Telephonic communications – Call or terminal access alarm or control – Lockout or double use signalling
Reexamination Certificate
1998-06-02
2001-08-14
Hong, Harry S. (Department: 2742)
Telephonic communications
Call or terminal access alarm or control
Lockout or double use signalling
C379S161000, C379S195000, C379S201060, C379S207030, C380S257000
Reexamination Certificate
active
06275573
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to communications systems and, more specifically, to a system and method for providing secured communications over the telephone network.
BACKGROUND OF THE INVENTION
The telephone network (commonly referred to as the public switched telephone network or “PSTN”) consists of a vast network of interconnected telephone switching facilities. Typically, telephone equipment such as a telephone, a fax machine or a modem connects to the PSTN via a telephone facility referred to as the local exchange or central office (“CO”). Each CO, in turn, connects to one or more switching facilities in the PSTN. Through this arrangement, telephone equipment may place a call that is routed through a CO, through the network, through another CO and, finally, to other telephone equipment.
The portion of the network between the local exchange and customer premises equipment (e.g., telephone equipment installed, for example, at a customer's residence or place of business) is known as the access network (e.g., a local loop). The access network typically consists of copper wires, fiber optic cable, coaxial cable or a combination of these or other components. These components may carry analog signals or digital signals, either of which may be used on different portions of the same access network. When an access network includes both analog and digital portions, the digital portion of the access network may terminate in a connection box located outside of the customer's premises. Copper wire pairs run from the connection box, through the customer premises (e.g., the telephone customers building), to the customer premises equipment (“CPE”).
In general, it may be relatively difficult to eavesdrop on a given customer's communications outside of the access network. The PSTN trunks that connect the CO to other switching equipment typically carry multiplexed digital signals. Here, a single trunk (e.g., a copper wire or a fiber optical cable) simultaneously passes the signals for a large number of calls. Thus, it is more difficult for an eavesdropper to determine which trunks in the CO and the PSTN are transmitting a specific customer's communications. Moreover, it may be relatively difficult for an eavesdropper to extract these signals in the event the eavesdropper is successful in identifying the customer's trunk.
In contrast, the access network is more susceptible to eavesdropping. Given the route of the access network through public spaces, eavesdroppers may have relatively easy access to a customer's access network at some point along its route to the CO. Thus, it may be relatively easy to identify an access network of a specific customer and tap the wire. In particular, the portion of the access network that runs over copper wires outside of the customer's premises is especially susceptible to eavesdropping.
Some conventional systems use encryption devices in an attempt to provide secured communications over telephone networks. Typically, an encryption/decryption device is connected to the telephone equipment at each end of the call. For example, signals from a telephone at one end of a call are routed to one of these devices, encrypted, then sent to the PSTN. The encrypted signals are routed through the PSTN and, eventually, to another device. That device decrypts the signals and provides the decrypted signals to the telephone at the other end of the call.
Systems such as the one just described have a several drawbacks. For example, both customers must have the encryption/decryption equipment. This requires the parties to set up the system ahead of time. Thus, these systems are not very cost effective except for parties that make a relatively large number of calls to one another. In addition, in some of these systems, the callers must manually establish the secured connection after calling the other party. This may be cumbersome and may enable eavesdroppers to determine the telephone number of the called party or the calling party with relative ease. Moreover, in many of these systems, calls to destinations that do not have the encryption/decryption equipment are unsecured. In view of these and other drawbacks, a need exists for a more effective method of providing secured communications over telephone networks.
SUMMARY OF THE INVENTION
A system constructed according to the invention provides secured communications between customer premises equipment and a switching node in the network such as a local exchange. Communications from a subscriber's equipment are encrypted before they are sent over the access network. These communications are decrypted by equipment installed at the network node. Communications to the subscriber are encrypted at the network node and then decrypted on the subscriber's side of the access network.
In an embodiment where only one of the parties taking part in a call is subscriber, communications are secured only between the subscriber's CPE and the equipment at the network node. For example, an encryption/decryption unit is installed between the subscriber's CPE and the subscriber's side of the access network. Another encryption/decryption unit is installed at the CO that provides telephone service for the subscriber. In this case, the system does not encrypt the subscriber's communications in the rest of the network. As a result, the subscriber can communicate with remote, unsecured equipment yet still have secured communications over the subscriber's access network.
In an embodiment where more than one of the parties taking part in a call is a subscriber, communications may be secured between each of the subscriber's CPE. In this case, an encryption/decryption unit is installed between each of the subscribers' CPE and that subscribers' side of the access network. In addition, an encryption/decryption unit is installed at some node in the network (e.g., at a CO). The communications from each subscriber are routed through the encryption/decryption unit at the network node. In this manner, the system provides end-to-end secured communications between each of the subscribers.
In one embodiment, the encryption/decryption equipment installed in the network is a multi-line encryption/decryption center that is connected to a switch in the telephone network via digital interfaces (e.g., E
1
, T
1
, ISDN). Calls through the network that need to be decrypted or encrypted are routed through the encryption/decryption center then back to the network. This embodiment uses computer telephony integration (“CTI”) technology to provide a system that is relatively easy to customize and upgrade.
In summary, the system secures the communications over the most susceptible part of the network: the subscriber's access network. Moreover, the system secures the communications over the subscriber's access network even when one of the participants in a call does not have encryption/decryption equipment.
Significantly, the system secures the call before any important information is sent over the access network. This is accomplished by establishing a secure connection over the subscriber's access network before establishing the telephone connection to the called party. As a result, the system can encrypt the phone destination number dialed by the calling party before it sends this number over the access network. In addition, the system can encrypt automatic number identification information the system receives from a party calling the subscriber. That is, the telephone number of the calling party may be encrypted before it is sent over the access network.
A system constructed according to the invention may be more cost effective than conventional systems because the system may be configured so that a relatively small bank of network-based encryption/decryption units handle calls from a relatively large number of subscribers. In this case, the ratio of encryption/decryption units to subscribers may be based on statistical analysis of secured call traffic usage.
Gonen Tsion
Naor Uri
Zigdon Shimon
Eithan, Pearl, Latzer & Cohen-Zedek
Hong Harry S.
Snapshield Ltd.
LandOfFree
System and method for secured network access does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for secured network access, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for secured network access will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2535538