Telephonic communications – Call or terminal access alarm or control – Fraud or improper use mitigating or indication
Reexamination Certificate
2000-05-17
2004-04-06
Bui, Bing (Department: 2642)
Telephonic communications
Call or terminal access alarm or control
Fraud or improper use mitigating or indication
C379S196000, C379S200000
Reexamination Certificate
active
06718024
ABSTRACT:
TECHNICAL FIELD
The invention relates generally to telecommunications access control systems and, more particularly, to a system and method which permits a telecommunications firewall to enforce a security policy based on discrimination between a plurality of call content types and to autonomously terminate the call in enforcement of the security policy.
BACKGROUND OF THE INVENTION
Data network users in today's corporations and government agencies can easily add unauthorized modems to their computers to facilitate remote login. This is often done with innocuous intentions, but is a serious network security issue nonetheless. Rogue modems—modems that are not authorized by the organization, but have been connected to a computer system by an employee, circumvent the traditional Internet firewall, routers and intrusion detection systems.
With a rogue modem having opened the “back door” of the security perimeter, the organization's network is vulnerable to “hackers” or “phreakers” attempting to access the private data network via the Public Switched Telephone Network (PSTN). Unscrupulous individuals with larcenous or malicious intent can use a war dialer to seek out and identify insecure modems, penetrate their computer systems and gain access to the data network beyond.
An additional vulnerability involves authorized users performing unauthorized activities from within the private network. This is of special concern in high-security environments where outside transmissions are normally carefully monitored to ensure corporate or government secrets are not inadvertently or deliberately transmitted.
Telecommunication firewalls, such as the device described in U.S. Pat. No. 6,249,575 entitled TELEPHONY SECURITY SYSTEM to the same assignee are recently-developed devices that protect an organization's data network from access via telephony resources. A telecommunications firewall is configured with a user-defined security policy that is downloaded to one or more line sensors installed in-line on the user's side of the demarcation line. A line sensor determines the plurality of call attributes comprising call source, estimation and call content type from the call passing through the line sensor. Prescribed actions (including that of the line sensor allowing or denying the call) are performed based upon the call attributes determined and the security policy.
Although the line sensor is capable of determining a plurality of call attributes, the call content type (e.g., whether the call content is voice, fax or data), is a pivotal attribute in the security rules that address many of the calls that a telecommunications firewall is designed to detect and/or terminate. For instance, a modem transmission from a line that is designated for only voice use is indicative of a rogue modem. A data transmission to a voice-designated line is indicative of a possible hacking attempt, or again, a rogue modem on the line. An after-hours voice call or modem transmission from a line designated for fax use is indicative of an unauthorized call or possible espionage.
Very clever hackers may attempt to penetrate data networks by emulating one type of call to get past the firewall, then change to another type once the call is allowed. Therefore, changes in call content type are highly suspect and a security policy may require termination of such a call.
However, some government agencies such as the FBI and the CIA, the military and some NATO agencies, use a telephone encryption device known as Secure Telephone Unit-III (STU-III), to conduct classified conversations or transmit classified data. A STU-III may be used as a typical telephone to initiate a call, but when users “go secure” by turning an encryption-activation key, the voice conversation is digitized at the unit, encrypted and then transmitted using a standard modem to the receiving STU-III device where the process is reversed. The term “STU-III-voice” is used herein to refer to the call content type of a STU-III encrypted voice transmission.
A STU-III device is also used as a modem to transmit data to another STU-III location. In the “data modem” mode, the data is encrypted before it is sent to the receiving STU-III device. The term “STU-III data” is used herein to refer to the call content type of a STU-III encrypted data transmission.
Obviously the change in call content type when a STU-III transmission goes from insecure voice to secure data would be permitted in a security policy. Therefore a further discrimination between the voice band data of STU-III encrypted call content types and that of typical data (modem) and fax content types is needed.
A plurality of telecommunications fraud prevention devices exist which use and determine call-type attributes such as if the call is made from a pay phone, if it is cellular originated or terminated, if it is made to/from a number or country code with a high occurrence of billing fraud, if the call is long distance, toll free, a credit card call, etc. However, call-type attributes such as these are not relevant to protecting a private data network from unauthorized access via the telecommunications network. Additionally, devices such as these do not continue to discriminate content type after the call is connected.
Other devices are capable of detecting calls that violate a security policy, but cause time delays and a drain on manpower resources because they require notices to be sent to supervisory personnel for either approval to terminate or for manual follow-through by personnel to ultimately terminate the call.
Still other devices include components for classifying telephone signals, but none of these devices comprise the comparable arrangement of single, combined transmit and receive signal processing, continuous content discrimination and autonomous call termination capabilities needed for the specialized task of protecting a private data network from unauthorized access via the telecommunications network.
Therefore, what is needed is a system and method by which an in-line sensor continuously discriminates between call content types comprising voice, fax, data (modem), STU-III voice and STU-III data (modem) using inputs derived from analysis of the call passing through the sensor, and then autonomously enforces a security policy.
SUMMARY OF THE INVENTION
The present invention, accordingly, provides a system and method for an in-line sensor to enforce a security policy by discriminating between call content types including voice, fax, data (modem), STU-III voice and STU-III data (modem), and to continue to enforce the security policy against an allowed call, discriminating content type changes after the call is connected. Inbound and outbound calls are allowed or denied (i.e., blocked or “hung-up”) according to a security policy that is managed by a security administrator. If the call violates security policy at any time, the call is autonomously terminated.
To this end, in one embodiment, the line sensor processes the combined signal from both the transmit and the receive side of the communication channel as one single signal. Filtered tonal events as well as raw signal frequency and energy indices are used to discriminate between voice and voice band data (VBD) content type. Voice band data is considered herein to be any modulated data output by devices such as a fax, modem, or a secured STU-III. Further discrimination between voice and a plurality of VBD content types (fax, data modem and STU-III), is provided by a content type discrimination state machine which uses tonal event notices, the output of the previously mentioned frequency and energy statistical analysis between voice and VBD, and demodulated signal analysis. The line sensor operates in a continuous processing loop, continuing to discriminate call content type after the call is connected.
A system and method for discriminating call content types for individual telephone lines at a plurality of user sites outside of a Public Switched Telephone Network (PSTN) is described. The system may include: a database contai
Applonie Robert A.
Beebe Todd
Buntin David
Heilmann Craig
Pickens Keith S.
Bui Bing
Jenkens & Gilchrist P.C.
SecureLogix Corporation
LandOfFree
System and method to discriminate call content type does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method to discriminate call content type, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method to discriminate call content type will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3272603