Telephonic communications – Call or terminal access alarm or control – Fraud or improper use mitigating or indication
Reexamination Certificate
2000-09-28
2004-02-03
Bui, Bing (Department: 2642)
Telephonic communications
Call or terminal access alarm or control
Fraud or improper use mitigating or indication
C379S196000, C379S200000
Reexamination Certificate
active
06687353
ABSTRACT:
TECHNICAL FIELD
The invention relates generally to telecommunications access control systems and more particularly, to a system and method which permits an in-line device to power-up and assume control of calls.
BACKGROUND OF THE INVENTION
A telecommunication firewall, such as the device described in U.S. Pat. No. 6,249,575 entitled TELEPHONY SECURITY SYSTEM is a recently developed device that protects an organization'sdata network from access via telephony resources. Rogue modems installed without the knowledge or authorization of an organization'IT personnel make an organization'sdata network vulnerable to access by unscrupulous persons—both inside and outside the organization—via the Public Switched Telephone Network (PSTN). For example, an incoming modem call to an extension dedicated for only voice or fax use is indicative of a possible hacking attempt or of a rogue modem installed on the extension. Similarly, an outgoing modem call from an extension dedicated for only voice or fax use is indicative of a rogue modem and possible unauthorized activity within the private network. A telecommunications a firewall monitors incoming and outgoing calls via line sensors installed on trunks between the Central Office (CO) and the Private Branch exchange (PBX). The line sensor operates in a continuous loop, examining the data stream and determining call attributes (such as call source, destination and call content-type) as the data stream passes through the line sensor. In accordance with a user defined security policy, the line sensor autonomously denies violating calls and notifies IT personnel for appropriate follow-up.
Once installed, the line sensor signal receiving and transmitting circuitry is in-line with the trunk. When the line sensor switches on-line, it electrically receives and digitally regenerates the data traveling in both the transmit side and the receive side of each communication channel. In order to enforce the security policy, the line sensor must assume control of the data stream on each channel. If the trunk uses Channel Associated Signaling (CAS), gaining control of the call entails gaining control of the A/B bits transmitted between the CO and PBX. CAS uses specific bits of specific subframes to convey line state information that is analogous to “on-hook” and “off-hook”. Depending on the protocol used, a bit value of one generally corresponds to off-hook or “loop current flowing”, and a bit value of zero generally corresponds to on-hook or “no loop current”. It is highly desirous that the line sensor achieves control of the A/B bits in a manner that will not disrupt ongoing A&B signaling, nor confuse the CO or PBX as to the line state, thereby inadvertently causing the call to be dropped.
Unfortunately, when the line sensor comes on-line, the state of the calls on each channel of the trunk is unknown. It is possible to preset the line sensor to transmit a default set of A/B bit values on each channel, but it is difficult to anticipate what the line state on each channel will actually be when the line sensor comes on-line. Calls would be disrupted on any channel whose A/B bit values did not correspond with the present default set of A/B bit values transmitted by the line sensor. It is inevitable that preset default values will be incorrect on some channels, thereby resulting in some percentage of disrupted calls and user inconvenience.
Therefore, what is needed is a system and method whereby an in-line device powers-up and assumes control of calls on a trunk without disrupting ongoing call activity.
SUMMARY OF THE INVENTION
The present invention, accordingly, is a system and method that allows an in-line device to step into the data stream of a communication channel and assume control of the data on a channel in a phased and progressive transition of its hardware and software in a manner so as to be transparent to both the CO and the PBX, and thereby avoid disruption of ongoing call activity.
To this end, in the preferred embodiment, the telecommunications firewall line sensor is installed in-line on the PBX side of the demarcation line. When the line sensor is off-line, all data in each channel of the trunk passes “untouched” through the line sensor so that normal call activity is not affected. When the line sensor switches on-line, the line sensor intercepts and digitally regenerates the data traveling between the CO and PBX. At this time, the line sensor determines the line state (A/B bit value) of each channel on the trunk. As the line state for each channel is determined, the line sensor reconfigures itself and overwrites the A/B bits in the received data with identical A/B bit values in the transmitted data, thereby successfully gaining control of the A/B bits transmitted.
