Encapsulation, compression and encryption of PCM data
First Claim
Patent Images
1. A virtual private switched telecommunications network system for providing encrypted transport of a call across a public switched telephone network (PSTN) from a first enterprise location to a second enterprise location, said network system being located between one or more end-user stations at the first enterprise location and one or more end-user stations at the second enterprise location, said network system comprising:
- at least one security rule in a database at the first enterprise location, said at least one security rule specifying at least one action to be performed based on at least one attribute of an incoming or of an outgoing call to/from the first enterprise location;
at least one security rule in a database at the second enterprise location, said at least one security rule specifying at least one action to be performed based on at least one attribute of an incoming or of an outgoing call to/from the second enterprise location;
at least one first telephony appliance associated with said database at the first enterprise location;
at least one second telephony appliance associated with said database at the second enterprise location;
said at least one first telephony appliance and said at least one second telephony appliance including means for determining said at least one attribute of an incoming or outgoing call, said at least one attribute of the incoming or outgoing call being selected from a group including;
call direction, call source number, call destination number, call type, call date, call time, and call duration, said call type attribute being defined as one of voice, fax, or data transfer (modem);
said at least one first telephony appliance and said at least one second telephony appliance each further including means for individually performing said at least one action specified in the at least one security rule defined in its associated database, said at least one action being based upon said at least one determined attribute of the incoming or outgoing call, said at least one action being selected from a group including;
allowing the call, denying the call, conducting the call in encrypted mode, sending a tone, sending a message, logging the call, generating a report, and providing an alert;
wherein said action of conducting the call in encrypted mode is provided without encrypting actions being taken by either the calling party using the one or more end-user stations within the first enterprise location or by the called party using the one or more end-user stations within the second enterprise location.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method to provide secure access across the untrusted public switched telephone network is described. The system and method can be initiated by a security policy defining actions to be taken based upon at least one attribute of the call.
122 Citations
21 Claims
-
1. A virtual private switched telecommunications network system for providing encrypted transport of a call across a public switched telephone network (PSTN) from a first enterprise location to a second enterprise location, said network system being located between one or more end-user stations at the first enterprise location and one or more end-user stations at the second enterprise location, said network system comprising:
-
at least one security rule in a database at the first enterprise location, said at least one security rule specifying at least one action to be performed based on at least one attribute of an incoming or of an outgoing call to/from the first enterprise location;
at least one security rule in a database at the second enterprise location, said at least one security rule specifying at least one action to be performed based on at least one attribute of an incoming or of an outgoing call to/from the second enterprise location;
at least one first telephony appliance associated with said database at the first enterprise location;
at least one second telephony appliance associated with said database at the second enterprise location;
said at least one first telephony appliance and said at least one second telephony appliance including means for determining said at least one attribute of an incoming or outgoing call, said at least one attribute of the incoming or outgoing call being selected from a group including;
call direction, call source number, call destination number, call type, call date, call time, and call duration, said call type attribute being defined as one of voice, fax, or data transfer (modem);
said at least one first telephony appliance and said at least one second telephony appliance each further including means for individually performing said at least one action specified in the at least one security rule defined in its associated database, said at least one action being based upon said at least one determined attribute of the incoming or outgoing call, said at least one action being selected from a group including;
allowing the call, denying the call, conducting the call in encrypted mode, sending a tone, sending a message, logging the call, generating a report, and providing an alert;
wherein said action of conducting the call in encrypted mode is provided without encrypting actions being taken by either the calling party using the one or more end-user stations within the first enterprise location or by the called party using the one or more end-user stations within the second enterprise location. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for providing encrypted transport of a call across a public switched telephone network (PSTN) from/to a first enterprise location and from/to a second enterprise location, said method being implemented between one or more end-user stations located at either the first or the second enterprise locations, said method comprising the steps of:
-
defining at least one security rule applicable at the first enterprise location;
defining at least one security rule applicable at the second enterprise location;
said at least one security rule applicable at the first enterprise location specifying at least one action to be performed on a call based on at least one attribute of the call;
said at least one security rule applicable at the second enterprise location specifying at least one action to be performed on a call based on at least one attribute of the call;
detecting and analyzing the call to determine said at least one attribute of the call, wherein said at least one attribute of the call is selected from a group including;
call direction, call source number, call destination number, call type, call date, call time, and call duration, said call type attribute being defined as one of voice, fax, or data transfer (modem);
performing said at least one action on the incoming or outgoing call at the first enterprise location and the second enterprise location based upon said at least one attribute of the call, said at least one action being specified in said at least one security rule at the first enterprise location or said at least one security rule at the second enterprise location, wherein said at least one action is selected from a group including;
allowing the call, denying the call, conducting the call in encrypted mode, sending a tone, sending a message, logging the call, generating a report, and providing an alert;
wherein said action of conducting the call in encrypted mode is provided without encrypting actions being taken by either the calling party using the one or more end-user stations within the first enterprise location or by the called party using the one or more end-user stations within the second enterprise location. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 20, 21)
-
-
17. A method of providing encrypted transport of a call from a first geographically separate location, across a public switched telephone network (PSTN), to a second geographically separate location, said method comprising the steps of:
-
defining at least one rule applicable to one or more end-user stations located at the first geographically separate location, said at least one rule specifying one or more actions to be performed based upon at least one attribute of an incoming call to or of an outgoing call from said one or more end-user stations located at the first geographically separate location;
defining at least one rule applicable to one or more end-user stations located at the second geographically separate location, said at least one rule specifying one or more actions to be performed based upon at least one attribute of an incoming call to or of an outgoing call from said one or more end-user stations located at the second geographically separate location;
determining said at least one attribute of an incoming call to or of an outgoing call from said one or more end-user stations located at the first geographically separate location;
determining said at least one attribute of an incoming call to or of an outgoing call from said one or more end-user stations located at the second geographically separate location;
performing said one or more actions on the incoming call to or on the outgoing call from said one or more end-user stations located at the first geographically separate location, in accordance with said at least one rule applicable to one or more end-user stations located at the first geographically separate location; and
performing said one or more actions on the incoming call to or on the outgoing call from said one or more end-user stations located at the second geographically separate location, in accordance with said at least one rule applicable to one or more end-user stations located at the second geographically separate location; and
;
said at least one attribute of the incoming call to or of the outgoing call from the one or more end-user stations being selected from a group including;
call direction, call source number, call destination number, call type, call date, call time, and call duration, said call type attribute being defined as one of voice, fax, or data transfer;
wherein said one or more actions is selected from a group including;
allowing the call, denying the call, conducting the call in encrypted mode, sending a tone, sending a message, logging the call, generating a report, and providing an alert;
wherein said action of conducting the call in encrypted mode is provided without encrypting actions being taken by either the calling party using the one or more end-user stations within the first enterprise location or by the called party using the one or more end-user stations within the second enterprise location. - View Dependent Claims (18, 19)
-
Specification