 20080162642 | Bachiri et al. | Jul 2008 | A1 |
| 20080192646 | Song et al. | Aug 2008 | A1 |
| 20080270541 | Keener et al. | Oct 2008 | A1 |
| 20090070477 | Baum et al. | Mar 2009 | A1 |
| 20090094684 | Chinnusamy et al. | Apr 2009 | A1 |
| 20090300060 | Beringer et al. | Dec 2009 | A1 |
| 20100011282 | Dollard et al. | Jan 2010 | A1 |
| 20100023519 | Kailash et al. | Jan 2010 | A1 |
| 20100024019 | Backlund | Jan 2010 | A1 |
| 20100037324 | Grant et al. | Feb 2010 | A1 |
| 20100246571 | Geppert et al. | Sep 2010 | A1 |
| 20110102930 | Johnston et al. | May 2011 | A1 |
| 20110206013 | Aramoto et al. | Aug 2011 | A1 |
| 20110238862 | Chaturvedi et al. | Sep 2011 | A1 |
| 20120001932 | Burnett et al. | Jan 2012 | A1 |
| 20120079031 | Matthews et al. | Mar 2012 | A1 |
| 20120087302 | Chaturvedi et al. | Apr 2012 | A1 |
| 20120137231 | Maxfield et al. | May 2012 | A1 |
| 20120158862 | Mosko et al. | Jun 2012 | A1 |
| 20120192086 | Ghods et al. | Jul 2012 | A1 |
| 20130002799 | Mock | Jan 2013 | A1 |
| 20130078972 | Levien et al. | Mar 2013 | A1 |
| 20130091286 | Spencer | Apr 2013 | A1 |
| 20130138829 | Bulava | May 2013 | A1 |
| 20130247030 | Kay | Sep 2013 | A1 |
| 20130321340 | Seo et al. | Dec 2013 | A1 |
| 20130325934 | Fausak et al. | Dec 2013 | A1 |
| 20130346329 | Alib-Bulatao et al. | Dec 2013 | A1 |
| 20140013202 | Schlumberger | Jan 2014 | A1 |
| 20140043994 | Bansal et al. | Feb 2014 | A1 |
| 20140095633 | Yoakum | Apr 2014 | A1 |
| 20140095724 | Yoakum et al. | Apr 2014 | A1 |
| 20140095731 | Carey et al. | Apr 2014 | A1 |
| 20140108594 | Siegel et al. | Apr 2014 | A1 |
| 20140126708 | Sayko | May 2014 | A1 |
| 20140126714 | Sayko | May 2014 | A1 |
| 20140126715 | Lum et al. | May 2014 | A1 |
| 20140143823 | Manchester et al. | May 2014 | A1 |
| 20140149512 | Leitch | May 2014 | A1 |
| 20140161237 | Tolksdorf | Jun 2014 | A1 |
| 20140201820 | Li et al. | Jul 2014 | A1 |
| 20140219167 | Santhanam et al. | Aug 2014 | A1 |
| 20140222894 | Gangadharan et al. | Aug 2014 | A1 |
| 20140222930 | Gangadharan et al. | Aug 2014 | A1 |
| 20140223452 | Santhanam et al. | Aug 2014 | A1 |
| 20140237057 | Khodorenko | Aug 2014 | A1 |
| 20140241215 | Massover et al. | Aug 2014 | A1 |
| 20140245143 | Saint-Marc | Aug 2014 | A1 |
| 20140258822 | Li et al. | Sep 2014 | A1 |
| 20140269326 | Westin et al. | Sep 2014 | A1 |
| 20140270104 | O'Oonnor | Sep 2014 | A1 |
| 20140282054 | Yoakum | Sep 2014 | A1 |
| 20140282135 | Segre | Sep 2014 | A1 |
| 20140282399 | Gorelik et al. | Sep 2014 | A1 |
| 20140282765 | Casey et al. | Sep 2014 | A1 |
| 20140282903 | Singh et al. | Sep 2014 | A1 |
| 20140324979 | Gao et al. | Oct 2014 | A1 |
| 20140325078 | Shan et al. | Oct 2014 | A1 |
| 20140344169 | Phelps et al. | Nov 2014 | A1 |
| 20140348044 | Narayanan et al. | Nov 2014 | A1 |
| 20140365676 | Yoakum | Dec 2014 | A1 |
| 20140379931 | Gaviria | Dec 2014 | A1 |
| 20150002614 | Zino et al. | Jan 2015 | A1 |
| 20150002619 | Johnston et al. | Jan 2015 | A1 |
| 20150006610 | Johnston et al. | Jan 2015 | A1 |
| 20150006611 | Johnston et al. | Jan 2015 | A1 |
| 20150026473 | Johnston et al. | Jan 2015 | A1 |
| 20150036690 | Pastro | Feb 2015 | A1 |
| 20150039687 | Waxman et al. | Feb 2015 | A1 |
| 20150039760 | Yoakum | Feb 2015 | A1 |
| 20150052067 | Thiyagarajan et al. | Feb 2015 | A1 |
| 20150180825 | Ren et al. | Jun 2015 | A1 |
| Number | Date | Country |
|---|---|---|
| 1615386 | Jan 2006 | EP |
| 2529316 | Dec 2012 | EP |
| 2295747 | Jun 1996 | GB |
| 2468758 | Sep 2010 | GB |
| 2468759 | Sep 2010 | GB |
