DIVITAS PROTOCOL PROXY AND METHODS THEREFOR

BACKGROUND

[000!] Conventional mobile communication platforms include cellular communications, for example. Global Systems for Mobile (GSM) communications Other conventional platforms that support limited mobility include WiFi, which is based oti IEEE 802. i 1 standards. Cellular and WiFi are both well known and established wireless communication platforms.

[0002] Next generation platforms may be designed to permit mobile users to move between cellular and WtFt networks and include an Unlicensed Mobile Access (UMA) standard thai may provide a switch controller for carriers to permit users to transcend between cellular and WiFi networks and vice-versa. However, the UMA standard may have disadvantages including that carriers generally control calls and decide if and when to switch users between networks.

[0003 i An advanced mobile communication platform may be needed to provide enterprise level communication and control over users and the networks such that enterprises (instead of carriers) may select networks and/or control calls based on enterprise driven criteria rather than carrier driven criteria.

[0004 j Further, in mobile/wireless communication, generally there have been the following problems: (a) echo; (b) packet delay, packet delay variation (packet jitter), and packet loss which affect quality of service (QoS); (c) hardware or software platform dependency of protocols: and id) security of enterprise resource access. The problems are described as follows: [0005] (a) Echo

[0006] In voice communications such as conventional PSTN, conference phone, cellular mobile phone, and voice over IP, echo cancellation (FX) technology has been widely used to improve quality of service (QoS) for end-users. Generally there are two types of echo canceller. One types of echo canceller is generally called line or network echo canceller (LEC) LEC is generally used to remove electrical echoes caused by reflections of hybrid components on a network where 2- Hne and/or 4-line conversions take place. Another type of echo canceller is generally called acoustic echo canceller (AEC). AEC is generally used to remove acoustic echoes caused by acoustic sound feedbacks from a speaker to a microphone on a hand- free speaker phone, mobile phone, or conference phone. Compared with LEC implementing an AEC may be more challenging due to some of the following factors: longer echo tail since the sound speed is much slower than the light

(or election) speed, and accordingly the echo canceller is required to have more processing power and more memory; more dynamic change of the acoustic echo characteristics because of movement of the phone or talker and changes »1 the environment, and accordingly the echo canceller may he required to track and catch up changes in the echo characteristics more quickly; and multiple echo paths due to multiple reflections from different objects with different distances and/or orientations. [0007] Current acoustic echo cancellation technologies generally have Ii nutations. Acoustic echo cancellation technology may have been invented and used for at least 40 years so far. However, the basic approach to cancelling acoustic echoes may not have been significantly changed. In general a typical AEC ^* utilizes an adaptive filter to model one or more echo path transfer functions and try to produce a replica of the echoes. The AEC may then subtract this replica from the near-end input signal to form a supposedly final echo- free far-end signal output [0008] Most of acoustic echo cancellation technology advancements so far are to employ different kinds of filters such as a FlR or HR filter, single band or multiple bands filter, or time-domain or frequency-domain filter. Further, different algorithms such as LMS, RLS, APA, and so on have been used to improve filter efficiency. Nevertheless, even with all these technology improvements, AEC design and implementation may sttll be a very challenging task today Conventional filters may show many limitations on handling the acoustic echoes because of the complexity and the variability nature of the acoustic echoes. One of the limitations may be poor double-talk (both near- end and far-end speakers are talking) performance. Calculations in the conventional filters may result tn divergence instead of convergence between the echoes and the replica during a double-talk. [0009] (b) Packet delay, packet delay variation (packet jitter), and packet loss which affect quality of service (QoS)

[0010] In voice over IP and video over IP communications, voice and or video media contents may need to be transferred from the transmitter to the receiver in real-time, while the underlying IP network was originally designed for non real-time date communications. Accordingly, providing and maintaining the quality of service (QoS) to the end-users may become a very challenging task. The packet delay, the packet delay variation (packet jitter) and the packet loss from end-to-end may be considered three important QoS parameters which affect the quality and performance of the voice and video Communications over IP network.

[001 1] Current jitter buffer technologies tend to have limitations. A jitter buffer scheme which may also be called de-jitter buffer scheme is usually employed on the receiver side to

compensate or remove the network packet jitter. Basically, the scheme may not play out the packet as soon as the packet ts received Instead, the scheme may queue up the incoming packets and play out the queued packets at even intervals. In effect, the packet queuing may represent inserting a delay before the play-out happens. The inserted delay is usually called play-out delay. [0012\ There may he at least two issues on the current jitter buffer designs and implementations. The first issue may pertain to how much the play-out delay needs to be inserted. There may be a tradeoff on the amount of the play-out delay. For a large delay, there may be less packet loss. On the other hand, for a small delay, there may be a better interactive experience. The first issue may have been acceptably resolved by the adaptive jitter buffer scheme Ia the adaptive jitter buffer scheme, a receiver may estimate the network packet jitter based on the timestamp of the RFP header of the incoming packets and the receiver local time. The receiver may then insert the minimal delay just enough to compensate the network packet jitter.

[0013] The second issue on the jitter buffer design may pertain to when Io insert the play-out delay. Ideally, the play-out delay can be inserted at. the beginning of each talk spurt. Accordingly, each talk spurt may be played out at even intervals, but. only the silence periods between talk spurts are expanded or compressed. For example, if the transmitter employs silence suppression technology, the packets coming in the receiver may ideally have gaps between talk spurts such that a device may be implemented to identify the beginning of the each talk spurt based on the timestamp and the sequence number on the RTP headers of the incoming packets

[0014] However, in reality, inserting delays at talk spurt beginnings can be achieved only in limited situations. Most current silence suppression technologies may have limitations and may perform well only for some clean situations such as single human speaker or low background noise Current silence suppression technologies may not perform well for some other situations such as multiple human speakers in a conference or high background noise such as during mobile Communications. Therefore, many applications may be executed without utilizing or activating silence suppression, in order to preserve better audio quality. λs a result, the packets coining into the receiver may be continuous without any pauses. There may be no clue on the timestamp and the sequence number to tell if the packets represent silence or a talk spurt. Having no clue for identifying silence, the current jitter buffer technologies tend to perform poorly. One reason for the poor performance may be that the current jitter buffer schemes generally look at only the RTP header information of the incoming packets, but not the content ors the RTP payload.

[00! 5j (c) Hardware or software platform dependency of protocols:

[0016] Hardware or software platform dependency may cause interoperability and/or configuration problems. For interactive user sessions hi communication which involve multimedia elements such as video, voice, chat., gaming, or virtual reality, there may be a need for a light weight protocol over a communication protocol such as, for example. Session Initiation Protocol (SlP ) that can efficiently transport information between a server and a client and can work independently of hardware and software platforms, a control plane protocol in use between the server and the client, and an underlying transport layer or the medium over which the server and the client communicate. There may be a need for a protocol that is fast enough to support critical real time control messages and is flexible enough for large-volume data transfer with minimal delay. However, prior -art protocols such as UMA are generally complex and difficult to establish interoperability. [0017] (d) Security when enterprise resources are accessed from mobile devices

[001 S] More or more enterprises are allowing their employees to use their cellular/mobile phones for business purposes. With availability of high speed networks such as VVIFi, Edge, UMTS, CDMA EVDO. etc. to mobile phones, different vendors have been implementing VoIP (Voice over IP) for the mobile phones. Such implementations may require opening enterprise firewalls to allow VoIP related protocols, such as SlP, RTP, etc. to operate.

[00! 9j tπ addition to VoIP ₅ other enterprise data centric applications may also be extended to the mobile phones. The applications may include one or more of Presence/Instant Messaging, Intranet web resources, CRJvI ₅ Support database, etc. If the clients for one or more the above applications on the mobile phones access the enterprise resources directly, enterprise firewalls may need to be opened for multiple protocols, and opening the enterprise firewalls may cause security problems.

SUMMARY

[002Oj The invention relates., in an embodiment, to a mobility architectural arrangement for managing telecommunication mobility for a handset. The arrangement includes a DiVitas protocol proxy (DPP), which is configured to manage connectivity between a mobility client of the handset and a mobility server within an enterprise. The DPP includes a client DPP being configured to manage the connectivity for the mobility client of the handset. The client DPP receives a plurality of client connectivity requests from a plurality' of application clients. The server DPP is configured to

manage the connectivity for the mobility server. The server DPP receives a plurality of server connectivity requests from a plurality of application servers. The client DPP and the server DPP is configured to interact with one another to establish a secure channel.

[0021 ] The above summary relates to only one or more of the many embodiments of the invention disclosed herein and is not intended to limit the scope of the invention, which is set forth in the claims herein. These and other features of the present invention wil! be described in more detail below in the detailed description of the invention and in conjunction with the following figures.

DESCRIP TION OF THE DRAWINGS

[0022] The present invention is illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which;

[0023] Fig. I depicts a system network according to one or more embodiments of the present invention.

[0024] Figs. 2A-C depict a mobility server according to one or more embodiments of the present invention.

[0025] Fig. 3 depicts a mobile equipment client according one or more embodiments of the present invention.

[0026] Fig. 4 depicts a block diagram of a codec based echo canceller in accordance with one or more embodiments of the present invention.

[0027] Fig. 5 A depicts a voice jitter buffer scheme in accordance with one or more embodiments of the present invention,

[0028] Fig. SB depicts a video jitter buffer scheme in accordance with one or more embodiments of the present invention,

[0029] Fig. 6A depicts an overview of a DDP architecture in accordance with one or more embodiments of the present invention.

[0030] Fig. 6B depicts a DDP message exchange in accordance with one or more embodiments of the present invention.

[0031] Fig. 7A depicts a network architecture which includes two network interfaces per host and is fabricated in accordance with one or more embodiments of the present invention.

[0032] Fig. 7B depicts a network architecture in accordance with one or more embodiments of the present invention.

[0033] Fig. 7C depicts a network architecture in accordance with one or more embodiments of the present invention,

[00341 Fig. 7D depicts a network architecture in accordance with one or more embodiments of the present invention.

[0035] Fig. SA shows a block diagram of an example prior art communication device including a filter for echo cancellation.

[0036] Fig. SB shows a flowchart of an example prior art method utilized, for example, in the example prior an communication device shown in Fig. 8A, for cancelling echoes. [0037] Fig. ^Q A shows, in accordance with one or more embodiments of the present invention, a block diagram of a communication device (or system or arrangement) that may cancel echoes without relying on a filter.

[0038] Fig. 9B shows, in accordance with one or more embodiments of the present invention, a block diagram of an ID code generator employed in the communication devsee (or system or arrangement) shown in Fig. 9A.

[0039] Fig. 9C shows, in accordance with one or more embodiments of the present invention, a flowchart of a method for cancelling echoes, for example, in the communication device (or system or arrangement) shown in Fig. 9A

[0040] Fig. 1OA shows a block diagram of ^* a first example prior art packet voice communication system (first prior art arrangement) with an adaptive jitter buffer scheme [0041] Fig. 1 OB shows a flowchart of a transmitter -side process of a prior ail jitter buffer scheme utilized, for example, m the first prior art arrangement shown m the example of Fig. 1OA, [0042] Fig. 1OC shows a flowchart of a prior art delay calculation process.

[0043] Fig. 1OD shows a flowchart of a prior art packet play-out control process,

[0044] Fig. 1 OE shows a schematic representation of received packet flow ai a packet piay- oiit control when a transmitter-side voice activity detector (VAD) is turned on. [0045] Fig. 10F shows a schematic representation of received packet flow at the packet play- out control when the transmitter-side VAD is turned off.

[0046] Fig I I \ shows a biock diagtam of a r ecei\ es -side device of a second puoi asi packet

\ oice communication svsterπ (second pπot art aπangenient), which include* adaptive buffei ov erflow control

[0047] Fig 11 B shows a flowchart of a silence detection process utilized, for example, in the ieceu er-side ice shown HI the example of Fig I 1 λ

[0048] Fig I IV shows a flowchau of a buffei o\ eiflow control pioces-s utilised foi example, m the teceiv ei-side device shown in the example of Fig 1 1 A

[004*3] Fig 12A shows, in accordance with one oi moie embodiments of the present sin ention a block diagram of a receivet-side see of a packet \oιce communication sv stem with adaptive jUtei handling

[0050] Hg 12B shows, in accordance with one ei more embodiments of the present invention, a dela> insertion control ptoces^ utiU^sed for adaptive jitter handling utilized, foi example, m the receϊvcr-tjidc ice shown in the example of F?g 12 \

[0051 ] Fig I > shows, in accordance with one or mote embodiments of the present im ention, a biock diagram of a recctvei -side device of a packet \ idco communication sj stcm with adaptive jϊttei handling

[0052] F ig 14 shows a pπoi art example of a call flow for establishing a connection between an application client and an application serv er

[00 ^s >] Fig 1 5 shows, in an embodiment of the .mention, a simple architectural diagram of the DDP in\ cntjon

[0054] Fig 16 A shows m an embodiment, an example of how data withm a archifectuml arrangement vuth DDP may ωow between an apphcatson client located withtn a client device and an application sen ei, which is managed by an enterprise

[Oϋ55j Fig I 6B shows, in an embodiment, a code example of an encapsulated RlP notifv message

[0056J Hg 1 7 shows, in au embodiment an example of a call flow- illustrating how a secure chaii αel mav be established ^ei \ er In an embodiment, to establish a secure channel, iegistration ma> occur

[0057] Fig IS shovλ in an embodiment a simple call flow dlusuatsog a situation in which a large file mav e to be sent

[0058] Fig. 19 shows, in an embodiment of the invention, a simple call How illustrating a situation in which small control messages, such as those sent by control applications, may be sent.

[0059] Fig. 20 is a prior art example of an architectural arrangement m which each application on a handset is connected individually to a corresponding application server within an enterprise.

[0060] Fig. 21 is a prior art flow chart illustrating the method for enabling an application client to communicate with an application server in an !P Security VPN environment.

[0061 ] Fig. 22 shows, in an embodiment of the invention, a simple block diagram of a mobility architectural arrangement.

[0062] Fig. 23 shows, in an embodiment of the invention, a biock diagram illustrating the mobility architectural arrangement as a rich client.

[0063] Fig. 24 shows, in an embodiment of the invention, a simple flow chart illustrating an example of a method for employing a mobility architectural arrangement.

[0064] Fig. 25 shows, in an embodiment, of the invention, a mobility architectural arrangement implemented as a thin client.

TABLE OF CONTEN TS

A. Architecture

B. Codec based Acoustic echo cancellation

C Content-based jitter buffer scheme for voice/video over IP communications

D Divitas Description Protocol (DDP)

E. Di vttas Protocol Proxy (DPP)

R Conclusion

DETAILED DESCRIPTION

[0065] The present invention will now be described in detail with reference to a few preferred embodiments thereof as illustrated in the accompanying drawings. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent however, to one skilled in the art, that the present invention may be practiced without some or all of these specific details, ϊn other instances, well known process steps and/or structures have not been described in detail in order to not unnecessarily obscure the present

invention. The features and advantages of the present invention may be better understood with reference to the drawings and discussions that follow.

[0066] The invention may be described with reference to specific apparatus and embodiments. Those skilled in the art will recognize that the description is for illustration and to provide the best mode of practicing the invention. The description should not be construed to limit the scope of the invention. For example, while references are made to certain communication protocols, others are anticipated by the invention. For instance, while WiFi (IEEE 802 J l ) is described as a protocol for wireless communication, other protocols may be implemented in the invention. References made herein to ϋiViϊas server and mobility server may be equivalent. References made herein to DiVitas client and mobile equipment may be equivalent,

[0067] Various embodiments are described herein below, including methods md techniques. It should be kept in mind that the invention might also cover an article of manufacture that includes a computer readable medium on which computer-readable instructions for carrying out embodiments of the inventive technique are stored. The computer readable medium may include, for example, semiconductor, magnetic, opto-magnetic, optical, or other forms of computer readable medium for storing computer readable code. Further, the invention may also cover apparatuses for practicing embodiments of the invention Such apparatus may include circuits, dedicated and/or programmable, to cany out operations pertaining to embodiments of the invention Examples of such apparatus include a general purpose computer and/or a dedicated computing device when appropriately programmed and may include a combination of a computer/computing device and dedicated/programmable circuits adapted for the various operations pertaining to embodiments of the invention. [0068] A. Architecture

[0069] Fig. 1 depicts a system network 100 according to an embodiment of the invention. Mobile equipment (ME) 102 is provided that communicates with the network in a number of possible ways. ME 102 can communicate with a cellular network 110 that includes a Base Transceiver Station (BTS) 1 12, a BTS Switching Center (BSC) 114 and Mobile Switching Center (MSC) 1 16. The MSC is coupled to a Media Gateway 120 that is coupled to a public switched telephone network (PSTN) 122. Other conventional public and private telephones 124 are also coupled to the PSTN. A PBX 130 is coupled to the PSTM and serves an enterprise for purposes of making and receiving calls, for example, via telephone 136. Mobility server 150 is coupled to the PBX as well as other

networks For example, mobility server ^' ! 50 is coupled via router 132 to an. Internet Protocol Wide Area. Network (WAN) } 38. The mobility server 150 is also coupled via router 140 and firewall 142 to the Internet 144. The mobility server is also coupled to a local area network (LAN) with wireless access point 160. One access point is depicted while the invention anticipates multiple access points as well. The access point I 60 permits a user with ME 102 to wander in the enterprise and stay connected to the PSTN through the mobility server 150 and FBX 130. ϊf the user wanders beyond the boundary of the LAN. the user will be connected to an alternate network (e.g. the cellular network) as described below in detail. Also depicted is an access point 180 that is coupled to the internet for access under certain conditions as described herein.

[0070] Figs. 2A-C depict a mobility server according to an embodiment of the invention. [0071] Security ¹ Manager - The definition of security ¹ when two or more entities axe communicating involves the following aspects;

1. Mutual Authentication of the communicating entities

2. Privacy of the communication channel

3. Integrity of messages exchanged 4. Authenticate on of messages

[0072] In DiVitas mobility solution there are three distinct communicating entities: DiVitas Client, DiVi (as Server and external VoIP GW. And there are two distinct types of paths between these entities- SlP signaling path and Media path

[0073] As described in the Architecture Specification^] the following mechanisms are used to achieve the above mentioned security aspects between client, server and external gateway for signaling and data paths.

