Method and apparatus for multi-channel communication security
First Claim
1. A security arrangement for communicating an information message comprisinga plurality of user stations, anda digital switching network for selectively establishing communication channels among said plurality of user stations and including control means responsive to a request in a first signalling channel from a first one of said user stations for a secure call to a second one of said user stations both for controlling the establishment by said digital switching network of first and second ones of said communication channels from said first user station through said digital switching network without security processing to said second user station and for selecting a splitting routine from a plurality of message splitting routines said control means being responsive to said selected splitting routine for transmitting in said first signaling channel a first security code signal defining said selected splitting routine to said first user station and transmitting a second security code signal defining a combining routine associated with said selected splitting routine in a second signaling channel to said second user station, said first and second signaling channels each being distinct from said first and second communication channels, said first user station comprisingmeans responsive to said first security code signal defining said selected splitting routine, for splitting said message into first portions and second portions in accordance with said selected splitting routine, andmeans for communicating said first portions and said second portions over said first and second communication channels, respectively, through said digital switching network, and said second user station comprisingmeans responsive to said second security code signal defining said combining routine and to a receipt of said first portions and second portions from said first and second communication channels, for reforming said message in accordance with said combining routine.
1 Assignment
0 Petitions
Accused Products
Abstract
A multi-channel communication security system where the information in an original information message is split among a number of channels in accordance with a message splitting routine such that the interception and analysis of any single channel does not compromise the privacy of the communication. The system provides secure communication terminal adapters in cojunction with user terminals for splitting and recombining of private communications together with control facilities in an integrated services digital network (ISDN) for selecting amoung a multiplicity of possible of message splitting routines and generating security code signals for transmission in separate D-channels to the user equipment.
-
Citations
35 Claims
-
1. A security arrangement for communicating an information message comprising
a plurality of user stations, and a digital switching network for selectively establishing communication channels among said plurality of user stations and including control means responsive to a request in a first signalling channel from a first one of said user stations for a secure call to a second one of said user stations both for controlling the establishment by said digital switching network of first and second ones of said communication channels from said first user station through said digital switching network without security processing to said second user station and for selecting a splitting routine from a plurality of message splitting routines said control means being responsive to said selected splitting routine for transmitting in said first signaling channel a first security code signal defining said selected splitting routine to said first user station and transmitting a second security code signal defining a combining routine associated with said selected splitting routine in a second signaling channel to said second user station, said first and second signaling channels each being distinct from said first and second communication channels, said first user station comprising means responsive to said first security code signal defining said selected splitting routine, for splitting said message into first portions and second portions in accordance with said selected splitting routine, and means for communicating said first portions and said second portions over said first and second communication channels, respectively, through said digital switching network, and said second user station comprising means responsive to said second security code signal defining said combining routine and to a receipt of said first portions and second portions from said first and second communication channels, for reforming said message in accordance with said combining routine.
-
6. second processor means responsive to said second security code signal for reading from said second memory means control information defining the combining of message portions in accordance with said combining routine,
means responsive to said control information read from said second memory means, for combining said first portions and said second portions to reform said information message.
-
24. A security arrangement for communicating a message comprising
a plurality of user stations, and a digital switching network for selectively establishing communication channels among said plurality of user stations and including control means responsive to a request in a first signaling channel from a first one of said user stations for a secure call to a second one of said user stations both for controlling the establishment by said digital switching network of N of said communication channels from said first user station through said digital switching network without security processing to said second user station, N being a positive integer greater than one, and for selecting a splitting routine from a plurality of message splitting routines, said control means being responsive to said selected splitting routine for transmitting in said first signaling channel a first security code signal defining said selected splitting routine to said first user station and transmitting a second security code signal defining a combining routine associated with said selected splitting routine in a second signaling channel to said second user station, said first and second signaling channels each being distinct from said N communication channels, said first user station comprising means responsive to said first security code signal defining said selected splitting routine, for splitting said message into N components in accordance with said selected splitting routine, and means for transmitting each of said N components on an associated one of said N communication channels through said digital switching network, and said second user station comprising means responsive to said second security code signal defining said combining routine and to a receipt of said N components on said N communication channels, for combining said N components in accordance with said combining routine to reform said message.
