CA2163023C - Secure communication system - Google Patents

Secure communication system

Info

Publication number
CA2163023C
CA2163023C CA002163023A CA2163023A CA2163023C CA 2163023 C CA2163023 C CA 2163023C CA 002163023 A CA002163023 A CA 002163023A CA 2163023 A CA2163023 A CA 2163023A CA 2163023 C CA2163023 C CA 2163023C
Authority
CA
Canada
Prior art keywords
secure
data
siu
call
processing circuit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CA002163023A
Other languages
French (fr)
Other versions
CA2163023A1 (en
Inventor
Spiros Dimolitsas
Roderick James Ragland
Farhad Hemmati
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Comsat Corp
Original Assignee
Comsat Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=22059791&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=CA2163023(C) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Comsat Corp filed Critical Comsat Corp
Publication of CA2163023A1 publication Critical patent/CA2163023A1/en
Application granted granted Critical
Publication of CA2163023C publication Critical patent/CA2163023C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K1/00Secret communication

Abstract

A communication system (Fig. 1) including: a first secure communication terminal (STU-III) for providing analog voiceband data; a first processing circuit (2) connected to receive the secure data from the first secure data into secure baseband data, the first processing circuit (2) transmitting the baseband data; a second processing circuit (4) connected to receive the transmitted baseband data from the first processing circuit (2), and for converting the received baseband data into analog voiceband data; and a second secure communication terminal (STU-III) for receiving the analog voiceband data from the second processing circuit (4). The communication system (Fig. 1) is especially applicable for handling secure data transmitted by an STU-III.

Description

SECURE COMMUNICATION SYSTEM
Field of the Invention The present invention relates in general to a system for supporting the direct interfacing of secure communication services, and in particular, to a system for supporting the direct interfacing of the U.S.
Government's Secure Terminal Unit-III (STU-III) over low-rate digital mobile systems.
B21C1ctTrnnn~9 ~f a-1,e T<.<.e..~ a-....
.~ a ..asc .a.aa v cu.i wu The rapid increase in the popularity and use of cellular and satellite communications systems has highlighted the impeding congestion of mobile communications spectrum. Concurrently, rapid advances in digital signal processing technology have made possible the transmission of voice signals at ever decreasing encoding rates. This latter development is permitting the transmission of speech to be realized over much narrower channel bandwidths, thus promising to increase the system's subscriber capacity proportionally to the potential bandwidth requirements reduction e.
( g., five-fold). These two developments have permitted mobile networks to be converted from analog-based systems to digital-based systems.

~~Unfortunately, the digitization of new mobile networks has made the transparent support of non-voice traffic impossible without the development of specialized interworking functions, which are tailored a.
to specific end-user applications. ' Summmry of the Invention It is a general object of the present invention to provide a system for supporting a secure system over a digital system.
It is another object of the invention to provide a system for supporting the Secure Terminal Unit Version-III (STU-III) over low-rate digital systems including mobile systems.
According to the present invention, the interworking functionally and architecture is defined for supporting the direct interfacing of the U.S.
Government's Secure Terminal Unit-III (STU-III) over low-rate digital mobile systems. Although this functionality is presented from a particular system perspective, it is applicable to other low-rate digital mobile systems.
The functionality is described by means of a Secure Interface Unit (SIU) architecture and a Secure Communications (SC) protocol.
The primary function of the SIU architecture is the demodulation of secure traffic in the secure terminal-to-satellite direction and the re-modulation (or regeneration) of signals in the mobile- or fixed-station-to-secure terminal direction. In addition to the secure modems, the SIU incorporates a rate adaptation and protocol packetization mechanism, a channel encoding process, an elastic buffer, and an echo canceller.

This SC protocol is based on a packetized structure that interfaces with the voice channel to provide secure-to-clear and clear-to-secure communication in a seamless manner. In addition, this functionality provides for the controlled and ..15 synchronized call establishment to occur on an end-to-end basis, while it provisions for double satellite-hop conditions. The SC protocol enhances the voice channel coding by using a rate 3/8 augmented convolutional code (during interogerable operation) or a rate 3/4 punctured convolutional code (during alternate operation) to provide high-quality end-user communications even under low link-margin conditions.

The SIU is located at, for example, mobile and fixed stations, where it interfaces with the end-user secure terminals via 2-wire connections. The SIU is able to support a number of STU-III features including ~1 and half-duplex operation at 2400 bits (intero~erable) and 4800 bits (alternate); -auto-secure on receive and plan-text inhibit; and synchronous secure data.
The packetization approach, error-coding and ' handling of the call during its establishment and clearing are some of the features of the communication system according to the present invention.
Brief Description of the Drawings Fig. 1 is a general block diagram showing a network configuration according to the present invention.
Fig. 2 is a state transition diagram for explaining the operation of a STU-III Terminal.
Fig. 3 is a block diagram of a Mobile Earth Station for Voice and Non-Voice Services according to an embodiment of the invention.
Fig. 4 is a block diagram of a Secure Interface Unit (SIU) according to an embodiment of the invention.
Fig. 5 is a circuit diagram of a Rate 3/8 Augmented Convolutional Code Generator of the invention.

Fig. 6 is a circuit diagram of a Rate 3/4 Punctured Convolutional Code Generator according to the invention.

Fig. 7 is a state diagram for Voice-Non-Voice Call Discrimination according to the invention.

Fig. 8 is a diagram for illustrating Secure Voice Call Establishment over the PSTN (full-duplex) according to the invention.

Fig. 9 is a diagram for illustrating Secure Voice Call Establishment over the PSTN (half-duplex) according to the invention.

Fig. 10 is a diagram for illustrating Facsimile Call Establishment over the PSTN according to the invention.

Fig. 11 is a diagram for illustrating Secure Call Establishment (full-duplex) according to the invention.

Fig. 12 is a diagram for illustrating Secure (full-duplex) Call Establishment Process according to the invention.

Fig. 13 is a diagram for illustrating the Secure Call Establishment (half-duplex) according to the invention.

Fig. 14 is a diagram for illustrating Secure (half-duplex) Call Establish Process according to the invention.
Fig. 15 is a diagram for explaining the structure of Secure Call Channel Establishment Packets according to the invention.
Fig. 16 is a diagram for explaining the structure of Secure Protocol Control Packets according to the invention.
Fig. 17 is a diagram for explaining Secure Transmission Protocol Processing of P1800 Signal according to the invention.
Fig. 18 is a diagram for explaining the Secure Transmission Protocol Processing of an MSG A Signal according to the invention.
Fig. 19 is a diagram for explaining the Secure Transmission Protocol Processing of an MSG B Signal according to the invention.
Fig. 20 is a block diagram for explaining Modem Training Sequence according to the invention.
Figs. 21 (a) -21 (d) are diagrams for explaining the Generation of a Training Sequence according to the invention.
Fig. 22 is a diagram for explaining Secure Transmission Protocol Processing of a Responder's Signal according to the invention.
Fig. 23 is a diagram for explaining the Secure Transmission Protocol Processing of an Initiator's Signal according to the invention.
Fig. 24 is a diagram for explaining Modem ' S Training according to a half-duplex mode of the invention.
Fig. 25 is a diagram for explaining Transition Times for Abort Secure Call Conditions according to the invention.
Fig. 26 is a state diagram for explaining Call Interruption Conditions according to the invention.
Fig. 27 is a circuit diagram for explaining the Echo Control Configuration according to the invention.
Detailed Description of the Preferred Embodiments Fig. 1 shows a general network configuration according to an embodiment of the present invention.
As shown in Fig. 1, the network includes a Land Earth Station 2, and a Mobile Earth Station 4 which is connected to the Land Earth Station 2 via a satellite communication link 6. As shown in Fig. 1, a Public Switched Telephone Network (PSTN) 8 connects POTS
(Plain Old Telephones) and STU-III terminals to the Land Earth Station 2. On the otherhand, POTS and STU-III terminals are directly connected to the Mobile Earth Station 4 which may be for example, a ship.
As shown in Fig. 1, the Land Earth Station 2 includes a Facilities Assignment Processor 9, a Secure Interface Unit (SIU) 10, a Digital Voice Codec 12, a Mux & Channel Unit 13 and a Station Control unit 14.
The Facilities and Assignment Processor 9 is coupled between the PSTN 8, and the SIU 10 and the Digital Voice Codec 12, and functions to assign the various elements of the Land Earth Station 2 to the type of phone service requested. For example, the Facilities Assignment Processor 9 would assign the Digital Voice Codec when POT is requested, and would assign the SIU
10 when a secure phone service is requested. The Mux & Channel Unit 13 controls the transfer of data to and from the satellite link 6 which includes the modulation of the baseband data to IF frequencies and the demodulation of the IF frequencies to baseband data. The Station Control 14 controls and coordinates WO 94/28654 PCT/US94/04f76 the communications activities of the Land Earth station 2.
The Mobile Earth Station 4 includes a Mux &
Channel Unit 13a, a SIU 10a, a Digital Voice Codec 12a and a Station Control 14a as in the Land Earth Station 2. The Mobile Earth Station does not include a Facilities Assignment Processor since, as indicated above, the STU-III terminals and POTS are directly connected to SIU l0a and Digital Voice Codec 12a, respectively.
Each of the Land Earth Station 2 and Mobile Earth Station 4 includes a Secure Interface Unit (SIU) 14, 14a whose primary function is the demodulation and remodulation of secure traffic for transmission over the low-rate mobile satellite circuits. The STT1 ;c located at mobile and land earth stations, where it directly, or indirectly, interfaces with the end-user secure terminals via a 2-wire connection.
Secure communications, as supported by the network system of the present invention, are addressed in the Future Secure Voice System: Signaling Plan -Interoperable Modes, FSVS-210, Revision F, March 31, 1992, National Security Agency and in Future Secure Voice System: Terminal Performance Specification.
FSVS-220, Revision B, February 26, 1988, National ' WO 94/28654 PCT/US94/04976 ~=~ ~ ~3~3 Security Agency. In the network system of the present invention, only the non-encrypted parts of the Secure Terminal Unit-Version III (STU-III) FSVS signaling plan are dealt with. Encrypted traffic is fully provisioned, but neither interfered nor decrypted in the system.
The overall system can be better understood if reference is made to the state transition diagram (Figure 2) of a secure (STU-III) call comprising_seven phases which may be defined as follows:
Phase sT-As rr;ia ,rt-o,~.",;~,~, L__,_, - - --- _.._.. -~ ,.,.,.....~..a.~ iS vii-nvOK) Phase ST-B: Clear (plain old telephone) mode;
Phase ST-C: Initial call modem training Phase ST-D: Variable exchange Phase ST-E: Crypto synchronization and/or resynchronization;
Phase ST-F: Secure traffic; and Phase ST-G: Call interruption.
During phases ST-D, ST-E, and ST-F, a transparent . digital connection (digital pipe) is provided by the SIU 10, l0a to the STU-III signals for the end-to-end exchange of crypto-synchronization and secure traffic.
Only during phase ST-G is the non-encrypted control information (optionally) monitored by the SIU 10, l0a in order to detect call interruption conditions.
Fig. 3 shows a configuration for implementing a Mobile Earth Station (MES) 4a according to an embodiment of the invention which supports secure voice or data calls. The configuration shown in Fig. 3 is applicable to a wide variety of MES terminal implementations irrespective of the actual manufacturer.
As shown in Fig. 3, the MES 4a includes IF & RF
units 20, a Channel Unit 22, a Central Call Coding Unit (CCCU) 40, and a Telephone Interface 42. The CCCU 40 includes a programmable Digital Signal Processor 30 which includes a Voice Codec Unit 31, a SIU 10 and a Call-Type Discriminator 35. The CCCU 40 further includes a Facsimile Interface Unit 36 and a Data Interface Unit 38.
Referring to Fig. 3, the IF and RF units 20 and the channel units 22 receive the satellite radio frequency signals and then perform the necessary frequency translation and demodulation of the received signal to the baseband. After this translation and t.

