Method and apparatus for multi-channel communication security

US 4,802,220 A
Filed: 03/20/1985
Issued: 01/31/1989
Est. Priority Date: 03/20/1985
Status: Expired due to Term

First Claim

Patent Images

1. A security arrangement for communicating an information message comprisinga plurality of user stations, anda digital switching network for selectively establishing communication channels among said plurality of user stations and including control means responsive to a request in a first signalling channel from a first one of said user stations for a secure call to a second one of said user stations both for controlling the establishment by said digital switching network of first and second ones of said communication channels from said first user station through said digital switching network without security processing to said second user station and for selecting a splitting routine from a plurality of message splitting routines said control means being responsive to said selected splitting routine for transmitting in said first signaling channel a first security code signal defining said selected splitting routine to said first user station and transmitting a second security code signal defining a combining routine associated with said selected splitting routine in a second signaling channel to said second user station, said first and second signaling channels each being distinct from said first and second communication channels, said first user station comprisingmeans responsive to said first security code signal defining said selected splitting routine, for splitting said message into first portions and second portions in accordance with said selected splitting routine, andmeans for communicating said first portions and said second portions over said first and second communication channels, respectively, through said digital switching network, and said second user station comprisingmeans responsive to said second security code signal defining said combining routine and to a receipt of said first portions and second portions from said first and second communication channels, for reforming said message in accordance with said combining routine.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A multi-channel communication security system where the information in an original information message is split among a number of channels in accordance with a message splitting routine such that the interception and analysis of any single channel does not compromise the privacy of the communication. The system provides secure communication terminal adapters in cojunction with user terminals for splitting and recombining of private communications together with control facilities in an integrated services digital network (ISDN) for selecting amoung a multiplicity of possible of message splitting routines and generating security code signals for transmission in separate D-channels to the user equipment.

