GB2388279A - Secure transmission of audio signals - Google Patents

Secure transmission of audio signals Download PDF

Info

Publication number
GB2388279A
GB2388279A GB0313658A GB0313658A GB2388279A GB 2388279 A GB2388279 A GB 2388279A GB 0313658 A GB0313658 A GB 0313658A GB 0313658 A GB0313658 A GB 0313658A GB 2388279 A GB2388279 A GB 2388279A
Authority
GB
United Kingdom
Prior art keywords
data
telephone
signals
session key
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0313658A
Other versions
GB2388279B (en
GB0313658D0 (en
Inventor
Peter Courtney
Christopher White
Andrew John Baker
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of GB0313658D0 publication Critical patent/GB0313658D0/en
Priority to US10/631,674 priority Critical patent/US20060198520A1/en
Publication of GB2388279A publication Critical patent/GB2388279A/en
Priority to EP03796111A priority patent/EP1574011A2/en
Priority to PCT/EP2003/051073 priority patent/WO2004057827A2/en
Priority to AU2003298371A priority patent/AU2003298371A1/en
Application granted granted Critical
Publication of GB2388279B publication Critical patent/GB2388279B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/60Substation equipment, e.g. for use by subscribers including speech amplifiers
    • H04M1/6033Substation equipment, e.g. for use by subscribers including speech amplifiers for providing handsfree use or a loudspeaker mode in telephone sets
    • H04M1/6041Portable telephones adapted for handsfree use
    • H04M1/6058Portable telephones adapted for handsfree use involving the use of a headset accessory device connected to the portable telephone
    • H04M1/6066Portable telephones adapted for handsfree use involving the use of a headset accessory device connected to the portable telephone including a wireless connection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K1/00Secret communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • H04L1/0056Systems characterized by the type of code used
    • H04L1/0061Error detection codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/18Service support devices; Network management devices
    • H04W88/181Transcoding devices; Rate adaptation devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2250/00Details of telephonic subscriber devices
    • H04M2250/02Details of telephonic subscriber devices including a Bluetooth interface
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

In a headset 14 audio speech signals are picked up by the microphone 25, where they are digitally sampled before being encoded by a vocoder 26. The coded speech data is then provided to a CRC module 27, where error correction data is added before the resulting data is encrypted by an encryption module 22. The resulting encrypted data is transmitted using a Bluetooth radio interface 24, by which the headset is connected wirelessly to a mobile telephone (Figure 1). Received data is decrypted by a decryption module 23, error corrected by an error correction module 28 and decoded by a decoder 29, with the resulting audio signals then being reproduced at a speaker 30. When a user wants to instigate a telephone call with another telephone, the headset 14 is caused to send a control signal to the mobile telephone instructing it to enter a data mode. A data call is then set up and, once established, the CPU 20 controls the setting up of a 128 bit encryption key which is subsequently used for communications between the headset 14 and a corresponding device associated with the recipient of the call. Encryption and decryption are performed only at the headset 14. This provides increased security since even if the call can be intercepted, the interceptor will need to decrypt the signals before being able to reproduce the audio signals. The encryption key comprises a session key which may be periodically changed by selection of a new key from a catalogue of keys and transmitting the new session key to the recipient in encrypted form.

