Abstract: Techniques are described for the use of a cryptographic token to authorize a firewall to open a pinhole which permits certain network traffic to traverse firewalls. An initiating endpoint requests a token from a call controller, which authorizes a pinhole though the firewall. In response, the call controller may generate a cryptographic authorization token (CAT) sent towards the destination endpoint. The call controller may generate the token based on an authorization ID associated with the call controller, a shared secret known to both the call controller and the firewall, and data specific to the media flow for which authorization is requested.

Abstract: A system may provide trust relationship information for a telephone number, where the trust relationship information may indicate whether one or more nodes consider a target node as including or as being associated with a VoIP call agent for the telephone number based on demonstrated knowledge of a PSTN call. The system may determine a target trust relationship to the target node based on the trust relationship information, where the target trust relationship indicates a level of trust a validating node has in the target node being associated with or including the VoIP call agent for the telephone number, and where validating node and the one or more nodes may be in different respective administrative domains of a network.

Abstract: In one embodiment, an apparatus may verify an identity of a destination Voice-over-Internet-Protocol (VoIP) call agent for a destination telephone number based on demonstrated knowledge of at least one public switched telephone network (PSTN) call initiated to the destination telephone number. The apparatus may also receive the identity of the destination VoIP call agent based on the demonstrated knowledge of the at least one PSTN call initiated to the destination telephone number.

Abstract: In one embodiment, a system is provided to restrict VoIP communication. The system may validate a Voice over Internet Protocol (VoIP) call initiation message based on demonstrated knowledge of a Public Switched Telephone Network (PSTN) call.

Abstract: A system for verifying VoIP call routing information. The system may include an apparatus integrated with a private branch exchange (PBX). The apparatus may store at least one call attribute of a public switched telephone network (PSTN) call initiated to a destination telephone number. The apparatus may verify a destination Voice-over-Internet-Protocol (VoIP) call agent for the destination telephone number based on demonstrated knowledge of the PSTN call. The apparatus may route a new call either over a VoIP network to the destination VoIP call agent or over a circuit switched network based on whether the destination VoIP call agent is verified for the destination telephone number.

Abstract: In one embodiment, an apparatus may receive at least one call attribute of a public switched telephone network (PSTN) call initiated to a destination telephone number. The apparatus may verify a destination Voice-over-Internet-Protocol (VoIP) call agent for the destination telephone number based on demonstrated knowledge of the PSTN call. The apparatus may transmit an indication the destination VoIP call agent is verified for the destination telephone number.

Abstract: A system for monitoring connectivity status includes network traffic transport entities and an aggregation server. The network traffic transport entities transport network traffic and are able to monitor a portion of the network traffic, access one or more network traffic alert rules, apply the network traffic alert rules to the portion of the network traffic, and determine whether an alert is required based on the application of the network traffic alert rules. The network traffic transport entities are also able to, in response to a determination that an alert is required, generate an alert message. The aggregation server is able to maintain a connectivity status profile, receive the alert message from the network traffic transport entity, identify a matching one of the communication devices in the connectivity status profile, determine an updated network connectivity status for the matching communication device, and update the connectivity status for the matching communication device.

Abstract: A system and methods enable a mobile communications device to determine the Public Safety Answering Point (PSAP) that serves the device, without disclosing the device's exact location. The device makes a query to its service provider that includes a bounded description of the device's location. The mobile device receives a first set of “edges” corresponding to a set of polygons defined on the earth's service. The mobile device then determines which of the received polygons it is included within by extending an imaginary latitudinal line through the polygon's edges and counting the number of intersections.

Abstract: A system for verifying VoIP call routing information. In particular implementations, a method includes verifying one or more Voice-over-Internet-Protocol (VoIP) call agents for respective destination telephone numbers based on demonstrated knowledge of previous public switched telephone network (PSTN) calls to the respective destination telephone numbers; receiving a call initiation message identifying a destination telephone number; and conditionally initiating a call over a VoIP network to a target VoIP call agent, or over a circuit switched network, based on whether the target VoIP call agent has been verified for the destination telephone number identified in the call initiation message.

