Virtual private switched telephone network

US 6,735,291 B1
Filed: 11/10/2000
Issued: 05/11/2004
Est. Priority Date: 12/11/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A virtual private switched telecommunications network system for providing encrypted transport of a call across a public switched telephone network from a first enterprise location to a second enterprise location, said network system being located between one or more end-user stations within the first enterprise location and one or more end-user stations within the second enterprise location, said network system comprising:

at least one security rule in a database at the first enterprise location, said at least one security rule specifying at least one action to be performed based on at least one attribute of an incoming or an outgoing call to/from the first enterprise location;

at least one security rule in a database at the second enterprise location, said at least one security rule specifying at least one action to be performed based on at least one attribute of an incoming or outgoing call to/from the second enterprise location; and

at least one first telephony appliance associated with said database at the first enterprise location within the first enterprise location;

at least one second telephony appliance associated with said database at the second enterprise location within the second enterprise location;

said at least one first telephony appliance and said at least one second telephony appliance including means for determining said at least one attribute of an incoming or outgoing call, said at least one attribute of the incoming or outgoing call being selected from a group including;

call direction, call source number, call destination number, call type, call date, call time, and call duration, said call type attribute being defined as one of voice, fax, or data transfer (modem); and

said at least one first telephony appliance and said at least one second telephony appliance each further including means for individually performing said at least one action specified in the at least one security rule defined in its associated database, said at least one action being based upon said at least one determined attribute of the incoming or outgoing call, said at least one action being selected from a group including;

allowing the call, denying the call, conducting the call in encrypted mode, sending a tone, sending a message, logging the call, generating a report, and providing an alert.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method to provide secure access across the untrusted PSTN is described. The system and method utilizes telephony resources that can be initiated by a security policy defining actions to be taken based upon at least one attribute of the call, providing multi-tiered policy-based enforcement capabilities and visibility into security events.

66 Citations

View as Search Results

20 Claims

1. A virtual private switched telecommunications network system for providing encrypted transport of a call across a public switched telephone network from a first enterprise location to a second enterprise location, said network system being located between one or more end-user stations within the first enterprise location and one or more end-user stations within the second enterprise location, said network system comprising:
- at least one security rule in a database at the first enterprise location, said at least one security rule specifying at least one action to be performed based on at least one attribute of an incoming or an outgoing call to/from the first enterprise location;
  
  at least one security rule in a database at the second enterprise location, said at least one security rule specifying at least one action to be performed based on at least one attribute of an incoming or outgoing call to/from the second enterprise location; and
  
  at least one first telephony appliance associated with said database at the first enterprise location within the first enterprise location;
  
  at least one second telephony appliance associated with said database at the second enterprise location within the second enterprise location;
  
  said at least one first telephony appliance and said at least one second telephony appliance including means for determining said at least one attribute of an incoming or outgoing call, said at least one attribute of the incoming or outgoing call being selected from a group including;
  
  call direction, call source number, call destination number, call type, call date, call time, and call duration, said call type attribute being defined as one of voice, fax, or data transfer (modem); and
  
  said at least one first telephony appliance and said at least one second telephony appliance each further including means for individually performing said at least one action specified in the at least one security rule defined in its associated database, said at least one action being based upon said at least one determined attribute of the incoming or outgoing call, said at least one action being selected from a group including;
  
  allowing the call, denying the call, conducting the call in encrypted mode, sending a tone, sending a message, logging the call, generating a report, and providing an alert.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The network system as defined in claim 1 wherein said action of conducting the call in encrypted mode may be activated or de-activated at any time during the call.
  - 3. The network system as defined in claim 1 further including means for continuously exchanging control and status messages between the first enterprise location and the second enterprise location while conducting the call in the encrypted mode.
  - 4. The network system as defined in claim 1 wherein said action of providing an alert includes at one least alert from a group including:
    - electronic mail notification, pager dialing, console messaging, and a Simple Network Management Protocol (SNMP) trap.
  - 5. The network system as defined in claim 1 further including the action of generating a report includes generating a post event analysis report or a batch analysis report.
  - 6. The network system as defined in claim 1 wherein said action of conducting the call in encrypted mode is provided without encrypting actions being performed by either the calling party using the one or more end-user stations within the first enterprise location or the called party using the one or more end-user stations within the second enterprise location.
  - 7. The network system as defined in claim 1 wherein each of said first telephony appliance and said second telephony appliance may perform said at least one action on calls to or from one or more end-user stations.