Description

Secure Transmission of Audio Signals This invention relates to an audio
interface device, which can sample and encrypt audio signals or signals derived from audio signals before providing them for s transmission from a telephone over a data channel. This invention relates also to an audio interface device which can sample and code audio signals or signals derived from audio signals before providing them for transmission from a telephone over a data channel. The invention relates also to corresponding methods of operating an audio interface device, to corresponding methods of transmitting encrypted audio 70 signals, and to corresponding system including an audio interface device and a telephone The invention relates also to a method of communicating between first and second devices including sending an encrypted session key to the second device, and to a communication device comprising means for encrypting a session key, and for sending the encrypted session key.
Although it is relatively common for transmissions between a mobile telephone and a base station to be encrypted so as to make difficult the eavesdropping of telephone conversations with a suitable radio receiver, encryption is not normally used with signals upwards of the base station. If a person had access to call signals 20 as they were carried over, for example, a public switched telephone network (PSTN) or an integrated services digital network (ISDN), it would be fairly straightforward to reproduce the audio signals forming the call without disrupting the call. It is an aim of the invention to provide improved security for audio communications made utilising a possibly insecure communications network.
2s According to a first aspect of the invention, there is provided an audio interface device operable to provide a signal for controlling a telephone to communicate with a network via a data channel, and to sample and encrypt audio signals or signals derived therefrom before providing them for transmission over the data channel.
Preferably the telephone is a mobile telephone.
- 2 In a preferred embodiment, the device comprises a coder arranged to code the audio signals before providing them for transmission, and means for adding error correction data to the audio signals or the signals derived therefrom, as the case may be, before providing them for transmission. If encryption is effected using a Diffie s Hellman algorithm, good security can be effected without requiring the safe transmission of an encryption key over a secure channel.
To allow the device to act as a two-way interface, it preferably comprises means to receive encrypted signals from the telephone, and to decrypt them before 10 reproducing them as audio signals. To handle decoded signals, it may comprise means for decoding the decrypted signals before reproduction.
Resilience to interference on the channel between the telephone and a source of received encrypted data can be provided by error correcting the decrypted signals.
5 According to a second aspect of the invention, there is provided a method of operating an audio interface device, the method comprising controlling the device to provide a signal for controlling a telephone, preferably a mobile telephone, to communicate with a network via a data channel, controlling the device to sample and to encrypt audio signals or signals derived therefrom and controlling the device 20 to provide the encrypted signals for transmission over the data channel.
According to a third aspect of the invention, there is provided a method of transmitting encrypted audio signals, the method comprising: controlling a mobile telephone to communicate with a network via a data channel; sampling audio 2s signals; encrypting the samples or data derived from the samples; and providing the encrypted data for transmission over the data channel.
According to a fourth aspect of the invention, there is provided a system comprising an audio interface device and a telephone, the audio interface device 30 being operable to provide a control signal for controlling the telephone to communicate via a data channel, and to sample and encrypt audio signals or signals derived therefrom before providing them to the telephone, the telephone being
- 3 responsive to receiving the control signal for communication with a network via a data channel, and for transmitting the encrypted audio signals over the data channel.
According to a fifth aspect of the invention, there is provided an audio interface s device operable to provide a signal for controlling a telephone to communicate with a network via a data channel, and to sample and code audio signals or signals derived therefrom before providing them for transmission over the data channel.
A sixth aspect of the invention provides a method of operating an audio interface 10 device, the method comprising controlling the device to provide a signal for controlling a telephone, preferably a mobile telephone, to communicate with a network via a data channel, controlling the device to sample and to code audio signals or signals derived therefrom and controlling the device to provide the coded signals for transmission over the data channel.
Is A seventh aspect of the invention provides a method of transmitting coded audio signals, the method comprising: controlling a mobile telephone to communicate with a network via a data channel; sampling audio signals; coding the samples or data derived from the samples; and providing the coded data for transmission over 20 the data channel.
An eighth aspect of the invention provides a system comprising an audio interface device and a telephone' the audio interface device being operable to provide a control signal for controlling the telephone to communicate via a data channel, and 2s to sample and code audio signals or signals derived therefrom before providing them to the telephone, the telephone being responsive to receiving the control signal for communication with a network via a data channel, and for transmitting the coded audio signals over the data channel.
30 The coding preferably is performed by a lossy compressor. This may be termed a compressor.
According to a ninth aspect of the invention, there is provided a method of communicating between first and second devices, the method comprising: in a first device, encrypting a session key using an encryption key; sending the encrypted session key to the second device; in the second device, decrypting the encrypted s session key; and using the session key to encrypt data transmitted in at least one direction between the first and second devices.
Preferably, the method comprises transmitting a further encrypted session key from one of the devices to the other device, and subsequently using the further session lo key to encrypt data transmitted in at least one direction between the first and second devices. The encrypted session keys may be transmitted only in one direction between the devices, or they may be generated and sent by both devices on a shared basis.
Is For improved security, the method comprises periodically transmitting new encrypted session keys from the first device to the second device.
According to a tenth aspect of the invention, there is provided a communication device, comprising: means for encrypting a session key, and for sending the 20 encrypted session key via a channel to another communication device; and means for encrypting data with the session key, and for sending the encrypted data.
The device preferably comprises means for sending a further encrypted session key, and for subsequently encrypting data using the further session key before sending 25 the encrypted data.