-
27. A security arrangement for communicating the information in N packets, N being a positive integer, said arrangement comprising
a plurality of user stations, and a digital switching network for selectively establishing communication channels among said plurality of user stations and including control means responsive to a request in a first signaling channel from a first one of said stations for a secure call to a second one of said user stations both for controlling the establishment by said digital switching network of at least one of said communication channels from said first user station through said digital switching network without security processing to said second user station and for selecting a splitting routine from a plurality of packet splitting routines, said control means being responsive to said selected splitting routine for transmitting in said first signaling channel a first security code signal defining said selected splitting routine to said first user station and transmitting a second security code signal defining a combining routine associated with said selected splitting routine in a second signaling channel to said second user station, said first and second signaling channels each being distinct from said at least one communication channel, said first user station comprising means responsive to said first security code signal defining said selected splitting routine, for splitting each of said N packets among M packets in accordance with said selected splitting routine, M being a positive integer greater than one, and means for transmitting said M packets on said at least one communication channel through said digital switching network, and said second user station comprising means responsive to said second security code signal defining said combining routine and to a receipt of said M packets on said at least one communication channel, for combining information from each of said M received packets in accordance with said combining routine to reform each of said N packets.
-
30. In a switching arrangement for providing switched connections among a plurality of user stations each having a plurality of channels contemporaneously available for communication, a security method of communication a message from an originating one of said user stations to a terminating one of said stations comprising
transmitting, by said originating user station, a request to said switching arrangement for a secure call from said originating user to said terminating user stations, providing, by said switching arrangement in response to said request, a first connection without security processing between a first one of said channels of said originating user station and a first one of said channels of said terminating user station, providing, by said switching arrangement in response to said request, a second connection without security processing between a second one of said channels of said originating user station and a second one of said channels of said terminating user station, selecting, by said switching arrangement in response to said request, a splitting routine from a plurality of message splitting routines, transmitting, by said switching arrangement, a first security code signal defining said selected splitting routine to said originating user station, transmitting, by said switching arrangement, a second security code signal defining a combining routine associated with said selected splitting routine to said terminating user station, splitting by said originating user station in response to said first security code signal, said message into first portions and second portions in accordance with said selected splitting routine, separately encrypting, by said originating user station, said first portions and said second portions, transmitting, by said originating user station in its first channel, said encrypted first portions to said first connection, transmitting, by said originating user station in its second channel, said encrypted second portions to said second connection, receiving, by said terminating user station in its first channel, said encrypted first portions from said first connection, receiving, by said terminating user station in its second channel, said encrypted second portions from said second connection, separately decrypting, by said terminating user station, said received encrypted first portions and said received encrypted second portions and combining, by said terminating user station in response to said second security code signal, said decrypted first portions and said decrypted second portions in accordance with said combining routine to reform said message.
-
31. In an arrangement comprising
a first switch serving a first user station, a first plurality of user channels between said first user station and said first switch, a second switch serving a second user station and a second plurality of user channels between said second user station and said second switch, a security method of communicating a message from said first user station to said second user station, said first user station transmitting a call request in a given one of said first plurality of channels to said first switch, said call request defining a secure call to said second user station, said first switch transmitting said call request to said second switch, a given one of said first and second switches selecting one of a plurality of message splitting routines for splitting said message among predetermined ones of said first plurality of channels each being distinct from said given one of said first plurality of channels, said given switch transmitting a definition of said selected splitting routine to the other one of said first and second switches, said first switch transmitting said definition of said selected splitting routine in said given one of said first plurality of channels to said first user station, said second switch transmitting said definition of said selected splitting routine in a given one of said second plurality of channels to said second user station, said first and second switches connecting without security processing of information from said predetermined ones of said first plurality of channels to corresponding ones of said second plurality of channels each being distinct from said given one of said second plurality of channels, said first user station transmitting said message on said predetermined ones of said first plurality of channels in accordance with said selected splitting routine, and said second user station combining information received on said corresponding ones of said second plurality of channels in accordance with a combining routine that is the inverse of said selected splitting routine.
