Computer system, a telecommunication device and a telecommunication network

Abstract

A telecommunication network 20 configures a telecommunication device 11 and makes and controls communication connections between telecommunication devices. The telecommunication network 20 is configured such that, in use, on initiation of the telecommunication device 11, such as an Internet Protocol telephone or video telephone, a telecommunication device identifier to identify the telecommunication device 11 is output to a computer system or provisioning server 41 via the Internet 10. The computer system 41 receives the telecommunication device identifier and, in response, outputs to the telecommunication device 11, via the Internet 10, an indication of a telecommunication device control system or PBX 12 for use by the telecommunication device 11. The telecommunication device control system 12 is subsequently usable by the telecommunication device 11 to make and control communication connections between the telecommunication device 11 and other telecommunication devices.

Claims

1. A first computer system for providing to a telecommunication device a first indication of a telecommunication device control system for use by the telecommunication device, the first computer system being configured to connect to the Internet, the first computer system comprising: at least one hardware processor configured to: receive from the telecommunication device, via the Internet, a telecommunication device identifier to identify the telecommunication device; select the telecommunication device control system for use by the telecommunication device, wherein the telecommunication device establishes communication control between the telecommunication device and other telecommunication devices; and output to the telecommunication device, via the Internet, in response to the telecommunication device identifier: the first indication of the telecommunication device control system for use by the telecommunication device; or a second indication of a gateway usable to reach the telecommunication device control system for use by the telecommunication device; or a third indication of a second computer system for providing to the telecommunication device a fourth indication of a telecommunication device control system for use by the telecommunication device, wherein the at least one hardware processor is further configured to: verify the telecommunication device identifier; in response to determining that the telecommunication device identifier is not recognised following the verification: generate a fifth indication that the telecommunication device identifier is not recognised; generate a token to identify a user of the telecommunication device; provide a sixth indication to the telecommunication device for a user of the telecommunication device to enter the token following the generation of the fifth indication that the telecommunication device identifier is not recognized; receive the token from the telecommunication device; and following receipt of the token and the telecommunication device identifier from the telecommunication device, bind with the telecommunication device identifier one of: the user's account; or the first indication of the telecommunication device control system; or the second indication of the gateway usable to reach the telecommunication device control system.

2. The first computer system according to claim 1, wherein the telecommunication device comprises an Internet Protocol telephone or video telephone.

3. The first computer system according to claim 1, wherein the telecommunication device control system comprises a private branch exchange (PBX).

4. The first computer system according to claim 1, wherein the telecommunication device identifier comprises an eighth indication of a location of the telecommunication device.

5. The first computer system according to claim 4, wherein the at least one hardware processor is further configured to use the eighth indication of the location of the telecommunication device to select the first indication of a telecommunication device control system for use by the telecommunication device to output, the second indication of a gateway usable to reach the telecommunication device control system for use by the telecommunication device; or the third indication of the second computer system for providing to the telecommunication device the fourth indication of a telecommunication device control system for use by the telecommunication device.

6. The first computer system according to claim 1, wherein the telecommunication device identifier comprises one or more of: a hardware identifier, such as a MAC address or serial number, and optionally a password; a user-supplied username, and optionally a password; or an identifier provided by a smart card or a biometric reader, and optionally a password.

7. The first computer system according to claim 1, wherein the first indication of a telecommunication device control system for use by the telecommunication device, the second indication of a gateway usable to reach the telecommunication device control system for use by the telecommunication device and/or the third indication of the second computer system for providing to the telecommunication device the fourth indication of a telecommunication device control system for use by the telecommunication device comprises an Internet Protocol address.

8. The first computer system according to claim 1, wherein the first indication of a telecommunication device control system for use by the telecommunication device, the second indication of a gateway usable to reach the telecommunication device control system for use by the telecommunication device and/or the third indication of the second computer system for providing to the telecommunication device the fourth indication of a telecommunication device control system for use by the telecommunication device comprises a domain name system name.

9. The first computer system according to claim 1, wherein the token comprises at least one of eight or twelve digits.

10. The first computer system according to claim 1, wherein the token comprises one or more check digits.

11. A first computer system for providing to a telecommunication device a first indication of a telecommunication device control system for use by the telecommunication device, the first computer system being configured to connect to the Internet, the first computer system comprising: at least one hardware processor configured to: receive from the telecommunication device, via the Internet, a telecommunication device identifier to identify the telecommunication device; select the telecommunication device control system for use by the telecommunication device, wherein the telecommunication device determines communication control between the telecommunication device and other telecommunication devices; and output to the telecommunication device, via the Internet, in response to the telecommunication device identifier: the first indication of a telecommunication device control system for use by the telecommunication device; or a second indication of a gateway usable to reach the telecommunication device control system for use by the telecommunication device; or a third indication of a second computer system for providing to the telecommunication device a fourth indication of a telecommunication device control system for use by the telecommunication device, wherein the telecommunication device identifier comprises a fifth indication of a geographical location of the telecommunication device, and wherein the at least one hardware processor is further configured to use the fifth indication of the geographical location of the telecommunication device to select the first indication of a telecommunication device control system for use by the telecommunication device to output, the second indication of a gateway usable to reach the telecommunication device control system for use by the telecommunication device; or the third indication of the second computer system for providing to the telecommunication device the fourth indication of a telecommunication device control system for use by the telecommunication device, and in response to determining that the telecommunication device identifier is not recognized, generate a sixth indication that the telecommunication device is not recognized and generate a token to identify a user of the telecommunication device.

