Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-06-02
2004-03-16
Sheikh, Ayaz (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000
Reexamination Certificate
active
06708275
ABSTRACT:
FIELD OF THE INVENTION
The present invention concerns a process for the transmission of confidential and authentic connection establishment and/or service information between subscriber-side terminals and one or more digital exchanges of a digital communication network, in particular an ISDN network, as well as a device for the transmission of confidential connection establishment and service information.
RELATED TECHNOLOGY
Digital telecommunication networks are known that feature a plurality of subscriber connections and digital exchanges. Since a subscriber connection transmits all dialing and service information unencoded, i.e., as plain text to a digital exchange, intruders or eavesdroppers can simply tap into this confidential information on the subscriber lines by cutting into existing communication paths or intruding into the existing lines at different points. An intruder, once having obtained said dialing and service information, can use the exchange at the expense of the subscriber, even without being authorized to do so.
In the article “INTEGRATING CRYPTOGRAPHY IN ISDN,” published in “ADVANCES IN CRYPTOLOGY”, Santa Barbara, Aug. 16-20, 1987, Conf. No. 7, Jan. 1, 1987, Pomerance C., pp. 9-18, XP000130200, K. Presttun discloses a cryptographically secured ISDN communication system with a plurality of data terminals connected to the ISDN via a network terminator, as well as with a plurality of exchanges associated with an authentication service device. A security module, used only for coding and decoding useful data transmitted over the B channel of an ISDN connection, is implemented in each data terminal or network terminator. The D channel of the ISDN connection is used to distribute security keys among the data terminals and to manage security. Coding of connection establishment and service information is not disclosed in that document.
SUMMARY OF THE INVENTION
Therefore, the object of the invention is to make misuse of the exchange by unauthorized intruders at the expense of authorized subscriber connection owners difficult or even impossible.
This object is achieved by the invention through the steps of process claim
1
and the features of device claims
6
and
8
.
The invention is implemented in a digital communication network, in particular an ISDN. Such a digital communication network includes, as is known, a plurality of exchanges, at least one network terminator installed at the subscriber, to which at least one data terminal, such as telephone sets, personal computers, or fax machines, can be connected. Undesired use by an intruder is prevented by providing at least one first security device at a subscriber connection owner; in addition, at least one second security device is provided in at least one exchange, with the first and second security devices assigned to a specific subscriber being capable of encoding and/or decoding and exchanging, via a separate control channel of the digital communication network, connection establishment and/or service information. Each of said security devices has a security module capable of receiving an identification carrier.
Connection-specific assemblies, each containing a second security device, are installed at each exchange. This embodiment is, however, expensive and complex, since the exchanges themselves must be rebuilt.
A more cost-effective method, which can be implemented in a simpler manner, comprises of installing an additional device, based on the existing digital exchanges, between the network terminators assigned to the exchange and the exchange. The respective second security device for each subscriber connection is installed in this additional device.
The first security device of a given connection owner is advantageously arranged in the network terminator itself corresponding to each subscriber connection. In this case a single security device is sufficient even if the owner of a subscriber line can connect up to eight data terminals to the network termination via an S
0
bus. It is perfectly possible to equip each data terminal of a given network termination with its own security device. Another alternative may consist of connecting a security device between each data terminal and its network terminator. It can be easily seen, however, that both of the latter implementation options are complex and costly, since each data terminal requires its own security device. The service information may include call forwarding and conferencing functions, for example. If the digital communication network is an ISDN, the transmission of confidential information between the subscriber-side first security device and the respective second security device in the exchange takes place via the D channel of the ISDN network. Each identification carrier can then store an individual cryptographic key that is specific to a given subscriber connection owner. The identification carrier may be a smart card that can be inserted by the owner of a subscriber connection in the first security device and by an employee of the network operator in the second security device. An advantageous alternative provides a software module as the identification carrier, which can be installed exchangeably in the respective security device. In an advantageous refinement, the identification carrier is a software module, which can be exchangeably installed in the respective security module. In an advantageous refinement, the first, subscriber-side, security device and the second security device of the exchange can perform subscriber authentication to the exchange. Alternatively, separate authentication devices can be installed for this function.
Protection for the exchange and the authorized subscriber connection owner can be enhanced by having the first and second security devices, assigned to a given subscriber, encode and decode, respectively, a user-to-user communication to be transmitted via the control channel of the digital communication network.
The subscriber-side security device of a given subscriber and the security device of the exchange preferably have the same subscriber-specific ID. In addition, they encode and decode the confidential information with the same subscriber-specific key.
REFERENCES:
patent: 5115466 (1992-05-01), Presttun
patent: 5172414 (1992-12-01), Reeds, III et al.
patent: 5546463 (1996-08-01), Caputo et al.
patent: 39 05 667 (1990-08-01), None
patent: 41 20 398 (1993-01-01), None
patent: 94 17 399 (1995-04-01), None
patent: 44 06 590 (1995-09-01), None
patent: 44 06 602 (1995-09-01), None
patent: 0 618 713 (1994-10-01), None
patent: WO 93/21711 (1993-10-01), None
patent: WO 95/15634 (1995-06-01), None
patent: 96/42182 (1996-12-01), None
B. O'Higgins et al., “Innovations in Switching Technology,” IEEE Communications Society and the IEEE Phoenix Section, Mar. 1987, pp. 0863-0869.
Carl Pomerance, “Integrating Cryptography in ISDN,” Advances in Cryptography—CRYPTO '87, pp. 9-18.
Gasser et al., “The Digital Distributed System Security Architeecture,” Proc. 12th Nat. Computer Security Conf., 1989, pp. 305-319.
W. Ford, et al., “Public-Key Cryptography and Open Systems Interconnection,” IEEE Communications Magazine, Jul. 1992, pp. 30-35.
B. O'Higgins et al., “Secure Communications,” Telesis 1989, No. 2, pp. 42-50.
R. Benjamin, “Security Considerations in Communications Systems and Networks,” IEE Proceedings, vol. 137, Pt. 1, No. 2, Apr. 1990, pp. 61-72.
Matthias Leclerc, et al., “Sichere Kommunikationsnetze und deren Protokolle,” Informationstechnik it 32 (1990) 1, pp. 33-45.
Von Gerhard Lehnert, et al., “Unternehmensbedrohung durch ISDN?,” Funkschau 25/1990, pp. 70-74.
Kare Presttun, “Integrating Cryptography in ISDN” siehe das ganze documnets, pp. 9-18, Jan. 1987.
Deutsche Telekom
Sheikh Ayaz
Song Hosuk
LandOfFree
Process and device for transmitting confidential connection... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Process and device for transmitting confidential connection..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Process and device for transmitting confidential connection... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3261195