WO2005120005A1 - Method of requesting confidential connection for telecommunication systems - Google Patents

Method of requesting confidential connection for telecommunication systems Download PDF

Info

Publication number
WO2005120005A1
WO2005120005A1 PCT/EP2005/052393 EP2005052393W WO2005120005A1 WO 2005120005 A1 WO2005120005 A1 WO 2005120005A1 EP 2005052393 W EP2005052393 W EP 2005052393W WO 2005120005 A1 WO2005120005 A1 WO 2005120005A1
Authority
WO
WIPO (PCT)
Prior art keywords
call
party
confidentiality
request
allowed
Prior art date
Application number
PCT/EP2005/052393
Other languages
French (fr)
Inventor
Bizhan Karimi-Cherkandi
Farrokh-Mohammadzadeh Kouchri
Hendrik Promies
Original Assignee
Siemens Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft filed Critical Siemens Aktiengesellschaft
Publication of WO2005120005A1 publication Critical patent/WO2005120005A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/102Gateways
    • H04L65/1043Gateway controllers, e.g. media gateway control protocol [MGCP] controllers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1069Session establishment or de-establishment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1096Supplementary features, e.g. call forwarding or call holding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q2213/00Indexing scheme relating to selecting arrangements in general and for multiplex systems
    • H04Q2213/13091CLI, identification of calling line
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q2213/00Indexing scheme relating to selecting arrangements in general and for multiplex systems
    • H04Q2213/13176Common channel signaling, CCS7
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q2213/00Indexing scheme relating to selecting arrangements in general and for multiplex systems
    • H04Q2213/1322PBX
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q2213/00Indexing scheme relating to selecting arrangements in general and for multiplex systems
    • H04Q2213/13256Call screening
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q2213/00Indexing scheme relating to selecting arrangements in general and for multiplex systems
    • H04Q2213/1328Call transfer, e.g. in PBX

