Described herein are systems, methods, and software to manage private networks for computing elements. In one example, a computing element may obtain credential information associated with a user and generate a public-private key pair for the computing element. The computing element may further communicate the public key from the pair with metadata to a coordination service to register the computing element at the coordination service. Once registered, the computing element may receive communication information associated with one or more other computing elements that permit the computing element to communicate with the other computing elements.

The present disclosure presents a system, method and apparatus herein enabling secure coupling of a computing device, such as a mobile device with an endpoint, such as an application server. The computing device can include any electronic device such as a computer, a server, an application server, a mobile device or tablet. The endpoint can be any electronic device as well that is located within an enterprise network. In at least one embodiment, the secure coupling of the mobile device with a computing device can include a security gateway server. In one example, the security gateway server can be a tunnel service server. In another embodiment, an application server can include a tunnel service module to provide the secure coupling with the mobile device.

Systems and methods for communicating between a first and a second peer using interactive connectivity establishment (ICE) protocol, the first and second peers sharing a symmetric network address translation (NAT) having wireless isolation enabled and no support for hair-pinning. At a first Traversal Using Relay NAT (TURN) server designated as a relay candidate by a TURN Virtual Internet Platform (VIP), it is determined that a first port allocated by the symmetric NAT for a first request for communication initiated by the first peer and directed to the TURN VIP, is different from a second port allocated by the symmetric NAT for a first packet transmitted from the first peer to the first TURN server, based on a first indication. The second port is mapped to the first port. Using a similar port mapping for the second peer, peer-to-peer communication between the first and second peers is enabled.

A virtual desktop server include an application framework comprising a real-time media application to provide real-time communications (RTC), a native RTC engine to execute a portion of the real-time media application when received, and a processor coupled to the application framework and to the native RTC engine. The processor redirects original application program interfaces (APIs) of the real-time media application intended for the native RTC engine based on redirection code injected into the real-time media application so that the portion of the real-time media application is to be redirected. The processor receives from a client computing device capabilities of the client computing device to execute the redirected portion of the real-time media application. The processor switches to a fallback mode if the client computing device has limited capabilities.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

A method and system for advanced alias domain routing are disclosed. According to one embodiment, a computer implemented method comprises receiving an incoming message from a first unified communications server, the incoming message comprising source address data, destination address data, and digital content. A real address of a destination address is computed by using the source address data, and an alias address of a source address is computed by using the destination address data. The incoming message is processed, wherein processing the incoming message includes enforcing policies. An outgoing message is generated comprising the digital content, the real address and the alias address. The outgoing message is transmitted to a second unified communications server.

A telecommunication device for real-time communication at a border between a global transport network and a private domain of a communication network may include a proxy for a communication protocol, means for traffic using real-time communication protocols to traverse a firewall, means for real-time traffic initiated by the communication protocol to traverse a firewall, means for measuring and collecting value information about the real-time traffic over the global transport network, means for creating mutual trust between the telecommunication device and a second device with which it communicates; and means for authorizing usage of a feature for a mutually trusted communication participant.

In one embodiment, an endpoint in a network sends a Session Initiation Protocol (SIP) registration request to a device. The device generates a first key using information included in the SIP registration request. The device also writes the first key to a storage location accessible by a Traversal Using Relays around Network address translators (TURN) server. The endpoint generates a second key based on the information included in the SIP registration request. The endpoint sends an allocate request to the TURN server that includes the second key. The TURN server authenticates the endpoint based in part by comparing the second key to the first key. The endpoint receives an allocate response from the TURN server, after the TURN server authenticates the endpoint.

A system and method is disclosed to transform Over-The-Top (OTT) call log data collected by telecommunications network operators into a peer-to-peer log in order to determine more accurate information. In this method the IP addresses in the call log records are compared to a list of known mediator server IP addresses and the records in the log that contain mediator server IP addresses are removed from the log to create a peer-to-peer log containing only those records that contain peer IP addresses. The data in the peer-to-peer log can then be categorized with confidence to determine network performance information as well as, for example, the percentage of traffic to a particular country. Conclusions may then be inferred regarding the removed data records based upon the data found in the peer-to-peer log.