1. S ^' iP ^" FLS session between client and server.

2. Client Authentication using SIP Notify after SlP TLS establishment

3. Authentication of users with server

4. SlP TLS session between server and externa! VoIP Gateway.

5. Server authentication with external VoIP Gateway

6. Secure media path

7. Derived requirements

[0074] User/Device Manager/Mobility Controller - The device and mobility Manager (hereby referred to as DMM) is a module that handles device configuration and status as well as the mobility

aspects while there is an active cal! on a device. The following sections capture the functional and design specifications of the DiVIM along with the public interfaces that the DMM supports [0075J Here is a summary of the roles and responsibilities of the DMM

1. Device configuration controlled by the enterprise administrator.

2. Report status of the device.

3. Image management for the device

4. Maintain and implement the mobility logic for handsets with an active call ^••• i.e., handle WiFi to Cell and vice-versa handoff.

5. Handles device initialization and configuration requests from the client. [0076] Control Plane/Call Control - Call control (CC) is the primary control plane module responsible for the following functions:

1. Voice over S P cal! processing

2. SIP proxy server and B 2BUA

3. PSTN Call management through PSTN GWs

4. PBX feature management through Asterisk

5. Resource and Connection management

[0077] Call control, module resides oti the DN media switch. The call control module interfaces with the SlP stack and Asterisk (or any other) PBX module to provide the above mentioned functionality.

1. SIP stock (for UA, CCM, and Asterisk etc): SIP stack is mainly used as protocol message decode/encode engine SlP stack also performs basic protocol specific tasks, like standards based message parsing and validation, retransmissions, proprietary message validation etc. For most of the proxy and B2BUA tasks, SIP stack relies on CC for decision-making. Interactions between CC and Asterisk as well as CX? and CCM are through standards based SlP messages.

2. Proxy Agent/Configuration Manager (PA/CM); Proxy agent acts as a configuration manager for all the applications. Call control related information is downloaded by PA at the time of provisioning or after the disk DB is read following a system bring up. CC stores the data in RAM for local/faster access, CC also updates PA of any dynamic information {e.g. call going active or down), or on demand information (e.g. SNMP GET)

3. Resource Manager (RJV1): Resource manager provides logical map of the physical/network resources. These resources include GE port, DSP resources, sockets,

CDP TCP ports etc and mav iiof include system resources lϊkc memorv, butter pool timers, queues etc The iesourccs max not include sockets used for interna! IPC communication CC uses. RM for icsourcc CAC tesouice tesenatton and commit λs part of the commit RM talks to media switch to program haidware to enable media flow [0078 i Media Su itch Application (MSA) - The MSA will be designed to run partially on LUIUA and remaining on DSP pioeessoi I he application will peifotm the follow ing functions _*

RFP packet pioeessHig Switching I ranscodmg Conferencing AdapUλ e j i ties bu ffer Packet loss concealment

Post processing which includes V AD/CNG and AGi ^"

[0079] The \ϊ»S 4 software needs to support encoding /decoding of different speech codecs ϊhe type of algorithm and channel can change during run time i e , a design to support multi-channel multi- algoπthm is needed Each codec algoπthm needs to be reentrant, and the program as well as data needs to be fully ielcasabic In order to support various codecs the following needs to taken into account a Since the DSP has limited on chip data mernotx not all data can be placed on-chip all the time in multi-channel, multi-algoπthm application This requites all data (context and tables) »i each algoπthm to be le-locatable (between on olTcliip mcmoiv) durmg context switching This lequires a need to Hud out the memoiv stack size as well as XT(PS requuement for each supported codec b λ mechanism to exchange messaging between host and DSP ptocess indicating channel nuπibei as well as codec type along with any othei featmes The channel configuiation manager needs to open a channel on DhP indicating type of funcuonahtλ tequired Peuodjc message indicating the state of DSP needs to be implemented

[0080] The DSP processor allows the external host to access the USP external The DSP has 16Kb\ tes of first le\ el program as wel 1 as data memory I he program as well as data memory share the second level memory of 2^6kbvtes The 16Mb\tes of externa! memory (SDRAM) is

available The shaied memory between the two processors Mores the incoming as well as outgoing RTP data Since the DSP needs to support N number of channels, this memory will contain N receive as well as transmit buffers of length 320 bytes each (for these buffers need to be of 1500 bytes) Data structure for messaging between host and DSP as well as information needed on pei call basis needs to be defined The following steps define the DSP functionality. a. At boot up once the software is downloaded to DSP (the DSP will indicate the same by writing a predetermined value at a fixed memory location to indicate to host that the software is downloaded). b Upon successful download of software, the DSP vuli run an interna! tinier of lϋmsec At this time the DSP is polling for channel state to change to process, which is set by the host once the packet arrives. c. A start call or open channel command from the host indicating codec type, data-read> ss well as call type (initially only voice) is sent for RX as well as TX direction d Based on channel opened the DSP picks up the RTP data from the external buffers and performs the DSP related functionality on those e. On the TX side the DSP places encoded data on the external buffers to be picked up by the TX agent.

[0081 j Fig 3 depicts a mobile equipment client according to an embodiment of the invention [0082] The client software or handset software runs on the handsets that are compatible with the Divttas Server Typically these are dual-mode handsets that have the capability to piovide telephony connection on the cellular network (CDMA or GSM) as well as IP connection on the LAN network (wired LAN or wireless LAN)

[0083] The software can be also be compiled for a desktops/laptops or a PDAs which have a microphone and a speaker to function as a softphonc [0084] L ^' ser Interface [0085J The client user- interface provides the following functionality

• Setup startup configuration DNS IP addresses, Dmtas server URL ₅ Startup user-state (INVISIBLE AVAILABLE), security settings

• Change user state (INVISIBLE/AVAILABLE)

• Add enterprise "buddies" and get their presence information (INVISIBLE/AVAILABLE CALL- IN-PROGRESS)

• Dtspϊav availability status of enteipπse "buddies ^"1 and connect to them

• 1,-JCI Inttaface to common esitejpjise telephony featuie.s

• call making

• call leceivmg

• call wasting

• call forvuiidmg

• call transfet

• oiuiti-paity conferencing

• voice-mad notification

• missed calls notification

• recci\ eel calls notification

• placed calls notification

• numbei lookup and dial by name

• Manual override to use cellular netwoik instead of WJFJ netwoik

• Dispia> \ ersioo mismatch

• Lpgrade iequest status

• Disable/inhibit client softwaie ISP application is used to make/receive ceHulat calls Cail-contTol and

• Call contiol Ibi making VoIP calls on LAN inteilbce

• \ oice Engine fos mailing \ oiP calls on LiVN inteiface includes codecs echo-cancellation, jitter control, etioi concealment

• Call handoff fiom cellular call to VoIP call

• Call handoff ft om VoIP call to cellular call [0086] 802 1 !

• Determine which IP net wot ks ate a\ aslable and then signal strength and communicate that mfoimation to the server

• λP client

• Powei management of 802 1 1 mmipoit whenever the signal stiength of 802 1 1 is below acceptable thieslwld. hibernate and poli networks at infieqυent mtenals to conseivei power

♦ Package the signal strength and voice-quality into into RTCP packets if the call is m progress, or in keepaiives if the call is not in progress to communicate to the server Whenever the signal strength drops below an acceptable threshold or the voice-quality deteriorates, the server will make a decision to switch the calls from VoIP to cellular network. [0087] Platforms

[0088] Since there are a multitude of handset vendors in the market and a lot of them coming up with dual-mode handsets, the software may need to be designed in such a way that most of the code is shared across handsets Therefore, the code has to be divided into platform dependent part and platform independent part. Most, m fact all of the Divitas cote value should be m platform independent part of the software, which should be easily portable from one platform to another The platform dependent part should be only the functional adaptation layers (particularly Telephony, LAN, S02 1 1, Audio and Display adaptation layers). Whenever the code is ported to a new platform, only these adaptation layers need to be modified or rewritten, while providing a uniform APT to the platform independent part.

[0089] The client software wtll run on multiple handset platforms. The most prevalent handset platforms are Windows CP., Syrnbian and Linux.

[0090] In addition to the dual-mode handsets, the client application is designed to work on 802 1 1 phones, PDAs or laptops/desktops which do not have a cellular telephony interface. On these platforms, a subset of features is available to the user. Basically, the call handoff from VoIP to cellular will not be possible. [009 Ij Theory of Operations [0092] Startup and Security Operations

[0093 j On startup, the client application looks for the available resources on the handset. The client application first checks for presence of wired network. If not present, then the client application checks for the presence of an 802.11 network. The wired or wireless medium authentication is done depending on the enterprise security policy. The handset client shall support the security mechanism employed in the enterprise. The most common security mechanism is VVPA (WiFi Protected Access) Once the authentication is done successfully, the wireless client gets the IP address for the IP interface using DHCP

[0094] The application gets the Divitas server URL and DNS TP addresses from persistent database and tries to register with a Divitas server

[0095] The client application could be running on a handset; which is inside the enterprise network

In that case, the client can reach the Divitas server without any other security blankets. In case the client is in a public network, say a coffee shop or an airport with WiFi Internet access, typically the user sets up a VPN connection to the enterprise. The client can reach the Divitas server only after the

VPN tunnel is setup.

[0096] The client application software authenticates the handset with the server by sending an encrypted certificate {installed by Enterprise IT) to the server. Once the handset is authenticated, the client gets the login/password from the user or stored in the handset, encrypts the iogtn/password and sends the encrypted login/password to the server for user authentication. On successful authentication, the server replies by sending the enterprise phone number. In reply, the client sends the cellular phone number to the server. The server binds the two for all future handoff scenarios.

[0097] The signaling and media stream are secured using SIP/TLS for signaling and SRTP for media stream. However, if the user is on a VPN link, then client need not add another level of encryption.

Adding another level of encryption to that, may result in reduced voice quality. In that case, Sf P is used for signaling and RTP/RTCP for media stream.

[0098] The above process is repeated whenever the client regains network connectivity with the server.

[0099] Steady state operations

[00100] The user can choose to be INVISIBLE or AVAILABLE at startup by configuring on the

GUI and saving that configuration in the persistent database. The client updates the user's presence information to the server.

[00101 j The user can also enter frequently called buddies within the enterprise and save that configuration in the persistent database on the handset. The client gets the presence information (in bulk) of these buddies whether they are INVISIBLE, AVAILABLE or CALL-IN-PROGRESS The server updates the presence information of these buddies to the clients as and when the event occurs.

[00102j Whenever a call is not in progress, the client and server exchange keepalives periodically.

[00103] The client sends the network status to the server periodically. If the client is on an 802.1 1 wireless network, the client sends the SSID, signal-strength and bandwidth of the associated access point (AP) to the server. If there is a call in progress, Ui e client sends the SSlD as part of in- band

RFCP packets. If there is no call in progress, the client sends out-of-band keepalive messages.

[00! 04 j Whenever a network session is available from the client to the server, the pieferred mode of making and receiving calls to the client is on the network interface. However, the user can choose to ovemde the pieferred mode and make the outgoing calls on the cellular network This selection is not communicated to the server and may not affect the incoming calls This selection is also not stored in persistent database. The user has to explicitly make the selection every time the user makes an outgoing call.

[00105 j Whenever a network session is not available from the client to the server, the only way of making and receiving calls is on the cellular interface. The user does not have access to all the enterprise features. The user can make and receive calls using the client software Ul however the client software pro\ ides only a subset of the sen ice ider features. To use all the features of the cellular service provider network, the user may have to terminate (or inhibit) the client software and use the cellular service providers dialer application. If the sen ice provider application is being used to make and receive calls, then, the handoff described below in section 3 4 2 will not be possible

[00106] A user has access to all the enterprise features as long as the client has a session established to the server. The client GUI is used to pro\ ide access to these enterprise features to the user.

[00107] Voice

[00108 j Sl P stgnal mg is used to establ ish voice calls between the client and the sei v er Voice from the audio receiver is encoded into one of the codecs supported by GlPS Voice Engine (VE), encapsulated into RTP packets, encrypted if needed, and sent on the IP interface to the serser

Similarly RTP packets tccened from server is decrypted if needed, decoded using one of the codecs and played out Speech decoding, jitter control and error concealment are done by GIPS VE on the receive side.

[00109 j In addition to encryption/decryption, encoding/decoding of .speech, GlPS Voice Engine performs error concealment, jitter control, adaptive packet buffering. Acoustic Echo Cancellation and Suppression. Noise Cancellation and Suppression, Automatic Gain Control, Voice Aclmts

Detection, Comfort Noise Generation

[001 10] Roaming

[001 1 1 ] λ handset client is a mobile device, unlike the portable laptops.

[001 12] Intra- WLAN handoff

[00! S3] When a user is in an 802.1 I network having a phone conversation and walks across the building, an AP handoff could occur viz. the handset of the user is now associated with a different AP than the one the handset was previously associated with The AP handoff could occur without IP address change if the handoff is within the same subnet or to another subnet, in which case the IP address of the handset changes. If the IP address changes, then the client needs to register with the server again. The established calls continue to flow in the meantime using the ok! flow information until the Voice-Engine (VE) is communicated of the new IP address. Voice-engine ensures that the RTP streams going out of the client will have the new IP address.

[001 14] When a wireless client authenticates using 802. J X, there are a series of messages sent between the wireless client and the wireless access point (AP) to exchange credentials. This message exchange introduces a delay in the connection process When a wireless client roams from one wireless AP to another, the delay to perform 802. IX authentication can cause noticeable interruptions in network connectivity, especially for time-dependent traffic such as voice or video- based data streams. To minimize the delay associated with roaming to another wireless AP, the wireless equipment can support. PMK caching and preauthentication. fOOI i 5| PMK Caching

[001 16] As a wireless client roams from one wireless AP to another, the wireless client must perform a full 802. IX authentication with each wireless AP. WPA allows the wireless client and the wireless AP to cache the results of a full 802. 1 X authentication so that if a client roams back to a wireless AP with which the wireless client has previously authenticated, the wireless client needs to perform only the 4- way handshake and determine new pairwise transient keys In the Association Request frame, the wireless client includes a PMK identifier that was determined during the initial authentication and stored with both the wireless client and wireless AP's PMK cache entries. PMK cache entries are stored for a finite amount of time, as configured on the wireless client and the wireless AP.

[001 17j To make the transition faster for wireless networking infrastructures that use a switch that acts as the 802. IX authenticate?-, the WPA/WPS IE Update calculates the PMK identifier so that the PMR as determined by the 802. IX authentication with the switch can be reused when roaming between wireless APs that are attached to the same switch. This practice is known as opportunistic PMK caching. [001 18] Preauthentication

[00! 1.9] With preauthentication, a WPA wireless client can optionally perform 802, IX authentications with other wireless APs within its range, while connected to its current wireless AP.

The wireless client sends preauthenti cation traffic to the additional wireless AP over its existing wireless connection. After prεauthenticating with a wireless AP and storing the PMK and its associated information in the PMK cache, a wireless client that connects to a wireless AP with which the wireless client has preauthenticated needs to perform only the 4-way handshake.

[00!2O] WPA clients that support preauthentication can only preauthenticate with wireless APs that advertise their preauthentication capability in Beacon and Probe Response frames,

[00121 ] WiFi-CeIi ular handoflf

[00122] When the user in an 802.1 1 network having a phone conversation walks out of the building where there is no or insufficient 802, 1 1 connectivity, the call is handed over to cellular network.

[00123] The decision to handoff the call is made by the client. The decision is based on 802.1 1 signal -strength, channel loading arid voice-quality thresholds. Once the decision is made, the decision is communicated to the server, which initiates a call to the client on the cellular network.

The client checks the caller-id of the incoming call, compares to the 802.11 caller-id, and if there is a match, accepts the cellular call and drops the 802, 1 1 call leg. Qn the server side, the server drops the

802.1 1 call leg to the client patches the cellular call leg to the other talking party.

[00124] Cell ular-WiFi handotff

[00! 25] When the user having a phone conversation on cellular network walks into an 802 ϊ ϊ network, and the handset/ user can associate itself with a di vitas server, then if the user is talking to another user in the 802.11 network., the call is handed over to the 802.1 1 network.

[00126] The decision to handoff the call is made by the client. The decision is based on availability of sufficient 802,1 1 signal-strength, channel loading and voice quality. Once the decision is made, the decision is communicated to the server, which initiates a call to the client on the 802.1 1 network. The client checks the caller-id of the incoming call, compares to the cellular caϊier-id, and if there is a match, accepts the 802.1 1 call and drops the cellular call leg. The server drops the cellular call leg to the client, patches the 802.1 1 call leg to the other talking party.

[00127] Power Save

[00128] When the handset client is idle on the 802.1 1 network, the 802.1 1 miniport goes to sleep.

Before going to sleep the handset tells the AP that the handset wishes to go to sleep by setting the

power save bit in the 802.1 1 header of every frame. The AP receives the frame, and notices the client ^' s wish to enter power save mode. The AP begins buffering the packets for the client while the client's 802.1 S. miniport is asleep. The miniport consumes very little power while asleep. The mimport wakes up periodically to receive regular beacon transmissions coming from the access point. The power-saving clients need to wake up at the right time when the beacons are transmitted to receive the beacons. TSF (Timing Synchronization Function) assures AP and power-save clients are synchronized. TSF timer keeps running when stations are sleeping. These beacons identify whether sleeping stations have packets buffered at the AP and waning for delivery to their respective destinations.

[00129] When there are no incoming beacons for an extended period of time, the 802. i i miniport is put to sleep. The miniport periodically wakes up, probes the air for APs, if there are none present, miniport goes back to sleep, In this case, the miniport sleeps for longer duration than previous case. [00130] B. Codec Based Acoustic Echo Cancellation

[00131 ] One or more embodiments of the present invention relate to an apparatus for canceling a signal. The apparatus may include an identification code (ID code) generator configured to generate an TD code. The apparatus may also include an ID code injector configured to inject the ID code into at least one of the signal and a processed signal to produce a convolved signal. The processed signal may be resulted from a processing of the signal The apparatus may further include an ID code detector configured to detect at least one of the convolved signals, a transformed signal, and a transformation of the convolved signal, the transformed signal resulting from the transformation of the convolved signal. The apparatus may further include an arithmetic function configured to remove at least one of the convolved signal and the transformed signal.