Definitions

  • the invention is used in communications networks to ensure that a confidentiality request by a calling party when setting up a call to a called party is accommodated.
  • This application is related to and claims the benefit of commonly- owned U.S. Provisional Patent Application No. 60/574,960, filed on the 27.05.2004, titled “Method of Requesting Confidential Connection For Telecommunication Systems” which is incorporated by reference herein in its entirety.
  • the network can provide him means of barring his identity.
  • the originating user can be put to a voice-mail or the end-equipment can turn on loudspeaker, even though the calling party might not want this to be performed.
  • the calling party looses any kind of control of the call that it initiated in the first place. Additionally, this means that the calling party also looses control over the dissipation of the content of a communication (call) .
  • the communications system used to initiate, set up and establish the call does not allow for call to be controlled by the calling party.
  • the proposed technique is responsive to a request of a calling party permitting the calling party to have more control of the call and its contents, and provides an efficient way for securing the confidentiality of a call.
  • Said method requests a call with a confidential connection between a first party and a second party in a communications network, comprising the steps of:
  • Said network device is located in a communications network, comprises means arranged to employ the method according to claims 1 to 9.
  • the caller party is required to provide an input indicating whether the call is to proceed
  • a variety of networking devices can implement the technique, a series of parameters regulate the requested confidentiality, the confidentiality is ascertained by applying on at least one section of a line connecting the two parties a continuous measurement of a line characteristic and the confidentiality can be increased by encrypting the call, either end-to-end or for exposed line sections .
  • Fig.l shows the signalling that takes place in the network.
  • Fig. 2 shows a typical network environment where the proposed invention is applicable.
  • a calling party's terminal equipment 1 and a called party' s terminal equipment 2 are connected to a network 100.
  • the terms "calling party”, “calling party's terminal equipment”, “first party”, “A__party”, “user_A”, “A- subscriber” are equivalent terms that refer to the originator of a call. These terms are used interchangeably throughout the description.
  • the terms "called party”, “called party's terminal equipment”, “second party”, “B_j?arty”, “user_B”, “B-subscriber” are equivalent terms that refer to the receiver of a call. These terms are also used interchangeably throughout the description.
  • the terms “signalling entity”, “forwarding entity”, “network device” are equivalent terms that refer to the device that receives the request to set up a confidential call between the calling party and the called party. These terms are also used interchangeably throughout the description.
  • the calling party' s terminal equipment 1 and the called party' terminal equipment 2 comprise of a telephone 1A, 2B and a handset/receiver 1A' , 2B' respectively. Where necessary, in order for the invention to become, more understandable, the telephone and handset/receiver terms will be used.
  • the terminal equipment may include an intelligent peripheral, such as a PC having a handset/headset connected to it and a software telephony application installed on it.
  • the calling party 1 may not wish: a) to interact with a voice mail or any other type of recording devices, b) that a loudspeaker be turned-on on the other end (receiver) , c) that the called party 2 activates call forwarding (CF) , or transfers the call (CT) at any time, d) to become involved in a conference.
  • CF call forwarding
  • the parameters can be one of the following indicating the type of confidentiality that the calling party wishes to have at the called party:
  • a message 10 is transmitted over the network 100 to a call forwarding entity 5 which is a PSTN switch or a PBX, depending on how the network 100 is designed, and which in turn receives the message 10.
  • the call forwarding entity 5 is connected to the called party 2 directly or via other network components, and is aware of the confidentiality parameters that are available at the called party 2.
  • the forwarding entity 5 in turn transmits a reply message 20 back to the calling party 1 over network 100.
  • Message 20 contains information indicating whether the confidentiality requested is possible and/or honoured by the called party 2.
  • the calling party 1 may be prompted for an input indicating whether to proceed with the call.
  • the calling party 1, is prompted only if the requested confidentiality mode is not available.
  • the "no Recording" option is primarily handled between the calling party and the switch, although it may also be signalled all the way to the other end, and allows for no recording of the actual conversation between the calling party and the called party to take place , as offered by some terminal equipment. This is further explained below:
  • Switch public or private branch exchange (PBX)
  • PBX public or private branch exchange
  • Switch can recognize the request of the A-party and if the B-party has the Confidential_Call-capability, then the request is further signalled to B-party. However, if the B-party does not offer this capability, then switch can signal back to A-party reporting B-party does not support Confidential_Call (as an announcement or display) .
  • the originator calling party may choose to continue the call.
  • the Confidential_Call request if active, is taken into account and the calling party is not transferred to voice-mail.
  • the B-party If the B-party provides Confidential_Call-capability, then it honors the originator's request, so that in the case of voicemail, only the announcement is played to the originator and no message shall be recorded.
  • the B-party has call forwarding activated as the A-subscriber attempts to establish a call to B. If A-subscriber has requested Confidential_Call with "No CF", then the forwarding entity (switch or intelligent CPE (Customer Premises
  • An intelligent CPE is a device located in this case at the B- party side, which is programmed to read received data and react to requests, commands contained in this data.
  • the call transfer entity (switch or intelligent CPE) shall honor this request and not allow the call to be transferred. In the event that no acknowledgement is transmitted or that a negative acknowledgement is transmitted, the request is dishonoured. If one of the parties (calling or called party) does not provide a Confidential_Call capability, then the forwarding entity signals this to the other party by means of an ' announcement or protocol signalling. The requestor of the confidential call can then choose to continue the call or not.
  • SIP Session Initiation Protocol
  • ITU-T H.323 ISUP ISDN User Part Protocol
  • ISDN Integrated Services Digital Network
  • MGCP Media Gateway Control Protocol
  • the parameters can be indicated through the use of a flag that is set within a message to indicate that a request for confidentiality is requested. Each type of request has its own defined flaga It is also possible to define a particular flag that when set within a message will indicate that a calling party requests all types of confidentiality to be applied.
  • messages transmitted at call initiation such as a SETUP message when using ISDN or an IAM (Initial Address Message) message when using ISUP or CRCX (Create Connection) when using MGCP, or INVITE message when using SIP can be modified to comprise a parameter indicating the type of confidentiality.
  • IAM Initial Address Message
  • CRCX Create Connection
  • messages used for acknowledging the call initiation such as PROGRESS or RING messages when using SIP, PROGRESS or SETUP-ACK or ACM (Address Complete Message) messages when using ISDN/ISUP, or CRCX-ACK when using MGCP can also be modified.
  • messages used for indicating acceptance of the call such as the OK message when using SIP, or the CONNECT or ANM (Answer) messages when using ISDN/ISUP, MDCX (Modify Connection message) or MDCX-ACK messages when using MGCP can also be modified.
  • messages used at any point in a call such as NOTIFY message when using SIP, FACILITY or INF (Information) or INR (Information Request) messages when using ISDN/ISUP or NTFY (Notify) message when using MGCP can also be modified.
  • the called party 2 or the corresponding forwarding entity 5 upon reception of such a message returns a reply to the calling party 1 indicating whether the request can be met .
  • Signalling entities 5 that forward a call request such as, Intelligent Customer Premises Equipment (CPE) , Public Switched Telephone Network (PSTN) Switch, PBX, Voice-Mail servers can be enhanced so that the handling of confidentiality is covered by the means that already exist in the signalling entities.
  • CPE Intelligent Customer Premises Equipment
  • PSTN Public Switched Telephone Network
  • PBX Public Switched Telephone Network
  • Voice-Mail servers can be enhanced so that the handling of confidentiality is covered by the means that already exist in the signalling entities.
  • the signalling methods described above allow a calling party 1 to specify either one or all of the above mentioned confidentiality requests at his/her terminal. These requests as stated previously are: a. call recording not allowed at call destination terminal; b. loudspeaker activation not allowed at call destination terminal; c. Call Forwarding (CF) not allowed at call destination terminal; d. Call Transfer (CT) not allowed at call destination terminal; e. conference initiation not allowed at call destination terminal .
