Telephony security system
First Claim
1. A telephony security system for controlling and logging incoming and outgoing calls between end-user stations within an enterprise at one or more of its locations and their respective circuits into a Public Switched Telephone Network (PSTN), said system comprising:
- a database controlled by system administrators at one or more enterprise locations containing security rules including the action of permitting or denying an incoming or an outgoing call for each of the end-user stations, said security rules specifying actions to be taken based upon at least one designated attribute of the call on the line, wherein said at least one attribute is determined within the enterprise; and
a line sensor within the enterprise for periodically determining a call-type of the call, wherein said line sensor includes means for determining at least one attribute of each call present on the line and for performing actions on selected calls based upon said at least one attribute of the call, in accordance with said security rules and wherein the line sensor senses both incoming and outgoing calls and does not interrupt the calls unless specified in said security rules.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method of telephony security for controlling and logging access between an enterprise'"'"'s end-user stations and their respective circuits into the public switched telephone network (PSTN). A security policy, i.e., a set of security rules, are defined for each of the extensions, the rules specifying actions to be taken based upon at least one attribute of the call on the extension. Calls are detected and sensed on the extensions to determine attributes associated with each call. Actions are then performed on selected calls based upon their attributes in accordance with the security rules defined for those extensions.
158 Citations
103 Claims
-
1. A telephony security system for controlling and logging incoming and outgoing calls between end-user stations within an enterprise at one or more of its locations and their respective circuits into a Public Switched Telephone Network (PSTN), said system comprising:
-
a database controlled by system administrators at one or more enterprise locations containing security rules including the action of permitting or denying an incoming or an outgoing call for each of the end-user stations, said security rules specifying actions to be taken based upon at least one designated attribute of the call on the line, wherein said at least one attribute is determined within the enterprise; and
a line sensor within the enterprise for periodically determining a call-type of the call, wherein said line sensor includes means for determining at least one attribute of each call present on the line and for performing actions on selected calls based upon said at least one attribute of the call, in accordance with said security rules and wherein the line sensor senses both incoming and outgoing calls and does not interrupt the calls unless specified in said security rules. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of telephony security for an enterprise for controlling and logging incoming and outgoing calls between end-user stations at one or more enterprise locations and their respective circuits into a Public Switched Telephone Network (PSTN), said method comprising the steps of:
-
defining security rules by a system administrator at one or more enterprise locations for each of the end-user stations which include the action of permitting or denying an incoming or outgoing call, said rules specifying actions to be taken based upon at least one designated attribute of the call on the line and contained in a database;
detecting and sensing calls on the line to determine at least one attribute of each call present on the line, wherein said at least one attribute of the call detected and sensed periodically by the system is whether the call-type is voice, fax, data (modem), and wherein said detecting and sensing occurs at one or more of the enterprise locations for both incoming and outgoing calls and does not interrupt the call unless specified in said security rules; and
performing actions on selected calls based upon their the determined at least one attribute, in accordance with said security rules defined for those end-user stations. - View Dependent Claims (8, 9, 10)
-
-
11. A telephony security system for controlling incoming and outgoing calls between a plurality of end-user stations in one or more enterprise locations and a plurality of respective circuits into a Public Switched Telephone Network (PSTN), said system comprising:
-
a database controlled by system administrators at one or more enterprise locations containing security rules for the plurality of end-user stations which include the action of permitting or denying an incoming or an outgoing call, said security rules specifying actions to be taken based upon at least one attribute designated of a call on each of the lines, wherein said at least one attribute is determined within the enterprise;
a line sensor within the enterprise for periodically determining a call-type of the call present on the line, wherein said line sensor includes determining at least one attribute of each call present on the line and wherein said line sensor does not interrupt the incoming and outgoing calls unless specified in said security rules; and
means for performing actions on selected calls based upon the determined at least one attribute of the call, in accordance with said security rules, and wherein said actions are performed within the enterprise. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A security apparatus for controlling and monitoring access to the telephony resources of an enterprise, said security apparatus comprising:
-
a microprocessor controlled telephony access control device;
said microprocessor controlled telephony access control device connected between a public switched telephone network and the end-user stations in an enterprise, said end-user stations including voice capability, fax capability, and data transfer capability;
a set of security rules contained within said microprocessor controlled telephony access control device;
means for periodically determining if an incoming call or an outgoing call is a voice, fax, or data transfer call contained within said microprocessor controlled telephony access control device and for determining at least one attribute of each call present on the line and wherein said access control device does not interrupt the incoming and outgoing calls unless specified in said security rules;
means for applying said set of security rules based on the end-user station to which an incoming call is directed or from which an outgoing call has been initiated;
means for denying incoming calls or denying outgoing calls based on whether said incoming or outgoing call is a voice, fax, or data transfer call and the extension to which said incoming call is directed or from which said outgoing call has been initiated. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
no data transfer calls permitted on designated fax lines;
no modem calls permitted on designated fax lines;
no modem calls permitted during the designated time period; and
no outbound calls permitted to a certain destination identified by a designated digital sequence;
no long distance calls permitted during a designated time period; and
no modem calls permitted from non-designated sources.