[00132] Fig. 4 depicts a method for codec based acoustic echo canceller in accordance with one or more embodiments of the present invention.

[00133] When both near-end and far-end speakers are talking, it is difficult to differentiate the echo of the far-end talker's voice from the near-end talker's voice since both are present in the near- end signal input with the same human voice characteristics. In this application, a new method is proposed for handling the acoustic echo, which is quite different from the current conventional AEC. [ 00134] One embodiment of the present invention is a method for canceling echo during a communication between a first node and a second node. The method includes injecting a secret code to a signal input of the first node. In accordance with one or more embodiments of the present

invention, the first node is a network device used by a far-end user, and the second node is a network device used by a near-end user. In accordance with one or more embodiments of the present invention, the first node is a network device used by a near-end user, and the second node is a network device used by a far-end user,

[001351 In accordance with one or more embodiments of the present invention, a secret code is injected into the far-end signal input So a single or multiple echoes of the far-end signal will carry on this secret code and arrive at the near-end signal input. The near-end signal also includes the near- end speaker voice. Since the secret code is carried only on the echoes of the far-end signal but not on the near-end talker's voice, the secrete code may serve as the identities of those echoes, and help us to differentiate them from the near-end speaker voice. Some kinds of the matching filters can be employed like the correlation or other means to identify the echoes of the far-end signal from the near-end speaker voice by the secret code and to remove them. A final echo-free signal will be generated on the far-end signal output.

[00136] In order to make this new scheme work, there are two key implementation considerations. One is how to select and design the secret code and another is how to inject the secret code into the far-end input signal. Both considerations come from the same concern that the secret code should not be perceived by the end-end listener,

[00! 37j When a person speaks in front of the microphone, not only this person's voice but also some degree of the background noise will come in the microphone. But usually this background noise does not disturb the listener as the speaker voice masks out the background noise. As long as the background noise keeps low and the SNR {signal-to-noise ratio) keeps above certain threshold, the background noise should not become a concern, m fact, the background noise always exists in the real voice communications today.

[00138] Based on the above fact, first the secret code can be transformed into a pseudo random noise called "secret code random noise". Subsequently, the existing background noise is removed from the fax-end signal input, and the secret code random noise is inserted into the far-end signal input. As Soog as the new SNR is kept above certain threshold, the near-end listener should not heat- any difference, In accordance with one or more embodiments of the present invention, the injector shown in Fig. 4 scrambles the secret code to a pseudo random noise, removes the existing background noise in the far-end signal input, and then inserts the secret code random noise.

[00! 39] The fat-end signal defectoi will detect the far-end signal presence and trigger the secret code generator since the echoes will be present only when the tar-end talker is speaking. The secret code ptlot can include the secret code timing and the phase The secret code pilot detecioi is used to detect the secret code pilot carried on the echoes of the far-end signal and to adjust the secret code delay to the matching filter because of the variable echo paths. The unscrambling process will be needed in the secret code pilot detector

[0014Oj The secret code and the secret code pilot may be designed so that the secret code detector and the matching filter can easily identify the echoes of the far-end signal, which carry this secret code and its pilot and then remove these echoes ϊn addition, a non-linear processor may be used after the matching filter to further reduce the residue echo and improve AEC performance. [00141] Features and advantages of the present invention may be better understood with reference to the figures and discussions that follow

[00142] Echoes have been a significant problem m communication. As discussed in the background of the invention, in the poor art, a filter (or echo canceller) may be employed to model an echo path in trying to provide signals to cancel the echocss

[00143] Fig, 8 A shows a block diagram of an example prior-art communication device 800 (prior- art device 800) including a filter 814 (or echo canceller 814) for echo cancellation, As shown in the example of Fig. 8 A, prior-art device 800 may include a signal receiver 802 for receiving far-end signals (e.g , signal y") from a remote (or far-end) party and a signal transmitter 818 for sending signals (c.g , signal z) to the remote party

[00144] Prior-art device 800 may also include a speaker 806 for playing out the received signals to a user of prior-art device 800 (i e , a local or near-end party) and a microphone 810 for collecting near-end signals {e g , signal \, which may include voice of the local party and background noises)

[00! 45] Prior-art dev see 800 may also include buffer Sl 2 for buffering signals received from signal receiver 802 and filter 814 for modeling an echo path 808 between speaker 806 and microphone 810 and for processing signals buffered m buffer 812 Echo path 808 may represent multiple paths of delay, attenuation, reverberations, etc., transforming signal y" into signal y 1 , for example

y~>

[00! 46 j Prior-art device 800 may further include summation function 816 for subtracting outputs of filter i 14 from outputs of microphone 810. Prior-art device 800 may further include a signal feedback path for feeding outputs of the summation function 8iό back to filter 814,

[00147] A signal (e.g., signal y ^s ) received by signal receiver 802 may be forwarded to both speaker 806 and buffer 812. Filter 814 may receive the signal from buffer 812, process the signal with a model of echo path 808 to generate a cancelling signal (e.g., x2, a function of y ^' ) ₅ and send the cancelling signal to a summation function 816. In turn, summation function 816 may subtract the cancelling signal (e.g., x2 ^::: f(y ^? } received from filter 814 from a signal (e.g , xl ^::: χ-f-y 1} received from microphone 810 to generate a subtracted signal (e.g., z) and send the subtracted signal to signal transmitter 818. The output of summation function 816 may be fed back to the fi lter 814 for updating and improving the echo path mode! in filter 814,

[00148] The echo cancellation method implemented in prior arrangement 800 is further described with reference to Fig SB,

[0014°] Fig, 8B shows a flowchart of an example prior art method utilized, for example, in prior- art device 800 (shown in Fig. SA), for cancelling echoes, As shown in the example of Fig. 8B, the method starts with step 85O ₅ at which signal receiver 802 (shown in Fig. 8A) may send a signal y\ Then, control may be transferred to step 852 and 854,

[001 50] At step 852, speaker 806 (shown in Fig. 8A) may receive signal y' At step 156, microphone 810 (shown in Fig. SA) may receive a signal yl plus near-end signal x. Signal yl may represent a transformed signal of signal y ^" because of delay, attenuation, reverberations, etc. The delay, attenuation, reverberations, etc. may be caused by echo path 808 between speaker 806 and microphone 808 (shown in Fig. 8A) Signal x may include the local party's voice plus local surrounding background noises picked up by microphone 810. Signal xl that represents a combination of signal y 1 and signal x may then be sent to summation function 816 (shown in Fig. 8A).

[00! 51] At step 854, buffer 812 may also receive signal y\ At step 858, filter 814 may process signal y ^* with a model of echo path 808 to produce signal x2, a function of y\ e.g , f(y ^" ), which is then sent to summation function 816 (shown in Fig. 8A).

[00! 52j At step 860, summation function SI 6 may subtract signal x.2 from signal xi to produce a signal z Ideally, if f(y') equals to yi , then z will equal to x, the near-end signal that is of interest to the remote patty with echo (represented by yi ) removed. However, the model of echo path 808 implemented in filter 814 may not be accurate, and typically z may not be equal to x.

[001531 At step 862, summation function 816 may send signal z to signal transmitter Sl 8 for z to be transmitted the remote party.

[001541 At step 864, summation function 816 may feed signal z back to filter 814, for updating and improving the echo path model utilized at the step 858, The feedback of signal z and associated calculations and updates may cause filter 814 to require additional processing time or processing power.

[00155j The quality of signal z (i.e., the error of signal z with respect to signal x) may depend on algorithms and echo path modeling implemented in filter 814 as well as the processing power and memory of the computing device implementing filter 814.

[00156] For prior art devices, arrangements, and methods, as illustrated by prior-art device 800 of Fig. 8 A and the method of Fig. 8B, correct modeling of echo path SOS, as performed by filter 814, may be crucial for effectively cancelling echoes. However, given various surrounding noises, reverberations of the surrounding noises, and/or other factors, echo path 808 may be dynamic and therefore may be difficult to model correctly. As a result, the prior art devices, arrangements, and methods may not be able to effectively cancel the echoes.

[001 57] The prior art devices, arrangements, and methods may face further challenges in double- talk scenarios, in which the local {or near-end) party and the remote {or far-end) party are talking at the same time. Since the local party ^' s voice and the remote party's voice may have similar human voice characteristics, filter 814 may be unable to correctly identify which signals to be input into the model of echo path 808 As a result part, of the local party's voice may be cancelled, and part of echoes may not be cancelled, and the error of the echo path model in filter 854 may become divergent instead of converging, resulting in undesirable quality of communication.

[00158] Accordingly, in the prior art, much resource has been devoted to improving algorithms for modeling echo path 808 Further, filter 1 14 may require a large amount of data memory and may

require a CPU(s) with high processing power As a result, a high cost for implementing echo cancellation may be incurred.

[00! 59j In contrast, one or more embodiments of the present invention involve art apparatus for canceling a signal even if a filter is not provided. In one or more embodiments, the signal may represent a digital signal. The apparatus may include an identification code (ϊD cade) generator configured to generate an ID code. The apparatus may also include an ID code injector configured to inject the ID code into at least one of the signal and a processed signal to produce a convolved signal. The processed signal may be resulted from a processing, such as background noise removal of the signal. The apparatus may further include an ID code detector configured to detect at least one of the convolved signal, a transformed signal, and a transformation of the convolved signal, wherein the transformed signal may be resulted from the transformation of the convohed signal. The transformation of the convolved signal may he caused by the configuration and/or environment of the apparatus. For example, the transformation of the convolved signal may represent the delay caused by one or more echo paths between the speaker and the microphone of the apparatus; the transformed signal may represent a delayed signal given the existence of the delay. The apparatus may further include an arithmetic function configured to remove at least one of the convolved signal and the transformed signal.

[00 i 60] Fig, 9 A shows, in accordance with one or more embodiments of the present invention, a block diagram of a communication device SK)O (device 900) that may cancel echoes even if a filter is not provided. The block diagram may also represent a communication system or arrangement with the components shown in Fig. 9A implemented in one or more devices.

[00! 6S j Device 900 may include input/output components such as a signal receiver 904 (for receiving a far-end signals from a remote party), a signal transmitter 932 (for sending signals to the remote party), a speaker 914, and a microphone 916 (local microphone 916) An echo path 90S that travels from speaker 914 to microphone 916 may exist

[00! 62] Device 900 may also include a signal-processing module such as a background-noise remover 906 Background-noise remover 906 may be configured to remove background noise from signals received from signal receiver 904, Background-noise remover 906 may be implemented utilizing one or more well-known algorithms such as spectral subtraction for removing the background noise,

IS

[00! 63 j De\ ice 900 mav also include modules for canceling echoes The modules ma) include identification code generatos 922 (ID code generate! 922), identification code injector 910 (ID code injector 9S0) identification code detector 924 (ID code detectot 924) and buffci 926 The modules mav also include a ttaπsfoiraation module such as, tbi example, deia> 928 for transfoiming signals such as, for example mtiodυcmg a deiay The modules mav also include an aiuhmetic function such as, \\n example summation function 930

[UU J 64 j ID code geneiatot 922 mav be cυnfiguted to genet ate a controllable and lD code such that a pot lion of a Signal may be identified 1 he pot lion of the signal mas then be foi example for echo cancellation putpos.©. The ID code mav iepiesent a pseudoiandoπi code that ma\ simulate a backgiouπd noise ot conifoit noise ID code geneiator 922 mav include a linear feedback shift tegtster fot genetating a pseudotandom nojse sequence to be utilized as the ID code

[001M] Alternativ ely oi additionally the ID code mav include a high frequency & low-fiequency signal that is unpercervable to human eats In one ot mαie embodiments, the sampling tate of mieiophone 916 ma> be configuied to process the high frequency or low-fiequency signal for example, through configuring hardware and oi softwaie {ot dmer) of microphone ^ Ib In one or more embodiments, with the H) code icprcscntmg a signal that is υnpetcenabie to human ears, device 900 not include remoter 906

[00166] ID code iiijcctoi 910 ma\ be configuied to inject the 11) code generated b\ ID code genet ator 422 into a signal ID code injector 910 ma\ be implemented by some well-known algorithms such as digital correlation fot mseitmg the ID code into the signal, for example, by com oh nig the ID code with the signal to produce a con\ olved signal

[001 b7] ID code detector 924 mav be configuied to detect the ID code w ithm the com signal for example, m a mixed superimposed and/or futther convoked signal iinolvmg one or more other signals Alternat eh or additionally ID code detector V24 ma> be configured to detect a transfotmed signal tesulted from a transfosmation of the convohed signal and/or the ID code, the tianstoi matron ma\ be caused for example, the configutation and-'or emironnicrst of device 900 Additionallv oi additional h ID eode detectoi 924 raav be configuiαi to detect the transformation The nansfoimation ma> include a delay aisd a .signal level attenuation ID code delecloi ^24 mav

implement one or more well kiiøwn algorithm such as digital correlation or match filter for detecting the ID.

[00! 68j Delay 928 may be configured to introduce a delay itito a signal. The delay may be employed in simulating the transformation Delay 928 may be implemented by a simple delay line shift register for introducing the delay,

[00169} Each of noise remover 906, ID code generator 922, ID code injector 910, ID code detector 924, and delay 928 may be included in software that may be downloaded to a user device such as, for example, a telephone, a mobile phone, a teleconference device, etc, (e.g., for acoustic echo cancellation) and/or a server device (e.g ., for line or network echo cancellation).

[00170] Fig. 9B shows, in accordance with one or more embodiments of the present invention, a block diagram of 3D code generator 922 employed in device 900 (shown in Fig. 9A) ID code generator 922 may only include a code generator 921 which will generate a random code directly. In this case, the code generator 921 may be implemented by some well-known algorithms, such as linear feedback shift register with carefully selecting an appropriate feedback function.

[00171 ] However, ID code generator 922 may include a code generator 921 followed by a randomizer 923. In this case, the code generator 921 can generate an appropriate identification code first without worrying about the randomization. Then this identification code is fed to the randomizer 923 to become a pseudorandom noise sequence as the output of 922. The randomizer 923 could be implemented by a modified liner feedback shift register with its feedback function controlled by the code generator 921.

[00172] Fig. 9C shows, in accordance with one or more embodiments of the present invention, a flowchart of a method for cancelling echoes, for example, in device 900 (shown in Fig. 9A). The method starts with step 952, at which the signal receiver 904 (shown in Fig, 9A) may receive a signal y'(n) from the remote party.

[00173] At step 954, noise remover 906 may remove background noise from y'(n), resulting in a signal y(n). The background noise may be removed m order to make room for an ID code that includes a random noise. Accordingly, the local party may not receive excessive noise,

[00! 74j At step 958, ID code generator 922 (shown in Fig 9A) may generate an ID code c(.n) The ID code e(n) may represent a known and controllable function. At step 956, ID code injector

9! 0 (shown m Fig. 9A) may injects the ID code c(n) into signal y(n) As a result, a convolution of c{.n) and y(n) may be generated. For example, the convolution of c(n) and y(n) may be a convolved signal c(n)*y(n). Then, control may be transferred to step 962 and step 980.

[00175] At step 962, speaker 914 (shown in Fig. 9A) may receive the convolved signal c(n)*y(n) At step 964. microphone 916 (shown in Fig. 9A) may receive a delayed signal from speaker 914, i.e., signal c(n-d)*y(n-d). Microphone 916 may also pick up another input signal x(n), which may include voice of a local party (e.g., in a double-talk scenario) and/or background noise surrounding microphone 916. Microphone 916 may then output a combined signal x(n) + c{n-d)*y(n-d) to ID code detector 924 (shown in Fig. 9A) and summation function 930 (shown in Fig. 9A) .

[00176] At step 98Q ₅ buffer 926 (shown in Fig. 9A) may buffer a copy of convolved signal c(n)*y(n) and output the copy of the convolved signal to delay 928.

[00177] At step 966, ID code detector 924 (shown in Fig. 9A) may detect the ID code c(n-d) in the combined signal x(n) t c(n-d)*y(n-d) and may determine a delay amount d by comparing c(n-d) with c(n) received from ϊD code generator 922 given that c(n) is a known and controllable function. The delay amount d may be fed into delay 928 (shown in Fig. 9A).

[00178] At step 982, delay 928 (shown in Fig. 9A) may introduce the delay amount d into the output of buffer 926 from step 980, i.e., a copy of c(n)*y(n), resulting in a copy of c(n-d)*y(n-d).

[ 00179] At step 990, sum mation function 930 (shown in Fig. 9A) may subtract the output of step 982, i.e., the copy of signal c(n-d)*y(n-d), from the output of step 964, i.e., signal x(n) + c(n-d)*y(n- d). In other words, at step 990, summation function 930 calculates signal x(n) -f c(n-d)*y(n-d) - c(rs- d)*y{n-d) to obtain signal x(n), which may represent the input signal picked up by receiver microphone 916 (shown in Fig. 9A) with no presence of an echo of signal y'(n), which may be represented by signal y(n-d). Signal x{n) may include voice of a local party, e.g., in a double-talk scenario, and/or background noise surrounding microphone 916

[00180] At step 992, signal χ(n), including voice of a local party, e.g., in a double-talk scenario, and/or background noise surrounding microphone 916 and containing no echo, may be sent to signal transmitter 932. Thus, echoes may be effectively canceled in both signal-talk and double-talk scenarios.

[00! 81 j As can be appreciated from the foregoing, embodiments of the present invention may effectively cancel echoes without the need of a filter (or echo canceller) that is requited in a prior art device, arrangement, or method. Being immune to possible errors in echo path modeling that the filter may rely on, embodiments of the present invention may provide more accurate echo cancellation and faster cancellation, and therefore better quality of service. Further, the embodiments of the present invention may effectively cancel echoes in double-talk scenarios where conventional filters may usually perform poorly.

[00182] Without substantially relying on filter and associated complexity of echo path modeling, embodiments of the present invention may also advantageously eliminate the need for high CPU processing power and large data memory that may be required by the filter, thereby reducing the cost in implementing echo cancellation.