  • CF Call Forwarding
  • CT Call Transfer
  • Requests c, d and e may be implemented using methods in the (PSTN or PBX) switch serving the called party 2: if either of these request flags is received, the switch serving the called party 2 simply ignores all requests to the contrary and may respond with an announcement to any such attempt, e.g. "Transfer not permitted for this call” or "Initiation of Conference not permitted for this call”.
  • the terminal could be operated with a different software/firmware which ignores the confidentiality flags, which is a concern especially in environments where programmable equipment such as PCs (Personal Computers) or PDAs (Personal Digital Assistants) are used for telephony.
  • PCs Personal Computers
  • PDAs Personal Digital Assistants
  • the confidentiality may be extended so that the caller 1 can rely on the following: either the restriction imposed is met at the other end or he will be informed of such "breach” of confidentiality. Alternatively the call may simply be released when a "no-confidentiality" situation is detected at any time during the call.
  • end-to-end confidentiality by end-to-end encryption
  • improving the confidentiality of sections of the communication path that can easily be tampered with Both approaches require hardware support which is described in the following illustrative embodiment with reference to Fig. 2.
  • Fig. 2 shows a calling party 1, comprising a telephone 1A, and a handset/receiver 1A' , that communicates through a network 100 to a called party 2, also comprising a telephone 2B, and a handset/receiver 2B' .
  • PBXs 5 can be seen that connect the two parties to the network 100 and devices such as local exchanges and transit exchanges that allow signalling to be performed.
  • a section of a transmission line 210 for example between a telephone 2B and its handset 2B' .
  • the signals are transmitted over such line 210 in analogue form, wherein an amplifier in the telephone 2B sends a time-variant electrical signal to a speaker device in the handset 2B' .
  • the amplifier "does not care" whether the device receiving the signal is, in fact, the speaker device of handset 2B' .
  • the amplifier will continue to produce an output signal even if the transmission line 210 is connected via a tap-line L' to another device 3, which may be an unwanted recording or speaker device.
  • a basic (analogue) approach to disallowing the tapping of lines 200, 210 would be to continuously measure at least one of the line characteristics (such as impedance, resistance, capacitance, or inductance) by means of an advanced amplifier. Upon detection of changes in any parameter exceeding a threshold the amplifier could signal to the confidentiality mechanism that the transmission line was tampered with and that confidentiality can no longer be guaranteed, which can be signalled back to inform the caller by the confidentiality circuitry.
  • other characteristics can be continuously measured in order to monitor the confidentiality of the call. This can be done for example, by measuring propagation characteristics such as jitter or signal delay.
  • the terms "link” and "connection” are used interchangeably and are equivalent.
  • Another approach to securing lines 200, 210 would be to install a speaker having an integrated encryption/decryption chip in the handset 2B' and send all signals from telephone 2B to handset 2B' as encrypted digital signals, wherein the signals are encrypted such that only the chip in the handset 2B' has the necessary key(s) to decrypt.
  • the information is not decipherable.
  • a speaker with integrated decryption (and D/A conversion, amplification) circuitry could be constructed in encapsulated fashion such that any attempt to access pins for retrieving the analogue electric signal would result in the destruction of the speaker.
  • the encryption/decryption chip in the telephone could be constructed in a similar fashion.
  • one or more sensors could be installed in handset 2B' to detect any "abnormal" use of the handset (e.g. the handset being held away from the ear/mouth of the called party or a microphone next to the speaker) .
  • Such sensors could include temperature sensors to detect whether the handset is near a body, surface contact sensors to detect whether the handset has contact with human skin (hands/ear) , electromagnetic sensors to detect the electromagnetic fields caused by microphones, etc.
  • any transmission line section 200, 210 that is vulnerable can be secured using encryption/decryption methods at both ends of the line. If multiple sections exist the devices connecting these sections have to be constructed such that the signals cannot be compromised there.
  • a first line section is secured (e.g., encrypted) between a PSTN switch and a PBX
  • a second line section 200 is secured between the PBX and a terminal (computer/telephone)
  • a third line section 210 is secured between the terminal and the handset/headset.
  • any internal connection especially those in the terminal connecting the second and third..sections, needs to be secured by making it'..mechanically inaccessible (e.g. inside the same chip or chip package, or an inaccessible layer of a multilayer printed board) or using encryption.
  • digital (encryption) and analogue protective methods may be combined to prevent another device 3 located at the end of the tap lines L' , to gather data for a cryptographic attack on the encrypted information.
  • a microphone could be constructed in essentially the same fashion as described for a speaker, i.e. a microphone package that contains A/D converting circuitry, signal processing and amplification circuitry, and encryption circuitry. Any signal transmitted by such package would be digital and encrypted, decipherable only by means of a valid decryption key.
  • the calling party 1 wishes to call the called party 2.
  • the calling party 1 specifies on his phone that the called party 2 must not turn on his speaker as the information to be conveyed is confidential.
  • the called party's terminal receives that request and disables the speaker.
  • the called party 2 however intends to ignore that request .
  • he has installed a Y-cable between his telephone 2B and his handset 2B' . Attached to the Y-cable is an external loudspeaker. While the calling party 1 believes that the called party' s speaker is off, the called party 2 would still be able to have the calling party 1 on the external loudspeaker.
  • the calling party 1 would receive an announcement that confidentiality cannot be guaranteed (analogue protection), or the called party's loudspeaker would not produce any signal as the calling party' s voice is sent to the called party' s handset speaker in encrypted fashion, effectively disabling any audio device on Y-cable .
  • the end-to-end connection between the calling party 1 and the called party 2 can be protected using the protection mechanism without having to rely on the network' s support for confidentiality requests.
  • both the calling party 1 and the called party 2 have terminal equipment with encrypted speakers in handsets or headsets.
  • the feature control "no recording/loudspeaker" resides in the terminal equipment . If the calling party 1 places a call requesting that the called party 2 cannot turn on his loudspeaker, such a request may be transmitted along with a corresponding call setup in the form of a flag to the called party's terminal. The called party's terminal will then disable the built-in speaker. The calling party' s terminal will send any voiced information in the form of encrypted data.
  • the encryption of the outgoing signal can be handled in, a microphone package as described above, : ⁇ r in the terminal itself, for decryption with the called party' s headset speaker (i.e. using an encryption key corresponding with the called party's handset/headset).
  • the encrypted data is sent through the telecoms network to the called party' s terminal (note: a communications channel is required that supports "data" rather than "voice", i.e. no echo cancellation or bit rate reduction must occur over the channel).
  • the called party's terminal forwards the encrypted information to the handset/headset where it is decrypted and played to the called party 2.
  • wire sections not normally accessible i.e. the wire section from PSTN local exchange to PBX
  • wire sections only that are more easily accessible e.g. the wire connecting a terminal, such as a phone or a PC, and a handset/headset
  • a terminal such as a phone or a PC
  • handset/headset e.g. the wire connecting a terminal, such as a phone or a PC
  • special care must be taken when implementing the local software controlling telephone calls (softphone) .
  • the softphone While tapping into the line connecting the computer to the network infrastructure is not a concern (methods for protecting such lines, typically LAN lines, are well known) , the softphone must be implemented such that copying of audio streams to any other device but the headset/handset is made impossible if a corresponding confidentiality request is received from a calling party (1) .
  • the softphone shall encrypt all voice info sent to the handset/headset such that it can only be played there.
  • the softphone may employ a secure chip for performing the encryption and/or storing the necessary key(s), for example a trusted platform module (TPM) , (see https : //www.trustedcomputinggroup.org/home) .
  • TPM trusted platform module
  • the request for confidentiality and the corresponding acknowledgement are preferably logged in a Call Data Record (CDR) generated by the forwarding entity 5, so that any misuse can be documented and traceable.
  • CDR Call Data Record

