Telephony security system

Details Telephony security system Telephony security system

1998-12-11

2001-06-19

Matar, Ahmad (Department: 2642)

Telephonic communications

Call or terminal access alarm or control

Fraud or improper use mitigating or indication

C379S196000, C379S200000

Reexamination Certificate

active

06249575

ABSTRACT:

TECHNICAL FIELD
The invention relates generally to telecommunications access control systems and particularly to a telephony security system for controlling and logging access between end-user stations and their respective circuits into the public switched telephone network (PSTN).
BACKGROUND
“Policy-based security management” refers to the application of a governing set of rules at strategically located points (chokepoints) for the purpose of enforcing security boundaries between two or more networks, such that only those events meeting certain criteria may pass between them, while all other events are denied passage. For network operations, this filtering process selectively discards packets in order to control access to a network, or to resources such as files and devices. Variations and improvements of this basic theme have resulted in devices known as firewalls today—network components that provide a security barrier between networks or network segments. Much like a guard at a checkpoint, the firewall strictly enforces rules specified within an established policy for what shall pass on a case-by-case basis. The policy may alternatively dictate that other actions may apply as well, such as logging the event and/or sending an urgent electronic mail message notifying appropriate personnel of the event.
Security professionals consider firewalls to be essential in the protection of an enterprise's private network or virtual private network from access to computers by unauthorized personnel or “hackers.” Like any security measure, however, firewalls are not foolproof. Firewalls provide no protection for traffic routed around them, as is often the case when modems are used while connected to internal networks; i.e., circumvention of the firewall through unprotected channels, such as through telephone lines or extensions normally used for voice or fax. Clearly, there is a need for a system and method for controlling access to an enterprise's network through telephony resources that otherwise cannot be sufficiently protected by traditional firewall technology.
In addition to security needs relevant to computer networks, there are issues in the toll fraud, phone misuse, call accounting and bill reconciliation arenas that warrant similar protections. Currently, a need exists to address the full spectrum of security issues across an enterprise that may span the entire globe. A need exists for a scalable and manageable system and a method for controlling and logging access to an enterprise's telephony resources.
SUMMARY OF THE INVENTION
The present invention, accordingly, provides a system and method for performing security access control functions for an enterprise's telephone circuits between end-user stations and their respective circuits into the public switched telephone network (PSTN). In the most basic configuration, inbound and outbound calls are allowed or denied (i.e., blocked or “hung-up”) according to a rule-set that is managed by a security administrator. In one aspect, the system combines call-progress monitoring, caller-id (CND) and/or automatic number identification (ANI) decoding, digital line protocol reception and decoding, pulse dial detection, and tone detection (DTMF and MF) with microprocessor control, access-control logic, and call-interrupt circuitry.
The system and method of the present invention performs centrally managed, enterprise-wide enforcement of an enterprise's telephony security policy and real-time notification in selected instances of attempted security breaches. The system utilizes a specialized device to monitor and control access to every telephone station, fax machine, and modem line within the enterprise that is routed through the device.
Specific attributes identified by the control device pertaining to all inbound and outbound calls determine whether certain calls, in accordance with a predefined security policy, are allowed, denied (“hung-up”), logged, and/or initiate additional actions such as email or pager notification. Attributes captured by the device include, as examples: station extension; inbound caller-ID information (when available); outbound number dialed; call-type (i.e., fax, modem, or voice); keywords via voice-recognition, demodulated modem and/or fax data; and time and date stamp.
The rule-set for control of call traffic by the device defines a security policy that governs how telephones may be used within the enterprise. Each rule, upon meeting certain criteria, initiates appropriate security action(s).
In one embodiment, a system and method of telephony security is provided that controls call access into and out of the enterprise on a per line (station extension or trunk line) basis. A security policy, i.e., a set of access rules, are defined for each of the ports; the rules specifying actions to be taken based upon at least one attribute of the call present on the line. In this embodiment, calls are tracked and sensed on a per line basis, extracting specific attributes that are available at the time of the call. Actions are then performed based upon the detected call's attributes in accordance with the security policy that applies to that line.


REFERENCES:
patent: 4332982 (1982-06-01), Thomas
patent: 4639557 (1987-01-01), Butler et al.
patent: 4653085 (1987-03-01), Chan et al.
patent: 4783796 (1988-11-01), Ladd
patent: 4876717 (1989-10-01), Barron et al.
patent: 4905281 (1990-02-01), Surjaatmadja et al.
patent: 4965459 (1990-10-01), Murray
patent: 5018190 (1991-05-01), Walker et al.
patent: 5276529 (1994-01-01), Williams
patent: 5276687 (1994-01-01), Miyamoto
patent: 5276731 (1994-01-01), Arbel et al.
patent: 5311593 (1994-05-01), Carmi
patent: 5345595 (1994-09-01), Johnson et al.
patent: 5351287 (1994-09-01), Bhateacharyya et al.
patent: 5436957 (1995-07-01), McConnell
patent: 5495521 (1996-02-01), Rangachar
patent: 5510777 (1996-04-01), Pilc et al.
patent: 5535265 (1996-07-01), Suwandhaputra
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5606604 (1997-02-01), Rosenblatt et al.
patent: 5623601 (1997-04-01), Vu
patent: 5627886 (1997-05-01), Bowman
patent: 5684957 (1997-11-01), Kondo et al.
patent: 5706338 (1998-01-01), Relyea et al.
patent: 5745555 (1998-04-01), Mark
patent: 5805686 (1998-09-01), Moller et al.
patent: 5805803 (1998-09-01), Birrelle et al.
patent: 5812763 (1998-09-01), Teng
patent: 5826014 (1998-10-01), Coley et al.
patent: 5838682 (1998-11-01), Dekelbaum et al.
patent: 5854889 (1998-12-01), Liese et al.
patent: 5864666 (1999-01-01), Shrader
patent: 5892903 (1999-04-01), Klaus
patent: 5907602 (1999-05-01), Pell et al.
patent: 5918019 (1999-06-01), Valencia
patent: 5923849 (1999-07-01), Venkatraman
patent: 5931946 (1999-08-01), Terada et al.
patent: 5944823 (1999-08-01), Jade et al.
patent: 5946386 (1999-08-01), Roger et al.
patent: 5949864 (1999-09-01), Cox
patent: 2094412 (1993-04-01), None
patent: 2221365 (1997-11-01), None
patent: WO 96/22000 (1996-07-01), None
patent: WO 98/17072 (1998-04-01), None
patent: WO 98/53635 (1998-11-01), None
http://www/tlogic.com/penetration.html.
http://www/m-tech.ab.ca/security/penetration.
http://www.m-tech.ab.ca/products/secmod/.
www.sandstorm.net/phoneswepp; Sandstorm Enterprises, Inc. “Introducing PhoneSweep”.
www.bruck-inc.com/html/security/pentesting.htm; “Penetration Test”.

Affiliated with

Also associated with

Rating

Telephony security system does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Telephony security system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Telephony security system will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFUS-PAI-O-2457600