[00183] C, Content-Based Jitter Buffer Scheme for Voice/Video over IP Communications [00184] One or more embodiments of the present invention provide a mechanism to handle excessive WIAN jitter using VAD and jitter compensation for audio. One or mote embodiments of the present invention work also for video where lack of motion or no motion is used in conjunction with packet jitter

[00185] One or more embodiments of the present invention relate to a packet communication device. The packet communication device may include a detector configured to detect a characterized content in incoming packets received by the packet communication device. The packet communication device may further include a play-out control configured to perform an adjustment of the incoming packets to produce adjusted packets and output the adjusted packets, if the detector has detected the characterized content in the incoming packets.

[00186] A new jitter buffer scheme called content-based jitter buffer is proposed to overcome the current jitter buffer technology limitation. In accordance with one or more embodiments of the present invention, not only the KIT header information of the incoming packets, but also their RTF pay load contents to identify the silences and talk spurts on the incoming packets are observed. Then based on this silence or talk spurt cue to decide when the play-out delay can be inserted to compensate the network packet jitter. With this new scheme, the jitter buffer on the receiver side will no longer depend on the transmitter's silence suppression any more.

[00! 87] Fig ^A-B gn es a high level oven icw of the jitter buffet aϊchiteetυre Is the pafh the packets will trace through functional blocks in the Voice Qualify Engine (YQF) The aim here is mtioduee an adaptive de-μttei contioISet to e\eπ out plavout λ similai scheme may be used to handle \ ideo utter

[UUl 881 In one of puor an titter buffet designs, a so-called seeeivei-side λ'λD (voice acti\ity detection) may be used to prevent the jitter buffet

[UUl 89 j In anothei vtoid, the silence or tali sputt cue is> uhuά to flush the mtet buffei when the silence or talk spurt cue reaches the maximum length I he differences of the new scheme from the ptϊoi att design include that the silence ot talk spurt cue is used to eontiol when the play-out deiav can be inserted to compensate the netwoik packet jittei So, m accoi dance with one or moie embodiments of the present imention, the silence or talk spun detection will become a key part of the pttei buffei scheme Cndei some circumstances it be too late to make anv adjustment when the jitter buffer becomes

[00 ! ⁴ X)] Hete is how this content-based jitter buffer apparatus and methods can be applied to the real-world applications Both % oicc and % tdeo cases are described as follows [0019 i ] The figure 54 _ _* hαws a block diagram voice of a jitter buffer in accordance with one oi more embodiments of the pi eserit tn% ention I he core jitter buffer includes one or more components for packet queuing, packet pla> -out, μtter calculation and jittcs compensation Here the decode* and VAD will generate a silence or talk spυit mdicatoi The silence or talk spurt indicator is then fed back to the jitter compensation patt and used to decide when to insert the pla\-out silence to compensate the network packet jitter

[UUl 92 j Pig ^B shows a block diagram of a \ ideo μttei buffet ni accoi dance with one or moie embodiments of lhe psesent imemiou The coie μttei buffet is snntlat to \otce ^" s one except the delay will be nisei ted w hen there is no motion OJ \ ety low mouon oii tbe frames liere aftei the decoder, tiie motion estimation and the motion compensation will geneiate a jesidue fiame \ no-πiouon indicator can be founed fmm this iestdue fianie plus some specific threshold The no-moaon mdtcatoi then fed back to the jitter compensation pan and used to decide when to insert the pla>-out silence to compensate the network packet jittei In insert! ny the play-out silence is actυalh to stop plaung out the new frame while repeating the previous \ tdeo frame [00193] As discussed piobiems such as packet dela> s (ι e , Sate arm aϊs of packets), packet delay and packet loss mav ha\e negative effects on qualit> of service (QoS) m packet

communication Packet delays and packet delay variation may also be known as jitter. To address the problems, in the prior art, a fixed de-jsfter buffer scheme may be employed to compensate the late arπvals of packets by periodically inserting delays (e g., m the form of silence packets or comfort noise packets) when playing out packets from a packet buffer. However, with the fixed de- jitter scheme, delays may be excessively inserted between voice packets, resulting in choppy voice.

[00194] In the prior art, a transmitter-side voice activity detector (VAD) may also be emplos ed for adaptively inserting delays, thereby compensating packet delays and packet delay variations. However, the transmitter-side VAD may not be supported by some user devices. Further, given existing VAD algorithms, the transmitter-side VAD may cause undesirable noise or choppy voice, for example, when a transmitting party is performing music playback, because pauses in music may be treated as silence and inappropriately handled. For another example, when the transmitting party uses G.729AB codec with the transmitter-side VAD turned on to play out some music, the user in the receiver side may perceive distorted music. Therefore, the transmitter-side VAD may be commonly turned off by packet communication ice providers and may not be able to compensate packet delays and packet delay variations. As a result, fixed de-jitter buffer scheme may still be employed, and the quality of service may still be undesirable to a receiving party.

[00195] Further, in the prior art, a receiver-side si fence detector may be employed for controlling packet buffer overflow, for preventing packet loss. However, according to arrangements in the prior art, packets may be discarded and therefore lost when the packet buffer is nearly full or is full, and the quality of service may be undesirable to the receiving party

[00196] In contrast, embodiments of the present invention may employ a receiver-side silence detector for timely compensating delays and delay variations and adaptively playing out packets from the packet buffer. Advantageously, the transmitter-side VAD is not needed, and desirable quality of sen ice may be pros ided. Further, one or more embodiments of the present invention may employ a receiver-side video detector, thereby adaptively handling jitter in video communication

[00! 97] The present invention relates, m one or more embodiments, to a packet communication device that may include a detector configured to detect a characterized content m incoming packets received by the packet communication device The characterized content may represent silence (e.g., a time period with no voice packets received) in voice communication Alternatively or additionally, the characterized content may represent at least one of no motion and an amount of

motion thai is lower than a threshold For example, the threshold of a no-motion or stilt picture may be selected to be 10% to 15% (in terras of date volume) of the full active picture in video communication.

[00198] The packet communication device may further include a play-out control configured to perform an adjustment of Use incoming packets to produce adjusted packets and output the adjusted packets, if the detector has detected the characterized content in the incoming packets. The adjustment may include insertion of a delay, for example, in the form of silence packets or comfort noise packets. Alternatively or additionally, the adjustment may include repeating playing out packets that have been previously played out. As a result, the delays and delay variations of the incoming packets received at the packet buffer may be timely compensated, and the adjusted packets may be of acceptable quality to the receiving party.

[00199] Features and advantages of the present invention may be better understood with reference to the figures and discussions that follow.

[00200] Fig, 1OA shows a block diagram of a first example prior art packet voice communication arrangement {first prior art arrangement) with an adaptive jitter buffer scheme. As shown in the example of Fig, I OA, the first prior art arrangement includes a transmitter-side device 1091 and a receiver-side device 1092, connected through network 1003. Each of transmitter-side device 109] and receiver-side device 1092 may represent a telephone, a mobile phone, or a teleconference device

[ ^" 002Oi ] Transmitter-side device 1091 may include the following components: speech buffer 1000, voice activity detector 1001 (VAD KXH ), and transmitter 1002. These components may be described as follows:

[00202] Speech buffer 1000 may be configured to receive voice packets (packets) from a microphone, buffer the packets, and then transmit the buffered packets to VAD 1001

[00203] VAD 100! may be configured to insert a silence descriptor (SID) when there is silence (t.e., a period of ttroe between voice packets) in the packets received from speech buffer 1000.

[00204] Transmitter 1002 may be configured to receive the packets from VAD 1001 and transmit the packets to network 1003.

[00205] In turn, network 1003 may transmit the packets to receiver-side device 1092

[00206] Receiver-side destee I 002 ma> include the following components packet buffer 1004 packet pla\ -out oonttol 100S dela> insertion contiol 1 GG6, delaj- mfoimatJon module 1007, jittei calculator 10OS, and pla> -out delay calculates ! 0ϋ9 These components mav be described as follows

[UtCO ⁷ I Packet huHet 1004 may he configured Io iecene the packets from network 1003 buffei the packets and then send the packets to pttet calculator 1008, delay insertion contiol 1006 and packet pla\ -out control 100^

[00208] httei calculator 1008 mav be configured to calculate the size oj tiUet m the packets I he ptter ma> iepiesent silence i e , a time peπod between atmals υt tvvo \oice packet., with nυ data

[0020°] Delav insertion cυutiol 1000 mav be configuietl to determine when to inseii dela\s based on SIOs insetted in {he packets _* bs V AD 1001 of tunsnuttei-side deuce JO ⁰ M Deia> inseHion contioϊ 1006 mav teceive jitter size information fiem irttet calculator 1008 and mav ieceise packets ftom picket buffer 1004

[00210] Pia\-ou. delas calculator 1009 mav be configured to tecene μtter sue mloimation from jitter calculate! 1008 Based on the μtter size mfoimation, pla\-out de!a> calculatoj 100 ^c > raa> calculate sizes of delavs to be insetted into the packets

[00211] Delay mfoimation module 100 ⁷ ma\ be configuied to consolidate lnfoimatjon fiom dela\ uisettion control 1006 regatding timing for insetting the dela\s and infounatioα from plav-out dela\ calculator 1009 tegai ding the sizes of the delays Accordingly dela\ information module i 007 ma\ build the consolidated information into a data structiue and send the data stmcture to packet pla> -out control 100^

[00212] Packet pla\-out contsol IOCS ma\ be configured to receixe packets ttom packet butter 100 i and insert dela\s into the packets according to the data structure received from dela\ information module 100 ⁷

[0021 >j Jr tg !OB shows a flowchart of a transmittei-side process of a ptior ait jitter buffei scheme utilized foi example in the fust prior art arrangement jshown in the example of Fig 104 The transmitter-side process starts with step 1060, at which speech buffei 1000 (shown in Fig 104) mav recci\ e packets toi example from the microphone used bv a transmitting pat tj Speech buffer 1000 itunv then buffer the packets

[002 S.4 j At step 1062, speech buffer ^' ! 000 may set the marker bit of each packet to 0 by default. When each packet reaches the final step 1072, the marker hit of the packet may be set to 1 if the packet is the first voice packet of a talk spurt. Otherwise, the marker bit may he kept to 0.

[002 \ 5] At step 1064, VAD 1001 may determine whether the packets contain one or more silence periods (i.e., one or more time periods with no data between packets). If the packets contain one or more silence periods, control may be transferred to step 1074; if not, control may be transferred to step 1066.

[00216] At step 1074, VAD 1001 may determine whether a SID(s) have been set in the packets. A SlD (silence descriptor) is configured to mark the beginning of a silence period. If the SϊD(s) have been set for a silence peπod(s) in the packets, control may be directly transferred back to 1072; if not, control may be transferred to step 1076 before being transferred to step 1072, At step 1076, VAD HX)I may generate the SlD(s) for the packets. At step 1072, transmitter 1002 (shown in Fig. 10A) may transmit, the packets to network 1003.

[00217] At step 1066, VAD 1001 may determine whether the packets contain a first voice packet(s) after a silence peπodfs). If the packets contain a first voice packet(s), control may be transferred to 1068, at which VAϋ 1001 may set the marker bit(s) for the first voice packet(s) to 1. If the packets contain no first voice packβtCs), control may be transferred to step 1072, at which transmitter 1002 may transmit the packets to network 1003.

[002 \ 8] Fig. 1 OC shows a flowchart of a prior art delay calculation process. The delay calculation process may be part of the receiver skfe process utilized, for example, in receiver-side device 1092 of the first prior art arrangement shown in Fig IC)A. The delay calculation process may be performed involving packet buffer 1004, delay insertion control 1006, jitter calculator K)OS, play-out delay calculator \ 009, and delay information module 1007 of receiver-side device 1092 shown in the example of Fig. 10A .

[002 } 9} The delay calculation process may start at step 1022, at which packet buffer 1004 may receive packets from network .1003 and buffer the packets For example, the packets may represent packets transmitted by transmitter 1002 (shown in Fig. H)A) at step 1072 (shown in Fig, 10B).

[00220] At step 1024, j itter calculator 1008 may calculate an average jitter j [00221 ] At step 1026, j itter calculator 1008 may calculate jitter deviation v .

[00222] At step 1028, play-out delay calculator 1009 may calculate a play-out delay using j and v and based on a network model represented by f(j, v), i.e., delay d ~ f(j, v).

[00223] At step 1030, delay insertion control 1006 may determine whether packet buffer 1004 is empty. If packet buffer 5004 is empty, control may be transferred to step 1038; if not, control may be transferred to step ! 032.

[00224] At step 1032 delay insertion control 1006 may determine whether marker bit(s) of value 1 have been set. If the mark bitf s) of vaiυe 1 have been set., control may be transferred to step 1038; if not, control may be transferred to 1034.

[00225| At step 1034, delay insertion control 1006 may determine whether there is a SlD(s) in the packets. If there is a SiD(Sh control may be transferred to step 1038; if not, control may be transferred to step 1036.

[00226] At step 1036, delay insertion control 1006 may determine whether the average jitter j is greater than a predetermined threshold. For example, the threshold here may be the length of packet buffer 1004.

[00227 j If the average jitter j is greater than the predetermined threshold, control may be transferred to step 1038; if not, control may be directly transferred to step 1040,

[00228] At step 1038, delay information module J007 may consolidate size and timing information for inserting delays, then control may be transferred to step 1040.

[00229] At step 1040, information pertaining to inserting delays may be output to play-out control 1005.

[00230] Fig. 1 OD shows a flowchart of a prior art packet play-out control process. The packet play-out control process may be part of a receiver side process utilized, for example, in receiver-side device 1092 of the first prior art arrangement shown in Fig, 1 OA. The packet play-out control process may be performed by packet play-out control 1005 shown m Fig. I OA.

[00231 ] The packet play-out control process starts at step 1042, at which packet play-out control 1005 may receive packets from packet buffer 1004 (shown in Fig I OA) and may receive the information pertaining to inserting delay as a result of step 1040 (shown in Fig. H)C) from delay information module 1007 (shown in Fig I OA).

[00232 j At step 1044, packet play-out control 1005 may determine whether enough delays have been inserted. If enough delays have been inserted, control may be transferred to step 1048: if not, control may be transferred to step 1046.

[00233] At step 1046, packet play-out control 1005 may insert delays (e.g., in the form of silence packets or comfort noise packets) into the packets received from packet buffer 1004,

[00234] At step 1048, packet play-out control 1005 may retrieve packets from packet buffer 1004.

[00235 j At step 1050, packet play-out control 1004 may play out packets resulted from steps 1046 and 1048.

[00236] Fig. 1 OE shows a schematic representation of received packet flow at packet buffer 1004 (shown in Fig. 10A) when the transmitter-side VAD 1001 (shown in Fig. 1 OA) is turned OIL AS shown in the example of Fig. 1OE, the received packet flow may include voice packets 1080, silence 1084 following voice packets 1080, voice packets 1086 following silence 1084.. silence 188 following voice packets 1086, etc. Silence 1084 and silence 1088 represent time periods during which no voice packets are received at packet piay-out control 1005. Since VAD 1001 is turned on, VAD 1001 may have set marker bits of first voice packets such as packets 1080a and 1086a to I. The marker bits of value 1 may be utilized at step 1032 shown in Fig. 1 OC for determining when to msert delay.

[ 00237] Further, VAD 1001 may have inserted SlD 1082 at the beginning of silence 1084 and SlD 1090 at the beginning of silence 1088. SID 1082 and SlD 1090 may also be utilized at step 1034 shown in Fig 1 OC to determine when to insert the delay.

[00238] Fig. 1 OF shows a schematic representation of received packet flow at packet buffer 1004 (shown in Fig. 10A) when transmitter-side VAD 1001 (shown in Fig. 10A) is turned off. Because existing algorithms employed in VAD 1001 may cause undesirable noise or choppy voice, for example, in music playback, VAD 1001 may commonly be turned off by packet communication service providers and therefore may not be able to provide information related to voice activity.

[00239] As shown in the example of Fig. JOF, the received packet flow may include voice packets 1092, silence packets 1094 following voice packets 1092, voice packets 1096 following silence packets 1094, silence packets 198 following voice packets 1096. etc. Because VAD 1001 is turned off, there may be no SlD inserted for the silence periods represented, for example, by silence packets

! 094 and silence packets } 098 λs a result, step 1034 (i e , detecting SlDs) shown m Fig 1 OC ma\ not be performed

[00240] Fυrthct , although % oice packet 1092a roav have a maikcr bit value of K ail of the rest of the j ccen cd packets may ha% e a marker bu value of 0 Tha efbic, step 1032 (ι e , determining whether mark hit \ aiues foi fust packets are set to U shown m Fig i OC mav not be performtjd

[00241 ] Still fuithcr, when VAD { 001 on fcansmmer side 109! is turned off the packets may be continuous h coming mto the packet buffei 1004 on receix et -side 1 U92 .such that packet buffet 1004 may ei be empty Theiefore, step 1030 (i e deteinunmg vvhethei packet buffet 1004 is empty) shown in Ftg 10C rnav not be performed as designed

[00242] Accordingly, wheu \ AD 1001 is turned off delay insertion cυnliol 1006 may not be able to peifoini steps 1030, 1032. and 1034 foi detctmmmg the timing for inserting s Although, at step 1036 shown in Fig 1OC, deia> insertion control 1006 ma> still be able obtain information tegarding whether the a\eiage μttεi j{i) ss gi eater than the piedetetmmed threshold, the infαimation is not sufficient foj determuiing the timing for snseitmg the delays tor example, when the av erage jitter j(i) is greater than the predetermined thieshold, it ma> have been to iate to insert the dela> s Consequently, the dela\ s mav be insetted at maccuiate tuning, causing choppy \ oιce in \ oιce communication

[00243] Furthermore, even if VAD 1001 ts turned on, existing VAD algorithms may not enable VAD ϊ 001 to insert SlDs precise!) As a result, fiont-end clipping and/ot reai cnά clipping of \ oice packets may occur, and \ oice quality ma\ be undesirable to a recei\ ϋig party

[00244] I- ig 1 1 4 shows a block diagram of a reccis er-side I I fK ⁾ of a second poor art packet voice communication arrangement (second prior art arrangement), which includes adaptive buffer control As shown m the example of tig 1 I A, iee 1 HW ⁾ includes the components of leceiver-side de\ tec 1092 in the first prior art arrangement shown in Fig 1 OA In addition car-side device 1 100 includes additional components 1 180 The additional components 1 180 roav include decodct 1 1 18, silence detector H 16, and buffer ov ctflovv conttol 1 1 14, described as follows

[00245] Decoder H IS mav be configured to decompress voice packets

[00246] Silence detector 1 1 16 may be configured to detect silence in the packets received from decoder 1118 If there is silence, then silence detector 1116 may set a silence flag value to 1. If there is no silence, silence detector 1116 may set the silence flag value to 0.