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention consists of a network device and a method arranged to request a call with a confidential connection between a first party (1) and a second party (2) in a communications network (100), comprising the steps of: - signalling by said first party (1), a request to establish said call to said second party (2) specifying a confidentiality mode for said call, to a call forwarding entity (5); - signalling a reply to said request indicating whether said confidentiality mode can be maintained.

Description

Title of the invention
Method of Requesting Confidential Connection for Telecommunication Systems
Field of the invention
The invention is used in communications networks to ensure that a confidentiality request by a calling party when setting up a call to a called party is accommodated. This application is related to and claims the benefit of commonly- owned U.S. Provisional Patent Application No. 60/574,960, filed on the 27.05.2004, titled "Method of Requesting Confidential Connection For Telecommunication Systems" which is incorporated by reference herein in its entirety.
Summary of the invention
When a user establishes a connection in the telephony world, the network can provide him means of barring his identity.
One of the well known methods is suppression of calling name delivery. This is a limited form of confidentiality provided by the network, but it does not allow the user requesting a connection for a call (calling party) to have any kind of control over the call once the call has been set up.
For example once the connection has been established, the originating user (calling party) can be put to a voice-mail or the end-equipment can turn on loudspeaker, even though the calling party might not want this to be performed.
Effectively, the calling party looses any kind of control of the call that it initiated in the first place. Additionally, this means that the calling party also looses control over the dissipation of the content of a communication (call) . The communications system used to initiate, set up and establish the call does not allow for call to be controlled by the calling party.
Currently, there is no capability provided by communication systems to allow a calling party to control the call, if the user wishes that the contents of the call be kept confidential at the called party and so maintain a secure communication. If for example the calling party wishes that the contents of the call are not to be recorded or not to be put on a loudspeaker, the possibility to control this is not supported by the telecommunication systems, either by the network or by the CPE .
A need therefore exists for a technique that can provide for a calling party with the capability to control the call at the called party and therefore ensure that the call is secured by increasing the confidentiality of the contents of the call.
With the present invention, the issue of controlling the call at the called party by the calling party is resolved. The proposed technique is responsive to a request of a calling party permitting the calling party to have more control of the call and its contents, and provides an efficient way for securing the confidentiality of a call.
The technique is achieved by the teachings contained in the independent method and network device claims .
Said method requests a call with a confidential connection between a first party and a second party in a communications network, comprising the steps of:
- signalling by said first party, a request to establish said call to said second party specifying a confidentiality mode for said call, to a call forwarding entity;
- signalling a reply to said request indicating whether said confidentiality mode can be maintained. Said network device, is located in a communications network, comprises means arranged to employ the method according to claims 1 to 9.
Advantages can be seen in the dependent claims, whereby, the caller party is required to provide an input indicating whether the call is to proceed, a variety of networking devices can implement the technique, a series of parameters regulate the requested confidentiality, the confidentiality is ascertained by applying on at least one section of a line connecting the two parties a continuous measurement of a line characteristic and the confidentiality can be increased by encrypting the call, either end-to-end or for exposed line sections .
The present invention will become more fully understood from the detailed description given hereinbelow and the accompanying drawings which are given by way of illustration only, and thus are not limitative of the present invention, and wherein:
Fig.l, shows the signalling that takes place in the network.
Fig. 2, shows a typical network environment where the proposed invention is applicable.
Detailed description of the invention
In Fig. 1, which shows an exemplary embodiment of the invention, a calling party's terminal equipment 1, and a called party' s terminal equipment 2 are connected to a network 100. The terms "calling party", "calling party's terminal equipment", "first party", "A__party", "user_A", "A- subscriber" are equivalent terms that refer to the originator of a call. These terms are used interchangeably throughout the description. Similarly, the terms "called party", "called party's terminal equipment", "second party", "B_j?arty", "user_B", "B-subscriber" are equivalent terms that refer to the receiver of a call. These terms are also used interchangeably throughout the description. Also the terms "signalling entity", "forwarding entity", "network device" are equivalent terms that refer to the device that receives the request to set up a confidential call between the calling party and the called party. These terms are also used interchangeably throughout the description. Furthermore, the calling party' s terminal equipment 1 and the called party' terminal equipment 2 comprise of a telephone 1A, 2B and a handset/receiver 1A' , 2B' respectively. Where necessary, in order for the invention to become, more understandable, the telephone and handset/receiver terms will be used. In other embodiments, the terminal equipment may include an intelligent peripheral, such as a PC having a handset/headset connected to it and a software telephony application installed on it.
Turning back to Fig. 1, when the calling party 1 wishes to set up a secure call over a connection to a called party 2 requesting a degree of confidentiality, it will transmit a message 10 containing a confidentiality request parameter.
The calling party 1 may not wish: a) to interact with a voice mail or any other type of recording devices, b) that a loudspeaker be turned-on on the other end (receiver) , c) that the called party 2 activates call forwarding (CF) , or transfers the call (CT) at any time, d) to become involved in a conference.
The parameters, which are explained further below, can be one of the following indicating the type of confidentiality that the calling party wishes to have at the called party:
