1. The Field of the Invention
The present invention relates to data conferencing. More particularly, the present invention relates to securely facilitating data conferencing between computing systems in an intranet and computing system in an external network.
2. Background and Related Art
Computing and networking technology has transformed the way we work and play. Networks have become so prolific that a simple network-enabled computing system may communicate with any one of millions of other computing systems spread throughout the globe over a conglomeration of networks often referred to as the “Internet”. Such computing systems may include desktop, laptop, or tablet personal computers; Personal Digital Assistants (PDAs); telephones; or any other computer or device capable of communicating over a digital network.
One application of particular significance in a network environment is data conferencing. Data conferencing involves the on-line real time exchange of data. Data conferencing is often employed in conjunction with audio and/or video conferencing, and may include any exchange of real-time information that is the subject of real-time multi-party communications. For example, whiteboard drawings may be drawn by one party to the data conference and displayed to the other parties in the data conference in a process referred to in the field as “whiteboarding”. “Whiteboarding” refers to a data conferencing application (such as MICROSOFT NETMEETING) that is often based on T.120 standards. In addition, a common document may be mutually edited by a number of remote conferencing users using common application sharing applications, such as those found as part of the T.120 standard. Data conferencing is particularly flexible in that any type of information may be exchanged as is suitable for the data conferencing application. Voice and audio information may also be exchanged over data networks.
One issue in any conference is that that access to the conference needs to be controlled, particularly in conferences in which sensitive information is to be conveyed. In many types of conferences, there is an inherent level of security enabled by the form of conference itself. For example, absent extensive impersonation efforts, access to physical in-person conferences or meetings may be controlled since typically individual participants recognize those other participants who are in attendance, or the person may at least present credentials and thereby be physically recognized prior to entering the conference. If there is an uninvited person in the conference, that person may be recognized as uninvited, and excused from the conference, or simply refused admittance. Similarly, a video conference allows individuals to establish a high degree of confidence in the identity of each other by the human ability to visually recognize familiar faces, although the ability to observe can sometimes be somewhat more limited in a video conference as compared to an in-person conference. Furthermore, there are cases in which a person has never seen the video conferencing participant before. In such a case, that person would not have a basis for visually recognizing that participant. A telephone conference allows individuals to recognize each other by voice recognition although there is further opportunity for eavesdropping, and it is not guaranteed that a given individual would have heard the voice of another participant before the teleconference. In data conferencing, the data itself may provide little or even no information that allows each other to authenticate themselves. Accordingly, there is significant risk of eavesdropping in data conferencing.
One method for securing against eavesdropping is to authenticate each data conferencing participant at the time the participant joins the data conference. This works particularly well when all of the participants are within a common intranet or other trusted network administered by a common entity since secure and consistent authentication schemes may be employed within a common network.
However, oftentimes, computing systems that are external to the intranet are to communicate in the data conference. To enable this, a conference organizer may establish a conferencing object that has a certain conference identifier. In this description and in the claims, an “object” is an instance of a class that defines properties and methods associated with the class. The conference organizer or the conferencing server may establish a password required to enter the conference. The conference organizer or conferencing server then communicates the conference time, conference identifier, and password to the designated invitees of the conference. This communication may be, for example, an instant message, an e-mail, a telephone call, an SMS message, or the like. The external participant logs in at the designated time by providing the conference identifier and password. The external participant is then provided access to the data conference.
This method for allowing external participants permits some level of security. However, the conference identifier and password may sometimes be transmitted in the clear and thus is subject to unintended interception. These uninvited parties may then be permitted access to the conference against the will of the conference organizer. Accordingly, what would be advantageous are mechanisms in which invited external participants may join a data conference while providing better protection against eavesdropping.