| 2517833 | Mar 2015 | GB |
| 2002207683 | Jul 2002 | JP |
| 2002374318 | Dec 2002 | JP |
| 2005346556 | Dec 2005 | JP |
| 2006050407 | Feb 2006 | JP |
| 2011504665 | Feb 2011 | JP |
| 2014060008 | Apr 2014 | WO |
| 2014123738 | Aug 2014 | WO |
| 2014190094 | Nov 2014 | WO |
| 2015032277 | Mar 2015 | WO |
| Entry |
|---|
| Andreasen et al., “Session Description Protocol (SDP): Security Descriptions for Media Streams,” Network Working Group, Request for Comments: 4568, Standards Track, The Internet Society, Jul. 2006, 40 pages. |
| Baugher et al., “The Secure Real-time Transport Protocol (SRTP),” Network Working Group, Request for Comments: 3711, Standards Track, The Internet Society, Mar. 2004, 51 pages. |
| Johnston et al., “WebRTC: APIs and RTCWEB Protocols of the HTML5 Real-Time Web,” (Book), Second Edition, Smashwords Edition, Digital Codex LLC, Jun. 2013, 254 pages. |
| Mahy et al., “Traversal Using Relays around NAT (TURN) : Relay Extensions to Session Traversal Utilities for NAT (STUN),” Internet Engineering Task Force, Request for Comments: 5766, Standards Track, IETF Trust, Apr. 2010, 61 pages. |
| McGrew et al., “Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-Time Transport Protocol (SRTP),” Internet Engineering Task Force, Request for Comments: 5764, Standards Track, IETF Trust, May 2010, 24 pages. |
| Zimmermann et al., “ZRTP: Media Path Key Agreement for Unicast Secure RTP,” Internet Engineering Task Force, Request for Comments: 6189, Informational, IETF Trust, Apr. 2011, 102 pages. |
| Johnston, Alan et al., “Taking on WebRTC in an Enterprise,” IEEE Communications Magazine, Apr. 2013, pp. 48-54, vol. 51, Issue 4. |
| Search Report for British patent application GB1317121.0 dated Mar. 14, 2014, 3 pages. |
| Search Report for British patent application GB1317122.8 dated Mar. 11, 2014, 3 pages. |
| Singh, Kundan et al., “Building Communicating Web Applications Leveraging Endpoints and Cloud Resource Service,” Presented at the Sixth International Conference on Cloud Computing, Jun. 28, 2013, Santa Clara, California, IEEE Computer Society, pp. 486-493. |
| Singh, Kundan et al., “Private Overlay of Enterprise Social Data and Interactions in the Public Web Context,” presented at the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom), Oct. 20-23, 2013, Austin, Texas, IEEE, 10 pages. |
| Berners-Lee, Tim, “Socially Aware Cloud Storage,” Notes on web design, Aug. 17, 2009, http://www.w3.org/DesignIssues/CloudStorage.html, 9 pages. |
| Chandra, Ramesh et al., “Separating Web Applications from User Data Storage with BStore,” presented at the USENIX Conference on Web Application Development, Jun. 2010, Boston, Massachusettes, 13 pages. |
| Davids, Carol et al., “SIP APIs for Voice and Video Communications on the Web,” presented at the International Conference on Principles, Systems and Applications of IP Telecommunications (IPTcomm), Aug. 2011, Chicago, Illinois, 7 pages. |
| Geambasu, Roxana et al., “Organizing and Sharing Distributed Personal Web-Service Data,” presented at the International World Wide Web Conference, Apr. 21-25, 2008, Beijing, China, International World Wide Web Conference Committee, pp. 755-764. |
| Hsu, F. et al., “Secure File System Services for Web 2.0 Applications,” presented at the ACM Cloud Computing Security Workshop, Nov. 13, 2009, Chicago, Illinois, Association for Computing Machinery, 7 pages. |
| Joshi, R., “Data-Oriented Architecture: A Loosley Coupled Real-Time SOA,” Whitepaper, Aug. 2007, Real-Time Innovations, Inc., http://rtcgroup.com/whitepapers/files/RTI_DataOrientedArchitecture_WhitePaper.pdf, 54 pages. |