(a) No recording of the actual conversation is allowed to be made by the called party. (b) No loudspeaker is allowed to be activated by the called party. (c) No Call Forwarding (CF) is allowed to be performed by the called party. (d) No Call Transfer (CT) is allowed to be performed by the called party. (e) No conference initiation is allowed to be performed by the called party.
A message 10 is transmitted over the network 100 to a call forwarding entity 5 which is a PSTN switch or a PBX, depending on how the network 100 is designed, and which in turn receives the message 10. The call forwarding entity 5 is connected to the called party 2 directly or via other network components, and is aware of the confidentiality parameters that are available at the called party 2. The forwarding entity 5 in turn transmits a reply message 20 back to the calling party 1 over network 100. Message 20 contains information indicating whether the confidentiality requested is possible and/or honoured by the called party 2. Upon reception of message 20, the calling party 1 may be prompted for an input indicating whether to proceed with the call. Preferably, the calling party 1, is prompted only if the requested confidentiality mode is not available.
These parameters are further explained below:
Recording
The "no Recording" option is primarily handled between the calling party and the switch, although it may also be signalled all the way to the other end, and allows for no recording of the actual conversation between the calling party and the called party to take place , as offered by some terminal equipment. This is further explained below:
Type 1 - switch
Switch (public or private branch exchange (PBX) ) can recognize the request of the A-party and if the B-party has the Confidential_Call-capability, then the request is further signalled to B-party. However, if the B-party does not offer this capability, then switch can signal back to A-party reporting B-party does not support Confidential_Call (as an announcement or display) . The originator (calling party) may choose to continue the call.
In the process of the call, if the switch has to put the originator to a voice-mail, the Confidential_Call request, if active, is taken into account and the calling party is not transferred to voice-mail.
Type 2 - end to end
If the B-party provides Confidential_Call-capability, then it honours the originator's request, so that in the case of voicemail, only the announcement is played to the originator and no message shall be recorded.
Loudspeaker
This is an end-to-end function. This function prohibits the usage of loudspeaker at one end if the other party has requested. For this feature forward and backward signalling is required and the acknowledgement may honour the request. The lack of acknowledgement as well as a negative acknowledgement dishonours the request. If the one of the parties (A or B) does not provide Confidential_Call- capability, then the switch signals this to the other party by means of announcement or a protocol signalling. The requestor of Confidential__Call may choose to continue the call.
If both parties provide Confidential_Call-capability, then they can switch at any time to confidentiality mode. The requestor may have established the call in normal mode. Any of the two ends may have turned the loudspeaker on, but once the confidentiality request is raised by either one of the parties, then the loudspeaker at the requested side or both speakers may automatically be abandoned. Call Forwarding (CF)
The B-party has call forwarding activated as the A-subscriber attempts to establish a call to B. If A-subscriber has requested Confidential_Call with "No CF", then the forwarding entity (switch or intelligent CPE (Customer Premises
Equipment) ) shall honour this request and not forward the call and returns the proper reason of call termination. An intelligent CPE, is a device located in this case at the B- party side, which is programmed to read received data and react to requests, commands contained in this data.
Call Transfer (CT)
If the subscriber has requested Confidential_Call with "No
CT", then the call transfer entity (switch or intelligent CPE) shall honour this request and not allow the call to be transferred. In the event that no acknowledgement is transmitted or that a negative acknowledgement is transmitted, the request is dishonoured. If one of the parties (calling or called party) does not provide a Confidential_Call capability, then the forwarding entity signals this to the other party by means of an' announcement or protocol signalling. The requestor of the confidential call can then choose to continue the call or not.
Conference
If any party in a communications has requested Confidential_Call with "No Conference", the partners of this party should honour/dishonour this request. The party has a choice to continue the call. In the event that no acknowledgement is transmitted or that a negative acknowledgement is transmitted, the request is dishonoured. If one of the parties (calling or called party) does not provide a Confidential_Call capability, then the forwarding entity signals this to the other party by means of an announcement or protocol signalling. The requestor of the confidential call can then choose to continue the call or not. Deployment areas Embodiment of signalling in existing protocols: The following protocols can be enhanced to cover the handling of confidentiality. The invention, however, is not limited to the mentioned protocols, but may also be applicable to other existing protocols.
SIP (Session Initiation Protocol) ITU-T H.323 ISUP (ISDN User Part Protocol) ISDN (Integrated Services Digital Network) MGCP (Media Gateway Control Protocol)
This can be done by implementing a set of messages comprising a set of parameters that indicate the particular type of confidentiality sought by the calling party or by modifying existing messages that are part of signalling protocols. The parameters can be indicated through the use of a flag that is set within a message to indicate that a request for confidentiality is requested. Each type of request has its own defined flaga It is also possible to define a particular flag that when set within a message will indicate that a calling party requests all types of confidentiality to be applied.
For example messages transmitted at call initiation, such as a SETUP message when using ISDN or an IAM (Initial Address Message) message when using ISUP or CRCX (Create Connection) when using MGCP, or INVITE message when using SIP can be modified to comprise a parameter indicating the type of confidentiality.
Also messages used for acknowledging the call initiation, such as PROGRESS or RING messages when using SIP, PROGRESS or SETUP-ACK or ACM (Address Complete Message) messages when using ISDN/ISUP, or CRCX-ACK when using MGCP can also be modified. Additionally, messages used for indicating acceptance of the call, such as the OK message when using SIP, or the CONNECT or ANM (Answer) messages when using ISDN/ISUP, MDCX (Modify Connection message) or MDCX-ACK messages when using MGCP can also be modified.
Furthermore, messages used at any point in a call, such as NOTIFY message when using SIP, FACILITY or INF (Information) or INR (Information Request) messages when using ISDN/ISUP or NTFY (Notify) message when using MGCP can also be modified.