Further preferably, for further improved security, the device comprises means for periodically transmitting new encrypted session keys from the first device to the second device. This may be enhanced by including means for building a catalogue 30 of session keys, the catalogue including a presently used session key and at least one unused session key. Here, the device might comprise means for periodically discarding the session key being used for encrypting data, and for subsequently using a new session key to encrypt data before sending the encrypted data.
- s - Embodiments of the present invention are now described with reference to the accompanying drawings, of which: 5 Figure 1 shows a system including various components according to the invention, a and in which methods according to the invention are carried out; and Figure 2 is a schematic diagram of an audio interface device, in the form of a headset, forming part of the system of Figure 1.
to Referring to Figure 1, a telecommunication system is shown centred around a telephone network 1. The telephone network 1 may be for example a public switched telephone network (PSTN) or an integrated services digital network (ISDN), although it may instead take any other form. The network 1 may comprise plural different networks connected together in any suitable fashion. Connected to Is the network 1 are first and second mobile switching centres (MSCs) 2, 3, which may or may not be operated by the same telecommunications services provider. To the first MSC 2 are connected first and second base stations (BSs) 4 and 5. The first MSC 2 and the first and second base stations 4 and 5 may operate for example according to the Global System for Mobiles (GSM) telephone system. A second 3 20 mobile station 9 is in communication with the second BS 5, allowing calls to be made to and from telephones connected to the network 1. The second MSC 3 is connected to each of third and fourth base stations 6 and 7. The second MSC 3 and the third and fourth base stations 6 and 7 together form part of a telephone system operating according for example to the Universal Mobile Telephone System (IJMTS) 25 standard. A first mobile station 8 is in communication with the third base station 6, allowing calls to be made to and from other telephones connected to the network 1.
Also connected to the network 1 are first and second local exchanges 10, 11, each of which are connected to many fixed telephones, although only a first telephone 12 is shown connected to the first local exchange and a second telephone 13 is shown 30 connected to the second local exchange. The system comprises various other components which are not shown in Figure 1 for conciseness. The first and second fixed telephones 12 and 13 are each provided with a data communication port, allowing the line between the telephone and the respective local exchange to be
- 6 utilised to the transfer of data to and from the network 1. The first mobile telephone 8 is provided with an input whereby a hands-free handset can be connected, allowing the mobile telephone to be used in a handsfree way. The second mobile telephone 9 is provided with a Bluetooth transceiver, allowing 5 communication with Bluetooth enabled devices in a wireless manner. The system thusfar described is conventional.
According to the invention, a hrst headset 14 is connected to the second mobile telephone by a Bluetooth link. The headset 14 is shown in more detail in Figure 2, lo which is described below. An audio interface device 15 is associated with the second fixed telephone 13, and the two devices are connected by a wireless link, enabled by virtue of an infrared transceiver in the accessory 15 and by a corresponding infrared transceiver in the second fixed telephone 13. Connected to the first mobile telephone 8 is a headset 16, which includes a wired connection Is plugged into the hands-free connector of the mobile telephone. Similarly, an audio interface device 17, in the form of an accessory, is connected by a wire link to the data port of the first fixed telephone 12.
Referring now to Figure 2, the headset 14 is shown comprising generally a central 20 processing unit (CPU) 20, which is connected each of a data transceiver unit or modem 21, an encryption module 22 and a decryption module 23. The data transceiver unit or modem 21 is connected to a Bluetooth radio interface 24, whereby communication with the second mobile telephone 9 is enabled. The headset 14 includes a microphone 2S, which is arranged to convert audio signals 25 into digital electrical signals, which are then provided to a vocoder 26. The vocoder 26 is a conventional device, which is arranged to compress digitally the samples received at its input and to provide data signals at a fixed data rate at its output.
The vocoder 26 may use any suitable algorithm, for example those known as the GSM, the G729 or Speex algorithms. Connected to the output of the vocoder 26 is 30 an input of a cyclic redundancy check (CRC) addition module 27. The module 27 applies CRC bits to the data provided by the vocoder 26, which allow proper decoding of the vocoder output data at a remote location even if the data is partly corrupted before arriving. An output of the CRC module 27 is connected to an
( - 7 input of the encryption module 22, which operates in the manner described below.
The microphone 25, the vocoder 26, the CRC module 27 and the encryption module 22 together form a speech input path, signals resulting from which can be transmitted to the second mobile telephone 9 under control of the CPU 20. A 5 speech input path is constituted similarly by the decryption module 23, by an error correction module 28, a decoder 29 and a speaker 30. The error correction module 28 is connected to an output of the decryption module 23, and is operable to provide error correction on data received from the second mobile telephone 9 and decrypted by the decryption module. Error corrected data provided by the error 0 correction module 28 is then decoded by a decoder module 29 to form audio samples. The samples are then converted into an analogue form before being provided as sound signals by the speaker 30. The headset 14 constitutes an audio interface device. Although the components are illustrated separately, they may be implemented in any conventional manner and may, for example, utilise a dedicated 15 ASIC (application specific integrated circuit) or a common processor and a single physical memory. Alternatively, separate processors may be used for the vocoder 26 and the encryption module 22. These separate processors may also be used to effect the decoder 29 and the decryption module 23 respectively, or further separate processors may instead be used.
The accessory device 15 is similarly constructed to the headset 14, although the accessory device includes an infrared transceiver (not shown) in place of the Bluetooth transceiver 24. The headset 16 and the accessory device 17 are also similarly constructed, although no Bluetooth or infrared transceiver is present in 25 these devices, and the transceiver or modem 21 may also be omitted, depending on the nature of the particular link used to connect to their respective telephone 8, 12.
Operation is as follows. When a user of the second mobile telephone 9 wants to instigate a telephone call with another telephone connected to the network 1, the 30 user initially switches the headset 14 into an 'on' condition. This is detected by the second mobile telephone 9. To initiate secure communications, the user then simultaneously depresses volume increase and volume decrease switches (not shown) on the headset 14. This causes the headset 14 to send a control signal to
