Communication network intended for secure transmissions

US 5,280,529 A
Filed: 04/29/1992
Issued: 01/18/1994
Est. Priority Date: 04/29/1991
Status: Expired due to Fees

First Claim

Patent Images

1. Apparatus for a communication network for secure transmission of speech and data, including different types of subscriber terminals (1-4) and switching modules (7-8), where subscriber lines (23-26) connect each subscriber terminal with a switching module and transmission links (19-22) connect switching modules to other switching modules in the network, where transmission links and subscriber lines each carry one or more communication channels, and where the apparatus comprises:

cryptographic devices (13-15) to undertake cryptographic transformations of information transmitted through the network, and where at least one of the cryptographic devices is constituted by a cryptographic-pool device having a number of cryptographic modules (35) wherein the cryptographic-pool device is physically separated from the switching modules (7,

     8), and wherein the cryptographic-pool device communicates with the switching modules by means of interface signals wherein the cryptographic-pool device is responsive to at least one of a plurality of devices including subscriber terminals, switching modules and selected network equipment, wherein at least one of the cryptographic-pool devices (13-15) is within a security guard (9 or

     10) connected between a switching module (7 or

     8) and the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure communications network having different types of subscriber terminals (1-4) and switching modules (7-8) connected to other switching modules in the network includes cryptographic devices (13-15) where at least one of the cryptographic devices is a cryptographic-pool device having a number of cryptographic modules (35) wherein the cryptographic-pool device is physically separated from the switching modules (7,8), and wherein at least one of the cryptographic-pool devices (13-18) is within a security guard (9 or 10) connected between a switching module (7 or 8) and the network. A security guard may include routing devices (32,31) or handling control signals that specify protection criteria. A managing device (30) may also be included within a security guard for deciding the manner for carrying a communication channel through the security guard and for setting out rules for governing security-guard decision-making. The managing device may be selectively controlled both on-line and off-line.

21 Citations

View as Search Results

17 Claims

1. Apparatus for a communication network for secure transmission of speech and data, including different types of subscriber terminals (1-4) and switching modules (7-8), where subscriber lines (23-26) connect each subscriber terminal with a switching module and transmission links (19-22) connect switching modules to other switching modules in the network, where transmission links and subscriber lines each carry one or more communication channels, and where the apparatus comprises:
- cryptographic devices (13-15) to undertake cryptographic transformations of information transmitted through the network, and where at least one of the cryptographic devices is constituted by a cryptographic-pool device having a number of cryptographic modules (35) wherein the cryptographic-pool device is physically separated from the switching modules (7,
  
       8), and wherein the cryptographic-pool device communicates with the switching modules by means of interface signals wherein the cryptographic-pool device is responsive to at least one of a plurality of devices including subscriber terminals, switching modules and selected network equipment, wherein at least one of the cryptographic-pool devices (13-15) is within a security guard (9 or
  
       10) connected between a switching module (7 or
  
       8) and the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. Apparatus according to claim 1, wherein the security guard (9 or 10) includes a managing device (30) for specifying criteria for a communication channel subjected to cryptographic transformation and for a data packet on a virtual communication channel subjected to protection.
  - 3. Apparatus according to claim 2, wherein the managing device (30), configured by a securing manager (17) for monitoring control information on a signalling channel (38 or 39) for determining that a particular communication channel is to be cryptographically transformed and to determine that a data packet is to be protected.
  - 4. Apparatus according to claim 3, wherein the managing device (30) is arranged to monitor the signalling channel and match information in the signalling channel to the criteria in order to decide between alternatives of cryptographic transformations and protection mechanisms of the particular communication channel, decrypting the particular communication channel and allowing the particular communication channel through the security guard without any cryptographic transformation.
  - 5. Apparatus according to claim 2, wherein the managing device (30) is for setting out rules for governing security-guard decision-making, and is for being controlled both on-line and off-line.
  - 6. Apparatus according to claim 1, wherein the security guard (9 or 10) is for operating independently of an attached switching module and a subscriber terminal attached to the switching module.
  - 7. Apparatus according to claim 1, wherein the security guard (9 or 10) is for handling both circuit and packet switched data where a signalling channel (38 or 39) is for handling packet switched data and for handling circuit switched data.

8. Apparatus for a communication network for protected transmission of speech and data, including subscriber terminals (1-4) and switching modules (7-8), where subscriber lines (23-26) connect each subscriber terminal with a switching module and transmission links (19-22) connect switching modules to other switching modules in the network where transmission links and subscriber lines are arranged to carry one or more communication channels, where the apparatus comprises:
- cryptographic devices (13-15) to undertake cryptographic transformations of information transmitted through the network, and where at least one of the cryptographic devices includes a cryptographic-pool device having a number of cryptographic modules (35) wherein the cryptographic-pool device is physically separated from the switching modules (7,
  
       8), and wherein the cryptographic-pool device communicates with the switching modules by means of interface signals wherein the cryptographic-pool device is responsive to subscriber terminals, from switching modules and from selected network equipment, wherein at least one of the cryptographic-pool devices (13-15) is within a security guard (9,
  
       10) wherein the security guard (9,
  
       10) is a stand-alone like device arranged in at least one of the transmission links (19/20, 22/21) of the switching modules (7,
  