All these messages can be modified to carry the set of parameters that indicate the particular type of confidentiality sought by the calling party. These modifications or any new set of messages created do not require any hardware changes to be implemented.
The called party 2 or the corresponding forwarding entity 5 upon reception of such a message returns a reply to the calling party 1 indicating whether the request can be met .
Signalling entities 5 that forward a call request, such as, Intelligent Customer Premises Equipment (CPE) , Public Switched Telephone Network (PSTN) Switch, PBX, Voice-Mail servers can be enhanced so that the handling of confidentiality is covered by the means that already exist in the signalling entities.
The signalling methods described above allow a calling party 1 to specify either one or all of the above mentioned confidentiality requests at his/her terminal. These requests as stated previously are: a. call recording not allowed at call destination terminal; b. loudspeaker activation not allowed at call destination terminal; c. Call Forwarding (CF) not allowed at call destination terminal; d. Call Transfer (CT) not allowed at call destination terminal; e. conference initiation not allowed at call destination terminal .
Requests c, d and e may be implemented using methods in the (PSTN or PBX) switch serving the called party 2: if either of these request flags is received, the switch serving the called party 2 simply ignores all requests to the contrary and may respond with an announcement to any such attempt, e.g. "Transfer not permitted for this call" or "Initiation of Conference not permitted for this call".
Since these three requests (c-e) may be controlled by the switch, they are tamper-proof in most situations in the following sense: even if a user modifies his/her terminal, such modification will not make the restriction imposed by a calling party 1 ineffective. Exceptions exist when the terminal has advanced capabilities or is, in fact, a small residential "exchange" such as a DECT base station serving several handsets. Problems may also arise for VoIP (Voice over IP) terminals which (for example, in a workgroup) may handle call forwarding, call transfer, and conference without using a central switch.
For requests (a) and (b) however, no guarantee can be given to the calling party 1 that the requests will actually be met at the terminating end. Even if "confidentiality enhanced" terminal equipment adheres to the "no recording" or "no loudspeaker" request imposed by the calling party 1 by not allowing the called party 2 to activate the recording feature or loudspeaker in his/her terminal, such restrictions may be easily overcome by a number of methods. For example, the physical cable connection the terminal to the terminal's handset could be plugged into a device having speaker and/or recording means . Or the terminal could be operated with a different software/firmware which ignores the confidentiality flags, which is a concern especially in environments where programmable equipment such as PCs (Personal Computers) or PDAs (Personal Digital Assistants) are used for telephony.
In order to overcome the limitations of requests (a) and (b) , the confidentiality may be extended so that the caller 1 can rely on the following: either the restriction imposed is met at the other end or he will be informed of such "breach" of confidentiality. Alternatively the call may simply be released when a "no-confidentiality" situation is detected at any time during the call.
To this end, one of two approaches can be chosen: end-to-end confidentiality (by end-to-end encryption) or improving the confidentiality of sections of the communication path that can easily be tampered with. Both approaches require hardware support which is described in the following illustrative embodiment with reference to Fig. 2.
Fig. 2, shows a calling party 1, comprising a telephone 1A, and a handset/receiver 1A' , that communicates through a network 100 to a called party 2, also comprising a telephone 2B, and a handset/receiver 2B' . Within the network 100 PBXs 5 can be seen that connect the two parties to the network 100 and devices such as local exchanges and transit exchanges that allow signalling to be performed.
Consider a section of a transmission line 210, for example between a telephone 2B and its handset 2B' . Normally, the signals are transmitted over such line 210 in analogue form, wherein an amplifier in the telephone 2B sends a time-variant electrical signal to a speaker device in the handset 2B' . The amplifier "does not care" whether the device receiving the signal is, in fact, the speaker device of handset 2B' . The amplifier will continue to produce an output signal even if the transmission line 210 is connected via a tap-line L' to another device 3, which may be an unwanted recording or speaker device. The same applies for the section of the transmission line 200, which connects PBX 5 to the telephone 2B. Sections 200, 210 are vulnerable to attack due to the fact that they form part of the so called "last mile" section of transmission line.
A basic (analogue) approach to disallowing the tapping of lines 200, 210 would be to continuously measure at least one of the line characteristics (such as impedance, resistance, capacitance, or inductance) by means of an advanced amplifier. Upon detection of changes in any parameter exceeding a threshold the amplifier could signal to the confidentiality mechanism that the transmission line was tampered with and that confidentiality can no longer be guaranteed, which can be signalled back to inform the caller by the confidentiality circuitry. In the event that a wireless connection is used, other characteristics can be continuously measured in order to monitor the confidentiality of the call. This can be done for example, by measuring propagation characteristics such as jitter or signal delay. In the case of a wireless connection the terms "link" and "connection" are used interchangeably and are equivalent.
Another approach to securing lines 200, 210 would be to install a speaker having an integrated encryption/decryption chip in the handset 2B' and send all signals from telephone 2B to handset 2B' as encrypted digital signals, wherein the signals are encrypted such that only the chip in the handset 2B' has the necessary key(s) to decrypt. At any point where another device 3 is located, while the signals may be received, the information is not decipherable. A speaker with integrated decryption (and D/A conversion, amplification) circuitry could be constructed in encapsulated fashion such that any attempt to access pins for retrieving the analogue electric signal would result in the destruction of the speaker. The encryption/decryption chip in the telephone could be constructed in a similar fashion.
To prevent a user from using a microphone next to his/her handset speaker for unwanted recording, one or more sensors could be installed in handset 2B' to detect any "abnormal" use of the handset (e.g. the handset being held away from the ear/mouth of the called party or a microphone next to the speaker) . Such sensors could include temperature sensors to detect whether the handset is near a body, surface contact sensors to detect whether the handset has contact with human skin (hands/ear) , electromagnetic sensors to detect the electromagnetic fields caused by microphones, etc.