( - 8 the second mobile telephone 9 instructing it to enter either of a 9. 6 and a 14.4 kbps (kilo bits per second) data mode. The control signal may be generated by a dedicated ASIC device, or may be integrated in an ASIC which forms the Bluetooth interface. In response to receiving the control signal, the CPU 20 prepares a data 5 signal instructing the second mobile telephone 9 to open a data call with the base station 5, and the network 1, rather than opening a conventional voice channel.
This is communicated to the telephone which is the recipient of the call, for example the second fixed telephone 13. A data call is then set up on a data channel between the tnobile telephone 9 and the fixed telephone 13 in a conventional lo manner. Once the call is established, the headset 14, and in particular the CPU 20 thereof, controls the setting up of a 128 bit encryption key which is subsequently used for communications between the headset 14 and the accessory 15. This may occur in any convenient manner, but preferably involves the use of the Diffie-
Hellman algorithm. This algorithm is well known in the art and is summarised at, 15 for example, www.apocalypse.org/pub/u/seven/diffie.html.
When a user of the second mobile telephone 9 speaks, the audio speech signals are picked up by the microphone 25, where they are digitally sampled before being encoded by the vocoder 26. The coded speech data is then provided to the CRC 20 module 27, where error correction data is added before the resulting data is encrypted by the encryption module 22 using the 128 bit encryption key. The manner of encryption is entirely conventional, and is carried out under control of the CPU 20. The encrypted data is then transmitted to the second mobile telephone 9 by way of the data transceiver or modem 21 and the Bluetooth transceiver 24, 25 from where it is communicated over the network using the data call in progress. At the accessory 15, the encrypted data is received at its infrared transceiver (not shown), following which it is decrypted using the shared key, error correction is applied, the error corrected data is decoded and the speech finally reproduced.
Similarly, when a user of the fixed telephone 13 speaks, the speech signals are 30 converted into digital signals, then coded to reduce the amount of data, supplemented with CRC data and encrypted using the 128 bit encryption key. The encrypted data is then transferred from the fixed telephone 13 over the network 1 using the existing data call to the second mobile telephone 9. Encrypted data
signals are then received by the Bluetooth transceiver 24 and the transceiver or modem 21, where they are decrypted by the decryption module 23. Data errors are then removed by the error correction module 28 before the resulting signals are decoded by the decoder 29 and finally the voice signals are reproduced at the 5 speaker 30.
It will be seen that encryption and decryption is performed only at the headset 14 and the accessory 15, and that all communications therebetween are encrypted using the 128 bit encryption key. Accordingly, increased security is provided, since even to if the call can be intercepted at any point between the mobile telephone 9 and the fixed telephone 13, the interceptor will have to decrypt the signals before being able to reproduce the audio signals. It will further be appreciated that the only special equipment required is the handset 14 and the accessory device 15.
to An alternative embodiment will now be described, again with reference to Figures 1 and 2.
This embodiment is much the same as that described above, although there are differences as regards the encryption of the sampled and coded audio signals. This fisher embodiment uses a simple form of session (stream) encryption. This type of encryption has a relatively short key length, for example 2999 bits. Coded voice data can be exchanged 20 only after the first session key has been set up.
The exchange of coded voice data, as well as any other data, involves including the data into frames, which often is necessary to provide synchronization at both ends of the link.
T7or simplicity, the headset (or other type of audio interface device) which is responsible for 25 setting-up a session key is termed the key sending device, and the headset (or other type of audio interface device) which receives the key is termed the key receiving device. Instead of one device being the key sending device for the duration of a call, the devices may instead exchange responsibility one or more times during the length of a call.
30 In a preferred embodiment, the raw data provided by the vocoder 26 is produced at 8000 bits per second, and the overhead for the framing process uses about 1000 bits per second.
In this example, the data channel used for communication has a capacity of 9600 bits per second, although other data rates may be used instead. With a 9600 bits per second
( - 10
channel being used, the 600 bits per second remaining are used to exchange new session keys. This involves a considerable signalling overhead typically around 5000 bits are required to exchange a single session key of length 2999 bits. The new session keys are encrypted using the same RSA encryption used for the original session key exchange. The 5 result is the exchange of a new session key every 9 seconds or so.
RSA encryption provides a good degree of security, although there is a significant amount of processing required to decrypt data which is RSA encrypted. If RSA encryption was used to encrypt the speech data, this processing needed for decryption would result in a lag lo in speech reproduction and in a significant current drain. Using RSA encryption with the session key transmission is advantageous since it provides RSA level security for the data but without the lag in speech reproduction and with only a proportion of the processor resource requirements.
Is The session keys are created by the key sending device from a Zener noise source, which is a genuinely random source, in a conventional manner.
The session keys are sent as segments with an index. Each segment contains a CRC (cyclic redundancy check) to allow errors to be detected. Segments with errors are discarded.
20 The device receiving segments acknowledges every segment successfully received with a valid CRC. The device sending the segments resends any segment which has not been acknowledged. When all the segments for a session key have been received, the data is decrypted by the decryption module 23, and an embedded CRC for the entire key is checked by the error correction module 28. If the embedded CRC is deemed to be correct, 25 the key is added to a catalogue of keys and an acknowledgement is sent to the key sending device. If the embedded CRC is determined to be faulty, the entire session key is discarded and no use is made of it. Following the successful or failed transmission of a session key, the next key is sent in the same manner.
30 Each headset maintains a catalogue of session keys. In a preferred example, the key in use is stored along with three other keys in the catalogue. Session keys are continually being exchanged using whatever spare bandwidth is available. When the session key sending device receives acknowledgment that the key has been added to the catalogue at the
( receiving device, it is also added to the catalogue at the sending device. The exchange of session keys stops only when the catalogue gets full, which in most cases is unlikely to occur. The purpose of the catalogue is to allow the communication channel to remain secure even when there are a few errors in the channel, which errors can slow the 5 transmission of session keys since this would require the retransmission of more segments and is more likely to result in a key being rejected on the basis of the CRC check across the entire key.