12. A telecommunication device for receiving a first indication of a telecommunication device control system for use by the telecommunication device, the telecommunication device being configured to connect to the Internet, the telecommunication device comprising: at least one hardware processor configured to on initiation: output to a second computer system, via the Internet, a telecommunication device identifier to identify the telecommunication device; select the telecommunication device control system for use by the telecommunication device, wherein the telecommunication device establishes communication control between the telecommunication device and other telecommunication devices; and receive from the second computer system, via the Internet, in response to the output of the telecommunication device identifier: the first indication of a telecommunication device control system for use by the telecommunication device; or a second indication of a gateway usable to reach the telecommunication device control system for use by the telecommunication device; or a third indication of a third computer system for providing to the telecommunication device a fourth indication of a telecommunication device control system for use by the telecommunication device, and in response to determining that the telecommunication device identifier is not recognized, generate a fifth indication that the telecommunication device is not recognized and generate a token to identify a user of the telecommunication device; wherein the telecommunication device identifier comprises a sixth indication of a geographical location of the telecommunication device, wherein the sixth indication of the geographical location of the telecommunication device is used by a first computer system to select the first indication of the telecommunication device control system for use by the telecommunication device, the second indication of a gateway usable to reach the telecommunication device control system for use by the telecommunication device; or the third indication of the third computer system for providing to the telecommunication device the fourth indication of the telecommunication device control system for use by the telecommunication device to output.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) The invention will be described in more detail, by way of example, with reference to the accompanying drawings, in which:

(2) FIGS. 1, 2 and 3 (prior art) are schematic diagrams of known telecommunication networks;

(3) FIG. 4 is a schematic diagram of a telecommunication device, computer system and telecommunication network embodying an aspect of the present invention;

(4) FIG. 5 is a flow diagram illustrating the operation of the telecommunication network of FIG. 4; and

(5) FIG. 6 is a schematic diagram of a telecommunication device, computer system and telecommunication network of another embodiment of an aspect of the present invention.

DETAILED DESCRIPTION

(6) Embodiments of the invention will now be described with reference first to FIGS. 4 and 5.

(7) FIG. 4 illustrates a telecommunication network 20 for configuring a telecommunication device in the form of an IP telephone 11 and making and controlling communication connections between telecommunication devices such as other IP telephones (not shown). The telecommunication network includes the telecommunication device or IP telephone 11, a computer system for providing to the telecommunication device an indication of a telecommunication device control system for use by the telecommunication device in the form of provisioning server (PS) 41, and a telecommunication device control system in the form of PBX 12. The telecommunication device control system makes and controls communication connections between the IP telephone 11 and other telecommunication devices or IP telephones. All of these components are connected via the Internet 10.

(8) The provisioning server 41 is created on the public Internet. Typically, it is not run by the organisation or company owning the IP telephone 11 or the IP PBX 12. They may be run by the manufacturer of the IP telephones, or by an independent organisation. They are trusted by the IP telephones to provide the necessary information to reach the PBX or a gateway belonging to the company that owns the IP telephone. The IP telephone 11 locates a provisioning server 41 using any of the methods described below such as resolving a well-known name using a DNS server 31. The provisioning server then provides information to the telephone in order for it to connect to the correct PBX 12.

(9) In summary, as illustrated in the flow diagram 100 of FIG. 5 and with reference to FIG. 4, the telecommunication device or IP telephone 11, on initiation, during booting or start-up, outputs to the computer system or provisioning server 41, via the Internet 10, a telecommunication device identifier to identify the telecommunication device (step 102 of FIG. 5). The computer system or provisioning server receives from the telecommunication device or IP telephone, via the Internet, the telecommunication device identifier (step 104 of FIG. 5). In response, it outputs to the telecommunication device or IP telephone, via the Internet, an indication of a telecommunication device control system or PBX for use by the telecommunication device (step 106 of FIG. 5). The indication of the PBX is received from the computer system or provisioning server at the IP telephone (step 108 of FIG. 5). In this way, the telecommunication device control system or PBX is subsequently usable to make and control communication connections between the telecommunication device or IP telephone and other telecommunication devices or IP telephones.