It shall be noted that any transmission line section 200, 210 that is vulnerable can be secured using encryption/decryption methods at both ends of the line. If multiple sections exist the devices connecting these sections have to be constructed such that the signals cannot be compromised there. Example: if a first line section is secured (e.g., encrypted) between a PSTN switch and a PBX, a second line section 200 is secured between the PBX and a terminal (computer/telephone) , and a third line section 210 is secured between the terminal and the handset/headset. Then any internal connection, especially those in the terminal connecting the second and third..sections, needs to be secured by making it'..mechanically inaccessible (e.g. inside the same chip or chip package, or an inaccessible layer of a multilayer printed board) or using encryption.
Furthermore, the digital (encryption) and analogue protective methods may be combined to prevent another device 3 located at the end of the tap lines L' , to gather data for a cryptographic attack on the encrypted information.
It is understood that a microphone could be constructed in essentially the same fashion as described for a speaker, i.e. a microphone package that contains A/D converting circuitry, signal processing and amplification circuitry, and encryption circuitry. Any signal transmitted by such package would be digital and encrypted, decipherable only by means of a valid decryption key. These approaches to securing the protection of the line have the advantage that the trust level of telecoms equipment is increased, by ensuring that the confidentiality requests (a) to (e) , are met at the terminal where the switch no longer has control over the signal and the signalling. Depending on the desired confidentiality level, it is possible to:
- prevent the most simple and uneducated attacks only (e.g. put a conversation on loudspeaker "for fun" against the callers intentions [to embarrass the caller in front of an "audience"] by attaching a speaker to any wire section between PBX and telephone or telephone and handset) ; or
- prevent attacks by malicious educated personnel (e.g. information theft by recording conversations that were not supposed to be recorded) .
In a further example to illustrate the functioning of the above, the calling party 1 wishes to call the called party 2. The calling party 1 specifies on his phone that the called party 2 must not turn on his speaker as the information to be conveyed is confidential. The called party's terminal receives that request and disables the speaker. The called party 2 however intends to ignore that request . For that he has installed a Y-cable between his telephone 2B and his handset 2B' . Attached to the Y-cable is an external loudspeaker. While the calling party 1 believes that the called party' s speaker is off, the called party 2 would still be able to have the calling party 1 on the external loudspeaker. With the added protection, the calling party 1 would receive an announcement that confidentiality cannot be guaranteed (analogue protection), or the called party's loudspeaker would not produce any signal as the calling party' s voice is sent to the called party' s handset speaker in encrypted fashion, effectively disabling any audio device on Y-cable .
Using the line section protection mechanism explained above the confidentiality of a conversation from a calling party 1 to a called party 2 can be ensured regardless of whether the called party 2 wishes to keep the conversation confidential or not . Confidentiality is even ensured in situations where called party 2 does not wish the conversation to remain confidential.
In a further illustrative embodiment, the end-to-end connection between the calling party 1 and the called party 2 can be protected using the protection mechanism without having to rely on the network' s support for confidentiality requests. To this end, both the calling party 1 and the called party 2 have terminal equipment with encrypted speakers in handsets or headsets. The feature control "no recording/loudspeaker" resides in the terminal equipment . If the calling party 1 places a call requesting that the called party 2 cannot turn on his loudspeaker, such a request may be transmitted along with a corresponding call setup in the form of a flag to the called party's terminal. The called party's terminal will then disable the built-in speaker. The calling party' s terminal will send any voiced information in the form of encrypted data. The encryption of the outgoing signal can be handled in, a microphone package as described above, :ør in the terminal itself, for decryption with the called party' s headset speaker (i.e. using an encryption key corresponding with the called party's handset/headset). The encrypted data is sent through the telecoms network to the called party' s terminal (note: a communications channel is required that supports "data" rather than "voice", i.e. no echo cancellation or bit rate reduction must occur over the channel). The called party's terminal forwards the encrypted information to the handset/headset where it is decrypted and played to the called party 2.
Other embodiments may rely on the confidentiality of wire sections not normally accessible (i.e. the wire section from PSTN local exchange to PBX) and employ the invention on wire sections only that are more easily accessible (e.g. the wire connecting a terminal, such as a phone or a PC, and a handset/headset) , as illustrated in Fig. 2. When using any type of computer having attached to it a handset or headset as terminal, special care must be taken when implementing the local software controlling telephone calls (softphone) . While tapping into the line connecting the computer to the network infrastructure is not a concern (methods for protecting such lines, typically LAN lines, are well known) , the softphone must be implemented such that copying of audio streams to any other device but the headset/handset is made impossible if a corresponding confidentiality request is received from a calling party (1) . The softphone shall encrypt all voice info sent to the handset/headset such that it can only be played there. The softphone may employ a secure chip for performing the encryption and/or storing the necessary key(s), for example a trusted platform module (TPM) , (see https : //www.trustedcomputinggroup.org/home) .
The request for confidentiality and the corresponding acknowledgement are preferably logged in a Call Data Record (CDR) generated by the forwarding entity 5, so that any misuse can be documented and traceable.
Although the invention has been described in terms of preferred embodiments described herein, those skilled in the art will appreciate other embodiments and modifications which can be made without departing from the scope of the teachings of the invention. All such modifications are intended to be included within the scope of the claims appended hereto.