Citations

35 Claims

1. A security arrangement for communicating an information message comprisinga plurality of user stations, anda digital switching network for selectively establishing communication channels among said plurality of user stations and including control means responsive to a request in a first signalling channel from a first one of said user stations for a secure call to a second one of said user stations both for controlling the establishment by said digital switching network of first and second ones of said communication channels from said first user station through said digital switching network without security processing to said second user station and for selecting a splitting routine from a plurality of message splitting routines said control means being responsive to said selected splitting routine for transmitting in said first signaling channel a first security code signal defining said selected splitting routine to said first user station and transmitting a second security code signal defining a combining routine associated with said selected splitting routine in a second signaling channel to said second user station, said first and second signaling channels each being distinct from said first and second communication channels, said first user station comprisingmeans responsive to said first security code signal defining said selected splitting routine, for splitting said message into first portions and second portions in accordance with said selected splitting routine, andmeans for communicating said first portions and said second portions over said first and second communication channels, respectively, through said digital switching network, and said second user station comprisingmeans responsive to said second security code signal defining said combining routine and to a receipt of said first portions and second portions from said first and second communication channels, for reforming said message in accordance with said combining routine.
- View Dependent Claims (2, 3, 4, 5, 7, 15, 16, 17, 18, 19, 20, 21, 22, 23, 25)
- - 2. A security arrangement in accordance with claim 1 wherein said first and second communication channels are included in separate circuit-switched channels of said digital switching network.
  - 3. A security arrangement in accordance with claim 1 wherein said first and second communication channels are included in separate logical packet-switched channels of said digital switching network.
  - 4. A security arrangement in accordance with claim 1 wherein said first and second communication channels are included in a single logical packet-switched channel of said digital switching network.
  - 5. A security arrangement in accordance with claim 1wherein said splitting means further comprisesfirst memory means for storing control information defining the splitting of messages into portions in accordance with a number of splitting routines,first processor means responsive to said first security code signal for reading from said first memory means control information defining the splitting of messages in accordance with said selected splitting routine, andmeans responsive to said control information read from said first memory means, for controlling the splitting of said information message into said first portions and said second portions;
    - andwherein said reforming means further comprisessecond memory means for storing control information defining the combining of message portions in accordance with a number of combining routines,
  - 7. A security arrangement in accordance with claim 5wherein said communicating means comprisesmeans for separately encrypting said first portions and said second portions andmeans for transmitting said encrypted first portions and said encrypted second portions over said first and second communication channels, respective, through said digital switching network;
    - andwherein said combining means comprisesmeans for separately decrypting said first portions and said second portions andmeans for combining said decrypted first portions and said decrypted second portions to reform said information message.
  - 15. A security arrangement in accordance with claim 1wherein said message comprises a plurality of bits andwherein each of said first portions and each of said second portions include at least one of said bits.
  - 16. An arrangement in accordance with claim 1wherein said communicating means comprisesmeans for separately encrypting said first portions and said second portions andmeans for transmitting said encrypted first portions and said encrypted second portions over said first and second communication channels, respectively, through said digital switching network;
    - andwherein said reforming means comprisesmeans for separately decrypting said first portions and said second portions andmeans for combining said decrypted first portions and said decrypted second portions to reform said message.
  - 17. A security arrangement in accordance with claim 15wherein said means for separately encrypting said first portions and said second portions comprises means for combining first and second random data with said first portions and said second portions, respectively, andwherein said means for separately decrypting said first portions and said second portions comprises means for removing said first and second random data from said first portions and said second portions, respectively.
  - 18. A security arrangement in accordance with claim 1 further comprisingmeans for transmitting a special character on both of said first and second communication channels, andmeans responsive to a receipt of said special character on both of said first and second communication channels, for enabling said reforming means.
  - 19. A security arrangement in accordance with claim 1wherein said communicating means is responsive to the initiation by said splitting means of the splitting of said information message into said first portions and said second portions, for transmitting a first character on said first communication channel before transmitting said first portions, and for transmitting a second character on said second communication channel before transmitting said second portions, where said first and second characters may be identical characters, andwherein said reforming means is responsive to a receipt of said first character on said first communication channel and said second character on said second communication channel, for initiating the reforming of said information message.
  - 20. A security arrangement in accordance with claim 1 wherein said network comprisesa circuit switching network,wherein said first and second communication channels comprise first and second circuit-switched channels of said circuit switching network.
  - 21. A security arrangement in accordance with claim 19 wherein said first and second circuit-switched channels of said circuit switching network, are transmitted along physically separate paths.
  - 22. A security arrangement in accordance with claim 1 wherein said network comprisespacket transport means,wherein said first and second channels comprise first and second logical channels through said packet transport means.
  - 23. A security arrangement in accordance with claim 21 wherein said first and second logical channels are transmitted through said packet transport means along physically separate paths.
  - 25. A security arrangement in accordance with claim 23 whereinsaid splitting means further comprisesfirst memory means for storing control information defining the splitting of messages into components in accordance with a number of splitting routines,first processor means responsive to said first security code signal for reading from said first memory means control information defining the splitting of messages in accordance with said selected splitting routine, andmeans responsive to said control information read from said first memory means, for controlling the splitting of said message into said N components;
    - andwherein said combining means further comprisessecond memory means for storing control information defining the combining of message components in accordance with a number of combining routines,second processor means responsive to said second security code signal for reading from said second memory means control information defining the combining of message components in accordance with said combining routine associated with said selected splitting routine, andmeans responsive to said control information read from said second memory means for controlling the combining of said N components to reform said message.

6. second processor means responsive to said second security code signal for reading from said second memory means control information defining the combining of message portions in accordance with said combining routine,means responsive to said control information read from said second memory means, for combining said first portions and said second portions to reform said information message.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. A security arrangement in accordance with claim 6wherein said means for separately encrypting said first portions and said second portions comprises means for combining first and second random data with said first portions and said second portions, respectively, andwherein said means for separately decrypting said first portions and said second portions comprises means for removing said first and second random data from said first portions and said second portions, respectively.
  - 9. A security arrangement in accordance with claim 6 further comprisingmeans for transmitting a special character on both of said first and second communication channels, andmeans responsive to a receipt of said special character on both of said first and second communication channels, for enabling said reforming means.
  - 10. A security arrangement in accordance with claim 6wherein said communicating means is responsive to the initiation by said splitting means of the splitting of said information message into said first portions and said second portions, for transmitting a first character on said first communication channel before transmitting said first portions, and for transmitting a second character on said second channel before transmitting said second communication portions, where said first and second characters may be identical characters, andwherein said combining means is responsive to a receipt of said first character on said first communication channel and said second communication character on said second channel, for initiating the decrypting and combining of said first portions and said second portions.
  - 11. A security arrangement in accordance with claim 6 wherein said network comprisesa circuit switching network,wherein said first and second communication channels comprise first and second circuit-switched channels of said circuit switching network.
  - 12. A security arrangement in accordance with claim 10 wherein said first and second circuit-switched channels of said circuit switching network, are transmitted along, physically separate paths.
  - 13. A security arrangement in accordance with claim 6 wherein said network comprisespacket transport means,wherein said first and second communication channels comprise first and second logical channels through said packet transport means.
  - 14. A security arrangement in accordance with claim 12 wherein said first and second logical channels are transmitted through said packet transport means along physically separate paths.

