Telephonic communications – Call or terminal access alarm or control – Fraud or improper use mitigating or indication
Reexamination Certificate
2002-07-23
2004-03-02
Matar, Ahmad F. (Department: 2642)
Telephonic communications
Call or terminal access alarm or control
Fraud or improper use mitigating or indication
C379S196000, C379S198000, C379S200000
Reexamination Certificate
active
06700964
ABSTRACT:
TECHNICAL FIELD
The invention relates generally to telecommunications access control systems and more particularly, to a system and method whereby a virtual private switched telecommunications network is autonomously constructed between at least two in-line devices.
BACKGROUND OF THE INVENTION
Historically, government and business entities could be reasonably confident that their sensitive information communicated by telephone, fax, or modem was confidential, and that no one would monitor or eavesdrop on their plans and strategies. This is no longer true. In the past several years, as interception and penetration technologies have multiplied, information assets have become increasingly vulnerable to interception while in transit between the intended parties.
A wide range of communications, from those concerning military, government, and law enforcement actions, to contract negotiations, legal actions, and personnel issues all require confidentiality; as do communications concerning new-product development, strategic planning, financial transactions, or any other competition-sensitive matter. These confidential matters often require exchanges via telephone, facsimile (fax), Video TeleConference (VTC), data (modem) transmission, and other electronic communication. As businesses depend on their communications systems more and more, those systems are delivering an ever-increasing volume of information, much of which is proprietary and extremely valuable to competitors.
The increasing prevalence of digital communications systems has led to the widespread use of digital encryption systems by governments and enterprises concerned with communications security. These systems have taken several forms, from data Virtual Private Networks (VPN), to secure voice/data terminals.
As used herein, the following terms carry the connotations described below:
Data VPN is understood to refer to a shared or public packet data network wherein privacy and security issues are mitigated through the use of a combination of authentication, encryption, and tunneling.
Tunneling is understood to refer to provision of a secure, temporary path over an Internet Protocol (IP)-based network by encapsulating encrypted data inside an IP packet for secure transmission across an inherently insecure IP network, such as the Internet.
Secure is understood to refer to the use of combinations of encapsulation, compression and encryption to provide telecommunications privacy and security between two devices across an untrusted network, or the result thereof.
Telephony Appliance is understood to refer to a component of the present invention; specifically an in-line device installed on a DS-1 circuit in a telephone network and including means for controlling inbound and outbound calls by determining attributes of the call and performing actions on the call, including allowing, denying, and conducting select calls in secure mode, all pursuant to the security policy and based on at least one attribute of the call.
Communications and computer systems move massive amounts of information quickly and routinely. Enterprises are communicating using voice, fax, data, and video across the untrusted Public Switched Telephone Network (PSTN). Unfortunately, whereas a data VPN uses encryption and tunneling to protect information traveling over the Internet, a data VPN is not designed to protect voice, fax, modem, and video calls over the untrusted PSTN.
Although IP-based VPN technology is automated and widely available, solutions for creating safe tunnels through the PSTN are primarily manual, requiring user participation at both ends to make a call secure. This is the case with the use of secure voice/data terminals, such as Secure Telephone Units (STU-IIIs), Secure Telephone Equipment (STE), and hand-held telephony encryption devices.
Secure voice/data terminals effectively protect sensitive voice and data calls. However, their design and typical deployment can be self-defeating. For example, to enter a secure mode on a STU-III or STE device, both call parties must retrieve a physical encryption key from a safe storage location and insert the key into their individual STU-III or STE device each time a call is placed or received. Also, STU-III and STE devices are expensive, so they are typically located at a special or central location within a department or work center, but not at each work station.
The inconvenience, frustration, and poor voice quality of using manually activated secure voice/data terminals can motivate individuals to “talk around” the sensitive material on non-secure phones. Use of secure voice/data terminals for the communication of sensitive information can be mandated by policy, but there is currently no way to properly enforce such a requirement.
Additionally, secure voice/data terminals secure only one end-user station per device. Since they are point-to-pint devices, secure voice/data terminals cannot protect the vast majority of calls occurring between users who do not have access to the equipment. And although there may be policies that specifically prohibit it, sensitive material can be inadvertently discussed on non-secure phones and thereby distributed across the untrusted PSTN.
Secure voice/data terminals cannot implement an enterprise-wide, multi-tiered policy-based enforcement of a corporate security policy, establishing a basic security structure across an enterprise, dictated from the top of the tier downward. Neither can secure voice/data terminals implement an enterprise-wide, multi-tiered policy-based enforcement of selective event logging and consolidated reporting to be relayed up the tier.
Lastly, secure voice/data terminals cannot provide call event logs detailing information about secure calls. Therefore, a consolidated detailed or summary report of a plurality of call event logs can not be produced for use by security personnel and management in assessing the organization's security posture.
Clearly, there is a need for a system and method to provide secure access across the untrusted PSTN through telephony resources that can be initiated by a security policy defining actions to be performed based upon at least one attribute of the call, providing multi-tiered policy-based enforcement capabilities and visibility into security events.
SUMMARY OF THE INVENTION
A system and method to provide secure access across the untrusted PSTN is described, hereafter to be referred to as Virtual Private Switched Telecommunications Network (VPSTN). The VPSTN creates a virtual private network (i.e., “secures” telecommunications), across a public untrusted network between two in-line devices by encrypting calls in accordance with a security policy. The security policy defines actions to be performed based upon at least one attribute of the call. The present invention also provides multi-tiered policy-based enforcement capabilities as well as multi-tiered policy-based security event notification capabilities.
Some primary advantages of the disclosed system and method are: (1) secure transport of voice, fax, modem, and VTC calls across the PSTN; (2) automatic discovery of called and calling party's capability to support secured communications; (3) automatic discovery of a digital DS-0 channel's line impairments and capability to support secured communications; (4) automatic detection that a received DS-0 TDM serial stream is VPSTN-compatible; (5) provision of secured communications operating at 64 Kbps, with automatic disabling of secured communications responsive to detection of a call's request for the full 64 Kbps; (6) automatic compression and decompression of the payload portion of the call when providing secured communications on circuits operating at 56 Kbps or slower; (7) operator-transparency, i.e., neither call party is required to take any specific actions in order to initiate or conduct secure communications; (8) provision of secured communication for multiple end-user stations per device (i.e., secured communication is provided for all calls routed on trunks on which the device is
Heilmann Craig
Pickens Keith S.
Schmid Greg
Smith Kirk
Al-Aubaidi Rasha S
Jenkens & Gilchrist PC
Matar Ahmad F.
SecureLogix Corporation
LandOfFree
Encapsulation, compression and encryption of PCM data does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Encapsulation, compression and encryption of PCM data, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Encapsulation, compression and encryption of PCM data will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3224995