Secure telecommunications
First Claim
1. A system enabling communications between a plurality of calling parties and a plurality of respective called parties via a switched telecommunications network, said system comprisingcustomer premise equipment connected to said switched telecommunications network for originating calls from said calling parties to said called parties, each of said calls containing encrypted information,means in said network for routing each of said calls to a multi-user security node disposed in said switched telecommunications network, said node being arranged to process multiple calls simultaneously, andmeans in said security node arranged for each of said calls to (a) decrypt said encrypted information received from said customer premise equipment and (b) obtain information needed to route said call through said network, so that said encrypted information is communicated to said respective called parties in non-encrypted form.
1 Assignment
0 Petitions
Accused Products
Abstract
A security node disposed in the telecommunications network connecting calling and called parties transforms information (which can be voice, data, facsimile, video and other types of calls or messages) encrypted in a first format to (a) encrypted information in a different format or to (b) non-encrypted information, and vice-versa. The node is accessible from any location connected to the network. By routing calls or messages originated by the calling party and destined for the called party via the security node, and providing appropriate control signals to the node, the information may be encrypted only over a portion of the transmission path between the parties, and clear over the remainder of the transmission path. Alternatively, the information may be encrypted in different portions of the path using different encryption algorithms. This arrangement enables the parties to obtain relatively secure communications even if only one party has a security device at the originating or terminating end, or if the parties have security devices using different handshaking protocols and encryption algorithms.
67 Citations
23 Claims
-
1. A system enabling communications between a plurality of calling parties and a plurality of respective called parties via a switched telecommunications network, said system comprising
customer premise equipment connected to said switched telecommunications network for originating calls from said calling parties to said called parties, each of said calls containing encrypted information, means in said network for routing each of said calls to a multi-user security node disposed in said switched telecommunications network, said node being arranged to process multiple calls simultaneously, and means in said security node arranged for each of said calls to (a) decrypt said encrypted information received from said customer premise equipment and (b) obtain information needed to route said call through said network, so that said encrypted information is communicated to said respective called parties in non-encrypted form.
-
4. A security node disposed within a switched telecommunications network, comprising
means for receiving a plurality of calls each containing encrypted information from a particular calling party, means for routing said calls through a plurality of decryptors to generate for each of said calls, clear information corresponding to said encrypted information, and means for transmitting said clear information to respective called parties, wherein said routing means includes: -
(a) means for obtaining destination information from said calling parties identifying said called respective called parties, and (b) means for supplying said destination information to a switch in said telecommunication network to complete routing of said clear information through said network.
-
-
5. A system enabling simultaneous plural communications between a plurality of calling parties and a plurality of respective called parties via respective call paths which each include a switched telecommunications network, said system comprising
customer premise equipment for applying non-encrypted information originated by each of said calling parties and destined for a respective one of said called parties, to said telecommunications network, and a security node disposed in said switched telecommunications network arranged for each of said simultaneous plural communications to (a) generate encrypted information corresponding to said non-encrypted information received from said customer premise equipment, (b) obtain the telephone number associated with said respective one of said called parties and (c) supply said telephone number to said switched telecommunication network in order to route said encrypted information to said respective one of said called parties, whereby for each of said simultaneous plural communications over at least a portion of each of said respective call paths are encrypted and communications over the remainder of each of said respective call paths are non-encrypted.
-
8. A security node disposed within a switched telecommunications network, comprising
means for receiving non-encrypted information from each of multiple calling parties, means for routing said non-encrypted information from each of said calling parties through a selected one of a plurality of encryptors in said security node to generate corresponding encrypted information, and means for transmitting said encrypted information to respective called parties, wherein said routing means includes: -
(a) means for obtaining destination information identifying said called parties, and (b) means for using said destination information to complete routing of said encrypted information through said network.
-
-
9. A system enabling multiple simultaneous communications each communication between a calling party and a respective called party via a call path which includes a switched telecommunications network, said system comprising
(a) for each calling party and said respective called party, customer premise equipment for encrypting information originated by said calling party and destined for said called party using a first encryption algorithm, (b) means for transmitting said encrypted information from said customer premise equipment to a security node disposed in said switched telecommunications network via a first call path, (c) means in said security node arranged to convert said encrypted information received from said customer premise equipment to information encrypted using a second encryption algorithm different from said first encryption algorithm, (d) means in said security node for receiving routing information identifying said called party, and (e) means responsive to said routing information for transmitting said converted information from said security node to said called party via a second call path, wherein for each calling party and said respective called party, communications over said first call path are encrypted using said first encryption algorithm and wherein communications over said second call path are encrypted using said second encryption algorithm.