| Vahdat, Amin et al., “WebFS: A Global Cache Coherent File System,” UC Berkeley, Dec. 1996, retrieved Sep. 16, 2014 from https://www.cs.duke.edu/˜vahdat/webfs/webfs.html, 12 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/037,440, dated Sep. 12, 2014, 15 pages. |
| Loreto, Salvatore et al., “Real-Time Communications in the Web: Issues, Achievements, and Ongoing Standardization Efforts,” IEEE Internet Computing, vol. 16, Issue 5, IEEE Computer Society, Oct. 2, 2012, pp. 68-73. |
| Search Report for British patent application GB1411584.4 dated Dec. 30, 2014, 4 pages. |
| Search Report for British patent application GB1411580.2 dated Dec. 30, 2014, 4 pages. |
| Non-Final Office Action for U.S. Appl. No. 13/931,968, dated Dec. 8, 2014, 6 pages. |
| Non-Final Office Action for U.S. Appl. No. 13/835,913, dated Nov. 20, 2014, 15 pages. |
| Non-Final Office Action for U.S. Appl. No. 13/803,292, dated Jan. 27, 2015, 13 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/050,891, dated Jan. 29, 2015, 9 pages. |
| Non-Final Office Action for U.S. Appl. No. 13/955,023, dated Feb. 2, 2015, 12 pages. |
| Notice of Allowance for U.S. Appl. No. 13/931,968, dated Mar. 23, 2015, 7 pages. |
| Final Office Action for U.S. Appl. No. 13/835,913, dated Mar. 26, 2015, 17 pages. |
| Final Office Action for U.S. Appl. No. 14/037,440, dated Feb. 11, 2015, 19 pages. |
| Barth, A. “The Web Origin Concept,” Internet Engineering Task Force (IETF), Request for Comments 6454 (RFC 6454), Dec. 2011, 19 pages, http://www.ietf.org/rfc/rfc6454.txt. |
| Fischl, J. et al., “Framework for Establishing a Secure Real-time Transport Protocol (SRTP) Security Context Using Datagram Transport Layer Security (DTLS),” Internet Engineering Task Force (IETF), Request for Comments (RFC) 5763, May 2010, 26 pages. |
| Jesup, R. et al., “DTLS Encapsulation of SCTP Packets for RTCWEB,” IETF: Network Working Group, Internet Draft, Feb. 16, 2013, 6 pages. |
| Johnston, A. et al., “An Origin Attribute for the STUN Protocol,” Internet Engineering Task Force (IETF), Internet-Draft, Jul. 20, 2014, 14 pages, https://tools.ietf.org/html/draft-ietf-tram-stun-origin-00. |
| Rescorla, E., “Security Considerations for RTC-Web,” IETF RTCWEB, Internet Draft, Jan. 22, 2013, 16 pages. |
| Rescorla, E., “WebRTC Security Architecture,” IETF RTCWEB, Internet Draft, Jul. 14, 2013, 30 pages. |
| Corrected Notice of Allowability for U.S. Appl. No. 13/931,968, dated Apr. 24, 2015, 4 pages. |
| Advisory Action for U.S. Appl. No. 14/037,440, dated May 20, 2015, 3 pages. |
| Search Report for British Patent Application GB1419338.7, dated Apr. 27, 2015, 4 pages. |
| Search Report for British Patent Application GB1419334.6, dated Apr. 28, 2015, 6 pages. |
| Notice of Allowance for U.S. Appl. No. 13/944,368, dated Apr. 1, 2015, 8 pages. |
| Non-Final Office Action for U.S. Appl. No. 13/931,967, dated May 5, 2015, 10 pages. |
| Non-Final Office Action for U.S. Appl. No. 13/931,970, dated May 7, 2015, 9 pages. |
| Author Unknown, “WebRTC,” WebRTC.org, Date Accessed: Jan. 26, 2016, 4 pages, http://webrtc.org/. |
| Notice of Allowance for U.S. Appl. No. 13/863,662, dated Feb. 1, 2016, 17 pages. |
| Final Office Action for U.S. Appl. No. 14/141,798, dated Dec. 24, 2015, 10 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/174,371, dated Feb. 18, 2016, 18 pages. |
| Non-Final Office Action for U.S. Appl. No. 13/931,970, dated Feb. 23, 2016, 11 pages. |
