Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-12-10
2003-06-24
Smithers, Matthew (Department: 2134)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C380S257000
Reexamination Certificate
active
06584562
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The invention relates to the securing of a telephone link connecting two subscriber sets, that is to say in particular the protection of this telephone link against the pirating of the information exchanged between the two subscriber sets.
2. Description of the Related Art
In terms of hardware, a telephone link comprises various items of equipment such as network terminals, line terminals, subscriber lines, local switching centers and the public switched telephone network. When this telephone link is established by using a nonswitched telephone network (for example the Internet network) there is also provision for routing devices specific to this network.
More precisely, each subscriber set, for example a telephone set or a modem linked to a computer, is connected, by way of a subscriber tap, to a network terminal, consisting essentially, in terms of hardware, of a specific card, such as for example a so-called TNR card marketed by various companies such as ALCATEL, SAT, SIEMENS or PHILIPS. Each network terminal is linked by way of a subscriber line to a line terminal situated at a local switching center. In terms of hardware, the line terminal also comprises a specific card, in particular a TABN card marketed by these same companies, and comprising eight inputs/outputs so as to manage eight subscriber lines. The two local switching centers associated with the telephone link connecting the two relevant subscriber sets are mutually linked by a public switched telephone network.
Moreover, these two line terminals are also linked by way of specific routing devices connected to a nonswitched public telephone network (for example Internet). The person skilled in the art is aware that such a nonswitched public telephone network does not differ, in terms of hardware, from the public switched telephone network. It is in fact a virtual network which uses the hardware resources of the public switched telephone network when they are available. One speaks of a nonswitched telephone network since it does not employ the local switching centers to establish a fully defined and identified link for exchanging useful information between the two subscriber sets.
The transfer, exchange of data and of documents performed by means of these subscriber sets have, in the course of the present decade, become methods for routine communications between geographically remote individuals and/or entities. This worldwide process of electronic communication has been further accelerated in the course of recent years with the planet-wide development of the Internet network. Through these technologies, without the obvious intervention of an intermediary and almost in real time, the economic world exchanges and transmits information which may exhibit higher or lower degrees of confidentiality.
The current use of these new forms of communication has highlighted the problem of the securing of exchanges between opposite parties, that is to say between a sender and his intended recipient. One of the priority objectives of these is then to avoid it being possible for the information which they convey by way of the switched or nonswitched public telephone network to be picked up and used without their knowledge by third parties. A solution to this problem could consist in installing encryption/decryption means in the local network of each subscriber, that is to say upstream of the subscriber tap. In this case, the information exchanged between the two subscriber sets is encrypted end-to-end between each encryption/decryption means installed at the subscriber's local level. However, such a solution has numerous drawbacks.
It requires firstly that the encryption/decryption hardware, and the corresponding software implemented in this hardware, be fully mutually compatible. In practice, the hardware and the software will have to be almost identical. Now, this is difficult to achieve, having regard to the very large disparity which may exist between the various subscribers. Moreover, such a solution requires a third-party agency managing the allocation of the various encryption keys to the subscribers. Furthermore, the communicating of the encryption keys between this third-party agency and each of the subscribers must also be secure, this constituting an additional difficulty.
Finally, in the case in which a secure subscriber wishes to contact a nonsecure subscriber, the former must provide for means internal to his local network, which are capable of disconnecting his own encryption/decryption means.
SUMMARY OF THE INVENTION
Described herein is a system for securing of a telephone link between two subscriber sets, whether this telephone link be established on the switched telephone network or on the nonswitched network, for example Internet, and which is simple to manage at the level of the encryption keys used, and which leaves the entire network transparent and open in the event of an exchange of information between a nonsecure subscriber and a secure subscriber.
Also described is a securing system which adapts without any additional constraint, other than those already fixed by the telecommunication operator on the already existing network, whilst ensuring good security of the data transmitted.
In one embodiment, the system secures a telephone link-between two subscriber sets, this link being established by way of a switched telephone network or a nonswitched telephone network at the request of the calling subscriber.
According to one formulation, the system comprises:
two network terminals each comprising a specific input/output port to which is connected a subscriber set, network encryption/decryption means and a memory containing an identifier of the said port,
two line terminals mutually linked both by the nonswitched telephone network and by the switched telephone network, and linked furthermore to the two network terminals by two subscriber lines,
checking means connected to the switched and nonswitched telephone networks, able to verify the identifiers of the two relevant input/output ports and to deliver or not to deliver an encryption authorization signal,
generating means connected to the switched and nonswitched telephone networks, able in the presence of the encryption authorization signal to generate at least one encryption key, to vary it temporally in a pseudo-random manner, and to forward it to the network encryption means as well as to the checking means,
the network encryption means encrypting, between the two network terminals and on the basis of the encryption key, the useful information exchanged between the two subscriber sets, the information exchanged between the two call sets being transmitted unenciphered between each network terminal and the corresponding subscriber set.
Stated otherwise, the system provides for the installing in the network terminal of each secure subscriber, of encryption/decryption means capable of employing security protocols on the basis of encryption keys generated by generating means connected to the switched telephone network and to the nonswitched telephone network.
Moreover, the telecommunication operator is the sole owner of the solutions and of the technical hardware which he uses to secure his subscriber lines. In practice, he will install identical hardware and identical software in the various local switching centers and in the various network terminals. The problem of the compatibility of the encryption/decryption software used at the various sites of the telephone network is therefore automatically catered for.
Moreover, the checking means, for example a server connected both to the switched telephone network and to the nonswitched telephone network, caters for a dual function of verifying the identifiers of the two relevant input/output ports, and hence verifying that the two subscribers are registered with the secure service and also storage of the various encryption keys used in real time so that the operator can, for security reasons, ascertain in real time, if relevant, the encryption key used a
France Telecom
Meyerstons Eric B.
Meyerstons, Hood, Kivlin, Kowert & Goetzel, P.C
Smithers Matthew
LandOfFree
Device for securing a telephone link between two subscriber... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Device for securing a telephone link between two subscriber..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Device for securing a telephone link between two subscriber... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3150067