Claims

Claims
1. Method for requesting a call with a confidential connection between a first party (1) and a second party (2) in a communications network (100), comprising the steps of:
- signalling by said first party (1) , a request to establish said call to said second party (2) specifying a confidentiality mode for said call, to a call forwarding entity (5) ; - signalling a reply to said request indicating whether said confidentiality mode can be maintained.
2. Method according to claim 1, further comprising the step of upon reception of said reply, prompting said first party (1) for an input indicating whether said first party (1) will be proceeding with said call.
3. Method according to any one of the previous claims, wherein said call forwarding entity (5) is at least one of the following:
- a PSTN switch;
- a PBX;
- an intelligent customer premises equipment CPE;
- a VoIP terminal; - a Digital Enhanced Cordless Telecommunication DECT terminal .
4. Method according to any one of the previous claims, wherein said confidentiality mode comprises parameters regulating said confidential connection.
5. Method according to claim 4, wherein said parameters indicate at least one of the following:
- a parameter indicating that a recording of said call is not allowed by said second party (2);
- a parameter indicating that an activation of a loudspeaker is not allowed by said second party (2) ; - a parameter indicating that call forwarding CF is not allowed by said second party (2) ;
- a parameter indicating that a call transfer CT is not allowed by said second party (2) ; - a parameter indicating that a conference initiation is not allowed by said second party (2) .
6. Method according to claim 1, wherein said confidentiality mode is ascertained by applying on at least one section of a line (200) connecting said call forwarding entity (5) to said second party (2) , a continuous measurement of a line characteristic of said line, further securing said confidential connection.
7. Method according to claim 6, wherein said line characteristic comprises at least one of the following characteristics :
- impedance;
- resistance; - capacitance;
- inductance.
8. Method according to any of the preceding claims 1 to 7, wherein said call is encrypted on at least one section of said line connecting said call forwarding entity (5) to said second party (2), further securing said confidential connection.
9. Method according to claim 8, wherein an integrated encryption/decryption chip is used for decrypting said call.
10. Network device (5) located in a communications network (100) , comprising means arranged to employ the method according to claims 1 to 9.
11. System comprising at least two network devices according to claim 10.
PCT/EP2005/052393 2004-05-27 2005-05-25 Method of requesting confidential connection for telecommunication systems WO2005120005A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US57496004P 2004-05-27 2004-05-27
US60/574,960 2004-05-27

Publications (1)

Publication Number Publication Date
WO2005120005A1 true WO2005120005A1 (en) 2005-12-15

Family

ID=34969538

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2005/052393 WO2005120005A1 (en) 2004-05-27 2005-05-25 Method of requesting confidential connection for telecommunication systems

Country Status (1)

Country Link
WO (1) WO2005120005A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008139404A1 (en) * 2007-05-09 2008-11-20 Hendrik Lambert Koekemoer An audiometer

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3519702A (en) * 1968-07-09 1970-07-07 Gen Tire & Rubber Co Epoxide acrylate grafts of thermoplastic polymers
EP1011252A2 (en) * 1998-12-14 2000-06-21 Siemens Information and Communication Networks Inc. Method and apparatus for protecting call privacy
EP1093279A2 (en) * 1999-10-15 2001-04-18 Siemens Information and Communication Networks, Inc. Method and apparatus for protecting call privacy across telecommunications networks
EP1111875A2 (en) * 1999-12-22 2001-06-27 Nortel Networks Limited Controlling a destination terminal from an originating terminal
US6343117B1 (en) * 1999-09-14 2002-01-29 At&T Corporation Method of initiating a telephone security feature
US6671367B1 (en) * 1999-05-17 2003-12-30 Telefonaktiebolaget Lm Ericsson Capability negotiation in a telecommunications network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3519702A (en) * 1968-07-09 1970-07-07 Gen Tire & Rubber Co Epoxide acrylate grafts of thermoplastic polymers
EP1011252A2 (en) * 1998-12-14 2000-06-21 Siemens Information and Communication Networks Inc. Method and apparatus for protecting call privacy
US6671367B1 (en) * 1999-05-17 2003-12-30 Telefonaktiebolaget Lm Ericsson Capability negotiation in a telecommunications network
US6343117B1 (en) * 1999-09-14 2002-01-29 At&T Corporation Method of initiating a telephone security feature
EP1093279A2 (en) * 1999-10-15 2001-04-18 Siemens Information and Communication Networks, Inc. Method and apparatus for protecting call privacy across telecommunications networks
EP1111875A2 (en) * 1999-12-22 2001-06-27 Nortel Networks Limited Controlling a destination terminal from an originating terminal

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008139404A1 (en) * 2007-05-09 2008-11-20 Hendrik Lambert Koekemoer An audiometer

Similar Documents

Publication Publication Date Title
JP4847823B2 (en) Network resource allocation method, apparatus and device
US20210160367A1 (en) Utilizing sip messages to determine the status of a remote terminal in voip communication systems
EP2012516B1 (en) Customised playback telephony services
US7464267B2 (en) System and method for secure transmission of RTP packets
JP2006325171A (en) Voice internet transmission system
JPH07183883A (en) Safety mode telecommunication
CN100521631C (en) System and method for generating ringbace tone
US20080089494A1 (en) System and Method for Securing a Telephone System Comprising Circuit Switched and IP Data Networks
US8230111B2 (en) Method for transmitting signaling messages using alternate path
US8181013B2 (en) Method, media gateway and system for transmitting content in call established via media gateway control protocol
Wing et al. Requirements and analysis of media security management protocols
JP2004147195A (en) Voice communication method and gate device
JP2005020524A (en) Server device and telephone set
EP1952617A1 (en) Recording a circuit switched call using an ip based control interface
WO2005120005A1 (en) Method of requesting confidential connection for telecommunication systems
Tambe et al. Study of VOIP services and its applications
Mupparapu Voice over Internet protocol for the orthodontic practice: A sensible switch from plain old telephone service
Marshall et al. Private Session Initiation Protocol (SIP) Proxy-to-Proxy Extensions for Supporting the PacketCable Distributed Call Signaling Architecture
Elwell et al. Interworking between the Session Initiation Protocol (SIP) and QSIG
Elwell et al. RFC 4497: Interworking between the Session Initiation Protocol (SIP) and QSIG
Marshall et al. RFC3603: Private Session Initiation Protocol (SIP) Proxy-to-Proxy Extensions for Supporting the PacketCable Distributed Call Signaling Architecture
Proxy-to Network Working Group W. Marshall, Ed. Request for Comments: 3603 AT&T Category: Informational F. Andreasen, Ed. Cisco October 2003
Beacham et al. Signaling MIB for PacketCable and IPCablecom Multimedia Terminal Adapters (MTAs)
Beacham et al. RFC 5098: Signaling MIB for PacketCable and IPCablecom Multimedia Terminal Adapters (MTAs)
Wang Research Challenges in Securing VoIP

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase