1. Field of the Invention
This invention relates to systems, apparatuses, methods, and computer program products relating to establishing secure videoconferences between multiple nodes communicating via two or more transport protocols in which at least one encryption protocol is used.
2. Discussion of the Background
Video-conferencing is a ubiquitous form of the information exchange in the modern era. A video-conference includes at least two stations exchanging video, audio, and other data to support of a virtual meeting. The video is a stream of data made up of frames that include pictures and sound. Video signals are typically analog but may also be digital. The digital information may or may not be compressed.
Video conferencing is governed by a variety of international standards. Among standards that apply is H.320, the entire contents of which are hereby incorporated by reference. H.320 is a suite of standards documents defining video conferencing interoperability over ISDN. The H.320 standards define rules for establishing communications, framing, and synchronizing media, and inverse multiplexing ISDN channels. H.320 has several video and audio coding standards, including:                H.261—a video compression standard for bandwidth multiples of 64 Kbps;        H.263—an alternative video compression standard;        G.711—a standard for basic audio compression at 48 Kbps to 64 Kbps, and a low computation pulse code modulation technique used in regular telephony;        G.722—a standard for higher quality audio and bandwidths with more sophisticated audio processing; and        G.728—a standard for lower bit rate audio compression at 16 Kbps.        
Another international standard is H.323, the entire contents of which are hereby incorporated by reference. H.323 is a suite of standards documents defining interoperability of video conferencing over package switch networks, which may have no guaranteed quality of service (QoS). These standards define packetization and synchronization of media over packet switched networks and a gateway for interoperability of H.320 and H.323 systems. H.323 includes:                Essentially the same video compression standards used in H.320;        Essentially the same audio compression standards used in H.320;        
An alternative international standard for packet switched networks is SIP, Session Initiation Protocol, the entire contents of which is incorporated herein by reference. SIP also includes essentially the same video and audio standards as H.320.
H.324, the entire contents of which are hereby incorporated by reference, is a suite of standards documents defining video conferencing interoperability over POTS, ISDN and Mobile networks (i.e., networks that include wireless communication links) that establishes multiplexing/control protocols and includes:                Essentially the same video compression standards used in H.320;        Essentially the same audio compression standards used in H.320;        
T.120 is a suite of video conferencing data collaboration standards included in the three suites of standards described above. T.120, the entire contents of which are hereby incorporated by reference, includes:                T. 124—a conference control standard;        T.126—a standard for sharing still images; and        T.127—a binary file transfer standard.        
H.323 addresses computers and equipment that can carry real time video, audio and data or any combination of these elements. This standard is based on the Internet Engineering Task Force (IETF), Real Time Protocol (RTP) and Real Time Control Protocol (RTCP), with additional protocols for call signalling, and data and audio visual communications.
Currently it is possible to interface video teleconferencing equipment that operates over different protocols through a gateway device. A gateway is a network device that interconnects two different networks, thus enabling a call between two participants to pass from one network to another. A multi-protocol gateway device interconnects two or more calls originating on two or more different protocols or networks. FIG. 1 is a block diagram of a typical conventional multi-protocol video teleconferencing environment. A first terminal site 101 communicates with additional terminal sites 102 and 103 via an intermediary site, gateway/MCU site 104 which acts as a protocol converter. At the first site 101 a video teleconferencing device 1011 communicates its video conference information to the intermediary site's gateway device 1043. The intermediary site's gateway device 1043 translates from the first protocol to protocols used by the gateway devices 1021 and 1031 located at the other sites 102 and 103.
Examples of a multi-protocol gateway device 1043 are the Tandberg MCU and Tandberg 6000, which allow a terminal on an ISDN network to hold a video teleconference with a terminal on an IP network, and vice versa. Other products capable of this multi-protocol functionality are developed by Polycom, Ezenia, Radvision, and others. For clarity, a multi-point Control Unit (MCU) is a device configured to connect calls in a network so as to create a common “meeting room.” A MCU builds a conference with several terminals and thus can broadcast composed images reflecting the meeting. In contrast to a conventional gateway, a MCU can also support other functionalities such as “Chair control” that delegates the control of the meeting to one of the terminals; “Request floor” that broadcasts, on request, the image send by one particular terminal; Broadcast and multicast, etc. The H.320 and H.323 standard series describe how an MCU operates.
Conventional multi-protocol devices are limited in their ability to provide security and protection of the data transmitted between sites. In particular, these devices cannot transmit across multiple links having different encryption standards. A general description of conventional secure video teleconferencing environment is found is found in FIG. 2. As in FIG. 1, a first videoconferencing site 101 communicates with other video conferencing sites 102 and 103 via an intermediary site, gateway/MCU site 104. The first site 101 has a teleconferencing unit 1011 with an embedded or attached encryption device 1011a. This teleconferencing unit 1011 communicates with a companion device 10411 at the intermediary site, gateway/MCU site 104. The companion device 10411 at the intermediary site, gateway/MCU site 104 includes an embedded or attached encryption device 10411a which is interoperable with the encryption device 1011a at the first site 101. Similarly, the intermediary site, gateway/MCU site 104 has video conferencing equipment and encryption devices 10421, 10421a, 10431, 10431a comparable to equipment and encryption devices at the second and third sites 1021, 1021a, 1031, and 1031a. The individual links are decrypted at the intermediary site, gateway/MCU site 104 and relayed via an unencrypted patch panel or local area network 1042 connecting the intermediary sites' videoconferencing devices 10411, 10421, 10431.
Conventional systems typically use commercially available encryption algorithms such as the Data Encryption Standard (DES), triple-DES, the Advanced Encryption Standard (AES), the International Data Encryption Algorithm (IDEA). Each of these commercial encryption algorithms and accompanying systems are documented in publicly available standards.
To set up a secure videoconference through a conventional MCU/GW using external encryption devices, it is necessary to install external devices on both ends of the connections between the terminal and the MCU/GW. In some cases, the encryption devices can handle several connections at a time. These encryption devices generally have the following characteristics:                They operate over a link-specific network protocol (ISDN, IP, etc.)        They require specific configurations (e.g., bandwidth, etc.)        They are general purposes and can also be used with faxes, telephones, and other communications equipment.        
To initiate encryption, these devices can exchange keys (Diffie-Hellman, etc.) or use manual keys installed during the configuration.
For video-conferencing over ISDN links, each device must share the same protocols and algorithms to ensure compatibility. This implies that encryption devices come generally from the same company and the complete product is often a private solution. For video-conferencing over IP links, most of the devices use the IPsec protocol allowing a better interoperability between manufacturers. However, to provide video-conferencing privacy with MCU/GW isn't an “easy to use” solution and often it requires additional materials and highly trained installation and operations staff.
Conventional, secure, multi-protocol systems, as discovered by the present inventors, are plagued by unacceptable time delays between the various teleconferencing nodes, this method of interfacing encrypted video teleconferencing signals often is accompanied by unacceptable delays and confusion. Conventional systems are also not capable of complex key management, scheduling, and billing operations. As recognized by the present inventors, a solution to these problems would be an integrated videoconferencing capability that automatically connects at least two videoconferencing sites communicating via at least two transport protocols (e.g., ISDN and IP) and with at least one encryption protocol (e.g., DES, triple DES, AES, IDEA, etc.).