-
12. A security node disposed within a switched telecommunications network, comprising
means for simultaneously receiving plural calls from a plurality of different calling parties, each of said calls containing information encrypted using a first encryption format, means for (a) routing each of said calls containing said encrypted information through a respective decryptor to generate corresponding clear information, and (b) routing each of said calls containing said corresponding clear information through a respective encryptor to generate newly encrypted information using a second encryption format, and means for transmitting each of said calls containing said newly encrypted information to a plurality of different called parties, wherein said transmitting means further includes: -
(a) means for obtaining destination information from each of said calling parties identifying a respective one of said called parties, and (b) means for supplying said destination information to said switched telecommunication network to complete routing of each of said calls containing said newly encrypted information through said network to said plurality of called parties.
-
-
13. A security node for processing encrypted communications routed through a switched telecommunications system, said security node comprising
a plurality of encryptors of different types, each encryptor being arranged to encrypt/decrypt communications using a different encryption/decryption algorithm; -
a PBX arranged to route each of a plurality of incoming communications to a respective one of a plurality of hunt groups in response to a signaling message provided to said PBX, whereby a communication routed to any of said hunt groups is connected to an available one of said encryptors of a particular type; means for providing said signaling message to said PBX in accordance with the particular encryption/decryption algorithm used by each of said incoming communications; and means for prompting users of said security node for routing information used to route outgoing communications from said security node through said switched telecommunications system.
-
-
14. A communication method for transmitting information between a plurality of calling parties and a plurality of respective called parties via a security node disposed in a switched telecommunications network, said method comprising the steps of
applying encrypted information originated by said calling parties and destined for said called parties, and information indicating the identity of said called parties to said security node, decrypting said encrypted information received from said calling parties in said security node before said information is communicated to said called parties in non-encrypted form; - and
routing said non-encrypted information to said called parties using said identity indicating information. - View Dependent Claims (15, 16)
- and
-
17. A method of providing security functions within a switched telecommunications network, comprising the steps of
receiving a plurality of calls, each call containing encrypted information from a particular calling party, said calls being received in a security node disposed within said network; -
routing said calls through a plurality of decryptors in said node to generate for each of said calls, clear information corresponding to said encrypted information; and transmitting said clear information from said node to respective called parties, wherein said routing step includes; (a) obtaining destination information from said calling parties identifying said respective called parties, and (b) supplying said destination information to a switch in said telecommunications network to complete routing of said clear information through said network.
-
-
18. A method for enabling simultaneous plural communications between a plurality of calling parties and a plurality of respective called parties via respective call paths which each include a switched telecommunications network, comprising the steps of
applying non-encrypted information originated by each of said calling parties from first customer premise equipment and destined for a respective one of said called parties, to a security node disposed in said telecommunications network encrypting said non-encrypted information received from said first customer premise equipment in said security node, applying routing information associated with said called parties to said security node, and responsive to said routing information, routing said encrypted information to said called parties, whereby each of said simultaneous plural communications over at least a first portion of each of said respective call paths are non-encrypted and communications over the remainder of said call paths are encrypted.
-
19. A method of processing secure communications within a switched telecommunications network, comprising the steps of
routing information originating from a calling party using a particular type of encryption to a security node disposed within said network; -
routing said encrypted information through an appropriate one of a plurality of decryptors in said security node arranged to generate corresponding clear information; transmitting said clear information from said node to a called party together with destination information identifying said called party; and performing the previously mentioned steps simultaneously for each of a plurality of calls.
-
-
20. A method of providing secure communications between a plurality of calling parties and a respective plurality of called parties, comprising the steps of
establishing a clear communications path in a telecommunications network connecting each of said calling parties and a respective one of said called parties, monitoring said communications path to detect a signal indicative of a desire by one of said parties to begin secure communications; - and
converting communications in at least a portion of said communication path from clear to secure, wherein said establishing step includes routing a call from one of said calling parties to the respective one of said called parties via an intelligent switch disposed in said telecommunications network, and said converting step includes controlling said intelligent switch to insert selected encryption apparatus in said communication path compatible with associated encryption apparatus used by said one of said calling parties. - View Dependent Claims (21, 22)
- and
-
23. A method for decrypting encrypted information in calls routed through a switched telecommunications system, said method comprising the steps of
applying said calls to a PBX in the public switched telecommunications network; -
routing said calls through said PBX to one of a plurality of hunt groups in said PBX in response to signaling messages provided to said PBX, connecting calls made to each of said hunt groups to available associated decryptors arranged to decrypt said encrypted information using a decryption algorithm appropriate for said encrypted information; and providing said signaling messages to said PBX in accordance with the particular encryption algorithms used to encrypt said encrypted information, whereby each call of a plurality of calls are routed to any available one of said decryptors of an appropriate type.
-
Specification