24. A security arrangement for communicating a message comprisinga plurality of user stations, anda digital switching network for selectively establishing communication channels among said plurality of user stations and including control means responsive to a request in a first signaling channel from a first one of said user stations for a secure call to a second one of said user stations both for controlling the establishment by said digital switching network of N of said communication channels from said first user station through said digital switching network without security processing to said second user station, N being a positive integer greater than one, and for selecting a splitting routine from a plurality of message splitting routines, said control means being responsive to said selected splitting routine for transmitting in said first signaling channel a first security code signal defining said selected splitting routine to said first user station and transmitting a second security code signal defining a combining routine associated with said selected splitting routine in a second signaling channel to said second user station, said first and second signaling channels each being distinct from said N communication channels, said first user station comprisingmeans responsive to said first security code signal defining said selected splitting routine, for splitting said message into N components in accordance with said selected splitting routine, andmeans for transmitting each of said N components on an associated one of said N communication channels through said digital switching network, and said second user station comprisingmeans responsive to said second security code signal defining said combining routine and to a receipt of said N components on said N communication channels, for combining said N components in accordance with said combining routine to reform said message.
- View Dependent Claims (26, 28)
- - 26. A security arrangement in accordance with claim 24wherein said means for transmitting each of said N components comprisesmeans for separately encrypting each of said N components andmeans for transmitting each of said N encrypted components on an associated one of said N communication channels;
    - andwherein said combining means comprisesmeans for separately decrypting each of said N received components andmeans for combining said N decrypted components to reform said message.
  - 28. A security arrangement in accordance with claim 26wherein said splitting means further comprisesfirst memory means for storing control information defining the splitting of individual packets among multiple packets in accordance with a number of packet splitting routines,first processor means responsive to said first security code signal for reading from said first memory means control information defining the splitting of packets in accordance with said selected splitting routine, andmeans responsive to said control information read from said first memory means, for controlling the splitting of each of said N packets among said M packets;
    - andwherein said combining means further comprisessecond memory means for storing control information defining the combining of information from multiple packets into individual packets in accordance with a number of combining routines,second processor means responsive to said second security code signal for reading from said second memory means control information defining the combining of information from multiple packets in accordance with said combining routine associated with said selected splitting routine, andmeans responsive to said control information read from said second memory means for controlling the combining of said information from each of said M packets to reform each of said N packets.

27. A security arrangement for communicating the information in N packets, N being a positive integer, said arrangement comprisinga plurality of user stations, anda digital switching network for selectively establishing communication channels among said plurality of user stations and including control means responsive to a request in a first signaling channel from a first one of said stations for a secure call to a second one of said user stations both for controlling the establishment by said digital switching network of at least one of said communication channels from said first user station through said digital switching network without security processing to said second user station and for selecting a splitting routine from a plurality of packet splitting routines, said control means being responsive to said selected splitting routine for transmitting in said first signaling channel a first security code signal defining said selected splitting routine to said first user station and transmitting a second security code signal defining a combining routine associated with said selected splitting routine in a second signaling channel to said second user station, said first and second signaling channels each being distinct from said at least one communication channel, said first user station comprisingmeans responsive to said first security code signal defining said selected splitting routine, for splitting each of said N packets among M packets in accordance with said selected splitting routine, M being a positive integer greater than one, andmeans for transmitting said M packets on said at least one communication channel through said digital switching network, and said second user station comprisingmeans responsive to said second security code signal defining said combining routine and to a receipt of said M packets on said at least one communication channel, for combining information from each of said M received packets in accordance with said combining routine to reform each of said N packets.
- View Dependent Claims (29)
- - 29. A security arrangement in accordance with claim 27wherein said means for transmitting said M packets comprisesmeans for separately encrypting each of said M packets andmeans for transmitting said M encrypted packets on said at least one communication channel;
    - andwherein said combining means comprisesmeans for separately decrypting each of said M received packets andmeans for combining information from said M decrypted packets, to reform each of said N packets.