WO 94/2865~~~'PCT/US94/04976 demodulation, the baseband signal is passed to the CCCU 40 for further processing.
The CCCU 40 may be placed in its entirety within a programmable Digital Signal Processing (DSP) device, however, the CCCU may be partitioned into several discrete components. Furthermore, because some of the secure modes are custom specified, these are likely to be best implemented in the same digital signal processor as the voice functions.
For speech signals (plain old telephone, or POT, calls), the CCCU 40 activates the digital Voice Codec Unit (VCU) 31 with its input being the analog (or 64 kbit/s PCM digital) voiceband signal and its output being a 6.4 kbit/s encoded, parametric represented baseband signal.
For facsimile signals, the CCCU 40 activates the facsimile interface unit (FIU) 36 whose purpose is the demodulation of facsimile signals and protocol handling. Its input is the analog voiceband data facsimile signal and its output is an error protected baseband data facsimile signal. Any rate adaptation, which may be required due to the many different modems employed during a facsimile transmission, is performed by the FIU 36.
For voiceband data signals, the CCCU 40 takes a form similar to that of the facsimile interface: its input is an analog voiceband data signal and its output is a (optionally error protected) baseband data signal. Data are, thus, handled by the Data Interface Unit (DIU) function 38, which may reside within one or ' S more Large Scale Integrated (LSI) components.

For secure calls, the CCCU 40 activates the _Secure Interface Unit (SIU) 10 whose input is the analog voiceband data signal and its output is an error protected (coded) 6.4 kbit/s baseband data l0 signal. When secure voice (e. g., STU-III) terminals operate in the POT mode, only the Voice Codec Unit 31 of the CCCU 40 is active (the SIU 10 is thus disabled). The SIU 10 may reside within the same programmable component as the Voice Codec 31 because 15 of the programmability of that component, as well as the possible alternation between the secure and clear modes of communication. Some implementations may, however, partition the SIU 10 over several physical components.

20 The interworking between the different units of the CCCU 40 is controlled by the call-type discriminator (CTD) 35. This discriminator monitors and analyzes the status of the incoming and outgoing signals continuously so as to detect changes in the 25 type or spectral characteristics of signals being transmitted while a call is in progress. That is, POT, facsimile, data and secure voice have unique characteristics which allows the CTD to discriminate a call in order to activate the appropriate one of the Voice Codec Unit 31, Secure Interface Unit 10, Facsimile Interface Unit 36 and Data interface Unit ' 38. Unlike other elements of the CCCU 40 that only operate one at a time (i.e. their operation' is mutually exclusive), the CTD 35 always operates in parallel with one of the units. The CTD 35 may be implemented within the programmable VCU/SIU function, or may be implemented as a separate element.
The digital signal that has been processed by one of the units VCU 31, SIU 10, FIU 36 or DIU 38 of the CCCU 40 will then be converted into an analog signal at an output interface (not shown) of the CCCU 40.
The converted analog signal will then be placed on the four-wire analog voiceband bus which is sent to the Telephone Interface 44 which converts that signal to a two-wire interface which will then be connected to the telephone, STU-III terminal, modem or a piece of fax equipment (i.e., any component that is compatible for connection to a standard telephone circuit).
As shown in Fig. 3, the output of the Telephone Interface 44 is coupled to a FAX machine, POT, STU-III
or Modem via a Multiplexer 45. The Multiplexer 45 WO 94/28654 ~ , ' f PCT/LTS94/04976 facilitates detection of which service is supposed to be operating at any one point of time. In other words, since for example, a fax call and a voice conversation can not occur simultaneously on the same channel, the Mutliplexer 45 selects only one of those calls at any given time. In the embodiment shown in Fig. 3, the Mutliplexer 45 includes first and .second ports for connecting end-user terminals. The first port 1 will be used for normal telephony, facsimile, and secure voice. The second port 2 will be used for voiceband data. Additional ports may be provided for voiceband data, if necessary, in.order to permit the reliable detection and accommodation of more types of voiceband data modems. This access separation into two ports is considered desirable because of the great variety that exists between the call set-up signaling used by different types of voiceband data modems (thus distinguishing between different modem types and secure/facsimile is a considerable problem by itself and should be handled separately). By separating the ports into two, the secure voice terminal problem can thus be confined into a problem of distinguishing between voice, facsimile and secure traffic only.

For the voice/facsimile/secure voice port 1, it is possible to assign separate service addresses to each type of terminal. This may, in fact, occur for '.
facsimile (at least during the initial phases of the service provisioning). In this case, the call discrimination problem reduces to one of distinguish-ing between POT voice and secure transmissions only.
Such a solution does not conflict with the approach ' taken here: it is merely a sub-set.
For voiceband data, sophisticated signal discrimination techniques known in the art may be necessary to distinguish between different voiceband data types. This is because voiceband data modems use partially common call set-up signaling procedures which complicates the reliable detection of different types of modulation schemes. One approach is to assign separate physical MES entry ports to each type of modem. Another approach is to use separate service addresses. Neither of these approaches is very desirable, however, and the use of sophisticated signal discrimination techniques may thus be inevitable. In all cases, however, separation of modem traffic from voice, facsimile, and secure transmissions is highly desirable in order to eliminate possible adverse interactions. Although this differentiation appears to be somewhat restrictive, it may lead to significantly simpler implementations, particularly if support of additional types of voiceband data terminals is required in the .

future. Furthermore, further study may identify voiceband modem types which can be guaranteed not to interfere with voice/facsimile/secure voice call detection, in which case selected modem types can be - 5 allowed to access port 1_ In the various embodiments it is assumed that voice, facsimile,~and secure voice are addressed by a single access code (terminal number). All traffic, facsimile and secure calls are thus routed to port 1, by an optional private branch exchange (PBX) or multiplexer 45, as shown in Figure 3. Voiceband data are routed to a separate port for the reasons mentioned above.
The Multiplexer 45 selects one of the two ports in accordance with a control line from the CCCU 40.
For example, the CTD 35 would monitor the characteristics of the data that is being received by the CCCU 40, and if those characteristics indicate that data is being supplied, then this determination by the CTD 35 would cause the CCU 30 to activate the DIU 38 and to cause Multiplexer 45 via the control line to select port 2 for connection to the Modem.
The configuration shown in Fig. 3 assumes that each mobile earth station includes at least a Central - 25 Call Coding Unit (CCCU) whose function is to encode . input signals and to convert them into a format suitable for further processing by the earth station's channel unit. It is also assumed in the Fig. 3 configuration that only one channel unit is provided -(per input circuit). However, those skilled in the art will understand that this is not a restrictive assumption under the configuration disclosed herein.
Specifically, multichannel configurations are not expected to impact the protocols described herein.
The central concept in the SIU architecture is the demodulation of signals in the secure terminal-to-satellite direction and the re-modulation of signals in the satellite-to-secure terminal direction. This is accomplished by a bank of modulators and demodulators, as illustrated in Figure 4. Also included in the SIU function are the necessary GPA and GPC STU-III scramblers and descramblers (used during the V.26 modem training phase only), a process controller which provides for rate adaptation and protocol packetization, an error correcting process, and an elastic buffering process.
Finally, an echo canceller is also provided to permit full-duplex communication to be accommodated over two-wire network access points.
Implementation of the SIU architecture relies heavily on the basic concepts used in modern modem technology. The digital output of a terminal -WO 94/28654 PCTlUS94/04976 equipment is modulated to form an analog signal for easier transmission over communication lines (such as the Public Switched Telephone Network or PSTN);

conversely, an analog signal is demodulated to change it back to a digital signal. As an analog modem signal is transmitted over the PSTN, it often encounters imperfections within the network which often makes it difficult for the receiver to correctly decode the transmitted information. The imperfections which are most prevalent in the PSTN network are (1) envelope and delay distortion, (2) listener echo, (3) noise impairments such as phase jitters, frequency offset, phase hits and gain hits. In most high-performance modems, echo cancellers and channel equalizers are used to increase the data rate capacity of an analog telephone circuit by eliminating the noise added by the PSTN.

