Secure telephony service appliance

US 8,132,001 B1
Filed: 10/19/2005
Issued: 03/06/2012
Est. Priority Date: 10/19/2005
Status: Active Grant

First Claim

Patent Images

1. A computer system having a processor and a memory, the computer system operable to execute a method for implementing a secure appliance for IP telephony, the method comprising:

providing an operating system with a restricted access in the appliance wherein the operating system is embedded in an erasable programmable read-only memory in the processor of the appliance;

implementing a set of services in the appliance in the erasable programmable read-only memory in an embedded platform, wherein the set of services is applications that perform the functions of the appliance, wherein a set of security mitigation features in the appliance is applied to the set of services, and wherein the set of security mitigation features include security policies that are applied to the set of services in the appliance;

performing a modification in the appliance to at least one of the operating system and the set of services through one or more secure interfaces wherein performing the modification comprises implementing an encryption technique during a software change between a source of the software change and the appliance and performing the software change in the appliance; and

providing the set of services from the appliance to a set of registered devices wherein the set of registered devices is a registry of devices created by an administrator and the registry identifies devices that can interact together in a secure environment,wherein the appliance only communicates with the set of registered devices and wherein the appliance does not include a hard drive, an external storage, a CDROM device, nor a floppy disk device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure telephony service appliances are created from computing devices. The computing devices have restricted access to their hardware and software. The computing devices perform VOP functions to other devices such as phones, modems, and adapters. Security vulnerabilities are reduced by implementing the computing devices as secure appliances for IP telephony.

37 Citations

View as Search Results

24 Claims

1. A computer system having a processor and a memory, the computer system operable to execute a method for implementing a secure appliance for IP telephony, the method comprising:
- providing an operating system with a restricted access in the appliance wherein the operating system is embedded in an erasable programmable read-only memory in the processor of the appliance;
  
  implementing a set of services in the appliance in the erasable programmable read-only memory in an embedded platform, wherein the set of services is applications that perform the functions of the appliance, wherein a set of security mitigation features in the appliance is applied to the set of services, and wherein the set of security mitigation features include security policies that are applied to the set of services in the appliance;
  
  performing a modification in the appliance to at least one of the operating system and the set of services through one or more secure interfaces wherein performing the modification comprises implementing an encryption technique during a software change between a source of the software change and the appliance and performing the software change in the appliance; and
  
  providing the set of services from the appliance to a set of registered devices wherein the set of registered devices is a registry of devices created by an administrator and the registry identifies devices that can interact together in a secure environment,wherein the appliance only communicates with the set of registered devices and wherein the appliance does not include a hard drive, an external storage, a CDROM device, nor a floppy disk device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, further comprising receiving at the appliance a set of information associated with a list of registered devices that are allowed to interact with the appliance.
  - 3. The system of claim 2, wherein the set of information comprises a master list of the registered devices allowed to communicate with the appliance, wherein the master list is created in a secure environment and periodically sent to the appliance to identify the registered devices that are allowed to interact with the appliance.
  - 4. The system of claim 2, wherein the registered device is selected from the group including a VOP telephone, a modem, and a telephone adapter.
  - 5. The system of claim 4, wherein the appliance is a trivial file transfer protocol (TFTP) server, wherein the TFTP server provides a repository and performs a download of the information to the registered devices.
  - 6. The system of claim 4, wherein the appliance is a trivial file transfer protocol (TFTP) appliance dedicated to securing the registered devices.
  - 7. The system of claim 4, wherein the appliance is a domain name system (DNS) server wherein the DNS server provides IP address mapping.
  - 8. The system of claim 4, wherein the appliance is a dynamic host configuration protocol (DHCP) server wherein the DHCP server dynamically assigns IP addresses to the registered devices.
  - 9. The system of claim 4, wherein the appliance is a simple network time protocol (SNTP) server wherein the SNTP server provides time keeping.
  - 10. The system of claim 4, wherein the appliance is a web services server wherein the web services server delivers content to one or more registered devices.
  - 11. The system of claim 4, wherein the appliance is an IP PBX.
  - 12. The system of claim 4, wherein the appliance is a media gateway.
  - 13. The system of claim 4, wherein the appliance is one or more computing devices operating in a packet network associated with IP telephony.

14. One or more non-transitory computer-readable media having computer-readable instructions embodied thereon, wherein all steps are performed by at least one computing device, for causing a computing device to perform a method for implementing a secure appliance for IF telephony, comprising:
- providing an operating system with a restricted access in the appliance wherein the operating system is embedded in an erasable programmable read-only memory in a processor in the appliance;
  
  implementing a set of services in the appliance in the erasable programmable read-only memory in an embedded platform, wherein the set of services is applications that perform the functions of the appliance, wherein a set of security mitigation features in the appliance is applied to the set of services, and wherein the set of security mitigation features include security policies that are applied to the set of services in the appliance;
  
  performing a modification in the appliance to at least one of the operating system and the set of services through one or more secure interfaces wherein performing the modification comprises implementing an encryption technique during a software change between a source of the software change and the appliance and performing the software change in the appliance; and
  
