Telephonic communications – Call or terminal access alarm or control – Fraud or improper use mitigating or indication
Reexamination Certificate
2001-07-17
2004-07-06
Bui, Bing (Department: 2642)
Telephonic communications
Call or terminal access alarm or control
Fraud or improper use mitigating or indication
C379S114140, C379S196000, C379S198000, C379S200000
Reexamination Certificate
active
06760420
ABSTRACT:
TECHNICAL FIELD
The invention relates generally to telecommunications monitoring and/or access control systems and particularly to a telephony resource and security management system for controlling and logging access between end-user stations and their respective circuits into the public switched telephone network (PSTN).
BACKGROUND
“Policy-based security management” refers to the application of a governing set of rules at strategically located points (chokepoints) for the purpose of enforcing security boundaries between two or more networks, such that only those events meeting certain criteria may pass between them, while all other events are denied passage. For data network operations, this filtering process selectively discards packets in order to control access to the network, or to resources such as files and devices. Variations and improvements of this basic theme have resulted in devices known as firewalls today—network components that provide a security barrier between networks or network segments. Much like a guard at a checkpoint, the firewall strictly enforces rules designated within an established policy for what shall pass the firewall on a case-by-case basis. The policy may alternatively designate that other actions may apply as well, such as logging the event and/or sending an urgent electronic mail message notifying appropriate personnel of the event.
Security professionals consider firewalls to be essential in the protection of an enterprise's private data network or virtual private data network from access to the enterprise's computers by unauthorized personnel or “hackers.” Like any security measure, however, firewalls are not foolproof. Firewalls provide no protection for traffic routed around them, as is often the case when modems are used while connected to internal data networks; i.e., circumvention of the firewall through unprotected channels, such as through telephone lines or extensions normally used for voice or fax. Clearly, there is a need for a telephony security system and method for controlling access to an enterprise's data network through telephony resources that otherwise cannot be sufficiently protected by traditional firewall technology.
In addition to security needs relevant to computer networks, there are issues in the toll fraud, phone misuse, call accounting, and bill reconciliation arenas that warrant similar protections. Currently, a need exists to address the full spectrum of resource and security issues across all locations of an enterprise that may span the entire globe. A need exists for a scalable and manageable telephony security system and a method for controlling and logging access to an enterprise's telephony resources.
SUMMARY OF THE INVENTION
The present invention, accordingly, provides a system and method for performing telephony resource management and security access monitoring and/or control functions for an enterprise's telephone circuits between end-user stations and their respective circuits into the PSTN. In the most basic configuration, inbound and outbound calls are allowed or denied (i.e., blocked or “hung up”) according to a rule-set that is managed by a system administrator. The rule-set for monitoring and control of call traffic is part of the enterprise's telephony resource management and security policy that governs how telephony resources may be used within the enterprise. Each rule, upon meeting certain criteria, initiates appropriate action(s), assessment(s), alert(s) and response(s).
The system and method of the present invention performs centrally managed, enterprise-wide enforcement of the enterprise's telephony resource management and security policy with real-time notification in instances of policy violation and attempted security breach. The system utilizes a specialized device to monitor and/or control access to every telephone station, fax machine, modem, STU-III device, and video teleconference (VTC) station line, for all locations within the enterprise having telephony resources that are routed through the device.
The telephony access monitoring and/or control device identifies specific attributes pertaining to all inbound and outbound calls, and determines, according to the rule-set, whether certain inbound and outbound calls are allowed or denied, content-monitored for keywords, recorded, redirected, authorized for remote access, monitored for the presence of patterns of interest, encrypted and conducted within a Virtual Private Switched Telephone Network (VPSTN), transported using Voice over Internet Protocol (VoIP), logged and/or reported. The rule-set may also designate that the system adjust the security policy, and/or generate alerts which include, as examples: electronic mail notification, pager notification, console messaging, and/or a Simple Network Management Protocol (SNMP) trap notification. The rule-set may designate responsive actions including, for example, performing additional designated threat assessment(s) (TA), logging the call event, generating alerts and/or reports, and adjusting the security policy. Attributes captured by the device include, as examples: station extension, inbound caller-ID information (when available), outbound number dialed, digits entered after call connection, call-type (i.e., voice, fax, modem, VoIP, STU-III-voice, STU-III-data, STU-III unspecified, Wideband, Wideband video, busy, unanswered, and undetermined), call content such as keywords detected via speech recognition, or demodulated and decoded modem and/or fax data call time and date, and call duration (in seconds).
In one aspect of the invention, the disclosed system and method combines call-progress monitoring, caller-id (CND) and/or automatic number identification (ANI) decoding, digital line protocol reception, decoding, demodulation, pulse dial detection, tone detection (DTMF and MF, referring to Dual Tone Multi-Frequency and Multi-Frequency signaling tones respectively), pattern matching, speech recognition, foreign language recognition, voice compression, voice decompression, companding law transcoding, encryption and decryption, call address translation, echo cancellation, voice activity detection and silence suppression with microprocessor control, access-control logic, and call-interrupt circuitry.
As used herein, the following terms carry the connotations described below:
“Keyword” is understood to refer to a predefined sequence of digital data.
“STU-III-voice” call-type is understood to refer to the encrypted voice transmission from a Secure Telephone Unit-III (STU-III) encryption device used by some government agencies, the military and some NATO agencies to conduct classified conversations.
“STU-III-data” call-type is understood to refer to the encrypted data transmission from the STU-III encryption device when it is used as a modem to transmit data to another STU-III location.
“STU-III-unspecified” call-type is understood to refer to transmissions from the STU-III devices, but due to the early version of the device, a determination of STU-III-voice or STU-III-data can not be made.
“Wideband” call-type is understood to refer to any non-voice grade data transmission using multiple channels on an Integrated Services Digital Network/Primary Rate Interface (ISDN/PRI) trunk (except video which is referenced separately; i.e., the bearer channel information transfer capability attribute is “speech,” “3.1 kHz audio,” “restricted data,” “unrestricted data,” or “unrestricted data with tones/announcements”).
“Wideband video” call-type is understood to refer to any video transmission using multiple channels on a ISDN/PRI trunk (i.e., the bearer channel information transfer capability attribute is “video”).
“Unanswered” call-type is understood to refer to the call wherein the call source hangs up before the call destination answers.
“Undetermined” call-type is understood to refer to the call wherein the called or calling party hangs up after the call is answered but before the call-type is determined.
In one embodiment, a system and method of telephony sec
Applonie Robert R.
Beebe Todd
Brysch Michael
Buntin David
Collier Mark D.
Bui Bing
Jenkens & Gilchrist P.C.
SecureLogix Corporation
LandOfFree
Telephony security system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Telephony security system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Telephony security system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3185946