Referring to Figure 4, the SIU includes an Echo Canceller 50 and a Channel Equalizer 52 to increase the data rate capacity and eliminate noise added by the PSTN. After the network's impairments have been removed from the analog signal, the Demodulators 54 convert the analog signal to a digital signal. After the analog signal has been demodulated, it is then processed by a De-Scrambler 5~. Under normal usage, data processing equipment occasionally produces data patterns (like a long string of ones) that can cause the receiving modem problems (usually in the clocking circuitry). As the De-Scrambler 56 in the receiving modem changes the data back to its original pattern, Elastic Buffers 58 are used to absorb clock ' differences between the satellite channel and the secure end-user terminals received (or transmitted) over the telephone circuit. The receive side Multiplexer 60 is used to select whether the information is user data to be transmitted over the satellite channel or system control information from the Message (Protocol Control) Packetization process 62 provided by the process controller 63 .to be transmitted over the satellite channel. Finally, Error Protection (Coding) 64 is applied to the data which to be transmitted in order to protect it from satellite noise impairments.
The inverse operations of the Error Protection Coding 64, Packetization 62, Multiplexer 60, Elastic Buffering 58, De-Scrambler 56 and Demodulators 54 are provided by the Error Decoding 65, Packet Disassembly 70, Demultiplexer 66, Elastic Buffering 68, Scrambler 72 and Modulators 72, respectively.
It is noted that the traffic supported by the system shown in Figure 4 is neither decrypted, nor descrambled (with the exception of certain modem training segments), nor source decoded. Consequently, the encryption, decryption and STU-III voice coding functions are notably and intentionally absent from the SIU shown in Figure 4.
' S Not shown in this figure is a BCH decoder which may have to be implemented if call interuptions are handled using the optional Message Identifier (MID) interpretation procedures addressed below.
According to the embodiments disclosed herein, unless otherwise specified, the SIU performance characteristics comply with those applicable to STU-III terminals, as specified in FSVS specifications 210 and 220 cited above. For example, SIU echo canceller specifications, transmit signal levels and receive signal operating characteristics comply with FSVS 210 and 220, unless indicated otherwise.
Secure Call Transport Channel For practical reasons it Was found desirable to employ the same type of channel transport mechanism for both voice and secure traffic. This approach was adopted because it facilitates the use of multiple in-call modification requests which may be initiated by the end-user, or dictated by the characteristics of the channel, such as when:

A user requests a return to the clear (POT) mode of communication;
A severe fade causes modem training to fail thus requiring a return to the clear mode followed by modem retraining; ' A severe fade causes a burst of uncorrectable errors, eventually leading to loss in cryptographic synchronization : and A data channel synchronization discrepancy (slip) causes cryptographic synchronization loss.
If the voice channel can be used for both voice and secure transmissions, this will also imply that signaling units need not be employed. This permits the following advantage to be realized:
The channel's full-duplex continuous availability can be guaranteed. This is because the channel unavailability associated with signalinq unit channel-type modifications is no longer relevant (which can be longer than 500 ms) . This makes it both possible and very convenient to convert from voice to secure transmissions and vice~versa, at any time during a secure call.

WO 94/28654 . PCT/US94/04976 As set forth below an error correcting code is defined for interoperable mode transmission of secure . traffic at an end-user signaling rate of 2.4 kbit/s.
As also set forth below, a rate 3/4 error correcting ' 5 code is defined for alternate mode transmission of secure traffic at an end-user signaling rate of 4.8 kbit/s. Error correcting is applied upon entering phase ST-C (as defined in Figure 2 and also addressed later) .
Error Coding for 2..~ kbit/s Secure Traffic The general characteristics of the error correcting code to be applied to the 2.4 kbit/s end-user traffic during the interoperable mode of communication are as follows (see Figure 5):
~ Code rate = 3/8;
~ Channel bit-rate = 6400 bits;
~ Code Type = Augmented convolutional, Constraint length K = 7;
~ Code generator polynomials = 133, 171 (octal);
Phase ambiguity resolution = Unique word (e. g., as defined in Inmarsat-M SDM, Section 3.2.2.9);
~ Modulation method = Offset QPSK;
~ Modem filter = 60 ~ Rolloff;
~ Demodulator detection - 8 level (3 bits) soft decision; and ~ Code flushing ,bits = 6 "zeros" following last bit of data fed into the encoder (e.g., as defined in Inmarsat-M SDM, Section 3.2.2.10) It is noted that this error correcting code is also applied to the secure protocol control packets exchanged between SIUs (defined later).
Error Coding for ~1.8 kbit/s Secure Traffic The general characteristics of the error correcting code to be applied to the 4.8 kbit/s end-user traffic during the alternate mode of communication are as follows (see Figure 6).
~ Code Rate = 3/4 Channel Bit-Rate = 6400 bits - Code Type = Punctured Convolutional, Constraint Length K = 7; and ~ Code generator polynomials = 133, 171 (octal);
~ Phase ambiguity resolution = Unique word (e.g. as defined in Inmarsat-M SDM, Section 3.2.2.9);
~ Modulation method = Offset QPSK:
~ Modem filter = 60 ~ Rolloff;
~ Demodulator detection - 8 level (3 bits) soft decision; and Code flushing bits = 6 "zeros" following last bit of data fed into the encoder (e.g., as defined in Inmarsat-M SDM, Section 3.2.2.10) Convolutional codes are used to protect digital data from satellite channel errors, as previously mentioned. Figures 5 _and 6 show shift-register circuits which generate a rate 3/8 convolutional code and 3/4 convolutional code, respectively. Input bits are clocked into the respective circuits from the left. After each input is applied the coder output is generated by sampling and routing the outputs of the two modulo-2 adders (exclusive-OR). A convolutional code is defined by the number of stages in the shift register, the number of outputs (i.e., the number of modulo-2 adders) , and the connections betwPPr, t-r,o ~aa.ii V L Cg i5 w1 anc~ zne moduio-2 adorers . The state of the encoder is defined to be the contents of the shift register and is completely determined by the previous information bit inputs.
The output of the upper modulo-2 adder is the product of the degree-2 polynomial Gl(D) 1 + D2 + D3 +
DS + D6 and the lower modulo-2 adder is the product of the degree-2 polynomial G2 (D) 1 + D + DZ + D3 + D6, (Figure 5) . A similar analysis can be performed on the upper and lower degree-2 polynomials of Figure 6.
For a given clock period, one bit of input will generate two bits of output. For the rate 3/8 augmented convolutional coder generator certain designated coder output bits will be repeated to generate the desired output rate, as indicated in Figure 5. For the rate 3/4 punctured convolutional code generator, certain designated coder output bits will be deleted to generate the desired output rate, as indicated in Figure 6.
Call Discrimination In identifying a secure call, a two layered process needs to be considered. First, the calls are grouped into voice and non-voice. Subsequently, non-voice calls are characterized as either facsimile or secure.
Voice/Non-Voice Call Discrimination Voice/non-voice call discrimination is accomplished by the call-type discriminator 35 (Figure 3) which monitors the type of waveform activity presented on each direction of signal transmission.
Two types of signals (signal types) can be used to assist the call-type discrimination process:
signal type V: characterized by wideband non-uniform frequency spectra, non-stationarity, and low transmission levels. This signal type corresponds to the spectral, energy and temporal characteristics of speech signals.
signal type N: characterized by narrowband frequency spectra, stationarity, and high signal transmission levels. This signal type .
corresponds to the spectral, energy and temporal characteristics of the following three single-frequency tones:
1100 Hz, 1800 Hz, and 2100 Hz.' S A state diagram of the possible call-type transitions is shown in Figure 7. As noted above, the call-type discriminator (CTD) 35 always functions in parallel with the voice codec, facsimile, or secure interface unit so that the transition from voice to non-voice call processing can be initiated at any time during a call in-progress. Once the non-voice state has been entered, return to the voice state is under the non-voice coding unit (FIU or SIU) control, or extended presence of signal type V.
In particular, for secure transmissions, return to the voice mode is under secure protocol control, or invoked by the detection of extended periods of signal type V activity (which includes idle, or no signal energy, on the telephone line) as will be discussed later. For facsimile transmissions, return to the voice mode is under protocol control.
Non-Voice/8ecure Call Discrimination Full-duplex secure calls are always initiated by transmission of an echo canceller or echo suppresor disabling (ECSD/ESD) 2100 Hz tone (thereafter refered to for simplicity as ECSD, unless otherwise necessary). The full-duplex secure call establishment process over the Public Switched Telephone Network (PSTN) is illustrated in Figure~8.
Half-duplex secure calls are always initiated by the transmission of a pseudo 1800 Hz tone (often denoted as P1800 Hz, or simply P1800) in the initiator-to-responder direction. The half-duplex secure call establishment process is illustrated in Figure 9.
When group 3 facsimile terminals are configured in the automatic mode of communication, calls are always initiated by transmission of an 1100 Hz calling tone (CNG) and then followed by a 2100 Hz called station identification signal (CED) in the reverse direction of transmission. Facsimile terminals are considered to be in the automatic mode when the destination address is dialed directly from the key-pad of the end-user facsimile terminal. When dialing from a facsimile terminal is done using a separate telephone set, non-automatic call establishment occurs. In this case the use of CNG is optional, although all modern facsimile terminals appear to be using the CNG tone even when not dialing automatically.
The basic protocol for the establishment of facsimile calls over the PSTN is shown in Figure 10.

WO 94/28654 PCT/(TS94/04976 From Figures 8-10 it can be seen that when an 1100 Hz tone is detected, a transition from the voice codec unit to the facsimile interface unit can be initiated. Alternatively, when the 2100 Hz tone is detected (which has not been immediately preceded by an 1100 Hz tone) or the 1800 Hz tone is detected, a transition from the voice codec unit to the secure interface unit can be initiated. This is shown by the state transition diagram shown in the lower part of Figure 7.
Secure/Facs3.mile Call Fall-Back In order to accommodate the possible incorrect call routing that may arise if older group 3 facsimile terminals (not employing 1100 Hz CNG transmission) are mistaken for secure terminals, an escape mechanism has been provided as set forth below so that a call can be converted from secure to facsimile if signal type A
condition is present:
signal type A: Characterized by 2100 Hz activity, followed within 55 to 95 ms by V.21 (1750 Hz) carrier activity (in the same direction of transmission) without any activity being present in the return direction of transmission for the duration of the 2100 Hz and V.21 signals.
The implication of this service-mode conversion is that the first facsimile terminal-originated CED/DIS signal pair will be corrupted and a second WO 94/28654 ~ ~~ PCT/US94/04976 signal pair will be transmitted from the called terminal after approximately 3 seconds. After the second CED/DIS pair has been transmitted it can be expected that facsimile call establishment will .progress satisfactorily through phases A and B of the CCITT Recommendation T.30 protocol as described in CCITT Recommendation V.32, "Procedures for Document Facsimile Transmission in the General Switched Telephone Nework", Blue Book, Melbourne, November 1988.
Call Establishment The establishment of secure voice calls addressed below, and its interaction with voice and non-voice call set-up procedures is identified.
Call establishment in three different cases is addressed. These cases are: full-duplex interoperable, full-duplex alternate, and half-duplex interoperable.
Full-Duplex Interoperable As indicated above, upon detection of a 2100 Hz tone, the transition from the POT voice to the secure mode can, and must, be initiated. This transition must satisfy the following requirements:

The 2100 Hz ECSD tone (as seen by the responding secure end-user terminal) must not be disrupted severely by the transition process;
~ The channel connectivity, on an end-to-end basis, must be maintained during the CCCU (central call coding unit) transition process so that signal activity following the ECSD tone can be transmitted uninterrupted; and The transition must be completed within 1 second of the initiation of the ECSD tone so that the next signal (phase modulated 1800 Hz) can be correctly handled by the SIU; and Finally, the transition must be completed quickly after the establishment of the ECSD tone (i.e. within 400 ms), so that any phase changes can be reliably conveyed on an end-to-end basis to network equipment located in the proximity of the responding end-user secure terminal.
The call set-up approach (refer to Figure 11 for end-to-end PSTN protocol and to Figure 12 for end-to-end protocol in the presence of Inmarsat-M
earth-station equipment) that can satisfy these WO 94/28654 ~- ~. - - PCT/US94/04976 ..
requirements, and does not require the VCU to reliably preserve ECSD phase transitions is the following .
Upon detection of the ECSD tone, the responding earth station's call-type discriminator recognizes signal type N (2100 Hz) activity associated with the the initiation of a secure call and invokes the secure interface unit.
l0 ~ The SIU transition process is commenced when the inititiating earth station CCCU transmits four special 2100 Hz voice frames denoted as VCU(2100) to the responding earth station. The format of the special 2100 Hz voice frames is discussed later.
The responding SIU once it has received all four of the special voice frames logically disconnects the voice codec unit from the end-to-end path and instructs the secure interface unit (SIU) to commence transmission of the 2100 Hz tone. In this manner transmission of the 2100 Hz tone to the responding end-user secure terminal continues without a gap in signal energy (although with the possible introduction of a single phase change due to the transition process).