| Search Report for British Patent Application No. GB1423089.0, dated Jul. 6, 2015, 4 pages. |
| Bergkvist, Adam et al., “WebRTC 1.0: Real-time Communication Between Browsers,” W3C Working Draft, Feb. 9, 2012, http://www.w3.org/TR/2012/WD-webrtc-20120209/, 42 pages. |
| Notice of Reason for Refusal for Japanese Patent Application 2013-201228, dispatched Jun. 11, 2015, 8 pages. |
| Extended European Search Report for European Patent Application 15161452.6, dated Jun. 23, 2015, 5 pages. |
| Non-Final Office Action for U.S. Appl. No. 13/955,711, dated Nov. 9, 2015, 10 pages. |
| Notice of Allowance for U.S. Appl. No. 14/050,891, dated Nov. 10, 2015, 10 pages. |
| Non-Final Office Action for U.S. Appl. No. 13/955,023, dated Dec. 9, 2015, 13 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/037,440, dated Oct. 22, 2015, 15 pages. |
| Advisory Action for U.S. Appl. No. 13/931,967, dated Nov. 3, 2015, 3 pages. |
| Advisory Action for U.S. Appl. No. 13/931,970, dated Nov. 5, 2015, 3 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/068,943, dated Dec. 2, 2015, 16 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/255,429, dated Nov. 9, 2015, 26 pages. |
| Examination Report for British Patent Application GB1411584.4, dated Aug. 21, 2015, 1 page. |
| Examination Report for British Patent Application GB1411580.2, dated Aug. 21, 2015, 1 page. |
| Notification of Reasons for Refusal for Japanese Patent Application 2013-201221, dated Aug. 25, 2015, 8 pages. |
| Rodriguez, Pedro et al., “Advanced Videoconferencing Services Based on WebRTC,” IADIS International Conferences Web Based Communities and Social Media 2012 and Collaborative Technologies 2012, Jul. 17-23, 2012, pp. 180-184, http://www.iadisportal.org/wbc-2012-proceedings. |
| Non-Final Office Action for U.S. Appl. No. 13/835,913, dated Sep. 3, 2015, 19 pages. |
| Non-Final Office Action for U.S. Appl. No. 13/912,520, dated Sep. 9, 2015, 21 pages. |
| Non-Final Office Action for U.S. Appl. No. 13/863,662, dated Sep. 25, 2015, 23 pages. |
| Advisory Action for U.S. Appl. No. 13/803,292, dated Aug. 21, 2015, 3 pages. |
| Non-Final Office Action for U.S. Appl. No. 13/803,292, dated Oct. 9, 2015, 13 pages. |
| Advisory Action and Examiner-Initiated Interview Summary for U.S. Appl. No. 14/050,891, dated Sep. 29, 2015, 4 pages. |
| Final Office Action for U.S. Appl. No. 13/931,967, dated Aug. 20, 2015, 12 pages. |
| Final Office Action for U.S. Appl. No. 13/931,970, dated Aug. 27, 2015, 10 pages. |
| Advisory Action for U.S. Appl. No. 13/835,913, dated Jun. 10, 2015, 3 pages. |
| Final Office Action for U.S. Appl. No. 13/803,292, dated Jun. 12, 2015, 17 pages. |
| Final Office Action and Examiner Initiated Interview Summary for U.S. Appl. No. 14/050,891, dated Jun. 29, 2015, 11 pages. |
| Final Office Action for U.S. Appl. No. 13/955,023, dated Jul. 20, 2015, 17 pages. |
| Corrected Notice of Allowability for U.S. Appl. No. 13/944,368, dated Jul. 23, 2015, 4 pages. |
| Non-Final Office Action for U.S. Appl. No. 14/141,798, dated Jul. 17, 2015, 13 pages. |
| Rosenberg et al., “Session Traversal Utilities for NAT (STUN),” Network Working Group, RFC 5389, Oct. 2008, 51 pages. |
| Macdonald et al., “NAT Behavior Discovery using Session Traversal Utilities for NAT (STUN),” Internet Engineering Task Force, RFC 5780, May 2010, 27 pages. |
| Official Action (with English translation) for Chinese Patent Application No. 201410601772.0, dated Sep. 30, 2018, 22 pages. |
| Number | Date | Country | |
|---|---|---|---|
| 20150120879 A1 | Apr 2015 | US |
