Telephonic communications – Call or terminal access alarm or control – Fraud or improper use mitigating or indication
Reexamination Certificate
2000-06-14
2001-11-20
Hong, Harry S. (Department: 2642)
Telephonic communications
Call or terminal access alarm or control
Fraud or improper use mitigating or indication
C379S198000, C379S114140
Reexamination Certificate
active
06320948
ABSTRACT:
TECHNICAL FIELD
The invention relates generally to telecommunications access control systems and particularly to a telephony security system for controlling and logging access between end-user stations and their respective circuits into the public switched telephone network (PSTN).
BACKGROUND
“Policy-based security management” refers to the application of a governing set of rules at strategically located points (chokepoints) for the purpose of enforcing security boundaries between two or more networks, such that only those events meeting certain criteria may pass between them, while all other events are denied passage. For data network operations, this filtering process selectively discards packets in order to control access to the network, or to resources such as files and devices. Variations and improvements of this basic theme have resulted in devices known as firewalls today—network components that provide a security barrier between networks or network segments. Much like a guard at a checkpoint, the firewall strictly enforces rules specified within an established policy for what shall pass the firewall on a case-by-case basis. The policy may alternatively dictate that other actions may apply as well, such as logging the event and/or sending an urgent electronic mail message notifying appropriate personnel of the event.
Security professionals consider firewalls to be essential in the protection of an enterprise's private data network or virtual private data network from access to the enterprise's computers by unauthorized personnel or “hackers.” Like any security measure, however, firewalls are not foolproof. Firewalls provide no protection for traffic routed around them, as is often the case when modems are used while connected to internal data networks; i.e., circumvention of the firewall through unprotected channels, such as through telephone lines or extensions normally used for voice or fax. Clearly, there is a need for a telephony security system and method for controlling access to an enterprise's data network through telephony resources that otherwise cannot be sufficiently protected by traditional firewall technology.
In addition to security needs relevant to computer networks, there are issues in the toll fraud, phone misuse, call accounting and bill reconciliation arenas that warrant similar protections. Currently, a need exists to address the full spectrum of security issues across all locations of an enterprise that may span the entire globe. A need exists for a scalable and manageable telephony security system and a method for controlling and logging access to an enterprise's telephony resources.
SUMMARY OF THE INVENTION
The present invention, accordingly, provides a system and method for performing security access control functions for an enterprise's telephone circuits between end-user stations and their respective circuits into the public switched telephone network (PSTN). In the most basic configuration, inbound and outbound calls are allowed or denied (i.e., blocked or “hung-up”), content monitored, recorded or redirected according to a rule-set that is managed by a security administrator. In one aspect of the invention, the disclosed system and method combines call-progress monitoring, caller-id (CND) and/or automatic number identification (ANI) decoding, digital line protocol reception, decoding, demodulation, pulse dial detection, tone detection (DTMF and MF), and speech recognition with microprocessor control, access-control logic, and call-interrupt circuitry.
The system and method of the present invention performs centrally managed, enterprise-wide enforcement of an enterprise's telephony security policy and real-time notification in selected instances of attempted security breaches. The system utilizes a specialized device to monitor and control access to every telephone station, fax machine, and modem line for all locations within the enterprise having telephony resources that are routed through the device.
Specific attributes identified by the telephony access control device pertaining to all inbound and outbound calls determine whether certain calls, in accordance with a predefined security policy, are allowed, denied (“hung-up”), content monitored, recorded, redirected, logged, and/or initiate additional actions such as electronic mail notification, pager alerting, console messaging, or a Simple Network Management Protocol (SNMP) trap notification. Attributes captured by the device include, as examples: station extension; inbound caller-ID information (when available); outbound number dialed; call-type (i.e., fax, modem, or voice); call content such as keywords detected via speech recognition or demodulated modem and/or fax data; time and date stamp; and call duration. As used herein, “keyword” is understood to refer to a predefined sequence of digital data.
The rule-set for control of call traffic by the device defines a security policy that governs how telephony resources may be used within the enterprise. Each rule, upon meeting certain criteria, initiates appropriate security action(s).
In one embodiment, a system and method of telephony security is provided that controls call access into and out of the enterprise on a per line (station extension or trunk line) basis. A security policy, i.e., a set of access rules, are defined for each line; the rules specifying actions to be taken based upon at least one attribute of the call present on the line. In this embodiment, calls are tracked and sensed on a per line basis, extracting specific attributes that are available at the time of the call. Actions are then performed based upon the detected call attributes in accordance with the security policy that applies to that line.
REFERENCES:
patent: 4332982 (1982-06-01), Thomas
patent: 4653085 (1987-03-01), Chan et al.
patent: 4783796 (1988-11-01), Ladd
patent: 4876717 (1989-10-01), Barron et al.
patent: 4905281 (1990-02-01), Surjaatmadja et al.
patent: 4965459 (1990-10-01), Murray
patent: 5018190 (1991-05-01), Walker et al.
patent: 5276687 (1994-01-01), Miyamoto
patent: 5276731 (1994-01-01), Arbel et al.
patent: 5345595 (1994-09-01), Johnson et al.
patent: 5351287 (1994-09-01), Bhattacharyya et al.
patent: 5436957 (1995-07-01), McConnell
patent: 5495521 (1996-02-01), Rangachar
patent: 5510777 (1996-04-01), Pilc et al.
patent: 5535265 (1996-07-01), Suwandhaputra
patent: 5606604 (1997-02-01), Rosenblatt et al.
patent: 5627886 (1997-05-01), Bowman
patent: 5706338 (1998-01-01), Relyea et al.
patent: 5745555 (1998-04-01), Mark
patent: 5805686 (1998-09-01), Moller et al.
patent: 5864613 (1999-01-01), Flood
patent: 5907602 (1999-05-01), Peel et al.
patent: 5944823 (1999-08-01), Jade et al.
patent: 5946386 (1999-08-01), Rogers et al.
patent: 5949864 (1999-09-01), Cox
patent: 5950195 (1999-09-01), Stockwell et al.
patent: 2094412 (1993-04-01), None
patent: 2221365 (1997-11-01), None
patent: WO 96/22000 (1996-07-01), None
Beebe Todd
Heilmann Craig
Bui Bing
Hong Harry S.
Jenkens & Gilchrist a Professional Corporation
SecureLogix Corporation
LandOfFree
Telephony security system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Telephony security system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Telephony security system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2604660