Coincident with this transition from the VCU to the SIU, the Secure Transmission (ST) Protocol at the responding earth station (forward direction) takes over. At this time the 6400 bits channel continues to employ the voice codec in the return responder SIU-to-initiating SIU (return) direction.
Once the forward ST protocol takes over, all further initiating earth station-to-responding earth station communication is conducted in-band, by means of packets. ~In particular, the transmission of the non-phase reversed 2100 Hz tone from the responding SIU to the responding secure terminal continues until instructed otherwise from the initiating earth station end by means of an appropriate packet.
Shortly after the responding earth station has completed the VCU-to-SIU transition, the initiating earth station's call-type discriminator requests the initiating VCU to be logically disconnected and the initiating SIU to be logically inserted into the channel.

The initiating SIU becomes operational and sends an in-band control packet to the responding earth station thus confirming that the ST protocol has now been fully established on an end-to-end basis in the forward direction. On completion of the last bit of this packet, the rate 3/8 augmented convolutional code defined.above is applied to all data sent in the initiating SIU-to-responding SIU direction.
to Within 25 ms of the reception of the (forward) end-to-end ST protocol establishment packet from the initiating SIU, the responding earth station will logically disconnect the VCU and connnect the SIU in the return direction. This is followed within another 25 ms by the transmission of an end-to-end ST protocol establishment packet in the channel thus confirming that the return ST
protocol has now been fully established on an end-to-end basis in the return direction. On completion of the last bit of this packet, the rate 3/8 augmented convolutional code defined above is applied to all data sent in the responding SIU-to-initiating SIU direction.

To ensure that the ST protocol is set-up before the initiator's 2100 Hz phase transitions and/or the responder's 1800 Hz tone are transmitted, the VCU-to-SIU transition process shall be completed in accordance with the following call set-up timers:
~ Transmission of the first bit of the four VCU(2100) special tone frames: within 50 ms from the onset of the 2100 Hz tone in the initiating to responding earth-station direction.
~ Disconnection of the VCU and connection of the SIU at the responding earth station in the forward (outgoing) direction: Within 200 ms from detection of the first bit of the four VCU(2100) special tone frames (at the responding earth station);
~ Disconnection of the VCU and connection of the SIU at the initiating earth station both in the forward and return (incoming and outgoing) directions: Within 275 ms (but no earlier than 250 ms) from detection of ECSD tone (at the initiating earth station);
~ Transmission of the End-to-End ST Protocol Establishment Control Packet in the forward ,- ..
~~,.~~~ ction, denoted by CEP(FDX/fwd) : Within 25 ms from the disconnection of the VCU and connection of the SIU (at initiating earth station).
Disconnection of the VCU and connection of the ' SIU at the responding earth station in the return (incoming) direction: Within 25 ms of receipt of last bit of CEP(FDX/fwd) at the responding earth station;
Transmission of the End-to-End ST Protocol Establishment Control Packet in the return direction, denoted by CEP(FDX/rtn) : Within 25 ms from the disconnection of the VCU and connection of the SIU in the responding earth station's return direction.
Following the VCU-to-SIU change, and while the ECSD tone being transmitted from the initiating terminal does not contain phase transitions, the 2400 bits data channel (prior to coding) shall be filled with repetitive transmission of the 02 di-bit sequence.
Every time a phase transition in the ECSD tone is detected, this shall be signaled from the initiating to the responding SIU by replacing a 02 di-bit with a O1 di-bit within 5 ms of the occurence of the phase transition.
It is noted that when no signal energy is detected, the 2400 bits data channel (prior to coding) shall be filled-in with the oo ~a;-r;~
---- ~ wry aii V
sequence. In particular, this implies that this sequence shall be transmitted from the responder's SIU
to the initiator's SIU upon completion of the CEP(FDX/rtn) until signal activity (P1800 Hz) is detected in the responder-to-initiator direction.
Full-Duplex Alternate No additional considerations apply. Call establishment and transition to the secure protocol communication mode is identical with the full-duplex interoperable mode.
Half-Duplex Interoperable As indicated above, upon detection of the pseudo 1800 Hz (P1800) tone the voice-to-half-duplex secure mode of communication transition must be initiated.
This transition must satisfy the following requirement:

, ~ _ The P1800 Hz tone (as seen by the responding secure end-user terminal) must not be disrupted severely by the transition process: and The transition must be completed quickly after ' the establishment of the P1800 Hz tone, so that follow-on P1800 Hz signal activity can be reliably conveyed (regenerated) by the responding secure terminal.
One call set-up approach (refer to Figure 13 for end-to-end PSTN protocol and to Figure 14 for end-to-end protocol in the presence of Inmarsat-M
earth-station equipment) that can satisfy these requirements is the following:
Upon detection of the P1800 Hz tone, the initiating earth station's call-type discriminator recognizes signal type N activity (1800 Hz) narrowband activity which is associated with the initiation of a secure call and transmits four special 1800 Hz voice frames denoted as VCU(1800) to the responding earth station. The format of the special 1800 Hz voice frames is given later.

The responding SIU once it has received all four of the special voice frames logically disconnects the voice codec unit from the end-to-end path and instructs the secure interface unit (SIU) to commence transmission of the 1800 Hz tone. In this manner transmission of the 1800 Hz tone to the responding end-user secure terminal continues without a gap in signal energy (although with the possible introduction of a single phase change due to the transition process).
Coincident with this transition from the VCU to the SIU, the Secure Transmission (ST) Protocol at the responding earth station takes over. At this time the 6400 bits channel continues to employ the voice codec in the return responder SIU-to-initiating SIU (return) direction.
Once the ST protocol takes over, all further initiating earth station-to- responder earth station communication is conducted in-band, by means of packets. In particular, the transmission of the P1800 Hz tone from the responding SIU to the responding secure terminal continues until instructed otherwise from the initiating earth station end by means of an appropriate packet.
Shortly after the responding call-type discriminator has forced the VCU-to-SIU ' transition, the initiating earth station s call-type discriminator requests the initiating VCU to be logically disconnected and the initiating SIU to be logically inserted into the channel.
The initiating SIU becomes operational and sends an in-band control packet to the responding earth station thus confirming that the ST protocol has now been fully established on an end-to-end basis in the forward direction. On completion of the last bit of this packet, the rate 3/8 augmented convolutional code defined above shall be applied to all data sent in the initiating SIU-to-responding SIU direction.
Within 50 ms of the reception of the (forward) end-to-end (half-duplex) ST protocol establishment packet from the initiating SIU, the responding earth station will logically disconnect the VCU and connnect the SIU in the return direction. This shall be followed by the transmission of a message receipt confirmation in the return direction.
The VCU-to-SIU transition process shall be completed within 350 ms of the onset of the P1800 Hz tone. In particular the following call set-up timers apply:
Transmission of the first bit of the four VCU(1800) special tone frames: within 50 ms from the onset of the 1800 Hz tone in the initiating to responding earth-station direction.
Disconnection of the VCU and connection of the SIU at the responding earth station in the forward (outgoing) direction: Within 200 ms from detection of the first bit of the four VCU(1800) special tone frames (at the responding earth station);
Disconnection of the VCU and connection of the SIU at the initiating earth station in the forward and return (incoming and outgoing) directions: Within 275 ms (but no earlier than ' 25 250 ms) from the detection of the P1800 Hz tone (at the initiating earth station);

a.
Transmission of the End-to-End ST Protocol Establishment Control Packet, denoted by CEP (HDX/fwd) : Within 25 ms from the disconnection of the VCU and connection of the SIU pat initiating earth station). Upon completion of the last bit of the CEP(HDX/fwd) packet, the 2400 bits data channel (prior to coding) in the forward direction shall be filled with repetitive transmission of the 02 di-bi.t sequence.
Disconnection of the VCU and connection of the SIU at the responding earth station in the return (incoming) direction: Within 25 ms of receipt of last bit of CEP(HDX/fwd) at the responding earth station;
Transmission of a Half-Duplex Protocol Establishment Confirmation Control Packet in the return direction, denoted by CEP(HDX/conf):
Within 25 ms from the disconnection of the VCU
and connection of the SIU in the responding earth station's return direction. On completion of the last bit of this packet, the 6400 bits channel shall be filled with an all binary "zero"
sequence in the responder-to-initiator direction.