-
-
36. The security apparatus as defined in claim 35 wherein modem calls from non-designated sources are denied or reported on their first use.
-
37. The security apparatus as defined in claim 35 wherein said destination identified by a designated digital sequence is a Numbering Plan Area (NPA) code.
-
38. The security apparatus as defined in claim 24 further including a remote log server utilized to log all attempted access to or from each of the lines and any actions taken on each of the lines.
-
39. A method for controlling and monitoring access to the telephony resources of an enterprise at one or more of its locations through a public switched telephone network, said method comprising the steps of:
-
connecting a microprocessor controlled telephony access control device between the publicly switched telephone network and the telephony lines in one or more enterprise locations, said telephony lines including voice, fax, and data transfer capabilities;
including a database of security rules within said microprocessor controlled telephony access control device;
periodically determining if an incoming call is a voice, fax, or a data transfer call and determining at least one attribute of the call present on the line and wherein said access control device does not interrupt the incoming and outgoing calls unless specified in said security rules;
applying said security rules based on the extension to which an incoming call is directed or from which an outgoing call has been initiated;
permitting or denying incoming calls based on whether said incoming call is a voice, fax, or data transfer call and the extension to which said incoming call is directed;
orpermitting or denying outgoing calls based on whether said outgoing call is a voice, fax, or data transfer call and the extension from which said outgoing call has been initiated. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
no data transfer calls permitted on designated fax lines;
no modem calls permitted on designated fax lines;
no modem calls permitted during a designated time period;
no outbound calls permitted to a certain destination identified by a designated digital sequence;
no long distance calls permitted during a designated time period; and
no modem calls permitted from non-designated sources.
-
-
48. The method as defined in claim 47 wherein modem calls from non-designated sources are denied or reported on their first use.
-
49. The method as defined in claim 47 wherein said destination identified by a designated digital sequence is a Numbering Plan Area (NPA) code.
-
50. A system for monitoring and logging access to the telephony resources of an enterprise at one or more of its locations, said system comprising:
-
an access control device constructed and arranged to be connected in-line between a plurality of telephony end-user stations at one or more enterprise locations and the connections to a public switched telephone network;
said plurality of telephony end-user stations including voice telephones, fax machines, and data transfer devices;
said access control device including a set of rules to be applied to all incoming and outgoing calls passing through said access control device;
said access control device further including means for periodically determining if an incoming call or an outgoing call is a voice, fax, or data transfer call;
whereby said access control device will detect and analyze at least one predetermined attribute of each call present on the line and wherein said access control device does not interrupt the incoming and outgoing calls unless specified in said set of rules. - View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63)
logging data transfer calls attempted on designated fax lines;
logging modem calls attempted on designated fax lines;
logging modem calls attempted during a designated time period;
logging outbound calls attempted to a certain destination identified by a designated digital sequence;
logging long distance calls attempted during a designated time period; and
logging modem calls attempted from non-designated sources.
-
-
61. The system as defined in claim 60 wherein modem calls from non-designated sources are denied or reported on their first use.
-
62. The system as defined in claim 60 wherein said destination identified by a designated digital sequence is a Numbering Plan Area (NPA) code.
-
63. The system as defined in claim 50 further including a remote log server utilized to log all attempted access to or from each of the lines and any actions taken on each of the lines.
-
64. An enterprise telephony system connected to a Public Switched Telephone Network (PSTN) comprising:
-
at least one private branch exchange (PBX) connected to the PSTN;
a plurality of telephony end-user stations connected either to said at least one PBX or directly to the PSTN;
said plurality of telephony end-user stations including voice telephones, fax machines, and data transfer devices;
a security system for monitoring, controlling, and logging access to the telephony resources of an enterprise at one or more of its locations, said security system including;
an access control device constructed and arranged to be connected in-line between said plurality of telephony end-user stations at one or more enterprise locations and said connections to said PSTN or said at least one PBX;
said access control device including a set of security rules to be applied to all incoming and outgoing calls passing through said access control device;
said access control device further including means for periodically determining if an incoming call or an outgoing call is a voice, fax or data transfer call and for determining at least one attribute of each call present on the line and wherein said access control device does not interrupt the incoming and outgoing calls unless specified in said security rule;
whereby said access control device will either permit or deny all incoming calls or permit or deny all outgoing calls based on the extension to which said incoming call is directed or from which extension said outgoing call is initiated, a determination of said incoming or said outgoing call is a voice, fax, or data transfer call, and an application of said security rules to said incoming or said outgoing call. - View Dependent Claims (65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80)
no data transfer calls permitted on designated voice lines;
no modem calls permitted on designated voice lines;
no modem calls permitted during a designated time period;
no outbound calls are permitted to a certain destination identified by a designated digital sequence;
no long distance calls permitted during a designated time period; and
no modem calls permitted from non-designated sources.
-
-
77. The enterprise telephony system as defined in claim 76 wherein modem calls from non-designated sources are denied or reported on their first use.