[00247] Buffer overflow control H 14 may be configured to monitor the status of packet buffer ! 102. According to Use status of packet buffer 1 102, buffer overflow control i 1 14 may determine whether to drop or to keep next packets received at packet buffer 1 102

[00248| Pig. 1 1 B shows a flowchart of a silence detection process utilized, for example, in receiver-side device 1 100 shown m the example of Fig. 1 1 A. The silence detection process starts at step 1 120. at which decoder 1 1 18 (shown in Fig, HA) may decompress voice packets (packets) received from packet play-out control 1 104 (shown in Fig, 1 1 A).

[00249] At step 1124. silence detector 1 1 16 (shown in Fig. 1 1 A) may determine whether there is silence in the received packets. If there is silence, control may be transferred to 1 130, at which silence detector 1 1 16 sets the silence flag value to 1. If there is no silence, control may be transferred to step i 126, at which silence detector 1116 sets the silence flag value to 0.

[00250] At step 1128, silence detector 1 j j 6 may output the silence flag value.

[00251 ] Fig, 11C shows a flowchart of a buffer overflow control process utilized, for example, in receiver-side device 1100 shown in the example of Fig. HA, The buffer overflow control process may be performed by buffer overflow control 1 1 14 shown in Fig. 11 A. The buffer overflow control process starts at step 1 132, at which buffer overflow control 11 14 receives the silence flay value from silence detector 1 1 16 (shown in Fig 11 A).

[00252] At step 1 134, buffer overflow controi 1 1 14 may determine whether packet buffer 1 102 (shown in Fig. 2A) has reached a first threshold such as, for example, 100% full. If packet buffer 1 102 has reached the first threshold, control may be transferred to step 1 144; if not, control may be transferred to step U 36.

[00253] At step 1 144, buffer overflow control 1114 may command packet buffer 1102 to discard newly received packets, regardless of whether the newly receive packets represent voice packets. Buffer overflow control 1 1 14 may also command packet buffer 1102 to provide packets to be played out.

[00254] At step 1136, buffer overflow control 1 1 14 may determine whether packet buffer i 102 has reached a second threshold such as, for example. 80% full. If packet buffer i 102 has reached the second threshold, control may be transferred to step \ \ 40, if not, control may be transferred to step 1 138.

[00255| At step 1140, buffer overflow control 1 1 14 may determine whether the silence flag value received from silence detector I U 6 is 1. If the silence flag value is 1 , control may be transferred to step 1142; if not, control may be transferred to step 1138.

[00256] At step 1 142, buffer overflow control 1 1 14 may command packet buffer 1 102 to discard newly received packets since the newly received packets may represent silence Buffer overflow control 1114 may also command packet buffer 1 102 to provide packets to be played out Control may then be transferred to step 1 138.

[00257] At step 1 1 38, packet buffer 1 102 may receive and buffer packets.

[00258] The buffer overflow control process shown in the example of Fig 11C may not be effective in maintaining quality of service. For example, when packet buffer 1 102 has reached the first threshold, e.g., 100% full voice packets may be discarded according to step 1 144. Therefore, choppy voice may be resulted. Further, when packet buffer 1 102 has reached the second threshold but not the first threshold, e.g., 80% full but not 100% full, packet buffer 1 102 may still receive bursts of voice- packets which are greater than the remaining capacity of the packet buffer 1 102 Consequently, overflow may still occur, and packets {including voice packets) that exceed the capacity of packet buffer 1 102 may still be lost. As Ά result, quality of service may be undesirable to a receiving party.

[00259] Fig, 12 A shows, in accordance with one or more embodiments of the present invention, a block diagram of a receiver-side device 1200 of a packet, voice communication system with adaptive jitter handling Receiver-side device I 200 may represent a user device such as, for example, a telephone, a mobile phone, a teleconference device, an audio player, or a video phone. Alternatively or additionally, receiver-side device 1200 may represent a server device in a packet communication network

[00260] As shown rn the example of Fig 12 A, receiver -side device 1200 may include one or more of the following components: packet buffer 1202, packet play-out control 1208, decoder f 210,

delay insertion control S 214, delay information module 1216, jitter calculator 1204, and play-out delay calculator } 206. Receiver-side device 1200 may further include a detector configured to detect a characterized content such as silence detector 1212 for detecting silence. Silence detector 1212 may be configured to receive decompressed packets from decoder 1210. Silence detector 1212 may further be configured to process the decompressed packets and provide a silence flag (but not the decompressed packets) to delay insertion control 1214 through link 1299.

[00261] One or more of the components may he included in software that may be downloaded into receiver-side device 1200.

[00262] One or more components of receiver-side device 1200 may have capabilities similar to capabilities of components of receiver-side device 1 100 shown in Fig. 1 1 A. However., in contrast with silence detector 1 1 16 of receiver-side device 1100, silence detector 1212 may be configured determine when to insert delays for handling jitters instead of or in addition to controlling packet buffer overflow.

[00263] Further, in contrast with delay insertion control 1 K)S of receiver-side device 1100, instead of receiving information from jitter calculator 1204 as in the prior art jitter buffering schemes, delay insertion control 1214 may receive information from silence detector 1212.

[00264] Delay insertion control 1214 may be directly coupled to silence detector 1212 through link 1299. Link 1299 may represent a direct logical link or physical link. There may be no direct logical or physical connection between jitter calculation 1204 and delay insertion control 1214, in contrast with link 1 199 between jitter calculator 1 1 10 and delay insertion control i i 08 shown in the example of Fig 1 i A and link 1099 between jitter calculator 1008 and delay insertion control 1006 shown in the example of Fig I OA.

[00265] Fig. 12B shows, in accordance with one or more embodiments of the present invention, a delay insertion control process utilized for adaptive jitter handling utilized, for example, in receiver- side device ! 200 shown in the example of Fig. 12 A. The delay insertion control process starts with step 1220, at which delay insertion control 1214 (shown in Fig. 12A) may determine whether packet buffer 1202 (shown in Fig. 12A) is empty, i.e., containing no packets for playing out. If packet buffer 1202 ts empty, control may be transferred to step 1228, if not, control may be transferred to

[00266] At step 1222, delay insertion control 1214 may determine whether the marker bit(s) of value ! are set in incoming packets that are received through packet buffer 1202. ϊf the mark bit(s) of value 1 are set, control may be transferred to step 1228; if not, control may be transferred to 1224.

[00267] At step 1224, delay insertion control 1.214 may determine whether there is a SlD(S ) m the incoming packets. If there is a SID(S K control may be transferred to step 1228; if not, control may be transferred to step 1226.

[00268| At step 1226, delay insertion control S 214 may determine whether the silence flag value received from silence detector 1212 (shown in Fig. 12A) is 1. If the silence flag value is 1 , control may be transferred to step 1228, if not, control may be transferred to step 1230.

[00269] At step 1228, packet play-out control 1208 (shown in Fig, 12A) may insert delays (e.g., silence packets or comfort noise packets) into the incoming packets according to information received from delay information module 1216 (shown in Fig. 12A) to generate adjusted packets. The delay information includes size information provided by play -out delay calculator 1206 (shown in Fig, 3A) and timing information provided by delay insertion control 1214,

[00270] At step 1230, packet play-out control 120S may play out the adjust packets. The adjusted packets may he decompressed by decoder 1210 and then be played out by receiver-side device 1200

[00271 ] As can be appreciated from Fig 12B, in accordance with one or more embodiments of the present invention, delay insertion control 1214 may determine the timing for inserting delays based on silence flag value received from silence detector 1212 (at step 1226) even if no information is received from jitter calculator 1204.

[00272] Fig. 13 shows, in accordance with one or more embodiments of the present invention, a block diagram of a receiver-side device 1300 of a packet video communication system with adaptive jitter handling. Receiver-side device \ 300 may represent at least one of a telephone, a mobile phone, a teleconference device, a videophone, and a video player. Alternatively or additionally, receiver- side device 1 300 may represent a server device in a packet communication network.

[00273] Receiver-side device i 300 may include components performing functions similar to functions of components of receiver-side device 1200 shown in the example of Fig 3A. Receiver- side device 1300 may include one or more of a picket buffer 1302. a jitter calculator 1304, a

compensation contio! J 314, a compensation calculator 1306. a compensation information module 1 3 Ib, a packet pia>-out corttiol 1 308, decoclei HI O, and a video dctectoi HI 2

[00274 j What may be different mav be that v jdco detectot Hl 2 mav be e-otifigiaed to detect no motion or low motion in video packets, instead of silence Furthet , instead of being configuicd to calculate and consolidate mfon nation foi deSav insettsou, compensation 130o compensation control 1314, and compensation uifoimation module 1316 may be configured to calculate and consolidate information for video compensation The \ κieo compensation mav include stopping placing new \ ideo Dames and mav be peifotmed by packet piav-oυt control 1308

[00275] Simdai to the configuration of seeener-sidd device 1200, compensation conliol 1314 mav be dnectiy coupled to video detectoi 1312 thiough Uuk 1399 foj defeirninmg timing foi the \ ϊdeo compensation

[00276] I he \ ideo compensation control process for jitter handling utilized in leceiver-side mseition conuol piocess shown in the example of t-ig 12B

[00277] One or moie embodiments of the piesent imeutmn mav im oKe a receivei-side device that includes a configυtatson similar the coufigmatioα of tecener-side de\ tee 1300 and is configured to handle jUtei in multimedia communication that includes \oice and \ ideo Fuitlier, one oi mote embodiments of the present imention ma> imoKe a dela> insertion control and video compensation control process that is similar to the delay insertion contϊot process shown m the example of Fig 12B

[00278] As can be appreciated fiom the foregoing, embodiments of the present imention may activity detector (VAD) or a fixed jitter buffer scheme Using a receix er-side silence detector foi dela> insertion conttol instead of onlv for buffer contiol, embodiments of the present invention may accurate!) insert delay-!, without unnecessarily inserting dcla> s into \oice packets λdvantageoubiv, choppv voice may be seduced, and voice quality ma\ be cnsuicd Further, embodiments of the present in\ention mav be utilized m video communication and/oi multimedia communication

[00279] D Di vitas Description Ptotocol (DDP)

[0028Oj One or more embodiments of the present invention include a lightweight protocol over SIP that wsll efficiently transport information between the server and the client and will work independent of the hardware and software platforms.

[00281 ] Architecture of DDP. DDP has been architeeted takmg the following factors into consideration.

[ 00282] Independent of server and client hardware and OS ^■ The structure and format of the protocol (DDP) is such that DDP us agnostic of the server or handset hardware platform as well as the operating system running on both of the platforms. In accordance with one or more embodiments of the present invention, the protocol is architeeted and designed to run on any server or handset hardware platform and is independent of the Operating System/SW platform running as well. For example, DDP may run on Linux, Symbian, Windows Mobile 5.0, etc. In summary, no special adapter layer needs to designed or developed time this module has to be ported on to a new- hardware or software platform

[00283] Decoupled from control plane protocol" DDP has been architeeted such that is can be used with any of the control plane technologies that is use on a given platform - i e , SIP, H 323 etc [00284] Independent of transport protocol; Designed to be efficient when used over both UDP and TCP. Has an optional module to ensure a level of reliability and performance (using AOKyNACK. and a windowing mechanism) if being used over a transport layer than ts best effort. This reliability module removes the burden on higher layer application to worry about guaranteed delivery especially in environments with high packet Joss.

[00285] Generic and application-unaware: DDP will be used for a wide range of application ranging from critical control plane messages with strict real time requirements to application that need to transfer large amounts of data between the server and the client Optional module within DDP enables the application to transfer files and buffers between the server and client The protocol also does not care about the type of the application data - i.e. binary, text,

[00286 j Service Priority Level" Enables the scheduling and queuing of messages with different priority levels for application with different delay and service requirements [00287] Support for Encryption: Optional module within DDl ⁵ allows the server and handset to set up a secure tunnel at initialization and all further exchange of DUP messages are encrypted providing a level of security for applications that need encryption. This will still allow applications to exchange unencrypted messages for such applications that do not need encryption.

[00288] Buill-irs Session Management: Has specific control messages to initialize and maintain the session between the server and the client.

[00289] Independent of the medium: The protocol ss independent of the medium over which the client is connected to the server. The session could be over WiFi, cellular data channel or wired

Ethernet.

[00290] Fig. 6A shows an overview of a DDP architecture that is fabricated in accordance with one or more embodiments of the present invention. As shown in Fig. 6 A, DDP is a session layer application that runs over SiP protocol. The encrypted application layer information that is transmitted between client and server is used to affect handoff decisions, provide session persistence for data applications such as, for example and without limitation, email or SMTP. Fig, 6A gives a high level view of the different modules that make up DDP. Here is a brief description of the different modules within DDΫ in accordance with one or more embodiments of the present invention:

[0029! 3 ϊ- DDP Message Handier- This is comprised of the parser and the message-formatting module The parser is responsible for checking the validity of a received DDP message and extracting the various information pieces before invoking the callback handlers. The formatting module takes the information, from a higher-level application and formats the DDP message before the DDP message is packed in to a signaling message packet

[00292] it. Session Management: An inbuilt mechanism to evaluate the health of the DDF session between two peers and mechanisms for informing the registered applications if the session fails.

[00293] iii. DDP Scheduler: Provision for having different priority levels for DDP messages based on the application requirements.

[00294] iv. Reliable DDP module: Support for guaranteeing reliable delivery of DDP messages depending on the application requirements.

[00295] v. DDX < Divitas Data Transfer) module: The module that uses DDP messages for transferring files and data buffers between peers. The DDX module will work independent of the file format or the buffer contents and has mechanisms for error checking and confirmation of delivery.

[00296] vi. DDPS: The module in DDP that encrypts and decrypts the DDP contents before they are inserted in the signaling packets. DDP has a protocol for establishing the secure DDP tunnel between 2 Divitas peers.

[00297] Fϊg 6B shows the exchange of DDP messages duπng the initialization of a chent when a user logs on to one of the devices m accoi dance one or mose embodiments of the ps esent invention

[00298] In accordance with one or raoie embodiments of the present lm cnnon. DDP is a La>er 4 oi an application la> er pioloco! DDP can use TCP, L DP Oϊ TLS ft« transpoπ Similar to SlP or

SDP, DDP is a text-encoded piolocol Iu accordance vuth one o\ more embodiments of the pjesent invention, a DDP message comprises a sequence of lines Oϊ fields wherem each hue of field begins w ith a single lower case letter which denotes the t\pe of infoimation that is being conveyed, the rest of the line oi field contains pieces of mfomiatjoα associated w ith, a function or method in accordance with one oi more embodiments of the present invention, theie can be multiple lines oi fields with the same staitmg name or type In accordance with one or more embodiments of the present invention, each DDΫ message comprises a set of raandatoiy lines oi fields and optional lines oi field, depending on the specific type of DDP message bcmg sent If any of the mandatory lines are missing, a parser will reject the DPP message Optional lines that the parser cannot understand are skipped o\ ei This allows for backward compatibility and interoperability between different veisions of software Here is an example of a DDP message

[00299] \=O 00 1

[003(K)J o seis e?

[00301 ] r=data 2

[00302] c ext 4444

[00303] c pief cell wifi gpts sms wka 5 cka 10 1200 whys 20 chys 60

[00304] c wift ISSJIO 30 issihi o0 chlo 30 ehhi 5ϋ

[00305] c qos delay Io 50 delay hϊ 100 iosslo 1 losshi Ki jiltetlo 30 utter hi 50

[003Of ₅ ] c siv intip 1023414444 ovtip -1343245U32

[00307] c end

[00308] The DlW message is then added as a message body in a SiP message with a message type of "application ddp" or "application/ddps" The DDP body can also be sent with othei signaling protocols if lequired

[ 00309] Exemplars applications of DDP in accordance with one oi moi e embodiments of the present im ention are described as follows

[003 SOj Voice Mobility: Voice mobility depends on a lot of factors - the primary one being the WiFi quality experienced by the client. DDP is used to send the WiFi report in real time with information about the AP that the handset is currently associated with to make mobility decisions. The WiFi report can also optionally contain information about the neighboring APs so that the mobility server can use this information to take preemptive mobility decisions based on the predicting the movement of the handset. In addition to the automatic updates based on the WiFi conditions, DDP is also used for user initiated mobility decisions.

[0031 1 ] Client/Device Management: DDP is used extensively in managing the client and the user experience on the handset. Here are some of the different way in winch ODP based control and bulk transfer messages are used for managing the client: a. Device Configuration: Sending device specific configuration to the device during initialization once the device-'user have been authenticated, fa. Mobility Thresholds: WiFi thresholds based on administrator settings for the client to initiate mobility' actions, e. User Information: When a user logs on to one of the clients, the server pushes the user specific information (like extensions, preferences etc.) over DDP. d. Device Image Management; Ability to upgrade the handset software over the air is achieved using DDP bulk transfer capability.

[00312] Voicemail/Email download to handset: One of the key differentiator of the Divitas solution is the ability to download voicemails to the handset and manage them at a time of your convenience. The ability to manage voicemails without IVR is possible by proprietary control messages that interface with the Voicemail system as well the bulk transfer capability in DDP to transfer the voieemaiis to the handset A similar functionality can also be achieved for Email system where an adapter module can be built to interface with the Email system of choice. [00313] User Presence Management: DDF messages with the user's preference for voice and text over the different medium is communicated to the server for presence management This is a key piece of functionality that allows the support of Presence aware calling. The architecture and design of Rendezvous calling is also based on enhanced presence and user preferences all communicated over DDP to provide the service Rendezvous calling is designed to provide. [00314] Instant Messaging; The messages for IM are tunneled over a DDP session. This allows the IM client on the handset to be unaware of the medium/protocol in which the device is operating. [00315] Features and advantages of the present invention may be better understood with reference to the figures and discussions that follow.