  providing the set of services from the appliance to a set of registered devices wherein the set of registered devices is a registry of devices created by an administrator and the registry identifies devices that can interact together in a secure environment,wherein the appliance only communicates with the set of registered devices and wherein the appliance does not include a hard drive, an external storage, a CDROM device, nor a floppy disk device.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The media of claim 14, further comprising receiving an indication of registered devices that are allowed to interact with the appliance.
  - 16. The media of claim 15, wherein the indication comprises a master list of the registered devices allowed to communicate with the appliance, wherein the master list is created in a secure environment and periodically sent to the appliance to identify the registered devices that are allowed to interact with the appliance.
  - 17. The media of claim 15, wherein the registered devices are selected from the group including VOP telephones, modems, and telephone adapters.
  - 18. The media of claim 17, wherein the appliance is at least one of:
    - a trivial file transfer protocol (TFTP) server wherein the TFTP server provides a repository of information and performs a download of the information to the registered devices;
      
      a trivial file transfer protocol (TFTP) appliance dedicated to securing the registered devices;
      
      a domain name system (DNS) server wherein the DNS server provides IP address mapping;
      
      a dynamic host configuration protocol (DHCP) server wherein the DHCP server dynamically assigns IP addresses to the registered devices;
      
      a simple network time protocol (SNTP) server wherein the SNTP server provides time keeping;
      
      a web services server that delivers content to one or more registered devices an IP PBX; and
      
      a media gateway.
  - 19. The media of claim 17, wherein the appliance is one or more computing devices operating in a packet network associated with IP telephony.

20. A system for implementing a secure appliance for IP telephony, comprising:
- an appliance operating in a packet network associated with IP telephony; and
  
  the appliance operable;
  
  to provide an operating system with a restricted access wherein the operating system is embedded in an erasable programmable read-only memory in a processor,to implement a set of services in the erasable programmable read-only memory in an embedded platform in the appliance, wherein the set of services is applications that perform the functions of the appliance, wherein a set of security mitigation features in the appliance is applied to the set of services, and wherein the set of security mitigation features include security policies that are applied to the set of services in the appliance,to receive a modification to at least one of the operating system and the set of services through one or more secure interfaces wherein the modification is a software change in the appliance and includes an encryption technique during the software change between a source of the software change and the appliance, andto provide the set of services from the appliance to a set of registered devices wherein the set of registered devices is a registry of devices created by an administrator and the registry identifies devices that can interact together in a secure environment,wherein the appliance does not include a hard drive, an external storage, a CDROM device, nor a floppy disk device.
- View Dependent Claims (21)
- - 21. The system of claim 20, wherein the appliance is operable to receive a set of information associated with a list of registered devices that are allowed to interact with the appliance, and wherein the set of information comprises a master list of the registered devices allowed to communicate with the appliance that is created in a secure environment and periodically sent to the appliance to identify the registered devices that are allowed to interact with the appliance.

22. A system for implementing a secure network for IP telephony services, comprising:
- one or more computing devices operating in a packet network associated with a VOP call;
  
  the one or more computing devices operable to at least one of communicate with each other and communicate with a set of registered devices wherein the set of registered devices is a registry of devices created by an administrator and the registry identifies devices that can interact together in a secure environment; and
  
  the one or more computing devices operable to provide an operating system with a restricted access wherein the operating system is embedded in an erasable programmable read-only memory in a processor, to implement a set of services in the erasable programmable read-only memory in an embedded platform in the appliance, wherein the set of services is applications that perform the functions of the appliance, wherein a set of security mitigation features in the appliance is applied to the set of services, and wherein the set of security mitigation features include security policies that are applied to the set of services in the appliance, to receive a modification to at least one of the operating system and the set of services through one or more secure interfaces wherein the modification is a software change in the appliance and includes an encryption technique during the software change between a source of the software change and the appliance, and to provide the set of services to the set of registered devices,wherein the one or more computing devices do not include a hard drive, an external storage, a CDROM device, nor a floppy disk device.
- View Dependent Claims (23, 24)
- - 23. The system of claim 22, wherein the one or more computing devices receive a set of information associated with a list of the set of registered devices that are allowed to interact with the one or more computing devices.
  - 24. The system of claim 23, wherein the set of information comprises a master list of the registered devices allowed to communicate with the one or more computing devices wherein the master list is created in a secure environment and periodically sent to the one or more computing devices to identify the registered devices that are allowed to interact with the one or more computing devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Williams, Michael, Patten, Christopher O.
Primary Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US11/253,890
Time in Patent Office

2,330 Days
Field of Search

713/164, 713/155, 713/153, 709/225, 709/229, 726/3, 726/4, 726/1, 726/7
US Class Current

713/164
CPC Class Codes

G06F 21/572   Secure firmware programming...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

H04L 65/1013   Network architectures, gate...

H04L 65/1076   Screening of IP real time c...

H04M 7/0078   Security; Fraud detection; ...

Secure telephony service appliance

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Secure telephony service appliance

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links