Virtual private switched telephone network
First Claim
1. A virtual private switched telecommunications network system for providing encrypted transport of a call across a public switched telephone network from a first enterprise location to a second enterprise location, said network system being located between one or more end-user stations within the first enterprise location and one or more end-user stations within the second enterprise location, said network system comprising:
- at least one security rule in a database at the first enterprise location, said at least one security rule specifying at least one action to be performed based on at least one attribute of an incoming or an outgoing call to/from the first enterprise location;
at least one security rule in a database at the second enterprise location, said at least one security rule specifying at least one action to be performed based on at least one attribute of an incoming or outgoing call to/from the second enterprise location; and
at least one first telephony appliance associated with said database at the first enterprise location within the first enterprise location;
at least one second telephony appliance associated with said database at the second enterprise location within the second enterprise location;
said at least one first telephony appliance and said at least one second telephony appliance including means for determining said at least one attribute of an incoming or outgoing call, said at least one attribute of the incoming or outgoing call being selected from a group including;
call direction, call source number, call destination number, call type, call date, call time, and call duration, said call type attribute being defined as one of voice, fax, or data transfer (modem); and
said at least one first telephony appliance and said at least one second telephony appliance each further including means for individually performing said at least one action specified in the at least one security rule defined in its associated database, said at least one action being based upon said at least one determined attribute of the incoming or outgoing call, said at least one action being selected from a group including;
allowing the call, denying the call, conducting the call in encrypted mode, sending a tone, sending a message, logging the call, generating a report, and providing an alert.
6 Assignments
0 Petitions
Accused Products
Abstract
A system and method to provide secure access across the untrusted PSTN is described. The system and method utilizes telephony resources that can be initiated by a security policy defining actions to be taken based upon at least one attribute of the call, providing multi-tiered policy-based enforcement capabilities and visibility into security events.
66 Citations
20 Claims
-
1. A virtual private switched telecommunications network system for providing encrypted transport of a call across a public switched telephone network from a first enterprise location to a second enterprise location, said network system being located between one or more end-user stations within the first enterprise location and one or more end-user stations within the second enterprise location, said network system comprising:
-
at least one security rule in a database at the first enterprise location, said at least one security rule specifying at least one action to be performed based on at least one attribute of an incoming or an outgoing call to/from the first enterprise location;
at least one security rule in a database at the second enterprise location, said at least one security rule specifying at least one action to be performed based on at least one attribute of an incoming or outgoing call to/from the second enterprise location; and
at least one first telephony appliance associated with said database at the first enterprise location within the first enterprise location;
at least one second telephony appliance associated with said database at the second enterprise location within the second enterprise location;
said at least one first telephony appliance and said at least one second telephony appliance including means for determining said at least one attribute of an incoming or outgoing call, said at least one attribute of the incoming or outgoing call being selected from a group including;
call direction, call source number, call destination number, call type, call date, call time, and call duration, said call type attribute being defined as one of voice, fax, or data transfer (modem); and
said at least one first telephony appliance and said at least one second telephony appliance each further including means for individually performing said at least one action specified in the at least one security rule defined in its associated database, said at least one action being based upon said at least one determined attribute of the incoming or outgoing call, said at least one action being selected from a group including;
allowing the call, denying the call, conducting the call in encrypted mode, sending a tone, sending a message, logging the call, generating a report, and providing an alert.- View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for providing encrypted transport of a call across a public switched telephone network from/to a first enterprise location and from/to a second enterprise location, the method being implemented between one or more end-user stations and the public switched telephone network at both the first and second enterprise locations, said method including the steps of:
-
defining at least one security rule applicable within the first enterprise location;
defining at least one security rule applicable within the second enterprise location;
said at least one security rule applicable within the first enterprise location specifying at least one action to be performed on the call based on at least one attribute of the call;
said at least one security rule applicable within the second enterprise location specifying at least one action to be performed on the call based on at least one attribute of the call;
detecting and analyzing the call to determine said at least one attribute of the call, said at least one attribute of the call being selected from a group including;
call direction, call source number, call destination number, call type, call date, call time, and call duration, and said call type attribute being defined as one of voice, fax, or data transfer (modem); and
performing said at least one action on the incoming or outgoing call at the first enterprise location and the second enterprise location based upon said at least one attribute of the call, said at least one action being specified in said at least one security rule and being selected from a group including;
allowing the call, denying the call, conducting the call in encrypted mode, sending a tone, sending a message, logging the call, generating a report, and providing an alert.- View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method of providing encrypted transport of a call from a first geographically separate location, across a PSTN, to a second geographically separate location, the method comprising:
-
defining at least one rule applicable to one or more end-user stations located at the first geographically separate location, said at least one rule specifying one or more actions to be performed based upon at least one attribute of an incoming call to or an outgoing call from said one or more end-user stations located at the first geographically separate location;
defining at least one rule applicable to one or more end-user stations located at the second geographically separate location, said at least one rule specifying one or more actions to be performed based upon at least one attribute of an incoming call to or an outgoing call from said one or more end-user stations located at the second geographically separate location;
determining said at least one attribute of an incoming call to or an outgoing call from said one or more end-user stations located at the first geographically separate location;
determining said at least one attribute of an incoming call to or an outgoing call from said one or more end-user stations located at the second geographically separate location;
performing said one or more actions on the incoming call to or the outgoing call from said one or more end-user stations located at the first geographically separate location, in accordance with said at least one rule applicable to one or more end-user stations located at the first geographically separate location; and
performing said one or more actions on the incoming call to or the outgoing call from said one or more end-user stations located at the second geographically separate location, in accordance with said at least one rule applicable to one or more end-user stations located at the second geographically separate location; and
;
said at least one attribute of the incoming call to or the outgoing call from the one or more end-user stations is selected from a group including;
call direction, call source number, call destination number, call type, call date, call time, and call duration, said call type attribute being defined as one of voice, fax, or data transfer; and
wherein said one or more actions is selected from a group including;
allowing the call, denying the call, conducting the call in encrypted mode, sending a tone, sending a message, logging the call, generating a report, and providing an alert.- View Dependent Claims (16, 17, 18, 19, 20)
-
Specification