When a key is discarded, the next key in the catalogue is used in its place. The key 10 sending device instigates the signalling required to effect the change in the key being used to encrypt the data. The system aims to discontinue use of a key after a fixed period of time, for example ten seconds. However, this can be dynamically changed depending on the number of keys stored in the catalogue. For example, in good transmission conditions, it may be possible to discard each key after a shorter 5 period of time. In bad conditions, using keys up at a rate of one every ten seconds may result in a condition where a key is ready to de discarded yet there are no unused keys present in the catalogue. To try to avoid this condition, the system preferably is able to detect the average time taken to transmit successfully a new key, and to set the key discard interval appropriately. Of course, it will usually be 20 beneficial to have a greater inter-key interval for some time immediately after a call is set up, in order to at last partly fill the catalogue and thereby provide a buffer.
The CPU 20 of Figure 2 is used to effect the RSA encryption of session keys and the encryption and decryption of data using the session keys. The catalogue is 2s stored in a memory (not shown), which could be RAM or any other suitable memory type. The RSA encryption keys may be provided in any suitable way, as can the Zener noise source used by the key sending device to generate the session keys. 30 Conference calls are allowed for in a further embodiment of the application, which will now be described with reference to Figures 1 and 2. In this example, the mobile telephone 8 and the fixed telephone 13 are in communication with each other, with speech communication therebetween being encrypted and decrypted by
- 12 suitable components of the associated accessory device 15 and headset 16.
Supposing then that the user of the mobile telephone 8 wants to bring it into the call the first fixed telephone 12. T he conference call is then set up in a conventional way, although the channel between the first fixed telephone 12 and the 5 network, as with the first mobile telephone 8 and the fixed telephone 13, is a data call rather than a voice call. Once the channel between the mobile telephone 8 and the fixed telephone 12 is open, the headset 16 communicates with the accessory 17 associated with the fixed telephone 12 to provide it with the 128 bit key which is used to encrypt communications between the devices. Once the accessory device 17 lo is made aware of the encryption used, it is able to encrypt and decrypt signals in such a way that audio signals generated by the user of one of the telephones are reproduced properly at each of the other telephones.
It will be appreciated from the above that it is only the headset or accessory device 15 associated with the telephone which is instigating a call which needs to provide a signal controlling its telephone to communicate with the network I via a data channel. All telephones which are being called or which are being joined on an existing call are automatically set up with a data channel.
20 Similarly, it is the headset or accessory associated with the telephone which instigates a call which is responsible for setting up the encryption key used to make secure communications between that telephone and the telephone being called.
However, when a further telephone is introduced into a call so as to provide a conference call, it is the telephone which introduces the further telephone that is 2s required to set up the encryption key with the newly joining telephone.
In a further embodiment, the RSA encryption of session keys generated at one device is used in a conference call environment. Here, it is the telephone which set up the call which is responsible for setting-up session keys, for RSA encrypting 30 them and for sending them to the other telephones. In this case, it is necessary that each telephone correctly receives the keys. To facilitate this, it may be desirable to use greater inter-key intervals, shorter session keys or higher data rate channels.
( - 13
It will be appreciated that the invention allows communication between users of two remote telephones to be securely encrypted, even though the only special equipment is the headset or accessory device which constitutes the audio interface at each end of the link. The telephones connected to the audio interface devices s and all of the network in between the telephones may be entirely conventional.
Although the above embodiment utilises the encoding of audio samples, this may not be necessary if a suitably high data rate data channel is available.
10 In an alternative embodiment, video pictures may also be encrypted before transmission. Here, a combined camera and display device (not shown) is connectable to a
mobile telephone 8 via a Bluetooth interface. The camera device includes in series between a digital image production module and a Bluetooth transceiver an error correction bit addition module and an encryption module. In this way, images are encrypted with a 75 secure key before transmission to the mobile telephone, following which they are transmitted to the network 1. The camera device may be used in conjunction with the headset 14, but preferably is combined therewith. In the combined case, the device is arranged to control the mobile telephone 8 to enter into conrnunication with the network 1 using a General Packet Radio Service (GPRS) data channel. Also, a single Bluetooth 20 interface is used to carry encrypted audio and video data to the mobile telephone 8, and the audio and video data is carried to the network over the GPRS data channel.
To reproduce encrypted video data, the combined camera and display device (not shown) is able to decrypt received encrypted video signals, to apply error correction and to display 25 the result, preferably on a liquid crystal display (LCD). This allows full audio-visual communication bidirectionally between the combined camera and display device 14 and the network I, and also so-called video-conferencing. Video conferencing may utilise three or more terminals joined on a call.
30 In the foregoing, the terms 'data channel' and 'data call' will be understood to refer to means for the transmission of data other than analogue voice channels or channels dedicated for the communication of voice signals. In GSM, voice calls as classed as "Teleservices", and data calls are classed as "Bearer Services". Teleservices
- 14 includes the following audio call types: telephony, emergency calls, and voicemail, as well as some data call types, for example facsimile message 3. Bearer services include asynchronous and synchronous data, 3009GOO bps, alternate speech and data, 300-9600 bps, asynchronous PAD (packet-switched, packet assembler/disassembler) access, 300 5 9600 bps, and synchronous dedicated packet data access, 2400-9600 bps, which it will be appreciated can all be classed as 'data calls'. A 'data channel' might be considered as one which is not designated for carrying voice communications or other audio signals, whether encoded or not, and a 'data call' might be considered as a call made over a data channel. The channel may be over GSM, 3G, CDMA-2000 or any other to telephone network, either fixed or mobile. In a fixed telephone network, a data channel may be an ISDN, ADSL or 'broadband' data channel or sub-channel, for example.