30. In a switching arrangement for providing switched connections among a plurality of user stations each having a plurality of channels contemporaneously available for communication, a security method of communication a message from an originating one of said user stations to a terminating one of said stations comprisingtransmitting, by said originating user station, a request to said switching arrangement for a secure call from said originating user to said terminating user stations,providing, by said switching arrangement in response to said request, a first connection without security processing between a first one of said channels of said originating user station and a first one of said channels of said terminating user station,providing, by said switching arrangement in response to said request, a second connection without security processing between a second one of said channels of said originating user station and a second one of said channels of said terminating user station,selecting, by said switching arrangement in response to said request, a splitting routine from a plurality of message splitting routines,transmitting, by said switching arrangement, a first security code signal defining said selected splitting routine to said originating user station,transmitting, by said switching arrangement, a second security code signal defining a combining routine associated with said selected splitting routine to said terminating user station,splitting by said originating user station in response to said first security code signal, said message into first portions and second portions in accordance with said selected splitting routine,separately encrypting, by said originating user station, said first portions and said second portions,transmitting, by said originating user station in its first channel, said encrypted first portions to said first connection,transmitting, by said originating user station in its second channel, said encrypted second portions to said second connection,receiving, by said terminating user station in its first channel, said encrypted first portions from said first connection,receiving, by said terminating user station in its second channel, said encrypted second portions from said second connection,separately decrypting, by said terminating user station, said received encrypted first portions and said received encrypted second portions andcombining, by said terminating user station in response to said second security code signal, said decrypted first portions and said decrypted second portions in accordance with said combining routine to reform said message.

31. In an arrangement comprisinga first switch serving a first user station,a first plurality of user channels between said first user station and said first switch,a second switch serving a second user station anda second plurality of user channels between said second user station and said second switch,a security method of communicating a message from said first user station to said second user station,said first user station transmitting a call request in a given one of said first plurality of channels to said first switch, said call request defining a secure call to said second user station,said first switch transmitting said call request to said second switch,a given one of said first and second switches selecting one of a plurality of message splitting routines for splitting said message among predetermined ones of said first plurality of channels each being distinct from said given one of said first plurality of channels,said given switch transmitting a definition of said selected splitting routine to the other one of said first and second switches,said first switch transmitting said definition of said selected splitting routine in said given one of said first plurality of channels to said first user station,said second switch transmitting said definition of said selected splitting routine in a given one of said second plurality of channels to said second user station,said first and second switches connecting without security processing of information from said predetermined ones of said first plurality of channels to corresponding ones of said second plurality of channels each being distinct from said given one of said second plurality of channels,said first user station transmitting said message on said predetermined ones of said first plurality of channels in accordance with said selected splitting routine, andsaid second user station combining information received on said corresponding ones of said second plurality of channels in accordance with a combining routine that is the inverse of said selected splitting routine.

32. In an arrangement comprising a plurality of user stations, an integrated services digital network for providing digital connections among said user stations, and a plurality of user access lines each connecting an associated one of said user stations with said network, each of said user access lines having at least first and second B-channels and a D-channel thereon, said D-channel being distinct from said first and second B-channels,a security method of communicating a message from a first one of said user stations having an associated first user access line, to a second one of said user stations having an associated second user access line, said method comprisingsaid first user station transmitting in the D-channel of said first user access line, a secure call request to said network, said secure call request defining a secure call to said second user station,said network selecting, in response to said secure call request, one of a plurality of message splitting routines for splitting said message between the first and second B-channels of said first user access line,said network providing a circuit-switched connection without security processing from said first B-channel of said first user access line to the first B-channel of said second user access line, and providing a circuit-switched connection without security processing from said second B-channel of said first user access line to the second B-channel of said second user access line,said network transmitting a definition of said selected splitting routine to said first user station in said D-channel of said first user access line, and to said second user station in the D-channel of said second user access line,said first user station transmitting said message in said first and second B-channels of said first user access line in accordance with said selected splitting routine andsaid second user station combining information received in said first and second B-channels of said second user access line in accordance with a combining routine that is the inverse of said selected splitting routine.

