Encapsulation, compression and encryption of PCM data

US 6,700,964 B2
Filed: 07/23/2002
Issued: 03/02/2004
Est. Priority Date: 07/23/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A virtual private switched telecommunications network system for providing encrypted transport of a call across a public switched telephone network (PSTN) from a first enterprise location to a second enterprise location, said network system being located between one or more end-user stations at the first enterprise location and one or more end-user stations at the second enterprise location, said network system comprising:

at least one security rule in a database at the first enterprise location, said at least one security rule specifying at least one action to be performed based on at least one attribute of an incoming or of an outgoing call to/from the first enterprise location;

at least one security rule in a database at the second enterprise location, said at least one security rule specifying at least one action to be performed based on at least one attribute of an incoming or of an outgoing call to/from the second enterprise location;

at least one first telephony appliance associated with said database at the first enterprise location;

at least one second telephony appliance associated with said database at the second enterprise location;

said at least one first telephony appliance and said at least one second telephony appliance including means for determining said at least one attribute of an incoming or outgoing call, said at least one attribute of the incoming or outgoing call being selected from a group including;

call direction, call source number, call destination number, call type, call date, call time, and call duration, said call type attribute being defined as one of voice, fax, or data transfer (modem);

said at least one first telephony appliance and said at least one second telephony appliance each further including means for individually performing said at least one action specified in the at least one security rule defined in its associated database, said at least one action being based upon said at least one determined attribute of the incoming or outgoing call, said at least one action being selected from a group including;

allowing the call, denying the call, conducting the call in encrypted mode, sending a tone, sending a message, logging the call, generating a report, and providing an alert;

wherein said action of conducting the call in encrypted mode is provided without encrypting actions being taken by either the calling party using the one or more end-user stations within the first enterprise location or by the called party using the one or more end-user stations within the second enterprise location.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method to provide secure access across the untrusted public switched telephone network is described. The system and method can be initiated by a security policy defining actions to be taken based upon at least one attribute of the call.

122 Citations

View as Search Results

21 Claims

1. A virtual private switched telecommunications network system for providing encrypted transport of a call across a public switched telephone network (PSTN) from a first enterprise location to a second enterprise location, said network system being located between one or more end-user stations at the first enterprise location and one or more end-user stations at the second enterprise location, said network system comprising:
- at least one security rule in a database at the first enterprise location, said at least one security rule specifying at least one action to be performed based on at least one attribute of an incoming or of an outgoing call to/from the first enterprise location;
  
  at least one security rule in a database at the second enterprise location, said at least one security rule specifying at least one action to be performed based on at least one attribute of an incoming or of an outgoing call to/from the second enterprise location;
  
  at least one first telephony appliance associated with said database at the first enterprise location;
  
  at least one second telephony appliance associated with said database at the second enterprise location;
  
  said at least one first telephony appliance and said at least one second telephony appliance including means for determining said at least one attribute of an incoming or outgoing call, said at least one attribute of the incoming or outgoing call being selected from a group including;
  
  call direction, call source number, call destination number, call type, call date, call time, and call duration, said call type attribute being defined as one of voice, fax, or data transfer (modem);
  
  said at least one first telephony appliance and said at least one second telephony appliance each further including means for individually performing said at least one action specified in the at least one security rule defined in its associated database, said at least one action being based upon said at least one determined attribute of the incoming or outgoing call, said at least one action being selected from a group including;
  
  allowing the call, denying the call, conducting the call in encrypted mode, sending a tone, sending a message, logging the call, generating a report, and providing an alert;
  
  wherein said action of conducting the call in encrypted mode is provided without encrypting actions being taken by either the calling party using the one or more end-user stations within the first enterprise location or by the called party using the one or more end-user stations within the second enterprise location.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The network system as defined in claim 1 wherein said group of call attributes further includes:
    - the identifier for the extension or direct connect line carrying the call;
      
      the PBX trunk group through which the call is processed;
      
      the channel through which the call is processed;
      
      the start date of the call;
      
      the start time of the call;
      
      the digits dialed prior to call connection;
      
      the digits dialed prior to the base phone number;
      
      the digits dialed after the base phone number;
      
      the caller ID identifier;
      
      the call connect time;
      
      the keywords detected;
      
      the digits dialed after call connect;
      