Claims (32)

- 15 Claims
1. An audio interface device operable to provide a signal for controlling a telephone to communicate with a network via a data channel, and to sample and s encrypt audio signals or signals derived therefrom before providing them for transmission over the data channel.
2. A device as claimed in claim 1 or claim 2, comprising a coder arranged to code the audio signals before providing them for transmission.
3. An audio interface device operable to provide a signal for controlling a telephone to communicate with a network via a data channel, and to sample and code audio signals or signals derived therefrom before providing them for transmission over the data channel.
4. A device as claimed in claim 3, comprising an encrypter arranged to encrypt the audio signals before providing them for transmission.
5. A device as claimed in any preceding claim, in which the telephone is a 20 mobile telephone.
6. A device as claimed in any preceding claim, comprising means for adding error correction data to the audio signals or the signals derived therefrom, as the case may be, before providing them for transmission.
2S
7. A device as claimed in any preceding claim, in which encryption is effected using a Diffe-Hellman algorithm.
8. A device as claimed in any preceding claim, comprising means to receive 30 encrypted signals from the telephone, and to decrypt them before reproducing them as audio signals.
( - 16
9. A device as claimed in claim 8, comprising means for decoding the decrypted signals before reproduction.
10. A device as claimed in claim 8 or claim 9, comprising means for providing s error correction of the decrypted signals.
11. A device as claimed in any preceding claim, comprising means for encrypting a session key and for sending the encrypted session key.
70
12. A device as claimed in any preceding claim, comprising means to sample and encrypt video signals or signals derived therefrom before providing them for transmission over the data channel.
13. A method of operating an audio interface device, the method comprising 15 controlling the device to provide a signal for controlling a telephone, preferably a mobile telephone, to communicate with a network via a data channel, controlling the device to sample and to encrypt audio signals or signals derived therefrom and controlling the device to provide the encrypted signals for transmission over the data channel.
14. A method of operating an audio interface device, the method comprising controlling the device to provide a signal for controlling a telephone, preferably a mobile telephone, to communicate with a network via a data channel, controlling the device to sample and to code audio signals or signals derived therefrom and 25 controlling the device to provide the coded signals for transmission over the data channel.
15. A method of transmitting encrypted audio signals, the method comprising: controlling a mobile telephone to communicate with a network via a data 30 channel; sampling audio signals; encrypting the samples or data derived from the samples; and providing the encrypted data for transmission over the data channel.
( - 17
16. A method of transmitting coded audio signals, the method comprising: controlling a mobile telephone to communicate with a network via a data channel; s sampling audio signals; coding the samples or data derived from the samples; and providing the coded data for transmission over the data channel.
lo
17. A system comprising an audio interface device and a telephone, the audio interface device being operable to provide a control signal for controlling the telephone to communicate via a data channel, and to sample and encrypt audio signals or signals derived therefrom before providing them to the telephone, the telephone being responsive to receiving the control signal for communication with a Is network via a data channel, and for transmitting the encrypted audio signals over the data channel.
18. A system comprising an audio interface device and a telephone, the audio interface device being operable to provide a control signal for controlling the 20 telephone to communicate via a data channel, and to sample and code audio signals or signals derived therefrom before providing them to the telephone, the telephone being responsive to receiving the control signal for communication with a network via a data channel, and for transmitting the coded audio signals over the data channel. 2s
19. A method of communicating between first and second devices, the method comprising: in a first device, encrypting a session key using an encryption key; sending the encrypted session key to the second device; in the second device, decrypting the encrypted session key; and using the session key to encrypt data transmitted in at least one direction between the first and second devices.
- 18
20. A method as claimed in claim 19, comprising transmitting a further encrypted session key from one of the devices to the other device, and subsequently using the further session key to encrypt data transmitted in at least one direction between the first and second devices.
s
21. A method as claimed in claim 19 or claim 20, comprising periodically transmitting new encrypted session keys from the first device to the second device.
22. A method as claimed in claim 19 or claim 20, comprising building a lo catalogue of session keys with each of the first and second devices, each catalogue including a presently used session key and at least one unused session key.
23. A method as claimed in claim 22, comprising periodically discarding the session key being used for encrypting data., and subsequently using a new session 5 key to encrypt data transmitted in the at least one direction.
24. A method as claimed in any of claims 19 to 23, comprising randomly generating the session key or keys.
20
25. A method as claimed in any of claims 19 to 24, comprising encrypting the session key or keys using RSA encryption.
26. A communication device, comprising: means for encrypting a session key, and for sending the encrypted session 25 key via a channel to another communication device; and means for encrypting data with the session key, and for sending the encrypted data.
27. A device as claimed in claim 26, comprising means for sending a further 30 encrypted session key, and for subsequently encrypting data using the further session key before sending the encrypted data.
- 19
28. A device as claimed in claim 26 or claim 27, comprising means for periodically transmitting new encrypted session keys from the first device to the second device.
5
29. A device as claimed in claim 27 or claim 28, comprising means for building a catalogue of session keys, the catalogue including a presently used session key and at least one unused session key.
30. A device as claimed in claim 29, comprising means for periodically discarding 10 the session key being used for encrypting data, and for subsequently using a new session key to encrypt data before sending the encrypted data.
31. An audio interface device substantially as described with reference to Figure 2, and/or as modified with reference to Figure 1, of the accompanying drawings.
32. A method of operating an audio interface device substantially as described with reference to the accompanying drawings.
GB0313658A 2002-12-20 2003-06-12 Secure transmission of audio signals Expired - Fee Related GB2388279B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US10/631,674 US20060198520A1 (en) 2002-12-20 2003-07-31 Secure transmission of digital audio signals
EP03796111A EP1574011A2 (en) 2002-12-20 2003-12-18 Secure transmission of audio signals
PCT/EP2003/051073 WO2004057827A2 (en) 2002-12-20 2003-12-18 Secure transmission of audio signals
AU2003298371A AU2003298371A1 (en) 2002-12-20 2003-12-18 Secure transmission of audio signals