[003 Sόj Fϊg 14 shows a pπor ait example of a call flow t ^' oi establishing a connection between an application client and an application sct\cr Constda the situation wherein, foi example, a user of a handset wants to employ an application client 1404 to request for a software download 1406 \ ia a web htowser thiough a ϊ !TTP (hypestext tiansfer protocol) connection

[003171 Bcfoie software download 1406 to be established between application client 1404 and application seuer 1402 λl a first step 1408, application client 1404 may send a TCP (ijansπussson contiol piotocυ!) SYN (synchronization) to an application S^ N-ACK

( FCP synchiomzation acknowledgement) back to application client 1404 At a next step 1412, application client 1404 may ϊsmd a ICP ACK to application 1402

[OCH 18] Once an HTIP connection has been established between application client 1404 and application senei 1402, at a next step J4J4, application client 1404 may send an HTTP Get to application server 1402 In other words., at step 1414, application client 1404 JS sending the usci 's request for a software download 1406 to application sen, er 1402

[00 ) 19] L pon receiving the H I FP Get application scner 1402 may perform a search to locate the requested download, at a next step 1416

[00320] At a next step 14 i S, once the softwaie has been located, application sen er 1402 may begin sending the icquested softwase as data packets {e g , TCP data segments) to application client

1404 In sending the tequested softwate file, the software file mav be broken into a plurality of data packets in otdoi to facilitate the psocess of sending the softwaie file through the netwosk

[00321 ] λt a next step 1420, upon recerung the TCP data segment, application client 1404 may send a TCP ACK to application senei 1402

[00322] Steps 1418 and 1420 may he iepeated until all of the data packets foi the requested softvsate download been sent by application senet 1402 to application client 1404

[00323] Once ali of the TCP data segments been sent, then at a next .step 3422, application senei 1402 ma> send au I ϊTFP 200 OK to application client 1404 In .sending an HTTP 200 OK, application seuei 1402 is notifying application client 1404 that all data packets i elated to the softwaie download request been sent

[00324] Once application chent 1404 has teceived each of the data packets, then application client

1404 may send a notification 1424 to the uset informing the user that the download has been completed

[00325] For each application client on a handsel, the method described in the call How of Fig, I may have to be performed by each application client. Thus, if the handset includes multiple application clients (e.g , video application client, voice application client, instant messaging application client, game application client, virtual reality application client, etc. k an independent channel may have to be established between each application client and its corresponding application server before interaction between the application client and the application server may commence. With multiple applications running on a client, communication between the different applications is not guaranteed, As a result, an application running on a given client may be unaware of the data exchange that may be happening for another application on the same client. [00326] In addition, the method described in Pig. 1 is a cumbersome method that may require each application on a client to be properly configured m order to assure that the application may successfully interact with its corresponding application on a given server within an enterprise. This method could create both security risks and increased complexity by requiring that a separate network session be allowed for each of the applications that communicate between a client and a server

[ ^" 00327] Tn one aspect of the invention, the inventors herein realized that a single protocol that is independent of hardware (e g., handset) and software (e.g., video application client, voice application client, instant messaging application client, game application client, sirtual reality application client, etc. ) may be employed to consolidate all of the applications network sessions In other words, the inventors realized that application clients do not need to establish multiple network sessions with their corresponding application servers. Instead, a protocol may be implemented that takes advantage of existing control and transport protocols but is hardware and software independent, thereby allowing a plurality of application clients to interact with its corresponding plurality of application servers.

[00328] In accordance with the embodiments of the invention, a mobility architectural arrangement is provided by implementing a DiVitas description protocol (DDP) in an embodiment, the DDP may include a DDP client and a UDP server. Embodiments of the invention enable the DDP to efficiently transport data packets between a plurality of application clients on a handset and a plurality of application an enterprise. Embodiments of the im ention also enable DDP to be implemented independent of the hardware and software platforms.

[00329] In an embodiment of the invention, the DDP ϊS independent of the hardware platform. Thus, the DPP may be implemented on dual-mode handsets, personal digital assistants (PDAs). 802 1 1 telephones, and the hke. In an embodiment of the invention, the DPP is also independent of the software platform. As a result, the UPP may be run on a Linux ^® system, a Symbian ^® system, a Window ^{i M} Mobile 5.0 system, and the like.

[00330j In the prior art, the establishment of multiple network sessions may require multiple channels to be established between the client and the server, ϊn other words, a plurality of "'holes" may be ^" 'punched" into the firewall of the enterprise in order to enable the plurality of application clients to interact with their corresponding application servers In an embodiment of the invention, DDP may be implemented to establish a single secure channel through which interaction between application clients on a handset and application servers within an enterprise may be conducted [00331 1 With a single secure channel from which a plurality of data traffic may be exchanged, the information that is downloaded onto the handset may be managed by the application client. Thus, an application client that may require the utilization of information that has already been downloaded does not have to request for the date to be downloaded again. Instead, the mobility client with DDP may be able to direct the application client to the storage location of the requested data. [00332] In an embodiment of the invention, the DDP may be independent of the network in an example, the secure channel established by the DDP may be through Wi-Fi network or a cellular data network, for example. This enables DDP to ensure that a network session can be handed off to a separate network, when a user on a client device roams.

[00333J Tn an embodiment, the DDP is built on top of a control protocol and a transport protocol. In an embodiment, the DDP may be implemented with any available control protocol (e g., SlP, H.323, etc.). In another embodiment, the DDP may be implemented with any available transport protocol, such as a user datagram protocol (UDP), a transmission control protocol (TCP), or a transport layer security (TLSK for example. Thus, the DDP is able to efficiently route data packets and manage connectivity without having to be concerned about the control and/or transport protocol that may be available.

[00334] In an embodiment of the invention, the DDP may include a reliability module (RDDP), which may ensure a level of reliability for the delivery of the data traffic. This module is useful when utilizing a transport protocol such as UDP, that does not provide reliability. Thus, DDP may

provide assurance of a successful transfer and remove the burden of monitoring the data traffic (TORI the application clients.

[00335] TϊT. an embodiment of the invention, the DDP may be implemented for a plurality of applications (i.e., application clients and their corresponding application servers), hi an example, the DDP may be employed by a simple application thai may not require real time exchange of data. In another example, the DDP may be employed by an application that has real time requirements for the exchange of data. Due to the DDP adaptability, applications may be added or removed without impacting the capability and versatility of the DDP.

[00336] In an embodiment of the invention, DDP may include a priority message scheduler module which may be configured to schedule and queue data traffic. The DDP may employ the priority message scheduler module to automate the plurality of downloads and uploads that the plurality of applications may need or require.

[00337] The features and advantages of the present invention may be better understood with reference to the figures and discussions that, follow.

[OO33S] Fig. 15 shows, in an embodiment of the invention, a simple architectural diagram of the DDP invention, ϊn an embodiment of the invention, DDP 1536 is independent of hardware and/or software platforms In an example, DDP 1536 may be implemented on a plurality of client devices, including, but are not limited to, dual-mode handsets, PDAs, laptops, and the like In another example, DDP 1536 may be implemented with different operating systems, such as. a Linux® system, a SyrabianCl ¹ system, a Window TM Mobile 5.0 system, and the like. As a result, DDP 1536 may be loaded onto different hardware and/or software platform with minimal modification. [00339] DDP 1536 may be built on top of a control protocol and a transport protocol. In an example, DDP 1 536 may be used with different type of control protocols (e.g., SlP 1 532 and other control protocols 1524) and different type of transport protocols (e.g., UDP 1534, DDP J 528, TCP 1530, TCP 1526, etc.}. The type of control protocol and/or transport protocol that may be employed by DDP 1536 in order to perform its function may be easily adapted by DDP Thus, if the control protocol and/or the transport protocol change, DDP 1536 will adapt itself to utilize any combination of available transport and control protocols as required. ϊNote that changes to the control protocol and/or the transport protocol do not impact the application layer which may include, but is not limited to, a voice mobility control application client 1 506, a device management application 1 504, a

project management application 1502, a voicemai I/email transfer application 1508, a device image management application KSl 0, an instant messaging application 1512, and the like [00340] TϊT. addition, DDP 1536, in an embodiment, that ϊS capable of determining the preferred transport protocol to provide the best performance and reliability. Thus, the responsibility of identifying the correct transport protocol may be centralized and moved from the plurality of applications to DDP 1536. Since ail the data traffic between a DDP client and server is now handled by DDP 1536. DDP 1536 may be able to determine the best transport protocol for routing data traffic while minimizing the possibility of data packet loss,

[00341 ] In an embodiment, DDP 1536 may include one or mote modules, such as a DDP with security extension module (DDPS module 1 522), a priority message scheduler module 1518, a reliable DDP module (RDDF module 1 516), a built-in session management module 1520, and a DiVitas data exchange module (DDX module 1514).

[00342] In an embodiment, DDPS module 1522 may provide security functionality to DDP 1536. in an example, DDPS module 1522 may enable a secure channel to be established between a mobility client of a handset and a mobility server within an enterprise. With a secure channel, ail incoming and outgoing data traffic from the plurality of applications may be routed through a single secure channel,

[00343] In some situations, individual authentication may have to occur before an application client may be able to interact with its corresponding application, server. Unlike the prior art, the authentication process may be automated. In an embodiment, DPPS module 1522 may include a database, which may include the authentication data required for establishing a connection between an application client and an application server.

[00344] In an embodiment of the invention, DDPS module 1 522 may provide encryption/decryption functionality, thus enabling DDP 1536 to provide security for applications thai may require the functionality. In an example, an important e-mail from application client 1508 is routed from an email server to an email application client on the handset To ensure the security of the email, DDPS module 1522 may encrypt the DDP data packets before sending the packets to the corresponding application server. In another example, an instant message between two 1 M clients may be sent in a non-secure manner. Thus, DDP 1 536 may route the instant message without employing the DDPS module 1522 to encrypt the data packets sent between the IM clients.

[00345] In an embodiment of the invention, DDP 1536 may include priority message scheduler module 1518, which may be configured to schedule and queue data packets In other words, priority message scheduler module 1518 may be responsible for managing the plurality of different data packets that may be serviced by DDP 1536. In an embodiment, priority message scheduler module 1518 may establish a policy for handling the incoming and outgoing data packets. In an embodiment, priority message scheduler module 1518 may have different priority levels depending upon the originating application. In an example, application A (e g., email) may have no requirement for real-time delivery of its data packets. However, application B (e.g.. Presence Management) may be sensitive to time delay and require real-time delivery of the data packets In an embodiment, priority message scheduler module 1 518 may be an optional DDP module. In an example, if DDP 1536 is currently only handling data traffic for one application, then DDl* 1536 may not have to employ priority message scheduler module 1518 to handle the scheduling of the data packets

[00346] In an embodiment of the invention, DDP 1536 may include a reliable module (RDDP 1516), which may provide a level of assurance for the delivery of the plurality of data packets. To assure delivery, in an embodiment, RDDP 1516 has mechanism to retransmit packets that do not successfully reach their destination within a specified time interval. In an embodiment, if a data packet is not received withm a preset time interval, the packet will be retransmitted The packet may be retransmitted a specified number of times before notifying the application that the transfer of the packet has failed. With RDDP 1516, DDP 1536 may provide assurance that data packets are being sent and/or received in the order in which the application requires [00347] In an embodiment, DDP 1536 may include a DDX module 1514, which may be employed to transport large amounts of data. (e.g. image files, log files, etc..) between the mobility client and the mobility server. In the embodiment, DDX module 1514 includes mechanisms to ensure the data integrity of the data transfers between the mobility client and mobility server, In yet another embodiment of the invention, DDX module 1514 may include mechanisms for confirming completion of the data transfer to the applications..

[00348] In an embodiment of the invention, DDP 1536 may be implemented for a plurality of applications including, but are not limited to, voice mobility control application 1 506, device management application 1504, project management application 1502, voicemail/email transfer application 1508, device image management application 1510, instant messaging application 1 512,

and the like. In an embodiment of the invention, the plurality of applications may be divided into two groups.

[00349] TϊT. the first group, the plurality of applications (e.g., voicemail/email transfer application

1308, device image management application 1530, instant messaging application 1512. etc.) are applications that may tend to send larger files, thus DDP 1 536 may employ DUX module 1514 to convert the files into smaller data packets that can utilize any of the other modules within DDP 1 536, including 1516, 151 S ₅ 1522, and provide assurance that the data file has been successfully transmitted and that the application has been notified of the completed transfer.

[00350] In the second group, the plurality of applications (voice mobility control application

1506, device management application 1504, project management application 1502, etc.) is usually applications that may tend to send smaller control messages. Usually, applications in the second group tend to be control applications. In an example, voice mobility control 1506 may enable the mobility client and the mobility server to share mobility status, which may be sent in a single DDP packet.

[00351 ] Fig. 16A shows, in an embodiment, an example of how data within a mobility architectural arrangement with DDP may flow between an application client located within a client device and an application server, which is managed by an enterprise. Consider the situation wherein, for example, a user on a client device wants to employ a votcemail client 1602 to retrieve a voicemai! from a voicemail server 1604.

[00352] Upon receiving the request from application client 1602, voicemail server 1604 may initiate a file transfer. Voicemail server 1604 may send the file along a path 1650. Upon receiving the file, the mobility server may prepare the file to be sent through a secure channel to a mobility client on the client device.

[00353] In an embodiment, a server DDX module 1608., which is within the mobility server, may be employed to convert the file into a format that is compatible with the control and transport protocol of the secure channel. In an example, server DDX module 1608 may convert the file, which may be in a binary format into a format that can be transported over the SiP protocol. Also, server DDX module 160S may break the file into a plurality of data packets in order to ensure the effectiveness of routing the plurality of data packets through the secure channel.

[00354] After initial processing has completed, server DDX module 1608 may send a first data packet to a server DDP 1616. Server DDP J 616, in an embodiment, may include a server RDDP 1614, which rnay provide a level of assurance for the delivery of the first data packet. [00355] Once the first data packet has been received by server DDP 1616, the first data packet may be encrypted. In an embodiment, server DDP 1616 may include a DDPS module, which may encrypt the data packets as required by the application. In an example, simple data packets (e.g., mstant messages) may be sent without encryption. In another example, important data packets (e.g., a confidential email) may be encrypted before being routed to the requestor, [00356] from server DDI* 1616, the first data packet may be encapsulated as a SlP notify message (as shown in a code example 370 of Fig. 16B) and sent via the secure channel through a network 1624 to the client device. In an example, the first date packet may be sent through the secure channel by using a server SSP control protocol 1620 and a server UDP transport protocol 1622. The first data packet may be received securely by the mobility client of the client device, which may receive data packets through a client UDP transport protocol 1626 and a client SlP control protocol 1628

[00357] Within the mobility client a client DDP 1632 may receive the first data packet. A client RDDP ] 634 may perform a similar check as that performed by server RDDP 1614, Also, client RDDP 1634 may send a SlP Notify Message with a DDP acknowledgment along a path 1652 through the secure channel to server DDX module 1608. By sending the DDP acknowledgement, client RDDP 1634 may send an assurance from the mobility client to the mobility server that data packet has been received. Likewise, if server RDDP module 1614 does not receive the RDDP acknowledgement server RDDP module 1614 will retransmit the data packet until the packet has been successfully acknowledged or the maximum number of retries is exhausted, [00358] In an embodiment, a data packet may be sent and the next data packet may not be sent until a DDP acknowledgement has been received, ϊn an example, server DDX module 1608 may not send a second data packet until a DDP acknowledgement has been received. In another embodiment a fixed number of data packets may be sent and the sending of additional packets would not occur until an acknowledgement is received for one or more of the initial data packets. In an example, server DDX module 1608 may send a group of 10 data packets and will be required to wait until at least one acknowledgment is received before it is allowed to transmit an additional data packet.

[00359] Once the mobility client has sent a DDP acknowledgment to the mobility server, the data packet will be routed to a client DDX module 1636 In an embodiment, client DDX module 5636 may hold the data packets until al! data packets have been received. In an embodiment, server DDX module 1608 may send a message indicating that each of the data packets for the requested file has been sent and that no additional data packet for the file will be forthcoming. Once al! of the data packets have been received, then client DDX module 1636 will reassemble the file and notify the vote-email client 1602 that the voicemail file is available.

[00360] As can be seen from Fig, 15 and 16, the architecture of the DDP may provide a single secure channel from which a plurality of application clients may interact with a plurality of application servers. By having data traffic flowing through a single secure channel the architecture of the DDP may provide control by assuring that the data packets are being received, that proper verification has been done in order to acknowledge that all data packets have been received, and that there are no missing data packets. In an example, the architecture of the DDP may enable large files to be broken up into smaller data packets, which may be sent with the assurance that the acknowledgement may be sent by the receiving side.

[0036! ] Fig. 17 shows, in an embodiment of the invention, an example of a call flow illustrating how a secure channel, may be established between a client, device and a mobility server. Jn an embodiment, to establish a secure channel, registration may occur. Consider the situation wherein, for example, a user initializes a client device for the first time,

[00362] At a first step 1724, a SlP registration must first be established. In an example, a client SIP 1716 may send a SϊP registration request through a client UDP 1714. The SlP registration request may be received by a server SIP 1710 through a server UDP 1712.

[00363] Upon receiving the SlP registration request, server SIP 1710 may send a SϊP registration response 1726 via server UDP 1712 and client UDP 1714 to client SlP 1716. Once the SIP registration has been successfully completed, steps to establish a secure DDP channel are initiated. [00364] At a next step 1728, a client DDPS module 1718, a module of a client DDP 1720, will send a DDPS session request to a server DDPS module 1708. In an example, the DDPS session request may be routed through client SiP 1716, client UDP 1714, server UDP 1712, server Sf P 1710 to server DDPS module 1708.