-
32. In an arrangement comprising a plurality of user stations, an integrated services digital network for providing digital connections among said user stations, and a plurality of user access lines each connecting an associated one of said user stations with said network, each of said user access lines having at least first and second B-channels and a D-channel thereon, said D-channel being distinct from said first and second B-channels,
a security method of communicating a message from a first one of said user stations having an associated first user access line, to a second one of said user stations having an associated second user access line, said method comprising said first user station transmitting in the D-channel of said first user access line, a secure call request to said network, said secure call request defining a secure call to said second user station, said network selecting, in response to said secure call request, one of a plurality of message splitting routines for splitting said message between the first and second B-channels of said first user access line, said network providing a circuit-switched connection without security processing from said first B-channel of said first user access line to the first B-channel of said second user access line, and providing a circuit-switched connection without security processing from said second B-channel of said first user access line to the second B-channel of said second user access line, said network transmitting a definition of said selected splitting routine to said first user station in said D-channel of said first user access line, and to said second user station in the D-channel of said second user access line, said first user station transmitting said message in said first and second B-channels of said first user access line in accordance with said selected splitting routine and said second user station combining information received in said first and second B-channels of said second user access line in accordance with a combining routine that is the inverse of said selected splitting routine.
-
33. In an arrangement comprising a plurality of user stations, an integrated services digital network for providing digital connections among said use stations, and a plurality of user access lines each connecting an associated one of said user stations with said network, each of said user access lines having at least a D-channel thereon, said D-channel including a signaling channel and a plurality of logical data channels, said signaling channel being distinct from said logical data channels,
a security method of communicating a message from a first one of said user stations having an associated first user access line, to a second one of said user stations having an associated second user access line, said method comprising said first user station transmitting in the signaling channel of said first user access line, a secure call request to said network, said secure call request defining a secure call to said second user station, said network selecting, in response to said secure call request, one of a plurality of message splitting routines for splitting said message among logical data channels of said first user access line, said network providing packet-switched connections without security processing from said logical data channels of said first user access line to logical data channels of said second use access line, said network transmitting a definition of said selected splitting routine to said first user station in said signaling channel of said first user access line, and to said second user station in the signaling channel of said second user access line, said first user station transmitting said message in said logical data channels of said first user access line in accordance with said selected splitting routine and said second user station combining information received in said logical data channels of said second user access line in accordance with a combining routine that is the inverse of said selected splitting routine.
-
34. In an arrangement comprising a plurality of user stations, an integrated service digital network for providing digital connections among said user stations, and a plurality of user access lines each connecting an associated one of said user stations with said network, each of said user access lines having at least a D-channel thereon, said D-channel including a signaling channel and at least one logical data channel, said signaling channel being distinct from said logical data channel,
a security method of communicating a message from a first one of said user stations having an associated first user access line, to a second one of said user stations having an associated second user access line, said method comprising said first user station transmitting in the signaling channel of said first user access line, a secure call request to said network, said secure call request defining a secure call to said second user station, said network selecting, in response to said secure call request, one of a plurality of message splitting routines for splitting said message among a plurality of packets to be transmitted in a logical data channel of said first user access line, said network providing a packet-switched connection without security processing from said logical data channel of said first user access line to a logical data channel of said second user access line, said network transmitting a definition of said selected splitting routine to said first user station in said signaling channel of said first user access line, and to said second user station in the signaling channel of said second user access line, said first user station transmitting said message in said plurality of packets in said logical data channel of said first user access line in accordance with said selected splitting routine and said second user station combining information received in said plurality of packets in said logical data channel of said second user access line in accordance with a combining routine that is the inverse of said selected splitting routine.
-
35. Apparatus for secure communication of messages between different ones of a plurality of user stations interconnected via a switching arrangement wherein said switching arrangement comprises
means responsive to a request in a first signaling channel from a first one of said stations for a secure call to a second one of said stations for establishing first and second communication channels without security processing through said switching arrangement between said first and second stations, said first signaling channel being distinct from said first and second communication channels, means responsive to said request for selecting one of plurality of message splitting routines, means for storing data defining, for each of said plurality of stations, security code signals defining to said each station said plurality of splitting routines, means responsive to said request and said selection, for reading said stored data to determine a first security code signal defining said selected splitting routine to said first station and a second security code signal defining a combining routine associated with said selected splitting routine to said second station, means for transmitting said first security code signal in said first signaling channel to said first station and means for transmitting said second security code signal in a second signaling channel to said second station, said second signaling channel being distinct from said first and second communication channels, wherein said first station comprises means responsive to said first security code signal for splitting a message into first portions and second portions in accordance with said selected splitting routine and means for transmitting said first portions and said second portions over said first and second communication channels, respectively, and wherein said second station comprises means responsive to said second security code signal and to a receipt of said first and second portions from said first and second communication channels, for reforming said message in accordance with said combining routine associated with said selected splitting routine.
Specification