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0229781A GB0229781D0 (en) 2002-12-20 2002-12-20 Secure transmission of audio signals

Publications (3)

Publication Number Publication Date
GB0313658D0 GB0313658D0 (en) 2003-07-16
GB2388279A true GB2388279A (en) 2003-11-05
GB2388279B GB2388279B (en) 2004-03-17

Family

ID=9950138

Family Applications (2)

Application Number Title Priority Date Filing Date
GB0229781A Ceased GB0229781D0 (en) 2002-12-20 2002-12-20 Secure transmission of audio signals
GB0313658A Expired - Fee Related GB2388279B (en) 2002-12-20 2003-06-12 Secure transmission of audio signals

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GB0229781A Ceased GB0229781D0 (en) 2002-12-20 2002-12-20 Secure transmission of audio signals

Country Status (2)

Country Link
CN (1) CN1754366A (en)
GB (2) GB0229781D0 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1587276A2 (en) * 2004-04-14 2005-10-19 M/A-Com, Inc. Universal microphone for secure radio communication
WO2006017949A1 (en) * 2004-08-20 2006-02-23 Tecdata Ag Encryption device and method using global scaling for key distribution
DE202007012486U1 (en) * 2007-09-05 2009-01-22 Rohde & Schwarz Sit Gmbh Device for encrypted communication
ITMI20091006A1 (en) * 2009-06-09 2010-12-10 Claudio Petronici "VOCAL COMMUNICATIONS SYSTEM"
WO2016193404A1 (en) * 2015-06-04 2016-12-08 Nagravision S.A. Methods and systems for communication-session arrangement on behalf of cryptographic endpoints
US9891882B2 (en) 2015-06-01 2018-02-13 Nagravision S.A. Methods and systems for conveying encrypted data to a communication device
US9900769B2 (en) 2015-05-29 2018-02-20 Nagravision S.A. Methods and systems for establishing an encrypted-audio session
US10122767B2 (en) 2015-05-29 2018-11-06 Nagravision S.A. Systems and methods for conducting secure VOIP multi-party calls

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8644396B2 (en) 2006-04-18 2014-02-04 Qualcomm Incorporated Waveform encoding for wireless applications
CN101433052B (en) 2006-04-26 2013-04-24 高通股份有限公司 Dynamic distribution of device functionality and resource management
US8406794B2 (en) 2006-04-26 2013-03-26 Qualcomm Incorporated Methods and apparatuses of initiating communication in wireless networks
US8289159B2 (en) 2006-04-26 2012-10-16 Qualcomm Incorporated Wireless localization apparatus and method
CN101605185B (en) * 2009-06-25 2012-07-04 华为技术有限公司 Method, device and system for processing voice signals
KR20140139321A (en) 2013-05-27 2014-12-05 한국전자통신연구원 Information security attachment apparatus for voice communications and information security method for voice communications thereby
CN106162502A (en) * 2015-03-20 2016-11-23 北京虎符科技有限公司 Safe bluetooth communication equipment
CN104954951B (en) * 2015-07-01 2017-12-29 深圳北斗通信科技有限公司 A kind of bluetooth earphone and its speech ciphering method with voice encryption function
US10104522B2 (en) * 2015-07-02 2018-10-16 Gn Hearing A/S Hearing device and method of hearing device communication
CN105188018B (en) * 2015-08-17 2018-08-28 飞天诚信科技股份有限公司 A kind of safety device and its working method
CN105025038B (en) * 2015-08-17 2018-03-16 南京京昱达信息科技有限公司 A kind of voice communication apparatus encryption equipment
CN109346092A (en) * 2018-10-29 2019-02-15 王秉玉 The system and method for voice encryption communication is carried out between a kind of communication terminal
CN116321141B (en) * 2023-05-11 2023-08-04 长江量子(武汉)科技有限公司 Method for synchronizing keys of two-ear earphone and two-ear encryption earphone
CN117354797A (en) * 2023-12-04 2024-01-05 深圳市华粤世通软件科技有限公司 Mobile communication system and terminal based on information encryption

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09261765A (en) * 1996-03-25 1997-10-03 Canon Inc Radio communication system
US5825776A (en) * 1996-02-27 1998-10-20 Ericsson Inc. Circuitry and method for transmitting voice and data signals upon a wireless communication channel
JPH10336128A (en) * 1997-05-29 1998-12-18 Mitsubishi Electric Corp Scrabble system for digital broadcast
US6081724A (en) * 1996-01-31 2000-06-27 Qualcomm Incorporated Portable communication device and accessory system
EP1026898A1 (en) * 1999-02-04 2000-08-09 CANAL+ Société Anonyme Method and apparatus for encrypted transmission
WO2001008386A1 (en) * 1999-04-30 2001-02-01 Central Research Laboratories Limited An accessory for a mobile telephone
KR20010017447A (en) * 1999-08-11 2001-03-05 이계안 A device for reducing vibration of outside mirror for automobile
US6222829B1 (en) * 1997-12-23 2001-04-24 Telefonaktieblaget L M Ericsson Internet protocol telephony for a mobile station on a packet data channel
JP2002262345A (en) * 2001-02-27 2002-09-13 Casio Comput Co Ltd Mobile communication system and communication control method
WO2002080500A1 (en) * 2001-03-29 2002-10-10 Wingcast, Llc System adn emthod for transmitting voice input from a remote location over a wireless data channel
GB2379120A (en) * 2001-06-22 2003-02-26 Christopher Portelli Wireless hands free system for mobile phone