Abstract: A system for verifying caller ID information in received VoIP calls. In particular implementations, a method includes receiving a caller identification (ID) identifying a calling party telephone number in a call initiation message transmitted from a VoIP call agent; determining the identity of the VoIP call agent; verifying that a public switched telephone network (PSTN) call to the calling party telephone number would arrive at a VoIP call agent having the determined identity; and applying, responsive to the call initiation message, one or more rules based at least in part on the verifying step.

Abstract: A VoIP call routing information registry including a hash access mechanism. In particular implementations, a method includes receiving a telephone number; computing a hash of the telephone number; accessing a registry wherein the registry comprises a plurality of entries, and wherein each entry comprises a hash of a telephone number and data associated with that telephone number, or a prefix and data associated with that prefix; searching the registry for a matching entry; and until a matching entry is found or the telephone number has been stripped down to a minimum number of digits, stripping the last digit of the telephone number, re-computing a hash of the stripped-down telephone number, and re-searching the registry for a matching entry.

Abstract: An authentication agent may cryptographically identify a remote endpoint that sent a media initialization message even though intermediate devices may modify certain fields in the message after a signature is inserted. The originating endpoint's agent may create the signature over some fields of the message using an enterprise network's private key. The agent may insert the signature into the message and send the message to a recipient endpoint's authentication agent. The recipient agent may verify the signature, receive a certificate including a second public key, and challenge the identity of the originating endpoint in order to confirm that identity. This challenge may request a confirmation that the originating endpoint knows the private key corresponding to the second public key and may occur while running encrypted media at the endpoints. After the originating endpoint is authenticated, the endpoints may exchange encrypted and/or unencrypted media.

Abstract: Connecting an endpoint to a conference call includes associating a caller identifier with a conference call identifier, where the caller identifier corresponds to an endpoint and the conference call identifier corresponds to a conference call. A call is received from the endpoint, and the caller identifier is determined to be associated with the conference call identifier. Connection of the endpoint to the conference call is initiated.

Abstract: A receiver uses probabilistic techniques to identify the value of a received signal based upon a space of potential signals that may be generated by the transmitter. The receiver uses one or more iterations in which received signal values are compared with potential signal models to enable identification of the incoming signal.

Abstract: In one embodiment, a method includes automatically detecting occurrence of an event at an endpoint that suggests checking whether a public safety answering point (PSAP) currently associated with the endpoint is correctly associated with the endpoint. The method further includes, in response to the occurrence of the event, automatically prompting through the endpoint a user to provide input indicating whether data identifying a current location of the endpoint is correct. The method further includes receiving input from the user through the endpoint indicating whether the data is correct and, if the input from the user indicates that the data is not correct, automatically initiating an update of the data to correctly identify the current location of the endpoint.

Abstract: Combining signals includes receiving signals from communication devices, where each signal is associated with a content describing the signal. The following is repeated for each signal: the content associated with a signal is examined, whether the signal is a voice signal is determined in accordance with the content, and the signals are sent to a signal combiner in accordance with the determination of whether the signal is a voice signal. The signals are combined at the signal combiner.

Abstract: A method for establishing a communication session between two endpoints that do not both support secure media includes receiving a registration from a first endpoint. The registration indicating the first endpoint supports secure media and non-secure media. The method also includes receiving a registration from a second endpoint. The registration indicating the second endpoint supports non-secure media. The method also includes receiving a request to establish a communication session between the first endpoint and the second endpoint using secure media. The method further includes establishing the communication session between the first endpoint and the second endpoint via the communications platform using non-secure media.

Abstract: In one embodiment, a method for presence-based management in a communication network includes, using IM, discovering one or more network devices in a communication network. The network devices couple two or more endpoints to each other and enable communication between a first one of the endpoints and one or more second ones of the endpoints. The method also includes, using IM, obtaining presence information on the discovered network devices from the discovered network devices and, using the presence information on the discovered network devices from the discovered network devices, maintaining presence data associated with the discovered network devices.

Abstract: A method for distributed diagnostics in a communication network includes generating at least one debug message operable to initiate a debugging function in a plurality of network components and comprising a debug address. The debug address identifies a communication type and a target location. The communication type identifies a mechanism used to communicate debugging information collected by the plurality of network components to the target location. The method also includes communicating the debug message to at least one of the network components.