Earth Station-to-Earth Station Control Once the system is in the Secure Transmission (ST) protocol mode, communication between the land and mobile CCCU is accomplished by means of secure protocol control (SPC) packets.
Secure control packets are required in order to identify:
Idle state (termination of signal activity);
The start of specific phases of modem training (several controls);
The start of the secure message phase; and Other types of activity (supervisory or otherwise).
The following characteristics of line control packets are explicitly or implicitly addressed below:
The type and number of different line control states;
The signal buffering which is needed in order to ' 25 determine the type of packet to be generated;

,, The structure of different packets;
Packet encoding and insertion in the satellite channel;
The packet detection criteria;
Packet decoding and removal prior to transmission to the secure terminal over the telephone line;
and The modes of line control detection failure and associated call consequences.
Pmcket Types Two types of packets are employed. These are used for call establishment (denoted by CEP) and Secure Protocol Control (denoted by SPC). Each packet is associated with a field, whose contents indicate the specific use of the packet. For example, for the forward full-duplex (FDX) call initiation, the abbreviated packet designation is: CEP(FDX/fwd).
The following packets are defined, as shown in Tables I and II.
' Packet Packet Description (Purpose)Packet Designation Numbe r Call End-to-End Secure TransmissionCEP(FDX/fwd) Est. Establishment- Forward (Full-Du I lex) Call End-to-End Secure TransmissionCEP(FDX/rtn) Est. Establishment - Return (Full-Du 2 lex) Call End-to-End Secure TransmissionCEP(HDX/fwd) Est.3 Establishment (Half-Dulex) Call Half-Duplex Establishment CEP(HDX/Conf) Confirmed Est.

0 Start of Bell I03 Modem TransmissionSPC(Bell 103/s) 1 End of Bell 103 Modem TransmissionSPC(Bell 103/e) 2 Initiate (Start) TransmissionSPC(1800/s) of 1800 Hz Carrier , 3 Start 'Transmission of V.26bisSPC(SCRl) Scrambled "ones"

4 Termination of Si nal ActivitSPC(Idle) 2100 Hz detected Durin PhaseSPC(2100) ST-C

6 Start of Messa a (Data) TransmissionSPC(Data) TABLE II
Pac Pac cet Description (Purpose)Packet Designation et Numbe r 7 V.32 Modem Trainin PacketSPC(V.32/R1,AC/s) 8 V.32 Modem Trainin PacketSPC(V.32/RI,AC/e) 9 V.32 Modem Trainin PacketSPC(V.32/R1,CA/e) V.32 Modem Trainin PacketSPC(V.32/R2,S/s) li V.32 Modem Trainin PacketSPC(V.32/R2,S/e) 12 V.32 Modem Trainin PacketSPC(V.32/R2,TRN/s) 13 V.32 Modem Trainin PacketSPC(V.32/R2,TRN/e) 14 V.32 Modem Trainin PacketSPC(V.32/R2,R1/e) V.32 Modem Trainin PacketSPC(V.32/R3,S/s) 16 V.32 Modem Trainin PacketSPC(V.32/R3,S/e) 17 V.32 Modem Trainin PacketSPC(V.32/R3,TRN/s) 18 V.32 Modem Trainin PacketSPC(V.32/R3,TRN/e) 19 V.32 Modem Trainin PacketSPC(V.32/R3,R3/e) V.32 Modem Trainin PacketSPC(V.32/R3,E/e) 21 V.32 Modem Trainin PacketSPC(V.32/R3,B1 /e) 22 V.32 Modem Trainin PacketSPC(V.32/I1,AA/s) 23 V.32 Modem Trainin PacketSPC(V.32/I1,AA/e) 24 V.32 Modem Trainin PacketSPC(V.32/II,CC/e) V.32 Modem Trainin PacketSPC(V.32/I2,S/s) 26 V.32 Modem Trainin PacketSPC(V.32/I2,S/e) 27 V.32 Modem Trainin PacketSPC(V.32/I2,TRN/s) 28 V.32 Modem Trainin PacketSPC(V.32/I2,TRN/e) 29 V.32 Modem Trainin PacketSPC(V.32/I2,R2/e) V.32 Modem Trainin PacketSPC(V.32/I2,E/e) 31 V.32 Modem Trainin PacketSPC(V.32/I2,B1 /e) 32 S are 33 S are to S are 126 S are 127 ~'ot Used Packet structure As indicated in Tables I and II, there are two types of packets: call establishment packets (CEP
types) and secure protocol control packets (SPC types - numbers 0 to 126). These are addressed below.
FDX/HDX Call Establishment Packet Generation Packets used to establish a secure call (CEP
types in Tables I and II are comprised of a three field structure which is directly associated with two sub-frames in the 6.4 kbit/s baseband channel.
The first field of the four possible call establishment special packets comprises 384 repetitions of a binary "one". The second field comprises 92 repetitions of one of the following 4-bit sequences (depending on the nature of the packet):
CEP(FDX/fwd) 0001 CEP(FDX/rtn) 0101 CEP(HDX/fwd) 0110 . CEP(HDX/Conf) 0111.
The third field comprises 4 repetitions of a 4-bit SIU architecture version code. The version applicable to this specification is 0000. The structure of the secure call establishment packets is illustrated in Figure 15. Note that the first bit of each field of the call establishment packets is always aligned with the first bit of the 384-bit voice sub-field.
SPC Paaket Generation Secure protocol control packets (SPC numbers 0 to 126, including spares) are encoded differently from the call establishment packets. These packets comprise a four field structure which includes a leading flag field, an information field, a frame check sequence field, and an ending octet (flush) field. Each of these fields is encoded as follows:
Leading Flag: Binary 01111110 Information Field: 8-Bit Binary Representation of the Packet Number Listed in column 1 of Table II.
Frame Check Sequence: A 16-bit cyclic redundancy check sequence defined below.
- 25 Ending Octet (Flush): Binary 00000000 The packet structure is illustrated in Figure 16.
Note that the packets are generated at a rate of 2400 bits and then encoded at a channel rate of 6400 bits. In this scheme, the packet's duration, which impacts the additional delay introduced in the end-to-end communication path due to this protocol, is equal to 16.6 ms (approximately).
Control Packet Frame Check Sequence.
The FCS sequence is the same as the sequence used in Group 3 facsimile communication (CCITT
Recommendation, ~ 5.3.7). The FCS shall be a 16 bit sequence. It shall be the is complement of the sum (modulo 2) of:
the remainder of x$ (x'S + x'4 + x'3 + ... + x2 + x + 1) divided (modulo 2) by the generator polynomial x~b + x~2 + x5 + 1, and ~ the remainder after multiplication by x'6 and then division (modulo 2) by the generator polynomial x~6 + x~2 + xs + 1 of the content of the frame.
As a typical implementation, at the transmitter, the initial remainder of the division is preset to all binary "1" and is then modified by division by the generator polynomial (as described above) on the information field; the is complement of the resulting remainder is transmitted as the 16-bit FCS sequence.
At the receiver, the initial remainder is preset to all is and the serial incoming protected bits and the FCS, when divided by the generator polynomial, will result in a remainder of 0001110100001111 (x'S through x~, respectively) in the absence of transmission errors.
The FCS shall be transmitted to the line commencing with the coefficient of the highest term.
Packet Encoding and Insertion in the Satellite Channel As indicated above, the CEP call establishment packets (special numbers s1 to s4) are inserted into .. the satellite channel coincidentally with the first bit of the 384 bit voice field. This constraint does not apply to the SPC packets (numbers 0 to 126) which can be inserted into the satellite channel at any time when a voice field is available.
The 768-bit call establishment packets are generated at a 6.4 kbit/s rate and are not error protected. The secure protocol control packets are generated at a rate of 2400 bits and then encoded in accordance to the rate 3/8 augmented convolutional code defined above.
signal Buffering The use of packets involves the introduction of delay in the end-to-end communication system. During the generation of the call establishment packets the . ~ - t.~
incoming signal (over the telephone line) shall not be buffered. This does not apply to the generation of the 40-bit secure protocol control packets which are ultimately associated with the onset of end-user data transmission.
Packet Detection Criteria Two sets of rules apply depending on the type of packet being addressed.
Call Establishment Packet Detection For call establishment packets, these shall be considered to have been received successfully when the following criteria are met:
~ At least 368 of the 384 bits found in the first field are all binary "ones": and At least 88 of the 92 replicates of the 4-bit codes are identical; and At least 2 out of the 4 version codes are identical.
If these criteria are not met, the POT voice mode of operation shall be maintained. To avoid inadvertent misclassification of encoded voice frames as secure call establishment packets, the search for these packets shall only be undertaken when the CTD 35 (Fig. 3) has indicated that signal type N activity has been detected (i.e. only after a 2100 Hz or 1800 Hz tone has been detected).
SBC Packet Detection For the secure protocol control packets, these shall be considered to have been received successfully ;, when the FCS frame associated with the information field is correct. If the FCS frame is found to be in error, the receiving terminal may continue the communication on the basis of prior protocol knowledge. However, if the packet received after the packet associated with an FCS error is also associated with an FCS error, the terminal shall revert to the clear (POT) mode of voice communication.
version Numbering If during call establishment an SIU receives from another SIU a valid version code other than "0000"
(that is, the 16-bit version field received contains at least 2, out of 4, version codes other than "0000"), the unit shall ignore such other codes. It is the responsibility of the unit transmitting the code other than "0000" to revert to version "0000".
Secure Terminal Protocols As indicated above, once the end-to-end ST
protocol has been established communication between earth stations is accomplished by means of secure protocol control (SPC) packets and/or baseband in-band transmitted information, as appropriate.
Where appropriate, three variations of protocols are distinguished: full-duplex interoperable, full-duplex alternate, and half-duplex interoperable.
However, the basic protocol is described in terms of full-duplex alternate negotiation, since the other two cases can generally be handled as sub-sets of this case.
Pseudo 1800 Hz Shortly after transmission of the ECSD tone from the initiator, the P1800 Hz tone (modulated by a WO 94/2~~ PCT/US94/04976 r _ dibit pattern) is transmitted from the responder.
When the P1800 Hz tone is used to indicate only basic service capabilities (interoperable mode), it carries no phase reversals, in which case it can be considered .
to be modulated by dibit pattern 02. When the P1800 Hz tone is used to indicate the availability of enhanced service capabilities by the responder secure terminal (alternate mode), three 180_ phase reversals may be present near the beginning of this tone (modulation using dibits O1). The P1800 Hz tone is processed by the SIU as follows:
~ Upon detection of P1800 Hz activity, the responder SIU will transmit to the initiator SIU
a secure protocol control packet SPC(P1800/s) which will indicate to the initiator SIU that the 1800 Hz carrier must be turned on in the earth station-to-terminal direction.
~ Immediately after transmission of the SPC(P1800/s) packet, repeated transmission of the 02 di-bit pattern (which is rate 3/8 coded using the augmented convolutional code described above) is initiated.
When a phase change has been detected by the responder SIU, the di-bit defined above shall be replaced by the O1 di-bit binary pattern which is then rate 3/8 coded using the augmented convolutional code defined above prior to transmission over the 6400 bits baseband channel.
These processes are shown in Figure 17.

v Any other phase transitions (such as the 3202 di-bit pattern that characterizes the end of the P1800 Hz transmission) shall 'be similarly coded using the rate 3./8 coded augmented convolutional code as defined above.
Note that an SPC packet indicating the termination of the P1800 Hz is not necessary in this case, as the P1800 Hz signal will be followed by a different type of signal with no interruption in signal energy.
It should be further noted that, during alternate mode transmissions signals transmitted in a direction opposite to that of the P1800 Hz may be present. For simplicity and clarity of presentation, these are not shown in Figure 17.
Message A
Shortly after termination of the initiator' s ECSD
tone (within 85 ~ 10 ms), the initiator may transmit an enhanced capabilities 300 bits signal, denoted by MSG A, which is modulated in accordance to Bell Modem 103 (modified) . This signal will contain a profile of initiator terminal capabilities including:
~ Capability for extended echo ranging process;
~ Capability to operate at 4800 bits; and ~ Capability to operate at 9600 bits.
The initiator SIU shall intercept and set to binary zero (if not already set) the bits indicated in Tables III, IV and V so as to disable certain non-supportable capabilities, such as extended echo-ranging.