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6081724A (en) * 1996-01-31 2000-06-27 Qualcomm Incorporated Portable communication device and accessory system
US5825776A (en) * 1996-02-27 1998-10-20 Ericsson Inc. Circuitry and method for transmitting voice and data signals upon a wireless communication channel
JPH09261765A (en) * 1996-03-25 1997-10-03 Canon Inc Radio communication system
JPH10336128A (en) * 1997-05-29 1998-12-18 Mitsubishi Electric Corp Scrabble system for digital broadcast
US6222829B1 (en) * 1997-12-23 2001-04-24 Telefonaktieblaget L M Ericsson Internet protocol telephony for a mobile station on a packet data channel
EP1026898A1 (en) * 1999-02-04 2000-08-09 CANAL+ Société Anonyme Method and apparatus for encrypted transmission
WO2001008386A1 (en) * 1999-04-30 2001-02-01 Central Research Laboratories Limited An accessory for a mobile telephone
KR20010017447A (en) * 1999-08-11 2001-03-05 이계안 A device for reducing vibration of outside mirror for automobile
JP2002262345A (en) * 2001-02-27 2002-09-13 Casio Comput Co Ltd Mobile communication system and communication control method
WO2002080500A1 (en) * 2001-03-29 2002-10-10 Wingcast, Llc System adn emthod for transmitting voice input from a remote location over a wireless data channel
GB2379120A (en) * 2001-06-22 2003-02-26 Christopher Portelli Wireless hands free system for mobile phone

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1587276A3 (en) * 2004-04-14 2006-05-24 M/A-Com, Inc. Universal microphone for secure radio communication
US7522730B2 (en) 2004-04-14 2009-04-21 M/A-Com, Inc. Universal microphone for secure radio communication
EP1587276A2 (en) * 2004-04-14 2005-10-19 M/A-Com, Inc. Universal microphone for secure radio communication
WO2006017949A1 (en) * 2004-08-20 2006-02-23 Tecdata Ag Encryption device and method using global scaling for key distribution
DE202007012486U1 (en) * 2007-09-05 2009-01-22 Rohde & Schwarz Sit Gmbh Device for encrypted communication
ITMI20091006A1 (en) * 2009-06-09 2010-12-10 Claudio Petronici "VOCAL COMMUNICATIONS SYSTEM"
EP2262143A1 (en) * 2009-06-09 2010-12-15 Petronici, Claudio Encryption system for vocal communications
US10715557B2 (en) 2015-05-29 2020-07-14 Nagravision S.A. Systems and methods for conducting secure VOIP multi-party calls
US11606398B2 (en) 2015-05-29 2023-03-14 Nagravision S.A. Systems and methods for conducting secure VOIP multi-party calls
US9900769B2 (en) 2015-05-29 2018-02-20 Nagravision S.A. Methods and systems for establishing an encrypted-audio session
US10122767B2 (en) 2015-05-29 2018-11-06 Nagravision S.A. Systems and methods for conducting secure VOIP multi-party calls
US10251055B2 (en) 2015-05-29 2019-04-02 Nagravision S.A. Methods and systems for establishing an encrypted-audio session
US9891882B2 (en) 2015-06-01 2018-02-13 Nagravision S.A. Methods and systems for conveying encrypted data to a communication device
US10649717B2 (en) 2015-06-01 2020-05-12 Nagravision S.A. Methods and systems for conveying encrypted data to a communication device
US10356059B2 (en) 2015-06-04 2019-07-16 Nagravision S.A. Methods and systems for communication-session arrangement on behalf of cryptographic endpoints
WO2016193404A1 (en) * 2015-06-04 2016-12-08 Nagravision S.A. Methods and systems for communication-session arrangement on behalf of cryptographic endpoints

Also Published As

Publication number Publication date
GB2388279B (en) 2004-03-17
GB0313658D0 (en) 2003-07-16
GB0229781D0 (en) 2003-01-29
CN1754366A (en) 2006-03-29

Similar Documents

Publication Publication Date Title
US20060198520A1 (en) Secure transmission of digital audio signals
GB2388279A (en) Secure transmission of audio signals
US7369662B2 (en) Maintaining end-to-end synchronization on a telecommunications connection
KR20060111036A (en) Method providing service of an image telephone call in mobile terminal considering situation of a weak current
US7221662B2 (en) Tone detection elimination
US9326160B2 (en) Sharing electromagnetic-signal measurements for providing feedback about transmit-path signal quality
US7062283B2 (en) Cellular telephone system with multiple call paths
WO2001082640A1 (en) Multi-point communication method and communication control device
RU2430474C1 (en) Method and system for lossless media stream transmission after switching between ordinary connection and secret connection
US10630656B2 (en) System and method of encrypted media encapsulation
US20070195825A1 (en) Satellite Communication System and Method
JP4832959B2 (en) Voice communication terminal device, voice communication control method, and voice communication terminal program
US7710948B2 (en) PCM-based data transmission system and voice/data communication switching method
ES2298966T3 (en) WIDE BAND TELECOMMUNICATION - NARROW BAND.
EP2809045B1 (en) Information security attachment device for voice communication and information security method for voice communication using the same
KR20150071958A (en) Method and apparatus for secure voice call
CN100463438C (en) IP video terminal device for public security uniform communication network
JP6464971B2 (en) Wireless terminal device
Rekha et al. End-to-end security for GSM users [speech coding method]
US20050246532A1 (en) Secure communication system and method
JP2004140621A (en) Telephone system
CN109982317B (en) Voice encryption and decryption system and method based on CDMA network
KR20050044196A (en) Wiretapping preventer for voice communication in voip system
JP2008092464A (en) Packet transmitter
KR20040037731A (en) VoIP Terminal and Voice Encryption Method Inter VoIP Terminal

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20070612