33. In an arrangement comprising a plurality of user stations, an integrated services digital network for providing digital connections among said use stations, and a plurality of user access lines each connecting an associated one of said user stations with said network, each of said user access lines having at least a D-channel thereon, said D-channel including a signaling channel and a plurality of logical data channels, said signaling channel being distinct from said logical data channels,a security method of communicating a message from a first one of said user stations having an associated first user access line, to a second one of said user stations having an associated second user access line, said method comprisingsaid first user station transmitting in the signaling channel of said first user access line, a secure call request to said network, said secure call request defining a secure call to said second user station,said network selecting, in response to said secure call request, one of a plurality of message splitting routines for splitting said message among logical data channels of said first user access line,said network providing packet-switched connections without security processing from said logical data channels of said first user access line to logical data channels of said second use access line,said network transmitting a definition of said selected splitting routine to said first user station in said signaling channel of said first user access line, and to said second user station in the signaling channel of said second user access line,said first user station transmitting said message in said logical data channels of said first user access line in accordance with said selected splitting routine andsaid second user station combining information received in said logical data channels of said second user access line in accordance with a combining routine that is the inverse of said selected splitting routine.

34. In an arrangement comprising a plurality of user stations, an integrated service digital network for providing digital connections among said user stations, and a plurality of user access lines each connecting an associated one of said user stations with said network, each of said user access lines having at least a D-channel thereon, said D-channel including a signaling channel and at least one logical data channel, said signaling channel being distinct from said logical data channel,a security method of communicating a message from a first one of said user stations having an associated first user access line, to a second one of said user stations having an associated second user access line, said method comprisingsaid first user station transmitting in the signaling channel of said first user access line, a secure call request to said network, said secure call request defining a secure call to said second user station,said network selecting, in response to said secure call request, one of a plurality of message splitting routines for splitting said message among a plurality of packets to be transmitted in a logical data channel of said first user access line,said network providing a packet-switched connection without security processing from said logical data channel of said first user access line to a logical data channel of said second user access line,said network transmitting a definition of said selected splitting routine to said first user station in said signaling channel of said first user access line, and to said second user station in the signaling channel of said second user access line,said first user station transmitting said message in said plurality of packets in said logical data channel of said first user access line in accordance with said selected splitting routine andsaid second user station combining information received in said plurality of packets in said logical data channel of said second user access line in accordance with a combining routine that is the inverse of said selected splitting routine.

35. Apparatus for secure communication of messages between different ones of a plurality of user stations interconnected via a switching arrangement wherein said switching arrangement comprisesmeans responsive to a request in a first signaling channel from a first one of said stations for a secure call to a second one of said stations for establishing first and second communication channels without security processing through said switching arrangement between said first and second stations, said first signaling channel being distinct from said first and second communication channels,means responsive to said request for selecting one of plurality of message splitting routines,means for storing data defining, for each of said plurality of stations, security code signals defining to said each station said plurality of splitting routines,means responsive to said request and said selection, for reading said stored data to determine a first security code signal defining said selected splitting routine to said first station and a second security code signal defining a combining routine associated with said selected splitting routine to said second station,means for transmitting said first security code signal in said first signaling channel to said first station andmeans for transmitting said second security code signal in a second signaling channel to said second station, said second signaling channel being distinct from said first and second communication channels,wherein said first station comprises means responsive to said first security code signal for splitting a message into first portions and second portions in accordance with said selected splitting routine and means for transmitting said first portions and said second portions over said first and second communication channels, respectively, andwherein said second station comprises means responsive to said second security code signal and to a receipt of said first and second portions from said first and second communication channels, for reforming said message in accordance with said combining routine associated with said selected splitting routine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bell Telephone Laboratories, Inc. (Nokia Corporation)
Original Assignee
American Telephone & Telegraph Company (AT&T, Inc.)
Inventors
Marker, Walter S. Jr.
Primary Examiner(s)
Cangialosi, Salvatore
Assistant Examiner(s)
GREGORY, BERNARR E

Application Number

US06/714,192
Time in Patent Office

1,413 Days
Field of Search

455/27, 375/2.1, 375/2.2, 370/69.1, 370/60, 370/94, 179/1.5 R, 179/1.5 S, 380/21, 380/31, 380/44, 380/28, 380/33, 380/43, 380/48, 380/23-25, 380/34, 380/49
US Class Current

380/33
CPC Class Codes

H04L 25/14   Channel dividing arrangemen...

H04L 63/0428   wherein the data content is...

H04L 63/18   using different networks or...

H04L 9/00   Cryptographic mechanisms or...

H04Q 11/0428   Integrated services digital...

H04Q 2213/13176   Common channel signaling, CCS7

H04Q 2213/13202   Network termination [NT]

H04Q 2213/13208   Inverse multiplexing, chann...

H04Q 2213/13209   ISDN

H04Q 2213/13339   Ciphering, encryption, secu...

Method and apparatus for multi-channel communication security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for multi-channel communication security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links