      the date call ended; and
      
      the time of day call ended.
  - 3. The network system as defined in claim 2 wherein said action of conducting the call in encrypted mode is automatically performed on all inbound and outbound calls when at least one attribute of an inbound or outbound call is determined by either of said first telephony appliance or said second telephony appliance.
  - 4. The network system as defined in claim 1 further including means for performing at least one additional action responsive to the success or failure of said action of conducting the call in encrypted mode, said at least one additional action being selected from a group including:
    - allowing the call, denying the call, sending a tone, sending a message, adjusting the security policy, logging the call, generating a report, and providing an alert.
  - 5. The network system as defined in claim 4 wherein the configuration of said at least one security rule includes defining two or more groups of one or more end-user stations, said two or more groups of one or more end-user stations having at least one feature in common, and said additional action of adjusting the security policy includes moving an end-user station from a first one of said two or more groups of end-user stations to a second one of said two or more groups of end-user stations.
  - 6. The network system as defined in claim 1 wherein said action of conducting the call in encrypted mode includes creation of a VoIP-compatible packet for transport over the PSTN.
  - 7. The network system as defined in claim 1 further including a public branch exchange (PBX) located at either the first or second enterprise location between the one or more end-user stations and the PSTN, and further including means for said PBX to determine and provide one or more call attributes of an incoming or outgoing call to said at least one first telephony appliance or said at least one second telephony appliance for use by said at least one first telephony appliance or said at least one second telephony appliance in performing said at least one action to be based on said at least one determined call attribute of the incoming or outgoing call.
  - 8. The network system as defined in claim 7 further including means for said PBX to be tasked by said at least one first telephony appliance or said at least one second telephony appliance to perform one or more select actions specified in said least one security rule at either the first enterprise location or the second enterprise location.

9. A method for providing encrypted transport of a call across a public switched telephone network (PSTN) from/to a first enterprise location and from/to a second enterprise location, said method being implemented between one or more end-user stations located at either the first or the second enterprise locations, said method comprising the steps of:
- defining at least one security rule applicable at the first enterprise location;
  
  defining at least one security rule applicable at the second enterprise location;
  
  said at least one security rule applicable at the first enterprise location specifying at least one action to be performed on a call based on at least one attribute of the call;
  
  said at least one security rule applicable at the second enterprise location specifying at least one action to be performed on a call based on at least one attribute of the call;
  
  detecting and analyzing the call to determine said at least one attribute of the call, wherein said at least one attribute of the call is selected from a group including;
  
  call direction, call source number, call destination number, call type, call date, call time, and call duration, said call type attribute being defined as one of voice, fax, or data transfer (modem);
  
  performing said at least one action on the incoming or outgoing call at the first enterprise location and the second enterprise location based upon said at least one attribute of the call, said at least one action being specified in said at least one security rule at the first enterprise location or said at least one security rule at the second enterprise location, wherein said at least one action is selected from a group including;
  
  allowing the call, denying the call, conducting the call in encrypted mode, sending a tone, sending a message, logging the call, generating a report, and providing an alert;
  
  wherein said action of conducting the call in encrypted mode is provided without encrypting actions being taken by either the calling party using the one or more end-user stations within the first enterprise location or by the called party using the one or more end-user stations within the second enterprise location.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 20, 21)
- - 10. The method as defined in claim 9 wherein said call attributes in said step of detecting and analyzing the call further includes the attributes:
    - the identifier for the extension or direct connect line carrying the call;
      
      the PBX trunk group through which the call is processed;
      
      the channel through which the call is processed;
      
      the start date of the call;
      
      the start time of the call;
      
      the digits dialed prior to call connection;
      
      the digits dialed prior to the base phone number;
      
      the digits dialed after the base phone number;
      
      the caller ID identifier;
      
      the call connect time;
      
      the keywords detected;
      
      the digits dialed after call connect;
      
      the date call ended; and
      
      the time of day call ended.
  - 11. The method as defined in claim 9 wherein said action of conducting the call in encrypted mode may be automatically performed on all inbound and outbound calls when at least one attribute of an inbound or outbound call is determined by either a first telephony appliance at the first enterprise location or a second telephony appliance at the second enterprise location.
  - 12. The method as defined in claim 9 further including the step of performing at least one additional action responsive to the success or failure of said action of conducting the call in encrypted mode, said at least one additional action being selected from a group including:
    - allowing the call, denying the call, sending a tone, sending a message, adjusting the security policy, logging the call, generating a report, and providing an alert.
  - 13. The method as defined in claim 12 wherein said step of defining at least one security rule applicable at the first enterprise location or said step of defining a security rule applicable at the second enterprise location includes defining two or more groups of one or more end-user stations, said two or more groups of one or more end-user stations having at least one feature in common, and said additional action of adjusting the security policy includes moving an end-user station from a first one of said two or more groups of end-user stations to a second one of said two or more groups of end-user stations.
  - 14. The method as defined in claim 9 wherein said action of conducting the call in encrypted mode includes creating a VoIP-compatible packet for transport over the PSTN.
  - 15. The method as defined in claim 9 wherein said step of detecting and analyzing the call to determine said at least one attribute of the call includes a public branch exchange (PBX) located at either the first or second enterprise location between the one or more end-user station and the PSTN, wherein said PBX determines and provides one or more call attributes of an incoming or outgoing call, said call attributes being the basis for at least one action to be performed on the incoming or outgoing call.
  - 16. The method as defined in claim 15 wherein said step of performing said at least one action on the incoming or outgoing call at the first enterprise location and the second enterprise location based upon said at least one attribute of the call may be performed by said PBX responsive to tasking by a telephony appliance associated with the first or second enterprise location containing the PBX.
  - 20. The method as defined in claim 9 further including the step of performing at least one additional action responsive to the success or failure of said action of conducting the call in encrypted mode, said at least one additional action being selected from a group including:
    - allowing the call, denying the call, sending a tone, sending a message, adjusting the security policy, logging the call, generating a report, and providing an alert.
  - 21. The method as defined in claim 9 wherein said action of conducting the call in encrypted mode includes creating a VoIP-compatible packet for transport over the PSTN.

