1. Field of the Invention
The present invention relates generally to videoconferencing, and more particularly to videoconferencing across networks separated by a firewall.
2. Description of Related Art
Security is a major concern for people and companies using the Internet. Security systems that prevent unauthorized people from entering an Internet site and causing damage are constantly being developed, implemented, and, inevitably, circumvented.
Developing security measures is a complicated and tricky business because Internet security systems must be secure enough to keep out trespassers while at the same time allowing legitimate users easy access. Since high security systems require more checks and verification than do lower security systems, it is typically more difficult to use a system with security features than one without security features. Additionally, highly secured systems are more limiting than unsecured systems because these systems restrict the types of activities allowed in order to increase the security.
Typically, firewalls are used by companies to protect their intranet from outside intruders because the firewalls provide a reasonable level of security while, at the same time, not being too difficult and limiting to use. Firewalls are widely used by companies to give employees access to the Internet in a secure fashion as well as to separate a company""s public Web server from its internal network. Typically, the firewall is placed between a company""s intranet servers and internal computing resources and its publicly accessible websites, as illustrated in FIG. 1. FIG. 1 shows an intranet 130 having internal computers 150 and an intranet server 180 separated by a conventional firewall 120 from a public Internet 140 having external computers 160 and a web server 170. In order to increase security, the conventional firewall 120 limits the type of access allowed to users. For example, the conventional firewall 120 allows certain types of IP packets to pass through while limiting other types of IP packets.
Restrictions imposed by the conventional firewall 120 may limit users so that they cannot access all parts of the Internet 140 and therefore make full use of the Internet 140. For example, some videoconferences cannot be setup across the conventional firewall 120 because conventional firewalls are designed to only work with very specific protocols which are not compatible with newer videoconferencing techniques. Further, newer videoconferencing techniques using an H.323 protocol, which is an ITU standard for real time, interactive voice and videoconferencing over Local Area Networks (LANs) and the Internet, may not be recognized by the conventional firewall 120 and, consequently, not allowed through the convention firewall 120. Alternatively, some conventional firewalls 120 do support H.323, but typically drop packets and have low throughput because these conventional firewalls 120 do not distinguish priority requirements of voice and video data. These conventional firewalls 120 also are not designed to handle loads for real-time voice and video traffic.
Although a limitation of only permitting H.320 protocols in videoconferencing achieves design goals of enhancing a firewall""s security, the limitation also restricts an intranet user""s access to the Internet 140. If the firewall implementation includes network address translation using the H.323 protocol for videoconferencing, the implementation cannot penetrate the conventional firewall 120. For example, having the destination party""s address embedded in the IP packet makes it impossible to decode with the H.323 protocol used by the conventional firewall 120.
Since many videoconferencing techniques use the H.323 protocol, conducting videoconferences has become very difficult for users that have the conventional firewall 120. This difficulty has resulted in slowing the growth of the videoconferencing market. Therefore, a system and method is needed for videoconferencing across networks separated by the conventional firewall 120, while preserving all security features provided by the conventional firewall 120.
In order to provide a system for videoconferencing across a conventional firewall, a multimedia firewall adapter may be used to supplement the conventional firewall or may be integrated into the conventional firewall forming a new firewall that functions as a stand-alone unit.
The multimedia firewall adapter may supplement the conventional firewall by running in parallel with the conventional firewall so that signals addressed to videoconferencing systems are routed to the multimedia firewall adapter instead of to the conventional firewall. In one embodiment, the multimedia firewall adapter attempts to decompose and authenticate incoming signals according to an H.323 protocol. Alternatively, other protocols may be used or contemplated for use in the present invention. If the incoming decomposed signal is authenticated to contain videoconferencing data, such as video, audio, T.120, or configuration data, then the multimedia firewall adapter negotiates and establishes a connection across the multimedia firewall adapter between a caller and a call recipient, and allows the videoconferencing data to go through, thus circumventing the conventional firewall. If, on the other hand, the incoming signal is not authenticated to contain videoconferencing data, then the multimedia firewall adapter does not pass the incoming signal. In addition, signals which are blocked from passing through the multimedia firewall adapter are presumed to be non-video/audio signals, and are subsequently routed to the conventional firewall, which analyzes the signals to determine if Internet Protocol (IP) data packets comprising the signals are authorized to pass through. If the IP packets are unauthorized, then they are rejected by the conventional firewall. Conversely, authorized IP packets are allowed to pass through the conventional firewall.