Once the line sensor establishes control over the A/B bits, the line sensor is now capable of either overwriting the transmitted data with identical A/B bits, or of overwriting the transmitted data with altered the A/B bits, whichever is required to enforce the security policy. In other words, if the security policy allows a call, the line sensor overwrites the A/B bits with identical bit values and the regenerated data is identical to the data received. If the line sensor determines a call is in violation of the security policy and the call is to be denied, the line sensor regenerates the received data, but overwrites the A/B bits with bits that will signal to the CO and PBX that the call has ended, thereby terminating the call.
A technical advantage achieves with the invention is the ability for an in-line device to autonomously switch on-line and assume control of ongoing communications on a trunk without disrupting call activity,
REFERENCES:
patent: 4332982 (1982-06-01), Thomas
patent: 4639557 (1987-01-01), Butler et al.
patent: 4653085 (1987-03-01), Chan et al.
patent: 4783796 (1988-11-01), Ladd
patent: 4876717 (1989-10-01), BarRon et al.
patent: 4905281 (1990-02-01), Surjaatmadja et al.
patent: 4965459 (1990-10-01), Murray
patent: 5018190 (1991-05-01), Walker et al.
patent: 5276529 (1994-01-01), Williams
patent: 5276687 (1994-01-01), Miyamoto
patent: 5276731 (1994-01-01), Arbel et al.
patent: 5311593 (1994-05-01), Carmi
patent: 5345595 (1994-09-01), Johnson et al.
patent: 5351287 (1994-09-01), Bhattacharyya et al.
patent: 5436957 (1995-07-01), McConnell
patent: 5495521 (1996-02-01), Rangachar
patent: 5510777 (1996-04-01), Pilc et al.
patent: 5535265 (1996-07-01), Suwandhaputra
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5581228 (1996-12-01), Cadieux et al.
patent: 5606604 (1997-02-01), Rosenblatt et al.
patent: 5623601 (1997-04-01), Vu
patent: 5627886 (1997-05-01), Bowman
patent: 5684957 (1997-11-01), Kondo et al.
patent: 5706338 (1998-01-01), Relyea et al.
patent: 5745555 (1998-04-01), Mark
patent: 5805686 (1998-09-01), Moller et al.
patent: 5805803 (1998-09-01), Birrelle et al.
patent: 5812763 (1998-09-01), Teng
patent: 5826014 (1998-10-01), Coley et al.
patent: 5838682 (1998-11-01), Dekelbaum et al.
patent: 5854889 (1998-12-01), Liese et al.
patent: 5864613 (1999-01-01), Flood
patent: 5864666 (1999-01-01), Shrader
patent: 5892903 (1999-04-01), Klaus
patent: 5898830 (1999-04-01), Wesinger, Jr. et al.
patent: 5907602 (1999-05-01), Peel et al.
patent: 5918019 (1999-06-01), Valencia
patent: 5923849 (1999-07-01), Venkatraman
patent: 5931946 (1999-08-01), Terada et al.
patent: 5944823 (1999-08-01), Jade et al.
patent: 5946386 (1999-08-01), Rogers et al.
patent: 5949864 (1999-09-01), Cox
patent: 5950195 (1999-09-01), Stockwell et al.
patent: 5960177 (1999-09-01), Tanno
patent: 6061798 (2000-05-01), Coley et al.
patent: 6098172 (2000-08-01), Coss et al.
patent: 6154775 (2000-11-01), Coss et al.
patent: 2094412 (1993-04-01), None
patent: 2221365 (1997-11-01), None
patent: WO 96/22000 (1996-07-01), None
patent: WO 98/17072 (1998-04-01), None
patent: WO 98/53635 (1998-11-01), None
http://www.tlogic.com/penetration.html.
http://www.m-tech.ab.ca/security/penetration.
http://www.m-tech.ab.ca/products/secmod/.
http://www.sandstorm.net/phonesweep:SandstormEnterprise
Applonie Robert R.
Brysch Michael
Heilmann Craig
Pickens Keith S.
Bui Bing
Jenkens & Gilchrist PC
SecureLogix Corporation
LandOfFree
System and method for bringing an in-line device on-line and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for bringing an in-line device on-line and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for bringing an in-line device on-line and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3327987