TABZE IT I
Processing of MSG A By Initiating SIII (Byte I) Bit SIU Comment Number - Action B7 None B6 None BS None B4 None B3 Set to 0 Disable AT&T Reserved Mode B2 Set to 0 Disable Extended Echo Ran in BI Set to 0 Disable Motorola Reserved Mode BO None mraT~ TAT
The ST protocoll shall process the MSG A signal as follows:

SUBSTITUTE SHEET (RUtE 261 Processing of MSG A By Initiating SILL (Byte 2) TABLE V
Processing of MSG A By Initiating SIU (Byte 3) ~ Upon detection of MSG A signal activity, the initiating SIU shall transmit to the responding SIU a secure protocol control packet SPC(Bell 103/s) which will indicate to the responding SIU
that the Bell 103 carrier must be turned on in the earth station-to-terminal direction.
Immediately after transmission of the SPC(Bell 103/s) packet, the initiating SIU shall transmit the associated baseband infonaation at a rate of 2400 bits (prior to coding). The rate adaptation from 300 bits to 2400 bits is as follows. Every 300 bits binary bit transmitted from the secure terminal to the SIU shall be converted into the following set of 8-bits which are then encoded using the rate 3/8 augmented convolutional code defined above for transmission over the 6~.4 kbit/s satellite channel:
Binary Bit 0 converted to Set of 8-Bits:
["11101110"]
Binary Bit 1 converted to Set of 8-Bits:
["01010101"J
The baseband information shall be unmodified, with the possible exception of those bits indicated in Tables III, IV and V.
~ When termination of MSG A occurs, the initiating SIU shall transmit to the responding SIU a secure protocol control packet SPC(Bell 103/e) which will indicate to the responding SIU that the Bell 103 carrier must be turned off in the earth station-to-terminal direction. The potential elimination of this type of packet is for further study.
These processes are shown in Figure 18. 3dote that signals transmitted in a direction opposite to that of MSG A may be present, but for clarity and simplicity these are not shown in Figure 18.
Message B
Immediately after termination of the responder's P1800 Hz signal, the responder may transmit an enhanced negotiated capabilities 300 bits signal, MSG
B which is modulated in accordance to Bell Modem 103 (modified). This signal will contain the initiator's capabilities which were chosen by the responding secure terminal for the remainder of the call.
Unlike MSG A neither the responding nor the initiating SIU may modify the contents of this signal.
The ST protocol shall process the MSG B signal as follows:
. Upon detection of MSG B signal activity, the responding SIU shall transmit to the initiating SIU a secure protocol control packet SPC(Bell 103/s) which will indicate to the initiating SIU
that its carrier in the earth station-to-terminal direction must be switched from 1800 Hz to the Bell 103 carrier.
Immediately after transmission of the SPC(Bell 103/s) packet, the responding SIU shall transmit the associated baseband information at a rate of 2400 bits (prior to coding). The rate adaptation from 300 bits to the 2400 bits is identical to that used for MSG A coding.

' When termination of MSG B occurs, the responding SIU may transmit to the initiating SIU a secure protocol control packet SPC(Bell 103/e) which will indicate to the initiating SIU that the Bell 103 carrier must be turned off in the earth station-to-terminal direction. The potential elimination of this type of packet is for further study.
These processes are shown in Figure lg. Note that if the alternate mode is not selected, it may not be necessary to explicitly indicate that the MSG B
signal has terminated, since this will be immediately followed without any interruption in signal energy by the P1800 Hz tone the start of which will be signaled by means of the SPC(1800/s) packet.
However, because the alternate mode may be selected, an indication pertaining to the end of the Bell 103 transmission is required. (This is signaled by the transmission of the SPC(Bell 103/e) packet).
It is also noted that the responder may implicitly derive the termination of the Bell 103 transmission through processing of the MSG B contents.
Following the termination of the MSG B signal, one of the following options may be invoked:
' The call is set up in an alternate mode; or ' The call is set up in the interoperable mode.
Alternate Mode When a call is set-up in the alternate mode as a result of MSG A and MSG B negotiation, the modem training sequence defined in CCITT Recommendation V.32, '~A Family of 2-Wire, Duplex Modems Operating at Data Signaling Rates of Up to 9600 bits/s for Use in the Gerneral Switched Telephone Network and on Leased Telephone-Type Lines", Blue Book, Facsimile VIII. 1.
pp. 234-251, Melbourne, November 1988, ~ 5.4.1 and ~
5.4.2 will be employed by the end-user secure terminals. 11 parts (segments) of the training sequence shall be regenerated by the SIU function in the satellite-to-secure terminal direction. Their regeneration, however, is controlled by the exchange of control packets so that the correct end-to-end timing relationship can be maintained (at the end-user secure terminals) in a transparent manner. For the purpose of simplifying references to the V.32 sequence in this document, the sequence is partitioned into five segments: three for the responder, designated as Rl, R2 and R3 (not to be confused with the V.32 rate sequences which are denoted by R1 and R2): and two for the initiator, designated as I1 and I2. This notation is indicated in Figure 20.
This notation is subsequently used to associate control packets with the type of training segment to which they relate.
With this definition in mind, a number of packets are exchanged between the two SIUs to specifically trigger initiation of different parts of each of the five training sequence segments. The exchange of packets and associated protocol is indicated in Figures 21(a)-21(d). Several items need to be noted from this set of figures:
~ First, the end-to-end delay, as well as the delay between each earth station and its near-side secure interface unit can be derived from this training procedure and particularly from the exchanges related to training segments I1 and R1.

~ Second, when the alternate mode is invoked a set of capabilities must be precluded from being invoked. To accomplish this, the initiating SIU
must generate a, predetermined rate seauencP
irrespective of the sequence generated from the responding secure terminal. This rate sequence is defined in Table V-A.
TABLE V-A
Coding of the V.32 I6-bit Rate Sequence Bit Number Codin Comment BO 0 S nchronization Bit BI 0 S nchronization Bit B2 0 S nchronization Bit B3 0 S nchronization Bit B4 0 Disable 2400 bits B5 1 Enable 4800 bits B6 0 Disable 9600 bits B~ I S nchronization Bit B8 0 Disable Trellis Codin B9 0 -Disable Special Operational Modes BIO 0 Disable Special Operational Modes BI1 1 Disable Special Operational Modes -BI2 0 Disable Special Operational Modes -BI3 0 Disable Special Operational Modes B14 0 Disable Special Operational Modes BI5 1 S nchronization Bit Although not explicitly noted, the ending sequence E, shall also be encoded using the same profile of capabilities as those indicated in Table V-A.
~ The optional extended echo control training sequence (which may be appended in front of training segment R2) is not supported.
The completion of the modem training sequence is defined when the last bit of the SPC(V.32/I2, B1/e) and SPC(V.32/R3, B1/e) packets has been transmitted for the initiating-to-responding (forward) and responding-to-initiating (return) directions, respectively.
Immediately upon completion of the modem training sequences, the Start of Message (SOM) which characterizes the onset of phase ST-D (defined in Figure 2) shall be entered into. Coincidentally with the first bit of the SOM the rate 3/4 punctured convolutional code defined above shall be applied.
This type of coding shall be applied for the remainder of the transmission while the call is in phases ST-D, ST-E, ST-F, and ST-G.

_.
Interoperable Mode As indicated above, it is possible that the interoperable mode is selected as a result of the MSG
A and MSG B negotiation (Figure 2-5 of the PSVS-210 reference). In this case, the remainder of the call . set-up (modem training) will proceed differently from that addressed in the alternate mode discussed above.
Responder s Scrambled Ones (BCR 1) Upon termination of the 1800 Hz (phase reversed) tone, the initiator's voiceband data modem is trained.
This is accomplished by the initiator's transmission of a 4096-bit scrambling sequence (SCRl). The SCR 1 sequence always follows the 1800 Hz tone with 0 ms delay (i.e. no gap in signal energy). The last dibit sequence of the P1800 Hz tone is not 0202, but rather 3202.
In the Inmarsat-M secure transmission protocol the SCR 1 sequence is not sent across the satellite channel. Instead this will be regenerated by the initiating SIU on the basis of the SCR 1 packet, SPC(SCR1). The protocol to be used in this phase is as follows:
Upon detection of the 1800 Hz modulated 3202 dibit pattern, the responding SIU is prepared to accept the SCR 1 sequence and start training its own modem. The dibit 3202 sequence is transmitted across the channel followed by a SPC(SCR1) packet. The possible elimination of the SCR1 packet is for further study.
Upon completion of the SCR 1 sequence from the responding secure terminal, the responding SIU
will send a secure protocol control SPC(Idle) packet to the initiating SIU, indicating the termination of voiceband data carrier on the telephone line. Implicit determination of signal termination is also possible on the basis of the number of SCR1 bits received (or regenerated).
The possible elimination of the SPC(Idle) packet is for further study.
These processes are shown in Figure 22.
to Initiator s 8orambled ones (sCR 1) Upon completion of the responder's SCR 1 sequence, the initiating terminal will send a SCR 1 sequence to the responder's voiceband data modem so that its receiver can be appropriately trained. The initiator's SCR 1 sequence will always be preceded (with no interruption in signal energy) by a 2100 Hz ESD or ECSD tone (which may thus include 180_ phase reversals). The treatment of the initiator's SCR 1 sequence is similar to that of the responder's SCR 1 sequence and is defined above with respect to the Responder's Scrambled Ones (SCR1).