[00365] Upon receiving the DDPS session request, at a next step 1730, server DDPS module 1708 will send a DDPS session, response 1730 to client DDPS module 1718 via server SIP 1710, server

UDP ϊ 712, chent UDP $ 714, and ciiem SlP 17 I 6 Otico the secυio channel has been established, the user may have to iegister with the mobility serx er To notify the user, client DDPS 175 S may forwatd the DDPS session response to an application client 1722

[00366] Upon recen ing the notification, at a next step 1 732, application client 1 722 may send a DDP registiaUυn request to a user ice manager 1704 In an example, application client 1722 may send the registration information to a client DDP 1 720 Client DDP 1 720 may send the registration information through the established secure channel (s e , thiough client DDPS module 1718, client SIP 1 716. client UDP 1 714. sen er VOP 1712. server SIP 1710. and sener DDPS module 1708) to a DDP 1706, which may then route the registration information to user ιce manager 1704 [00367] Upon receiving the registration information, user device manager 1704 ma> send a DDP registration iesponse to application chent 1 732. at a next step 1734 in an example, user device manager 1704 ma\ send the DDP registration tesponse to sen ex DDP 1706 Servei DDP 170b may send the registration information through the established secure channel (i e . through sener DDPS 1708, sen er SIP 1710, server UDP I 7i ^ cliem UDP 1714, chent SIP 1716, and chent DDPS I Ti SI to DDP 1720. which ma> then, route the DDP registration response to the user of application chent ! 722

[00368] In a mobility architectural arrangement with DDP, registration may be a one-time e\ ent In an example, client ice will register with the mobilit) server when the client device is initialized foi the first time Since a secure channel has already been established at steps 428 and 430, the usct of the chent device may be assuicd that the sensitive DDP registration information is being sent encrypted and through a secuic channel In an embodiment, no additional DDP registration may need to occur as long as the secure channel between the client device and the mobility server is maintained 1« an embodiment, interaction between application clients on a client device and application servei s» managed an enterprise may now be conducted securely thiough a single secure channel Fig 18 and 19 show, m an embodiment, examples of how DDP may handle interaction between applications clients on a client device and application sen ers managed by an enterprise

[00369] t-ig I S shows, in an embodiment, a simple call flow illustrating a situation m which a large file may ha\ e to be sent Consider the situation wheiem, for example, a chent deuce ma> need to download the latest softwaie upgrade In an example, an application chent 1814 may send a

request ! 81.6 for software upgrade to an image manager 1802, which may be responsible for managing the different software images on the server side.

[00370] At a first step 1818, application client 1 S! 4 may send a new image request to image manager 1802, ϊn an example, the new image request may first be sent from client application 1814 to a client DDP 5.85.0. After receiving the new image request, DDP 1810 may send the request through a secure channel to a server DDP ! 808, Before being sent to image manager 1802, the new image request may be routed to a device/ user manager 1804, which may be responsible for determining which software may need to be upgraded. After device user/manager 1804 has determined which software upgrades the client device may need, device user/manager i 804 may route the new image request to image manager 1802.

[00371] Upon receiving the request, the image manager 1802 may then send the requested software upgrade (e.g., requested data 1820) to a server DDX module 1806. In an embodiment, server DDX module 1806 may convert the file into a format that is capable of being sent through the secure channel established between the client device and the mobility server, In an embodiment, server DDX module 1806 will break the large file into a plurality of data packets in order to transport the file through the secure channel

[00372] At a next step 1822, server DDX module 1806 may send a DDX file transfer start to a client DDX module 1 Si 2 via server DDP 1808 and client DDP 1810 In an embodiment, a DDX file transfer start refers to a notification between a server DDX and a client DDX that a file is about to be sent. The DDX file transfer start may include basic information about the incoming file such as, for example, name of the file, file size, number of data packets that may be sent, the application that is requesting for the file, and the like.

[00373] At a next step 1824, client DDP 1810 may send a DDX start response to server DDX

1806. ϊn an embodiment, an RDDP module within the DOψ may be sending the DDX start response.

[00374] At a next step 1826, server DDX module 1806 may send a first DDX data packet to client

DDX module 1812. .As described in Fig. J6, the DDX data message may first be sent to server DDP

1808. The DDX data message will be encapsulated as a SlP notify message, in an embodiment, and sent through the secure channel over a SIP control protocol and a UDP transport protocol. On the client device, the DDX data message may be received by a client DDl ⁵ 1810, which may then route the DDX data message to client DDX module 1812,

[00375] At a next step 1828, upon receiving the DDX data message, a DDP aeknow lodgement will be sent by chent DDP 18 {0 In an embodiment, the RDDP module wtthm client DDP 1850 will send the DDP acknow lodgement to snfoini ses\ ct DDX module i 8()6 that the incoming DDX data message has been tecei\ ed successful !v

[00376 | Steps 1826 and 1828 may be iteiatn e steps that may be jepeaied until all DDX data packets and acknowledgements e been exchanged between the seiser and client DDX module

[00377] Once the last DDX data message and DDX acknowledgement have been sent, server

DDX module 1806 will send a DDX file transfer end, at a next step 1830, to application client 1814 to notifv the application chent that all DDX data messages have been sent In an example, the DDX file tiansfer end may be sent fioπi ei DDX module 1806 to seivei UDP 1808 to the client device

[UtB ⁷ S] The DDX file transfei end ma> be recen ed client DDP 1810 In an embodiment, the

RDDP of chent DDF 1810 mav send a DDP acknowledgement to image manage t 1802, at a next step 1 832

[00370] Meanwhile, client DDP 1810 may route the DDX file transfer end to chent DDX module

1812, which vi lli notify the application client ! 8i 4

[00380] As can be appreciated fiom Fig 18, a new secure channel ma\ not have to be established in order to request the software upgrade Instead, the request for a software upgrade røa> be received and handled by the application sen ei without ha\ mg to establish a new secuic channel As can also be seen, Fig 18 shows how the architecture of the DDP may he employed to send data traffic in a secure and tebable mannci that ma\ enable the .sendes and the sequester the assurance that all data packets lot a requested file has e been successfully received

[00381] Pig 1 ^Q shows, in an embodiment of the inv ention, a simple call flow illustrating a situation in w hich small contiol messages, such as those sent bv conliol applications, ma\ be sent

In Fig 10, the internet ton between an application client and an application sen ei ma\ oceui without a DDX module

[00382 j Considei the situation wheiem foi example, a usei of a chent device wants to shaie his oi hei usei presence (e g „ available, busy, phone call oni\ , etc }

[00 ice ma> send a presence piefeience setting to a sen er ptesence manager 1902 In an example, chent presence manager 1910 ma\ send a piesence preference setting (as a single DDP data packet) to a client DDP

! 908, which may then send the presence preference setting through a secure channel to a server DDP

1906.

[00384 j Upon receiving the presence preference setting, server DDP 1906 may send a DDP acknowledgement, at a next step 1918. In an embodiment, a RDDP module within the DDP may be sending the DDP acknowledgement. Meanwhile, server DDP 1906 will notify the server presence manager 1902 of the presence preference setting through the device/user manager 1904.

[00385] Consider another situation wherein, for example, the same user wants to discover the presence status of another user.

[00386] At a first step 1922, client presence manager 1910 may send a presence query 1920 to client DDP 1908, which may send the presence query through the established secure channel to server DDP 1906. Upon receiving the presence query, server DDP 1906 will forward the query through device/user manager 1904 to server presence manager 1902, winch may perform the requested query to retrieve the requested information.

[00387] At a next step 1928, server presence manager i 902 may send a presence response (e.g., requested status data) to client presence manager 1910. In an example, the presence response may be sent from server presence manager 1902 through device/ user manager 1904 to server DDP 1906.

Then, the presence response may be sent through the secure channel to client DDP 1908, which may then route the presence response to client presence manager 1910

[00388] As aforementioned, Fig. 18 and 19 show different examples of how DDP may be employed to manage the interaction between a plurality of data applications on a client device and a plurality of application servers managed by an enterprise. A mobility architectural arrangement with

DDP establishes a single channel from which each of the application clients and the application servers may interact with one another. Also, the architecture of DDP may be employed to send data traffic in a secure and reliable manner that may enable the sender and the requestor the assurance that ail data packets for a requested file have been successfully received.

[00389] Since the mobility architectural arrangement with DDP may now be the center of control, the mobility architectural arrangement with DDP may now coordinate the various activities that a user of a client handset may have previously individually managed, in an example. Fig. 1 S shows how DDP may be employed in managing the user's experience on the client device including, but are not limited to, software upgrade, device configuration, and user information management. In another example, the DDF* may manage a user's presence (as seen in Fig. 19) by allowing the user to

shate his status, thus enabling the system to manage incoming txaffic and to allow others to see his or her status In yet another example, DDP may manage mobility by allowing the mer to roam from one data netwoik to another without having to vxoπy about session management

[00390] λs can be appieαated bv the embodiment of the indention a mobility architectural arrangement wuh DDP i educes the security risk by piowdmg a single seeuie channel fioni which inuUiple applications on a client device raav be able to communicate with a plutablv of applications on an enteipitse implemented independent of haidware aπϋ 01 software limitations Also. DDP is an adaptable protocol that may be manipulated to take acKantage of a plurality of contiol and 'or transport piotocols

[ 003^11 E Dn ita* Piotocol Pioxy (DPP)

[00392] If clients for applications on the mobile handset access the enterpπse resources direeth , the enterpπse firewall needs to be opened for multiple piotocois A method, which is fabricated in accordance with one or moic embodiment of the present indention, allows the handset based enterpπse applications to make use of existing \ olP related connection m a secure mannet

[00 >9 >] This imention is implemented by devising a distributed protocol proxy The distributed protocol proxy may be divided into two parts One part resides on the mobile handset along with the

VoIP ci tent I he other part s esides inside the enterprise along w ith the VoIP sen er

[00394] As shown m the Fig 74-D the handset based VoIP client acts as a scι\ ci for the different applications sunning on the handset This component makes use of existing VoI? related connection

(e g SlP) to send the application pavload actors to the enterprise The server side pio\\ component is responsible for stripping the pa^ioad and making connection to the actual cnteipusc servers The client and sei\et stde pio\y componenLs rnav furthei be sub-div ided into multiple subcomponents

Each subα>rnponem shall be jesporusible for pioxying one piotocol

[00395] Pig 7λ shows a network architect me m accoi dance with one oi mote embodiments of the present invention and includes two network mtei faces pei host Iuo paths are pjovided through the independent oetwoiks. one fjom iineiface CO to S(S and anothet fioni Cl to Sl In S( ^{^} TJ*, these two paths would be collected into an association

[00396] "Thin Client' ^" monitors the paths of the association using a built-in heartbeat, upon detecting a path failuse. the piotocol sends traffic the alternate path It ma> not be necessan foi the applications to know that a fai iover occurred

[00397] Failover can also be used to maintain network application connectivity. For example. consider a laptop that includes a wireless S02.11 interface and an Ethernet interface. When the laptop is in its docking station, the higher-speed Ethernet interface would be preferred; but upon loss of connection {removal from the docking station), connections would be failed over to the wireless interface. Upon return to the docking station, the Ethernet connection would be detected and communication resumed over this interface. This is a powerful mechanism for providing high availability and increased reliability.

[00398] In accordance with one or more embodiments of the present invention, a multi-homing scheme is implemented which provides applications with higher availability than those that use TCP.

A multi-homed host is one that has more than one network interface and therefore more than one IP address for which the multi-homed host can be addressed. In TCP, a connection refers to a channel between two endpoints {in this case, a socket between the interfaces of two hosts).

[00399] Figs 7B-D show how a thin client along with a counterpart of the thin client on the server has in affect created an efficient transport mechanism for conveying state information between handset and the server in accordance with one or more embodiments of the present invention. An example of an e-maii application {i.e , SMTP) is shown that uses the SIP - NOTIFY method to tunnel application layer packets without the knowledge of the SiVfFP application. This has advantages where the presentation layer application on the client does not have to be changed to provide session persistence.

[00400] Advantageously, using the above method for mobility applications, the enterprises may achieve a more secure and easy to manage enterprise mobility This method also enables VoIP vendors to extend their mobility solution to different enterprise applications.

[00401 ] Features and advantages of the present invention may be better understood with reference to the figures and discussions that follow.

[00402] Fig. 20 is a prior art example of an architectural arrangement in which each application on a handset is connected individually to a corresponding application server within an enterprise. λ handset 2000 may include a plurality of application clients including, but are not limited to, a

Di Vitas client 2002, a CRM (customer relationship management) application client 2006, and a mail application client 2008, The application clients may be independent of one another or may interact with one another via application protocol interfaces (APIs), In an example, application clients 2006

and 2008 may be interacting with DiVitas client 2002 via an API 2010 and an API 2012, respectively.

[00403] The application clients in handset 2000 may interact with application servers within an enterprise 2090. Enterprise 2090 may include a plurality of application servers including, but are not limited to, a Di Vitas server 2022, a CRM application server 2026, and a mail application server 2028. The application servers may be independent of one another or may interact with one another via APIs, ϊn an example, application servers 2026 and 2028 may be interacting with OiVitas server 2022 via an API 2030 and an API 2032, respectively Note that the purpose of the APIs is to enable the application to interact with one another. However, since each application is independent of one another, the interaction via the APIs is optional.

[00404] Consider the situation wherein, for example, a stockbroker on handset 2000 may be communicating with his client via DiVitas client 2002. While conversing with his client, the stockbroker may want to have his client's portfolio readily available. In this example, the stockbroker may have to establish two different sessions. The stockbroker may establish a first session to enable him to converse with his client via DiVitas client 2002. To bring up the portfolio, the stockbroker may establish a second session by employing CRM application client 2006 to interact with CRM application server 2026, which is located behind a firewall 2040 within an enterprise 2090.

[00405] In a typical secure sockets layer (SSI.) virtual private network (VPN) environment, for each channel that may have to be established, a network administrator may have to establish different configuration. In order to establish two different sessions, two separate secure channels may have to be established. In an example, a new mail application client has been added to a handset In order to communicate with the mail application server, which is located within the firewall of an enterprise, the network administrator may have to create a new secure channel. Thus, in a typical SSL VPN environment, a user may have to establish multiple sessions, which may require multiple sign-on and may cause the enterprise to be more susceptible to security risk. The SSL VPN environment is not only inconvenient for the user but this type of environment may also require more human resources to manage the security of the enterprise ^' s network environment. [00406] To minimize the number of secure channels that may be created, an Internet Protocol (IP) Security Gateway may be employed instead of an SSL. in an IF Security VPN environment, one or more application clients on a handset may interact with application servers via one secure channel by

tτa\ ctsHig through an IP Security Client 2014 and an IP Security Gateway 2030 To establish the secure channel the usei ma\ first ha\ e to pro\ κlc authentication data (c g , us»er name, password, etc ) Once the secure channel has been established, the user may also be burdened with the responsibility of authenticating each time a different application chent is utilized in other words, each application client raa> he indiv idually eonfiguied to communicate with its eon expanding application sen ei v ia a diffeteni. ϊP addiess

[00407] In an example, CRM application client 2006 wants to mtetact with application server

2026 if a secure channel 20S4 has not been established, then the usei may to first ptmide authentication data Once secuie channel 2084 has been established the usei may then e to provide additional authentication data in oidet to enable CRM application chent 2006 to internet with CRM application sen er 2026

[00408] In addition, a new secuie channel and te-authenUeation may have to occur each time a session it _* dropped In an example, tf a user is mobile whrle in a session, the user may encounter a risk of being accidentally dropped from a session if the connection is lost For example, a usei. connected \ ia a W i~Fi network, may tt averse outside of the Wi-I i network The session may be dropped and the user ma> ha\ e to establish another session, such as a cellular connection, for example \s a result, the user ma\ become burdened with the incoiix enience of establishing a new session and also may become ftustrated with the limited mobmt)

[0040°-] To show how an application client ma> intesaet with an application server, pnor art Fig

2! is ptovided Fig 21 is a prior art How chart illustrating the method foi enabling an application client to communicate with an application sen ei m an IP Security VPN environment Fig 21 is» discussed in i elation to Fig 20

[00410] ( onssdei the situation wheiem, foi example, a usei of handset 2000 wants to einpiov mail application client 2008 to send an email

[ 0041 1 ] λt a fn s. step 2102, emaii data tiaffic is sent to the appl ication set \ ei In an tjxaniple. mail application client 2008 mav send email data packets to mail application sener 2028 withm enteφπse 2090

[00412] At a next step 2104, the email data traffic is iecen ed by the IP Secυrm Chent 2014. winch may perform a check to deteimine how to ioute Oi e traffic In other words. IP Secuπtv Client

2014 may analyze each packet to deteimine if the packet is intended for enteipnse 2CKK) IP Security

Client 2014 identify the recipient of the packet by analv/nig the IP address and the port number that is located within the packet

[004 S3J If the recipient of the email data traffic ss not one of a plurality of application servets within enteφπse 2090, then at a next step 21 Oo IP Secuntv Client 2014 raav either drop the ttaffic oi rnav dnect the email traffic to a server, which i.s not located inside enteipitse 2090 How an email tea flic that is not intended fot an application senei within euleipπse 2090 is handled mav depend upon Client 2014 mav have been confrguied to handle the πoπ-enferpπse data teaffic

[00414] If IP Secuπt\ Client 2Oi 4 detei mines that the data Uaffte is intended for an application senei that is located with in entei prise 20 ¹ X), then at a next step 2108, IP Seeuiitj Client 2014 ma> encnpt each data packet befoie forwarding the data packet I he process of encr> ption each data packet may lequπe handset 2000 to have sufficient CPU processing power Further, the requirement that each data packet be enciypted in an TP Seeuntv VPN environment mav cause latency issue m a soice communication situation, such as a Voice o\ei IP (VoIP) telecommunication session In othei words voice quality dui ing the voice communication session may be hcvcrel) degraded resulting in a bad voice communication experience {e g , echo in the background, inaudible conversation etc )

[0041 s] At a next step 2 i 10, IP Security Client 2014 ma> then send the encnpted traffic to the intended application seise? along secuie channel 2084 As mentioned abose. a secure channel has to be Ci eated each time a new application is being empio\ eci In an example, IP Secui it\ Client 2014 ma) send the cncispted traffic thiough network 2050 and firewall 2040 to IP Secuurv Gatevvas 2030 of entci prise 2090

[00416j At a next step 21 12 IP Secuπiv Gatewav 2010 mav peifoim a check to detennme how to route the Uaffic Similai to IP Secυutv Cheat 2014, IP Security Gatevva\ 2030 ma> anal>^e each packet to deteimme if the packet is intended fot eπteφutie 2090

[ 00417] If secυπt\ packet has been receix ed. at a next step 21 14, IP Secuπtv Gatewav 2030 ma\ diop the packet

[004] S] If the data packet is an encrypted IP .security data packet then at a next step 21 16, IP

Secuπtλ Gateway 2030 may deαypt tiie traffic

[00419] Once the packet has been decrvpted, W Secutity 2030 ma> then analv/e the packet to identifS the IP address and poit numbei of the mg application sen er At a next step

2! ! 8, W Security Gateway 2030 may forward the data packet to the appropriate application server

{e.g.. mail application server 202S).