(10) The provisioning server may be a single computer or a plurality of computers on a network. The PBX may also be a single computer or a plurality of computers on a network or it may be implemented in dedicated hardware.

(11) In more detail, the start-up or initiation procedure of the IP telephone 11 or telecommunication device is as follows.

(12) When initially plugged in to an Ethernet socket, the IP telephony device 11 obtains standard IP configuration from the local network to which it is connected, for instance using DHCP or IPv6 RS messages.

(13) The IP telephone 11 then discovers the IP address of a provisioning server 41. This may be done using several methods as set-out below.

(14) For example, standard IP configuration may provide the location of a DNS service. DNS is used to resolve a well-known name to an IP address. Alternatively, the same DNS mechanism may be used, but the DNS server may use the IP address of the IP telephone 11 to enable it to respond with the geographically nearest provisioning server. Alternatively, the DNS server may be given an Anycast address and may be configured to reply with the geographically nearest provisioning server. Anycast is a network addressing and routing system in which data is routed to the topologically nearest node of a group identified by the same address. Alternatively, the provisioning server may be given an Anycast address and the IP telephone may be preconfigured to know this address.

(15) The IP telephone 11 then establishes a communication connection with the provisioning server 41 using this IP address. Communications via this communication connection may be encrypted using public-key cryptography in order to protect the identity of the IP telephone, the user and the IP PBX 12.

(16) The IP telephone then supplies identification information in the form of a telecommunication device identifier to identify the telecommunication device to the provisioning 41 server. This may take several forms, such as: a hardware identifier, such as a Media Access Control (MAC) address, digital certificate or serial number and optionally a password; or a software identifier such as a user-supplied username or email address and optionally a password, or an identifier (and optionally a password) provided by a smart card or a biometric reader.

(17) The provisioning server 41 then looks up the identification information supplied by the user to determine the possible addresses of the PBX associated with that device or user.

(18) If the request from the IP telephone 11 is authenticated then it checks that the authentication matches. This may be carried out locally by the provisioning server, or it may delegate that operation to the PBX or another device by establishing a communication connection and requesting authentication. In one possible arrangement, the look-up is authenticated using a digital certificate and the provisioning server 41 checks that the certificate is valid.

(19) As mentioned above, when the IP telephone 11 first contacts the provisioning server 41, it presents either a software identification (ID) (for example, username or email address) or a hardware identification (ID) (for example, a MAC address or a digital certificate). The provisioning server is preconfigured with the ID and the associated PBX 12 for it to respond by a user typing in the relevant information. In the case of a hardware ID, this manual data entry is prone to user error because, for example, a MAC address is 12 hexadecimal digits and has no check digit or checksum thus it is easy for a user to make a data entry error by, for example, typing 8 instead of B or 0 instead of C.

(20) An arrangement to address this problem is described below.

(21) In this arrangement, an administrator configures a user account on the provisioning server 41 and the provisioning server generates a token which identifies a user of a telecommunication device or IP telephone. In this example, the token is a human-readable (for example, it contains only decimal digits) and long (for example, it contains 8 or more digits, or 12 or more digits, but preferably 12 digits). The token includes one or more check digits to identify whether it is a valid token. The token is sent to the user by secure means (for example, by internal email or post).

(22) With this arrangement, when the IP telephone 11 boots or is initiated and makes a request using its hardware ID, the provisioning server 41 verifies or validates the request and if it does not recognise the request it responds with an indication accordingly to the IP telephone that it does not know the ID. The IP telephone then indicates to the user or makes a request to the user (typically, on its display) to enter the token. Once the user has entered the token typically using the IP telephone's keypad, the telephone sends the token and the hardware ID to the provisioning server which receives the token, validates the token, identifies the user, and then automatically binds or links that hardware ID with that user for future requests by binding the telecommunication device identifier to the user account or PBX for which the token was issued. Alternatively, the token may be time-limited and/or single-use only (for the first configuration only).

(23) Once the provisioning server 41 has received a valid ID or token, it returns to the requesting device (IP telephone 11) the IP address of the target PBX or a gateway which may be used to reach the target PBX. Alternatively, the provisioning server may return the domain name system name of the target PBX or a gateway usable to reach the target PBX. In other words, it outputs to the telecommunication device or IP telephone, via the Internet, an indication of a telecommunication device control system or PBX for use by the telecommunication device or an indication of a gateway to reach them or an indication of another provisioning server to which the device should repeat the request as described below with reference to the embodiment of FIG. 6.

(24) The provisioning server 41 may be provided with geographical or location information about the requesting IP telephone 11. This may be obtained using several methods, such as: geographical knowledge by the provisioning server 41 of public IP address allocations (that is to say, it uses the IP address of the IP telephone to determine the telephone's location); latitude/longitude provided in the request from the IP telephone (which may be retrieved by a global positioning system (GPS) receiver in the device, for example); or indications or identities (IDs) of local wireless networks or cell towers (mobile telecommunications masts) within range of the requesting device as provided by the device in the request.