The initiation of the 2100 Hz ECSD is conveyed by means of packet SPC(2100) which will be associated with a 02 di-bit sequence. The optional phase reversals are conveyed by the O1 di-bit sequence. The exact ST protocol is as follows:

After completion of the responder's SCR 1 the initiating SIU shall monitor the incoming telephone line in order to detect the onset of the 2100 Hz ECSD tone. When detected, the initiating SIU shall transmit to the responder's SIU a secure protocol control SPC(2100) packet which shall signal the responding SIU to turn the 2100 Hz tone on in the earth station-to-secure terminal direction.

Immediately upon completion of the SPC(2100) packet, and while no 180- phase transitions are detected, a 2400 bits 02 di-bit sequence shall be transmitted over the channel (prior to coding). Upon detection of an 180_ phase - transition, the initiating SIU shall introduce a O1 di-bit in the transmitted 2400 bits bit-stream in place of the 02 di-bit (The di-bit sequences are, as before, coded using the rate 3/8 augmented convolutional code defined above prior to transmission over the 6.4 kbit/s data channel). Upon reception of the 01 di-bit, the responding SIU shall introduce an 180_ phase change in the 2100 Hz tone being transmitted in the earth station-to-secure terminal direction.
Upon detection of the initiator's SCR 1 sequence, the initiating SIU shall prepare to accept the SCR 1 sequence and start training its own modem.
The SPC(SCR1) packet shall then be transmitted across the channel to the responding SIU.
Upon completion of the SCR 1 sequence from the initiating secure terminal, the initiating SIU
shall transmit a secure protocol control SPC(Data) packet to the initiating SIU, indicating the end of the SCR 1 sequence and the start of secure traffic transmission. This determination is also possible on the basis of the number of SCR1 bits received (or regenerated). The possible elimination of the . SPC(Data) packet is for further. study. Upon completion of the SPC(Data) packet, a 2.4 kbit/s digital data pipe (prior to rate 3/8 coding) .~ _ _~ .
~~shall be established in a transparent manner for the initiator's terminal.
These processes are shown in Figure 23.
Responder s Second Bet of Scrambled Ones Upon completion of the initiator's SCR 1 sequence, the responder terminal will send a shorter (704 bit) SCR 1 sequence to the initiator's voiceband data modem followed immediately by secure data.
Unlike the responder's first SCR 1 sequence, this sequence will not be preceded by a 2100 Hz ESD or ECSD
tone. The treatment of the second SCR 1 sequence is similar to that of that of the responder's first SCR
1 sequence. The exact ST protocol is as follows:
After completion of the initiator's SCR 1 the responding SIU shall monitor the incoming telephone line in order to detect the onset of the responder's shorter SCR 1 sequence. When detected, the responding SIU shall transmit to the initiating SIU a secure protocol control SPC(SCR1) packet which shall signal the initiating SIU to commence transmission of the shorter SCR 1 sequence (appropriately modulated) in the earth station-to-secure terminal direction.
Upon completion of the SCR 1 sequence from the initiating secure terminal, the initiating SIU
shall transmit a secure protocol control SPC(Data) packet to the initiating SIU, .
indicating the end of the SCR 1 sequence and the start of secure data transmission. This determination is also possible on the basis of the number of SCR1 bits received (or regenerated). The possible elimination of the SPC(Data) packet is for further study. Upon completion of the SPC(Data) packet, a 2.4 kbit/s digital data pipe (prior to rate 3/8 coding) shall be established in a transparent manner for the responder's terminal.
Other Modes It is possible that a call can be established in other communication modes. For example, an interoperable mode (Figure 2-3 of the reference FSVS-210) can be established without use of the MSG A and MSG B signals. This case is merely a sub-set of the procedure defined previously as the control packets needed to fully describe the modem training process have been defined above.
This observation also applies to the case of half-duplex transmission, as illustrated in Figure 24.
Call Failures & Clearing Once a call has entered the secure transmission protocol phase ST-D the secure terminal data are no longer interpreted with the exception of certain non-data bearing messages. These messages, which are not encrypted, are the following:
' Abort;
Release;
~ Failed Call;
~ Restart Failed Call;
Idle;
~ Retrain Request;
~ Retrain NACK; and ~ Retrain ACK.
k 35 These messages will be detected by the SIU
function by confirming that they are preceded by the 256-bit "Escape" and 64-bit "Start of Message"
non-encrypted segments.
Abort When this signal is received (which can be assumed to be transmitted from the leader's to the follower's secure terminal) the earth station shall initiate the transition from secure to POT voice transmission (SIU-to-VCU). This transition shall be initiated following the last bit of the Message Identifier (MID) in the following manner:
For the leader's SIU in the leader-to-follower direction: Within 25 ms following the transmission of the last bit of the associated MID field;
For the follower's SIU in the leader-to-follower direction: Within 135 ms following the reception of the last bit of the associated MID field;
For the follower's SIU in the follower-to-leader direction: Within 165 ms following the reception of the last bit of the associated MID field; and For the leader's SIU in the follower-to-leader direction: Within 800 ms (but no earlier than 700 ms) following the transmission of the last bit of the associated MID field.
The application of these rules is illustrated in Figure 25.

WO 94/28654 . PCT/US94/04976 Failed Call When this signal is received (which can be assumed to be transmitted from the leader's to the follower's secure terminal) the earth station shall initiate the transition from secure to POT voice transmission (SIU-to-VCU). This transition shall be initiated following the last bit of the Message Identifier (MID) associated with a failed call and shall be accomplished in the exact same manner which is described above for the Abort condition.
Release When this signal is received (which can be assumed to be transmitted from the leader's to the follower's secure terminal) the earth station shall initiate the call clear-down procedures. This will be accomplished by first initiating the POT voice codec unit (SIU-to-VCU transition or release/1) and then by clearing the channel as a normal voice call (release/2).
The transition from the SIU to the VCU shall be initiated following the last bit of the Message Identifier (MID) associated with a release request and shall be accomplished in the exact same manner which is described above for the Abort condition. The channel release procedures shall be fully compliant with Inmarsat's voice call clearing procedures.
EOM
When this signal is received (which is associated with half-duplex calls and can be assumed to be transmitted from the initiator's secure terminal to the responder's secure terminal) the earth station shall initiate the transition from secure to POT voice transmission (SIU-to-VCU). This transition shall be initiated following the last bit of the Message Identifier (MID) associated with an end of message status and shall be accomplished in the exact same manner which is described above for the Abort condition. In this case it is noted that the voice channel is being established in both directions of transmission (full-duplex).
The support of the above non-data bearing messages is illustrated in the state diagram shown in Figure 26.
Idle This message is related to half-duplex transmission when- communicating with the Key Management Center (KMC).
Retraining Messages A series of messages such as Retrain Request, Retrain NACK, and Retrain ACK are related to retraining of modems.
Carrier Loss If modem carrier is lost in either direction of transmission during phases ST-D, ST-E, ST-F, and ST-G
(Figure 2), the secure to POT voice transmission procedures applicable to EOM shall be followed. This requirement does not apply if carrier is lost (or absent) for less than 1 second, or if the carrier is absent in the return direction of a call established in the half-duplex mode of communication.
The procedures defined in the previous paragraphs may optionally be by-passed by monitoring the presence or absence of modem carrier in order to revert to the POT mode of operation. In particular, transition from the secure (Phase ST-F) to the POT mode of operation may be made, if loss of carrier is detected in either direction (full-duplex case) or in the forward direction (half-duplex case) for more than 1 second.
When the call is in the modem trainin g (ST-C) . phase, the above requirements are modified so that the pertinent timer is increased from 1 to [4] seconds.
Echo Control Secure terminals incorporate the ability to determine path length (round-trip transmission delay) through the use of a ranging process. Since this determination is made at the beginning of the call, care must be taken to ensure that this determination is not made over the voice path. This is because upon call routing to secure demodulating facilities the path-delay characteristics will change significantly, and the delay measured over the voice path will no longer be applicable.

With regard to echo control, the following considerations apply (Figure 30 establishes the echo control reference framework).

First, for the end-user secure terminals there is no far-end echo path established since the end-to-end transmission of secure data will be accomplished by regeneration of the voiceband data signal by the far-end earth station. It is noted that upon establishment of the demodulating facilities the echo path will exhibit an echo loss discontinuity, assuming network stability.

As a result, there is no need for far-end cancellation and associated echo-ranging for either near-end (E/C 1) or far-end (E/C 4) secure terminal cancellers. For this reason, the echo-ranging option is disabled by the intervening earth-station network - .R ,.
iscussed above. This delegates the secure terminal cancellers to canceling near-end echoes only.
With regard to the two earth-station echo cancellers, ..different considerations apply in each case.
First, the near-end mobile earth station ' canceller (E/C 2) will be looking into the near-end secure terminal over a very short delay path (< 1 ms).

Second, it can be assumed that since the earth station will be permanently connected to a 4-to-2 wire terminating equipment (or private branch exchange), the termination's balancing characteristics can be adjusted sufficiently well so as to minimize the need for echo control. It is anticipated that a return loss of 25 dB can both be easily achieved may also be acceptable for satisfactory voiceband data performance.

If this performance cannot be guaranteed, then an 8-tap echo canceller able to deliver an echo return loss of [25 dB] should be implemented within the MES

earth station.

With regard to the far-end land earth station canceller (E/C 3), this will be looking into the far-end secure terminal over a longer delay path (" 5 to 400 ms). Unlike the mobile-side equipment, it can no longer be assumed that the earth station will be permanently connected to a 4-to-2 wire terminating equipment and, thus, the termination's balancing characteristics will vary from call-to-call. Echo control will thus certainly be required at the land earth station.

This echo canceller must provision for near end , echoes (echo paths with round-trip delays of up to 12 ms) and far end echoes echo paths with round-trip , delays of up to 400 ms).

The echo return loss performance requirement and convergence time for this canceller must meet the requirements applicable to the STU-III terminals themselves (as discussed in the FSVS-220 reference cited above) .
Delay Path Estimation As indicated above, the extended echo path ranging process is disabled by the SIU. Since, however, the far-end LES-based SIU needs to accommodate long echo paths, a method is required to permit the far-end echo canceller (E/C 3) to estimate the length or delay of the echo path between the LES

and the PSTN-based secure terminal. This can be accomplished in a number of ways. For interoperable as well as alternate modes of operation, the echo associated with the onset of the 2100 Hz ECSD tone at the beginning of the call can be used for this purpose (for mobile originated calls only). In addition, for interoperable calls (only), the delay between the end of the responder's SCR1 sequence and the onset of the initiator's ECSD tone can be used to provide another path-delay estimate. (The delay between the end of the initiator's SCR1 sequence and the onset of the ~25 initiator's SCR1 sequence can provide yet another estimate).