       8) and comprises a managing device (30) for monitoring signalling information on one of a plurality of signalling channels (38,
  
       39) for detecting a communication channel that has been selected for cryptographic transformation, and a data packet that has been selected for protection, and for signalling the selected protection by sending control signals to routing devices (32,
  
       31) and cryptographic modules (35) of a security guard, and for specifying the protection criteria, for selectively transmitting protected information between any two terminals.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. Apparatus according to claim 8, wherein the apparatus further comprises a security manager (17) for supplying the managing device (30) with criteria for choosing a selected type of protection, and communicate these criteria over the communication network (6).
  - 10. The apparatus of claim 9, wherein said security manager (17) communicates the criteria for choosing a selected type of protection directly to the managing device (30).
  - 11. Apparatus according to claim 8, wherein the security guard (9, 10) operates without seizing any specific resource from any device attached to the switching module.
  - 12. Apparatus according to claim 8, wherein the security guard (9, 10) is responsive to both circuit and packet switched data where the signalling channel (38, 39) communicates signalling information and packet switched data.
  - 13. Apparatus according to claim 8, wherein the managing device (30) is responsive to the signalling channel (38, 39) for deciding the manner for carrying the communication channel through the security guard.
  - 14. Apparatus according to claim 8, wherein the managing device (30) is selectively controlled both on-line and off-line.

15. Apparatus for a communication network for secure transmission of speech and data, including different types of subscriber terminals (1-4) and switching modules (7-8), where subscriber lines (23-26) connect each subscriber terminal with a switching module and transmission links (19-22) connect switching modules to other switching modules in the network, where transmission links and subscriber lines each carry one or more communication channels, and where the apparatus comprises:
- cryptographic devices (13-15) to undertake cryptographic transformations of information transmitted through the network, and where at least one of the cryptographic devices is constituted by a cryptographic-pool device having a number of cryptographic modules (35) wherein the cryptographic-pool device is physically separated from the switching modules (7,
  
       8), and wherein the cryptographic-pool device communicates with the switching modules by means of interface signals wherein the cryptographic-pool device is responsive to at least one of a plurality of devices including subscriber terminals, switching modules and selected network equipment, wherein at least one of the cryptographic-pool devices (13-15) is within a security guard (9 or
  
       10) connected between a switching module (7 or
  
       8) and the network wherein the security guard (9 or
  
       10) includes a managing device (30) for specifying criteria for a communication channel subjected to cryptographic transformation and for a data packet on a virtual communication channel subjected to protection, wherein the managing device (30) is for setting out rules for governing security-guard decision-making, and is for being maintained both on-line and off-line.
- View Dependent Claims (16)
- - 16. The apparatus of claim 15, wherein the managing device (30) is arranged to monitor the signalling channel and match information in the signalling channel to the criteria in order to decide between alternatives of cryptographic transformations and protection mechanisms of the particular communication channel, decrypting the particular communication channel and allowing the particular communication channel through the security guard without any cryptographic transformation.

17. Apparatus for a communication network for protected transmission of speech and data, including subscriber terminals (1-4) and switching modules (7-8), where subscriber lines (23-26) connect each subscriber terminal with a switching module and transmission links (19-22) connect switching modules to other switching modules in the network, where transmission links and subscriber lines are arranged to carry one or more communication channels, where the apparatus comprises:
- cryptographic devices (13-15) to undertake cryptographic transformations of information transmitted through the network, and where at least one of the cryptographic devices (13-15) includes a cryptographic-pool device (13-15) having a number of cryptographic modules (35) wherein the cryptographic-pool device is physically separated from the switching modules (7,
  
       8), and wherein the cryptographic-pool device communicates with the switching modules by means of interface signals wherein the cryptographic-pool device is responsive to at least one of a plurality of devices including subscriber terminals, switching modules and selected network equipment, wherein at least one of the cryptographic-pool devices is within a security guard (9,
  
       10) wherein the security guard (9,
  
       10) is a stand-alone like device arranged in at least one of the transmission links (19/20, 22/21) of the switching modules (7,
  
       8) and comprises a managing device (30) for monitoring signalling information on one of a plurality of signalling channels (38,
  
       39) for detecting a communication channel selected for cryptographic transformation, and a data packet selected for protection, and for signalling the selected protection by sending control signals to routing devices (32,
  
       31) and cryptographic modules (35) of a security guard, and for specifying the protection criteria, for selectively transmitting protected information between any two terminals, wherein the managing device (30) is selectively controlled both on-line and off-line.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel STK A/S
Original Assignee
Alcatel STK A/S
Inventors
Nost, Jan P.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US07/875,443
Time in Patent Office

629 Days
Field of Search

380/9, 380/20, 380/21, 380/43, 380/49, 380/50, 379/93-95
US Class Current

713/153
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 9/00   Cryptographic mechanisms or...

H04Q 11/0428   Integrated services digital...

H04Q 2213/13106   Microprocessor, CPU

H04Q 2213/13174   Data transmission, file tra...

H04Q 2213/13176   Common channel signaling, CCS7

H04Q 2213/13339   Ciphering, encryption, secu...

H04Q 3/002   Details

Communication network intended for secure transmissions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Communication network intended for secure transmissions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links