8. A method for providing encrypted transport of a call across a public switched telephone network from/to a first enterprise location and from/to a second enterprise location, the method being implemented between one or more end-user stations and the public switched telephone network at both the first and second enterprise locations, said method including the steps of:
- defining at least one security rule applicable within the first enterprise location;
  
  defining at least one security rule applicable within the second enterprise location;
  
  said at least one security rule applicable within the first enterprise location specifying at least one action to be performed on the call based on at least one attribute of the call;
  
  said at least one security rule applicable within the second enterprise location specifying at least one action to be performed on the call based on at least one attribute of the call;
  
  detecting and analyzing the call to determine said at least one attribute of the call, said at least one attribute of the call being selected from a group including;
  
  call direction, call source number, call destination number, call type, call date, call time, and call duration, and said call type attribute being defined as one of voice, fax, or data transfer (modem); and
  
  performing said at least one action on the incoming or outgoing call at the first enterprise location and the second enterprise location based upon said at least one attribute of the call, said at least one action being specified in said at least one security rule and being selected from a group including;
  
  allowing the call, denying the call, conducting the call in encrypted mode, sending a tone, sending a message, logging the call, generating a report, and providing an alert.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method as defined in claim 8 wherein said action of providing an alert includes at one least alert selected from a group including:
    - electronic mail notification, pager dialing, console messaging and a Simple Network Management Protocol (SNMP) trap.
  - 10. The method as defined in claim 8 wherein said action of conducting the call in encrypted mode includes continuously exchanging control and status messages between the first enterprise location and the second enterprise location while conducting the call in the encrypted mode.
  - 11. The method as defined in claim 8 wherein said action of conducting the call in encrypted mode may be activated or de-activated at any time during the call.
  - 12. The method as defined in claim 8 wherein said action of conducting the call in encrypted mode is provided without encrypting actions being performed by either the calling party using the one or more end-user stations within the first enterprise location or the called party using the one or more end-user stations within the second enterprise location.
  - 13. The method as defined in claim 8 wherein said at least one action may be concurrently performed on calls to or from one or more end-user stations.
  - 14. The method as defined in claim 8 wherein said action of generating a report includes generating a post event analysis report or a batch analysis report.

15. A method of providing encrypted transport of a call from a first geographically separate location, across a PSTN, to a second geographically separate location, the method comprising:
- defining at least one rule applicable to one or more end-user stations located at the first geographically separate location, said at least one rule specifying one or more actions to be performed based upon at least one attribute of an incoming call to or an outgoing call from said one or more end-user stations located at the first geographically separate location;
  
  defining at least one rule applicable to one or more end-user stations located at the second geographically separate location, said at least one rule specifying one or more actions to be performed based upon at least one attribute of an incoming call to or an outgoing call from said one or more end-user stations located at the second geographically separate location;
  
  determining said at least one attribute of an incoming call to or an outgoing call from said one or more end-user stations located at the first geographically separate location;
  
  determining said at least one attribute of an incoming call to or an outgoing call from said one or more end-user stations located at the second geographically separate location;
  
  performing said one or more actions on the incoming call to or the outgoing call from said one or more end-user stations located at the first geographically separate location, in accordance with said at least one rule applicable to one or more end-user stations located at the first geographically separate location; and
  
  performing said one or more actions on the incoming call to or the outgoing call from said one or more end-user stations located at the second geographically separate location, in accordance with said at least one rule applicable to one or more end-user stations located at the second geographically separate location; and
  
  ;
  
  said at least one attribute of the incoming call to or the outgoing call from the one or more end-user stations is selected from a group including;
  
  call direction, call source number, call destination number, call type, call date, call time, and call duration, said call type attribute being defined as one of voice, fax, or data transfer; and
  
  wherein said one or more actions is selected from a group including;
  
  allowing the call, denying the call, conducting the call in encrypted mode, sending a tone, sending a message, logging the call, generating a report, and providing an alert.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method as defined in claim 15 wherein said action of providing an alert includes at one least alert selected from a group including:
    - electronic mail notification, pager dialing, console messaging and a Simple Network Management Protocol (SNMP) trap.
  - 17. The method as defined in claim 15 wherein said action of conducting the call in encrypted mode includes continuously exchanging control and status messages between the first geographically separate location and the second geographically separate location concurrent with the conduct of the call.
  - 18. The method as defined in claim 15 wherein said action of conducting the call in encrypted mode is provided without encrypting actions being performed by either the calling party using the one or more end-user stations within the first geographically separate location or the called party using the one or more end-user stations within the second geographically separate location.
  - 19. The method as defined in claim 15 wherein said one or more actions may be concurrently performed on calls to or from one or more end-user stations.
  - 20. The method as defined in claim 15 wherein said action of generating a report includes generating a post event analysis report or a batch analysis report.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecureLogix Corporation
Original Assignee
SecureLogix Corporation
Inventors
Pickens, Keith S., Heilmann, Craig, Schmid, Greg
Primary Examiner(s)
BUI, BING Q

Application Number

US09/709,592
Time in Patent Office

1,278 Days
Field of Search

379/112.39, 379/219, 379/221.15, 379/189, 379/198, 379/901, 379/199, 379/200
US Class Current

379/189
CPC Class Codes

H04L 63/0218   Distributed architectures, ...

H04L 63/0263   Rule management

H04L 63/1408   by monitoring network traff...

H04L 63/20   for managing network securi...

H04M 2203/2066   Call type detection of indi...

H04M 2203/609   Secret communication

H04M 3/22   Arrangements for supervisio...

H04M 3/2218   Call detail recording

H04M 3/38   Graded-service arrangements...

H04M 3/42314   in private branch exchanges

H04M 3/436   Arrangements for screening ...

H04M 7/0078   Security; Fraud detection; ...

H04M 7/009   in systems involving PBX or...

Virtual private switched telephone network

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual private switched telephone network

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links