(25) This extra information may be used by the provisioning server 41 to allow the requesting IP telephone 11 to be directed to the nearest entry-point into the target PBX's network. This may be a local connection to a distributed PBX, or may be a local gateway to the network of the customer.

(26) IP telephone 11 may also verify the trust of the provisioning server 41 in order to avoid unexpected connection to an attackers gateway which could be used to intercept calls. This trust is typically achieved using public key cryptography.

(27) Typically, an IP telephone 11 encrypts the channel over which provisioning information is carried. This prevents leakage of information such as the username of the connecting telephone. Leakage of this information could reveal the association between a person and a company or organisation. This trust may be established using a mechanism such as secure sockets layer (SSL) utilising the public key cryptography used to identify the provisioning server 41 as a trust mechanism.

(28) FIG. 6 illustrates another embodiment of the present invention. It is similar in many respects to the embodiment of FIG. 4 and like features have been given like reference numerals.

(29) In the embodiment of FIG. 6, like the arrangement of FIG. 4, the IP telephone 11 locates a provisioning server 41 using any of the methods described above such as resolving a well-known name using a DNS server 31. In contrast to the arrangement of FIG. 4, in the arrangement of FIG. 6, the provisioning server 41 then redirects the provisioning process to another provisioning server 51 which provides information to the IP telephone in order for it to connect to the correct PBX 12. Thus, an indication of another computer system for providing to the telecommunication device an indication of a telecommunication device control system for use by the telecommunication device is provided to the IP telephone.

(30) In other words, in the example of FIG. 6, the provisioning server 41 may choose to delegate the provisioning process to a sub-provisioning server (SPS) 51 to which it is in communication connection via the Internet 10. In this case, the initial provisioning server 41 instructs the IP telephone 11 to disconnect from the initial provisioning server then instead connect to the sub-provisioning server. This process may be repeated. In this way, instead of sending out an indication of a telecommunications device control system or gateway usable to reach the telecommunications device control system being output in response to a provisioning server receiving a telecommunication device identifier, an identifier or indicator of a delegated provisioning server or system may be output to the IP telephone 11. When the telephone receives the identifier of a delegated provisioning server or system, it restarts the provisioning process described above with this new system. Sub-provisioning servers may themselves each delegate to another sub-provisioning server. The ownership of the sub-provisioning servers may differ from the ownership of the initial provisioning server. A sub-provisioning server may be owned by the organisation that owns an associated PBX or group of PBXs.

(31) The system described has an initial provisioning server 41 that contains a database associating the identity of the IP telephone 11 with the address of either the PBX 12 to which the telephone needs to connect, or the address of a sub-provisioning server 51.

(32) As in the arrangement of FIG. 4, in the arrangement of FIG. 6, the telephone 11 is identified by a hardware identifier (MAC address or serial number) or a username or a digital certificate. In the case of a hardware identifier, a company or organisation may register their hardware identifiers with a central configuration database, providing the PBX or SPS address to configure the provisioning server.

(33) Interception attacks may be prevented by only allowing a hardware identifier to be registered once without intervention from a human administrator. Hardware identifiers may also be registered and associated with a customer account by the manufacturer or distributor of the IP telephone 11.

(34) In the case of a username as an identifier for an IP telephone 11, the name may be of a fixed format such as an email address. The name may be pattern matched (such as choosing the domain part of an email address) to identify the PBX or SPS address.

(35) In the case of a digital certificate as an identifier for an IP telephone 11, the Common Name or some other known identifier in the certificate may be used in a similar fashion to the username case described above.

(36) If more than one PBX 12 or SPS 51 is registered with a PS 41 or SPS 51 for a particular telephone identity, then the PS or SPS may decide based on geographical location information contained within the configuration request as to which PBX or SPS is returned in the configuration response.

(37) An IP telephone 11 utilising the provisioning features described herein, which was owned by managed offices could offer temporary connection to a corporate PBX via that telephone as part of an office rental in other word a public hot-desking arrangement.

(38) For example, an employee of a company or organisation may rent an office for a short period, that rental including use of a telephone 11 using the provisioning mechanism described above. The employee may then connect to the company's telecommunications system by identifying themselves using a hardware token such as a smart card or credentials such as a username and password. That telephone is then directed to connect to the company's telephone system and takes on the characteristics assigned by that company for the duration of the users residence in the rented office.

(39) Embodiments of the present invention have been described. It will be appreciated that variations and modifications may be made to the described embodiments within the scope of the present invention. For example, while embodiments have been described with reference to a telecommunication device in the form of an IP telephone, the telecommunication device may be an IP video telephone or videophone.