[0042Oj The method described in steps 2102 through 21 i 8 is a continual process and may be performed for each packet that is being sent by an application client.

[004211 There are several disadvantages to the prior art, In an example, a different configuration may have to be performed for each new application client that may be added to a user's handset As new application client is added, the management of the various different application clients and their corresponding application servers may result in a more complex networking environment, which may become costly to maintain. Abo, users become burden with the responsibility of performing multiple authentications, Ui us requiring the users to remember a plurality of authentication data.

Further, the benefit from operating within an IP Security VPN environment is diminished by requiring data traffic to be encrypted resulting in an increase cost in hardware (e.g., handset has to have sufficient CPU processing power) and increased latency. In addition, the user may become frustrated with the limited mobility that may be provided each time a session is lost and the user has to re-establish the connection and re-authenticate.

[00422] Tn one aspect of the invention, the inventors herein realized that the prior art architectural arrangement of multiple authentications and/or multiple secure channels may be consolidated to create a single sign-on environment.

[00423] In other words, the inventors realized that by configuring each application to direct its data traffic through a single application (e.g., DiVitas client) and a single server (e g., DiVitas server), daia traffic from a plurality of applications may be sent via a single secure channel without requiring the user to perform multiple authentications. In addition, session loss may be substantially reduced without sacrificing mobility.

[00424] In accordance with the embodiments of the invention, a mobility architectural arrangement is provided by implementing a DiVitas protocol proxy (DPP), In an embodiment, the

DPP may include a client DPP and a server DPP.

[00425] In an embodiment of Ui e invention, Ui e handset may include a mobility client (e.g.,

DiVitas client), which may include a client DPP to manage the connectivity between the handset and the mobility server (e.g., DiVitas server}. In an embodiment of the invention, the mobility server mav include a server DI ⁵ P to manage the connectivity between the mobility server and the handset.

In an embodiment of the invention, the client and server DPP may include a plurality of sub- client/server DPPs for managing different types of protocols (e.g., SIP. SMTP, etc.). [00426] TϊT. an embodiment of the invention, a DPP enables the establishment of a single secure channel from which each application client may interact with its corresponding application server. Since each application is routing its data traffic through a common DPP, the DPP may now manage connectivity between the handset and the mobility server. Connectivity information may include establishing a secure channel between the handset and the mobility server via a control protocol, such as SiP (session initiation protocol). Connectivity information may be employed to determine when and how to connect the handset. In addition, connectivity information may also include when to perform a handoff from one network to another network (e.g., from a Wi-Fi network to a cellular network), thereby enabling a seamless transition between different networks. [ 00427] The features and advantages of the present invention may be better understood with reference to the figures and discussions that follow,

[00428] Fig. 22 shows, in an embodiment of the invention, a simple block diagram of a mobility architectural arrangement. In a mobility architectural arrangement 2200, a handset 2202 is interacting with a Di Vitas server 221 S (e.g., mobility server) within an enterprise 2216. Handset 2202 may include a Di Vitas client 2204 (e.g., mobility client) and a plurality of application clients (2206 and 2208) In an embodiment of the invention, DiVi tas client 2204 may include a client DPP to manage the connectivity between the handset and the mobility server, [00429] Unlike the prior art, application client 2206 and application client 2208 are not configured to directly interact with their corresponding application servers (2220 and 2222), Instead, the various different configurations for each of the application clients may be simplified, in an embodiment, to direct all data traffic to a single local IP host 2210 (e.g., IF address of 127.0,0.1 ) that is associated with DiVi tas client 2204. In other words, data traffic from application clients 2206 and 2208 may now be configured to be routed to Di Vitas client 2204 via APIs 2212 and 2214. From DiVi tas client 2204, all data traffic may then he routed through DiVi tas server 2218 within enterprise 2216 via a network 2224 (e.g., internet), ϊn an embodiment of the invention, DiVitas server 221 S may include a server DPP to manage the connectivity between the handset and the mobility server. Once Di Vitas server 2218 has received the data traffic, DiVitas server 2218 may then route the traffic appropriately to the corresponding application server (2220 and 2222) via an API (2232 and 2234).

[00430] Consider the situation wherein, for example a uses of handset 2202 wants to send an email by employing application client 2206 Since application client 2206 has been configuicd to send all data traffic to local host 2210, the data tiaffic from application client 220b ss sent \ sa 4PI 2212 to local IP host 2210, which is associated with DiVnUs client 2204 [00431 1 L 'pon i cccn rag the tiaflϊc fiom application client 2206. Di Vitas client 2204 ma> encapsulate the tiaffic mside a SlP Notify Message using a Ds Vitals Data Exchange (DDXϊ λs discussed herein. DDX refeis to a protocol tbi transpoiting data packets between a handset and a sen ei In encapsulating the data packet, the DDX add a new tag which add mfoimation about the application client that is sending the data traffic

[00432] Lnhke the psior ait, not al! data packets ate enciypted Instead, whether oi not a data packet is enenpted may depend upon the pieferenee as dictated b> the application client In an embodiment of the imeπtioii the newlv added DDX LS encι> pted Once the data packet has been encapsulated inside the SlP iSotjfy Message the encapsulated data packet ma> now be forwarded along a secure channel 2250, which include tia versing through network 2224 to be received by Di Vitas sen er 2218 Note that if the enterprise ss protected by one or more security modules (c g , firewall 2226), then the data packet ma\ also haxe to traxerse through one or more security modules [004> >| Once the data packet has been reeeixed b> DiVitas sener 2218. Di Vitas sener 2218 ma> employ the DDX tag to retτie\ e the location of the application server In ati example, the DDX tag rnav include an identification nυmbei (e g , MAC address, port address), which mav indicate which application ser\cι (e g , application ses\ et 2220) within the entetpπsc is the intended recipient of the data packet

[00434] In an embodiment, a mobiht> architectuial arrangement mav manage the connectivity between the handset and the mobility .server In au embodiment, the mobihtv architectural arrangement may employ a control protocol that LS common!) utilized bv a handset, such as SlP foi example

[0(435 j In a mobility aichitectuial anangemem, the user mav onlv have to perform the manual authentication once in older to establish the secuie channel In other words, once a secute channel has been established between the handset and the mobiiitj senei, another sectue channel does not have to be established each tune an application cheat (2206 and 2208} wants to mteiact with an application sener (2220 and 2222)

[00436] In an embodiment, the mobility architectural arrangement may also include a database, which may include authentication data for each application client Thus, each time a different application client is employed, in an embodiment, the mobility architectural arrangement may utilizes the authentication data that is specific to the application, which may be stored m the database, to automatically authenticate the user. From the perspective of the user, the mobility architectural arrangement is essentially a single sign-on environment.

[00437] Advantageously, the mobility architectural arrangement substantially streamlines the time and effort a network administrator may have to spend in configuring each application client. Instead of having to create a new secure channel each time a new application client is added to a handset, the network administrator may substantially eliminate this process by just configuring each of the application clients to interact with a local host. Further, with a single sign-on, the network administrator may be able to substantially reduce the time and cost associated with managing security.

[00438] The mobility architectural arrangement may be implemented as a rich or thin client. Fig. 23 shows, in an embodiment of the invention, a block diagram illustrating the mobility architectural arrangement, as a rich client. As discussed herein, a rich client refers to a mobility architectural arrangement in which the client DPP and server DPP not only manage the various different applications but may also provide support for at least one or more application client functionality (e.g.. a voice application client, an instant messaging application client, email application client, etc. }.

[00439] Consider the situation wherein, for example, a user of a handset 2302 wants to employ a mail application client 2310 (e.g., Microsoft® Outlook, etc.) to retrieve an e-mail from a mail application server 2326 (e.g., Microsoft® Exchange Server, etc.) that is located within an enterprise 2318. Fig. 23 will be discussed in conjunction with Fig. 24. Fig. 24 shows, in an embodiment of the invention, a simple flow chart illustrating an example of a method for employing a mobility archi tectural arrangement.

[00440] At a first step 2402, application client may send data traffic to a local host of a Di Vitas client. In a mobility architectural arrangement, application client 2310 has been configured to route its data traffic through a local host 2308, which is located within a Di Vitas client 2304. in an example, application client 2310 may send an SMTP (simple mail transfer protocol) data packet

23 ! 2 over TCP-IP to DiVitas client 2304. SMTP data packet 2312 may be received by au SMTP proxy client 2306 (e.g , sub-client DPP), which is located atDi.Vi.tas client 2304. [0044 SJ TϊT. an embodiment, a client DPP may include a plurality of sub-client DPPs. The type of proxy client that may be employed to handle the data traffic may depend upon the type of application client, In an embodiment of the invention, the data packet may include a port number, which is unique to an application client, ϊn an example, SM TP data packet 2312 includes the following data ^■••• 127.0,0.1/25. in this example, the number 127.0.0.1 is an ϊP address, which is specific to local host 2308 and the number 25 refers to a port number, which in this example is associated with SMTP proxy client 2306.

[00442] At a next step 2404, the data traffic may be encapsulated as a SlP Notify Message with a DDX tag. ϊn other words, upon receiving data packet 2312, DiVitas client 2304 may reformat SMTP data packet 23] 2 into a SJP data packet 2330 (such as a SIP Notify Message) that is transferable over the handset's control protocol such as STP. Tn an embodiment of the invention, SIP data packet 2330 may include the original data packet (e.g., data packet 2312) with a DDX header 2330a and a SlP header 2330b. As aforementioned, the ODX header may include a unique identification number that is unique to an application server, In an embodiment of the invention, the unique identification number may be generated based on the port number that was included in the SMTP data packet. In an embodiment of the invention, an additional tag may be included in the formatted data packet to identify how the formatted data packet may be transported, In an example, transport protocol tag 2330c may be a UDP-IP transport tag.

[00443] In an embodiment of the invention, one or more parts of SIP data packet 2330 may be encrypted, In an embodiment, the DDX part is encrypted even if the rest of the data packet is not. [00444] At a next step 2406, the DiVitas client may send the data packet to the DiVitas server. Once data packet 2312 has been reformatted into SlP data packet 2330 (e.g.. encapsulated as a SlP Notify Message), SiP data packet 2330 may be sent via a secure channel 2350 through a network 2314 and/or a firewall 2316 to a Di Vitas server 2320.

[00445] At a next step 2408, the DiVitas server may check to determine if the incoming data packet is a SiP Notify Message. If the incoming data packet is not a Sip Notify Message, then at a next step 2410, the data packet may be dropped.

[00446] However, if the incoming data packet is a SiP Notify Message, then at a next step 2412, the DiVitas server may identify the intended proxy server by checking the DDX tag. In an

embodiment, the DiVitas server may have to decrypt the DDX packet in order to read the information stored m the DDX packet. In an example, based on the unique identification number in the DDX tag., DiVitas server 2320 knows to route data packet 2330 to SMTP proxy server 2322. In an embodiment of the invention, a server DPP may include a plurality of sub-server DPPs In an embodiment of the invention, the type of proxy server that may handle the incoming traffic may depend upon the type of data traffic,

[00447] At a next step 2414, the data packet may be routed to the proxy server. Since SϊP data packet 2330 is an SMlT data packet, formatted data packet is handled by SMTP proxy server 2322 (e.g., sub-server DPP), which is located inside Di Vitas server 2320.

[00448] At a next step 2416, the data packet is routed to the intended application server, In an embodiment of the invention, SMTP proxy server 2322 may convert SIP data packet 2330 into a format that is acceptable by the receiving application server. In an example, SiP data packet 2330 may be converted from a SIP notify message into an SMTP data packet 2328. Also, the DDX part may be dropped Further, the transport protocol may be changed from UDP-IP to TCP-IP, which may be better employed to deploy email data traffic to the respective application server (e.g., mail application server 2326) via API 2332.

[00449] The method steps described in Fig. 24 does not show the encryption and/or decryption of a data packet. In an embodiment, the data packet may be sent without being encrypted The requirement for encryption may be optional and may depend upon the user's requirement. In an embodiment, part or the entire data packet may be encrypted. In an example, the DDX part may be encrypted but the rest of the data packet may remain unencrypted. The optional encryption enables less processing power to be utilized and a decrease in latency that is usually associated with encrypted data packets.

[00450] As can be seen from Fig. 23 and 24, the rich mobility architectural arrangement may act as a mobility manager enabling application clients of a handset to interact with application servers within a single sign-on environment. Further, the rich mobility architectural arrangement may include functionality for converting data packets from a variety of applications into data packets that are capable of being transported by the control protocol and transport protocol that is specific to the secure channel that has been established,

[00451 ] In an embodiment of the invention, the mobility architectural arrangement may be implemented as a thin client, as shown in Fig. 25 In a thin mobility architectural arrangement, the

client DPP and the server DPP may be employed only as mobility managers {e.g., manage the connectivity for the applications) and may not provide support for at least one or more application functionalities.

[00452] Consider the situation wherein, for example, a user of a handset 2500 wants to call a fπend. The user may employ a telephone application client 2508 (e.g., VoIP, etc.) to make his telephone call. Assume in this example that a secure channel 2550 has already been established between a DiVitas client 2502 and a Di Vitas server 251 S, which is located within enterprise 2530. [00453] To establish the telecommunication session, telephone application client 2508 may send a data packet 2512 (e.g., SϊP/UD-IP) to a local host 2510 within DiVitas client 2502. As mentioned above, a plurality of proxy clients may reside within DiVitas client 2502 to support the various different application clients, In an example, a SlP proxy client 2504 may be located within DiVitas client 2502 to handle data packets from telephone application client 2508.

[00454] Upon receiving data packet 2512, SlP proxy client 2504 may analyze the data packet to determine how to route the packet. As aforementioned, the date packet that may be sent to a DiVitas client may include a port number (e.g.. 5060, etc.) that may be unique to an application server. With this information, DiVitas client 2502 may route data packet 2512 through network 2514 and firewall 2528 to DiVitas server 2518, In an embodiment, a data packet does not have to be converted if the data packet is already in a format that is mutable by a DiVitas client. In an. example, data packet 2512 is in a SfP/UDP-ϊP format, which is the format that OiVitas client 2502 may employ to route its data traffic.

[00455] In an embodiment, a plurality of proxy server may reside within a DiVitas server. Tn an example, a STP proxy server 2532 may reside within DiVitas server 2518 to manage the incoming data traffic from telephone application client 2508. Since data packet 2512 has been sent from telephone application client 2508, the data packet is handled by SIP proxy server 2532. Upon receiving data packet 2512, SiP proxy server 2532 may forward data packet 2512 along a path 2522 to a destination telecommunication device (e.g., telephone, etc.) via a telephone gateway 2520 (e.g.. PSTN, GSM, CDMA, etc.). Once a telecommunication session has been established between handset 2500 and the destination telecommunication device, the other data packets 2530 (e.g., RTP data packets, etc.) that may be sent by telephone application client may be sent along path 2560 through secure channel 2550 to DiVitas server 2518 without having to go through DiVitas client 2502.

[00456] ϊπ a thin mobility architectural arrangement, the purpose of establishing a telecommunication session with the aid of a DtVitas client is to enable the application client to fake advantage of the mobility functionality of the DiVitas client. In other words, a control center lias been established between the DiVitas client and the Di Vitas server to monitor the connectivity of the application client. By establishing this relationship, the DiVitas client and the Di Vitas server may be able to share its connectivity status and be able to seamlessly handle roaming when the situation arises.

[00457] In an example, the user in the above situation is currently connected through a Wi-Fi network. During the telephone conversation, the user may roam outside of the Wi-Fi network. In the prior art, the connection may be dropped and the user may have to rediai. However, in a mobility architectural arrangement, the connectivity status of the user's handset has been monitored and the DiVitas cheat and DiVitas server may perform a seamless network switch (e.g , from Wi-Fi to a cellular network) without the user being aware of the change.

[00458] Advantageously, a thin mobility' architectural arrangement may be implemented by an enterprise that may have already invested a large sum of money into a plurality of application and may only need a mobility manager. Thus, the enterprise may be able to take advantage of the mobility manager capability of the mobility architectural arrangement without having to restructure tts telecommunication infrastructure

[00459] As can be appreciated from embodiment of this present invention, the mobility architectural arrangement with DPP provides a mobility manager capable of streamlining the telecommunication infrastructure In other words, the mobility architectural arrangement provides a single sign-on environment. In an example, instead of multiple secure channels into an enterprise, the same functionality may be achieved with a single secure channel. With a single sign-on environment, the cost and effort of managing the telecommunication infrastructure may be substantially reduced. Further, the mobility architectural arrangement enables connectivity to be monitored and seamlessly handled without negatively impacting the user's telecommunication experience.

[00460] F. Conclusion

[ 00461 ] While th is invention has been described in terms of several preferred embodi merits, there are alterations, permutations, and equivalents, which fail within the scope of this invention. It should also be noted that there are many alternative ways of implementing the methods and

apparatuses of the present invention. Furthermore, embodiments of the present invention may find utility in other applications The abstract section is provided herein for convenience and, due to word count limitation, is accordingly written for reading convenience and should not be employed to limit the scope of the claims. It is therefore intended that the following appended claims be interpreted as including all such alternations, permutations, and equivalents as fall within the true spirit and scope of the present invention.