-
78. The enterprise telephony system as defined in claim 76 wherein said destination identified by a designated digital sequence is a Numbering Plan Area (NPA) code.
-
79. The enterprise telephony system as defined in claim 64 wherein said access control device is complemented with computer telephony integration to said PBX.
-
80. The enterprise telephony system as defined in claim 64 further including a remote log server utilized to log all attempted access to or from each of the lines and any actions taken on each of the lines.
-
81. A telephony system for controlling and logging incoming and outgoing calls between end-user stations within an enterprise at one or more of its locations and their respective circuits into a Public Switched Telephone Network (PSTN), said system comprising:
-
a database controlled by system administrators at one or more enterprise locations containing security rules including the action of permitting or denying an incoming or an outgoing call for each of the end-user stations, said security rules specifying actions to be taken based upon at least one designated call attribute on the line, wherein said at least one call attribute is determined within the enterprise;
a line sensor within the enterprise for periodically determining the call type and for determining at least one call attribute of each call present on the line and for performing actions on selected calls based upon said at least one call attribute in accordance with said security rules and wherein the line sensor senses both incoming and outgoing calls and does not interrupt the calls unless specified in said security rules. - View Dependent Claims (82, 83)
-
-
84. An enterprise telephony system including a plurality of telephony end-user stations, said plurality of telephony end-user stations including voice telephones, fax machines, and data transfer devices, said enterprise telephony system being connected to a Public Switch Telephone Network (PSTN) and comprising:
-
a private branch exchange (PBX) connected to the PSTN;
said PBX being connected to said plurality of telephony end-user stations;
a security system for monitoring, controlling, and logging access to the plurality of telephony end-user stations of the enterprise at one or more of its locations, said security system including;
an access control device constructed and arranged to be connected in-line between said plurality of telephony end-user stations at one or more enterprise locations, and said connections to the PSTN or said PBX;
said access control device including set of security rules to be applied to all incoming and outgoing calls passing through said access control device;
said access control device further including means for periodically determining if an incoming call or an outgoing call is a voice, fax, or data transfer call and for determining at least one attribute of each call present on the line and wherein said access control device does not interrupt the incoming and outgoing calls unless specified in said security rules;
whereby said access control device will either permit or deny all incoming calls or permit or deny outgoing calls based on the extension to which said incoming call is directed or from which extension said outgoing call is initiated, a determination of said incoming or said outgoing call is a voice, fax, or data transfer call, and an application of said security rules to said incoming or said outgoing call. - View Dependent Claims (85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96)
no data transfer calls permitted on designated fax lines;
no modem calls permitted on designated fax lines;
no modem calls permitted during a designated time period;
no outbound calls are permitted to a certain destination identified by a designated digital sequence;
no long distance calls permitted during a designated time period; and
no modem calls permitted from non-designated sources.
-
-
95. The enterprise telephony system as defined in claim 94 wherein said destination identified by a designated digital sequence is a Numbering Plan Area code.
-
96. The enterprise telephony system as defined in claim 84 wherein said access control device is complemented with computer telephony integration to said PBX.
-
97. A security breach alert system located in the connections between the end-user stations and the PBX of an enterprise or between the PBX of an enterprise and a Public Switched Telephone Network, to enable said security breach alert system to monitor both incoming and outgoing telecommunications directed to or originating from an enterprise, said security breach alert system comprising:
-
an access control device located in the connections between the end-user stations and the PBX of an enterprise or between the PBX of the enterprise and the Public Switched Telephone Network;
said access control device including a set of security rules defining one or more actions to be applied to the incoming and outgoing calls passing through said access control device wherein said one or more actions are based on the one or more designated attributes of the incoming and outgoing calls passing through said access control device;
a computer telephony integration device, said computer telephony integration device being constructed and arranged for connection between said access control device and the PBX of the enterprise;
whereby said one or more actions to be applied to said incoming and outgoing calls according to said set of security rules originate with said access control device and are passed to said computer telephony integration device for execution at the PBX of the enterprise;
wherein said access control device includes means for periodically determining if an incoming call or an outgoing call is a voice, fax, or data transfer call and for determining at least one attribute of each call present on the line and wherein said access control device does not interrupt the incoming and outgoing calls unless specified in said security rules. - View Dependent Claims (98, 99, 100, 101, 102, 103)
no data transfer calls permitted on designated fax lines;
no modem calls permitted on designated fax lines;
no modem calls permitted during a designated time period;
no outbound calls permitted to a certain destination identified by a predetermined numerical sequence;
no long distance calls permitted during a designated time period; and
no modem calls permitted from non-designated sources.
-
-
102. The system as defined in claim 97 wherein said security rules are programmed into said access control device at said access control device or from the management station located nearby or at a very remote distance therefrom within the enterprise.
-
103. The system as defined in claim 97 whereby said one or more attributes of said incoming and outgoing calls originate from said PBX and are passed from said computer telephony integration device to said access control device for selecting said one or more actions to be applied to said incoming and outgoing calls according to said set of security rules.
Specification