17. A method of providing encrypted transport of a call from a first geographically separate location, across a public switched telephone network (PSTN), to a second geographically separate location, said method comprising the steps of:
- defining at least one rule applicable to one or more end-user stations located at the first geographically separate location, said at least one rule specifying one or more actions to be performed based upon at least one attribute of an incoming call to or of an outgoing call from said one or more end-user stations located at the first geographically separate location;
  
  defining at least one rule applicable to one or more end-user stations located at the second geographically separate location, said at least one rule specifying one or more actions to be performed based upon at least one attribute of an incoming call to or of an outgoing call from said one or more end-user stations located at the second geographically separate location;
  
  determining said at least one attribute of an incoming call to or of an outgoing call from said one or more end-user stations located at the first geographically separate location;
  
  determining said at least one attribute of an incoming call to or of an outgoing call from said one or more end-user stations located at the second geographically separate location;
  
  performing said one or more actions on the incoming call to or on the outgoing call from said one or more end-user stations located at the first geographically separate location, in accordance with said at least one rule applicable to one or more end-user stations located at the first geographically separate location; and
  
  performing said one or more actions on the incoming call to or on the outgoing call from said one or more end-user stations located at the second geographically separate location, in accordance with said at least one rule applicable to one or more end-user stations located at the second geographically separate location; and
  
  ;
  
  said at least one attribute of the incoming call to or of the outgoing call from the one or more end-user stations being selected from a group including;
  
  call direction, call source number, call destination number, call type, call date, call time, and call duration, said call type attribute being defined as one of voice, fax, or data transfer;
  
  wherein said one or more actions is selected from a group including;
  
  allowing the call, denying the call, conducting the call in encrypted mode, sending a tone, sending a message, logging the call, generating a report, and providing an alert;
  
  wherein said action of conducting the call in encrypted mode is provided without encrypting actions being taken by either the calling party using the one or more end-user stations within the first enterprise location or by the called party using the one or more end-user stations within the second enterprise location.
- View Dependent Claims (18, 19)
- - 18. The method as defined in claim 17 wherein said step determining said at least one attribute of an incoming call to or of an outgoing call further includes the attributes:
    - the identifier for the extension or direct connect line carrying the call;
      
      the PBX trunk group through which the call is processed;
      
      the channel through which the call is processed;
      
      the start date of the call;
      
      the start time of the call;
      
      the digits dialed prior to call connection;
      
      the digits dialed prior to the base phone number;
      
      the digits dialed after the base phone number;
      
      the caller ID identifier;
      
      the call connect time;
      
      the keywords detected;
      
      the digits dialed after call connect;
      
      the date call ended; and
      
      the time of day call ended.
  - 19. The method as defined in claim 17 wherein said action of conducting the call in encrypted mode may be automatically performed on all inbound and outbound calls when at least one attribute of an inbound or outbound call is determined by either a first telephony appliance at the first enterprise location or a second telephony appliance at the second enterprise location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecureLogix Corporation
Original Assignee
SecureLogix Corporation
Inventors
Smith, Kirk, Pickens, Keith S., Heilmann, Craig, Schmid, Greg
Primary Examiner(s)
Matar, Ahmad F.
Assistant Examiner(s)
AL AUBAIDI, RASHA S

Application Number

US10/200,969
Publication Number

US 20030016803A1
Time in Patent Office

588 Days
Field of Search

379/201.01, 379/102.01, 379/102.02, 379/102.03, 379/189, 379/196, 379/200, 379/93.24
US Class Current

379/189
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 12/66   Arrangements for connecting...

H04L 41/06   Management of faults, event...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/5087   wherein the managed service...

H04L 43/0811   by checking connectivity

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/1408   by monitoring network traff...

H04L 63/164   at the network layer

H04L 63/20   for managing network securi...

H04M 2203/609   Secret communication

H04M 2207/35   virtual private networks

H04M 7/009   in systems involving PBX or...

H04M 7/0093   signalling arrangements in ...

H04M 7/129   Details of providing call p...

H04M 7/1295 : Details of dual tone multip...

View All

Encapsulation, compression and encryption of PCM data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

122 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Encapsulation, compression and encryption of PCM data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

122 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others