For alternate calls lonlvl _ t-hA A~~", .,~~~. a_, ___ ___l ~ ~ ___... ~.....,., t,cia..aa uC.i.ay can be estimated directly from the modem training sequence during segments I1 and R1. These segments are specifically designed to permit this delay to be derived; and the use of packets to trigger the onset of specific segments of modem training is one of the reasons for exercising the packetized approach on an end-to-end, rather than local-to-local, modem training basis.

Elastic Buffering In order to compensate for the interruption in synchronicity of the end-to-end data path arising from the demodulation-remodulation process, a signal buffering process is defined. Through this process the secure interface units (SIUs) absorb clock differences between the satellite channel and the secure end-user terminals received (or transmitted) over the telephone circuit by means of slip control (i.e., loss or duplication of data) using an elastic buffer 58,68 (Fig. 4).
The elastic buffer used for slip control shall have a capacity of 576 bits (which is equivalent to 120 ms at a 4800 bits transmission rate assuming an end-user clock accuracy of 104).
When the demodulating SIU commences transmission of the demodulated data stream to the remodulating SIU, the read pointer of the elastic buffer shall be reset to the following position in relation to the write pointer:
For 2.4 kbit/s transmissions 144 bits behind For 4.8 kbit/s transmissions 288 bits behind This implies that the demodulating SIU will add a nominal 60 ms delay at beginning of such transmissions, in addition to any other delay (such as processing). Care must be exercised to ensure that during interoperable/alternate mode establishment an appropriate amount of delay is introduced to the secure protocol control packets associated with the initiation of the end-users' data.
If the read pointer reaches the write pointer during the transmission of a signal (as a result of the end-user terminal clock rate being lower than the satellite channel clock rate), a slip operation shall be performed by shifting the read pointer back (i.e.
duplication of data) , so as to set the read pointer behind the write pointer by the same amount as that specified above (as appropriate to each of the two end-user signaling rates).

If the read pointer becomes twice as many bits behind as that specified above (as appropriate to each of the two end-user signaling rates a slip operation shall be performed by shifting the read pointer ahead by the same amount as that specified above (i.e, loss of data), so as to set the read pointer behind the write pointer by the same amount as that specified above. This case arises when the end-user terminal clock rate is higher than the satellite clock rate.

Whenever the transmission of a signal on the nLw71 ~L_ -L_ sa~.C111Le cnannei (by the demodulating SIU) is referred to in the above paragraphs, it shall be interpreted as the input of the data to the elastic buffer of the demodulating SIU prior to error coding, and not the actual transmission to the satellite channel.

The above requirements do not apply to the re-modulating SIUs. At the re-modulating SIU, synchronicity shall be maintained by driving the transmit direction of the modem (outgoing telephone circuit direction) with the clock associated with the receipt of data from the satelilte channel.

Maximum Allowable Processing Delays In the process of providing elastic buffering, . signal packetization, and other types of processing, the SIUs will introduce additional delays in the end to end communication path. The maximum allowable delays are as follows:

Demodulating SIU Side:
Packet Assembly 16.6 ms Elastic Buffering 60.0 ms Processing Delay 20.0 ms Total Delay 96.6 ms Remodulating SIU Side:
Packet Disassembly 33.2 ms Processing Delay 20.2 ms Total Delay 53.2 ms It is noted that the current elastic delay specification permits approximately 10 minutes of slip-free operation to be supported.
special Voice Frames In order to permit the voice encoded channel to support narrowband signals, such as the 2100 Hz and 1800 Hz tones used in secure (and other) communications, an enhancement to the utilization of voice frames -is defined below.
The Inmarsat-M voice coding algorithm transmits 128 bits of information with every 20 ms frame. Each 128 bit frame is divided among 8 code vectors which in the Inmarsat-M SDM are denoted as co to c7. Each of these code vectors is generated by error encoding of a corresponding data vector which is denoted by uo to u7. In Tables VI, VII and VIII, the format of these vectors are defined.

WO

Vector up Binary Comment Bit #
Value 0 I .Decimal 48, Tone Identifier I I Decimal 48, Tone Identifier 0 Decimal 48, Tone Identifier 0 Decimal 48, Tone Identifier 4 I Decimal 48, Tone Identifier 0 Decimal 48, Tone Identifier GD. ~ Gain Bit 7 (MSB) 7 Gp, 6 Gain Bit 6 8 Gp. 5 Gain Bit 5 0 Parity Check for Bits O,I, & 2 1 Parity Check for Bits 3,4, & 5 I1 Gp, 7+Gp, 6+Gp, 5 Parity Check for Bits 6,7 & 8 TABLE VII
Vector ut Binary Comment Bit # Value 0 Gp, 4 Gain Bit 4 I Gp, 3 Gain Bit 3 Gp, 2 Gain Bit 2 3 Gp, 1 Gain Bit I

4 Gp, 0 Gain Bit 0 (LSB) 5 T;, 3 Tone Index Bit # 3 (MSB) 6 T;, 2 Tone Index Bit # 2 7 T;, 1 Tone Index Bit # 1 8 T;, 0 Tone Index Bit # 0 (LSB) 9 0 Parity Check for Bits O,I, & 2 10 0 Parity Check for Bits 3,4, & 5 11 0 Parit Check for Bits 6,7 & 8 TABLE VIII
Vectors Binary Comment u2 - u6 Value Bit #

0 T;, 3 . Tone Index Bit # 3 (MSB) I T;, 2 Tone Index Bit # 2 T;, I Tone Index Bit # I

3 T;, 0 Tone Index Bit # 0 (LSB) 4 0 Reserved 0 Reserved 0 Reserved 7 0 Reserved 0 Reserved 0 Reserved 10 0 Reserved ' .~e remaining seven bits in the 20 ms frame comprising data vector u7 are set to binary "zero".
It is noted that due to physical limits imposed on the value which the speech fundamental frequency can attain, the first six bits of vector uo will never equal the decimal value of 48 under error-free conditions. This observation is exploited to indicate to an enhanced voice decoder that a special signal has been detected. It is also noted that if this frame is received by a receiver not capable of secure operation, the correct action will be a frame repeat of the most recently received valid voice encoded frame .
The gain index Gp used in Tables VI, VII and VIII
is a number in the range of 0 to 256 decimal which corresponds to the level of the received tone as follows:
Tone Level = (0 - 0.17 Gp) dBmO
It is noted that a value of Gp = 0 corresponds to a signal level of 0 dBmO and a value of Gp = 256 corresponds to a signal level of -43.52 dBmO.
The four-bit "Tone Index" T~ which is used above are defined as Table IX.

~~d,~
TABLE IX
Tone Index T; Tone Index T; Interpretation (Decimal) (Binar ) 0 0000 2100 H2 Tone 1 OOOI 1800 Hz Tone 0010 Reserved 3 OOII Reserved OI00 Reserved OI01 Reserved 0110 Reserved OIlI Reserved 8 1000 Reserved 1001 Reserved 1010 Reserved 11 1011 Reserved 12 1100 Reserved 13 1101 Reserved 14 1110 Reserved IS 1111 Reserved SUBSTITUTE SHEET (RULE 261 Tone Detection Requirements The following requirements apply to the detection of 1800 Hz and 2100 Hz tones.
. Maximum voice/tone index transition: 25 ms ' Upon detection of the onset of a valid 1800 Hz or 2100 Hz tone, no more than 25 ms of tone shall be encoded and transmitted in the voice mode.
. Maximum false alarm rate: 2 x 105 For any non-1800 Hz or 2100 Hz tonal input, the fractional number of 20 ms frames transmitted in the tonal index mode shall not exceed the number given above.
Other requirements, such as input dynamic range, input signal to noise ratio, frequency tolerances, and amplitude accuracies are to be compliant with the relevant FSVS specifications.
Tone Generation Requirements The relevant FSVS specifications define requirements that apply to the generation of 1800 Hz and 2100 Hz tones. Such requirements include, for example, the tones' output dynamic range, signal-to-noise ratio, frequency accuracy, and amplitude accuracy.
Having described the invention in detail, those skilled in the art will appreciate that numerous modifications may be made of the invention without departing from its spirit. Therefore, it is not intended that the scope of this invention be limited to the specific embodiments illustrated and described.
Rather, it is intended that the scope of the invention be determined by the appended claims and their equivalents.

Claims (7)

The embodiments of the invention in which an exclusive property or privilege is claimed are defined as follows:
1. A communication system, comprising:
a first secure communication terminal for providing analog voiceband data;
a first processing circuit connected to receive the analog data from the first secure communication terminal and for converting the received data into secure baseband data, said first processing circuit transmitting the baseband data;
a second processing circuit connected to receive the transmitted baseband data from the first processing circuit, and for converting the received baseband data into analog voiceband data;
a second secure communication terminal for receiving the analog voiceband data from said second processing circuit; and a telephone unit for providing non-secure data, wherein said first processing circuit includes a signal detector for distinguishing between secure data signals received form said first secure communication terminal and non-secure data signals received from said telephone unit.
2. The communication system as defined in claim 1, wherein said first and second secure communication terminals are each a STU-III terminal.
3. The communication system as defined in claim 1, wherein said second processing circuit is disposed in a mobile earth station.
4. The communication system as defined in claim 1, further comprising a satellite communication link, and wherein said secure baseband data is transmitted from said first processing circuit via said satellite communication link.
5. The communication system as defined in claim 1, wherein said first processing circuit further includes a secure interface unit for processing secure data signals received from said first secure communication terminal and a digital voice codec for processing non-secure data signals received from the telephone unit.
6. The communication system as defined in claim 5, further comprising a facsimile terminal for transmitting facsimile signals to said first processing circuit, wherein said signal detector is operable for detecting transmitted facsimile signals from said facsimile terminal, and wherein said first processing circuit further includes a facsimile interface unit for processing facsimile signals received by said facsimile terminal.
7. The communication system as defined in claim 6, wherein one of said digital voice codec, secure interface unit and facsimile unit is operable depending on a signal detected by said signal detector.
CA002163023A 1993-05-24 1994-05-10 Secure communication system Expired - Lifetime CA2163023C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/065,017 1993-05-24
US08/065,017 US5404394A (en) 1993-05-24 1993-05-24 Secure communication system

Publications (2)

Publication Number Publication Date
CA2163023A1 CA2163023A1 (en) 1994-12-08
CA2163023C true CA2163023C (en) 1997-12-30

Family

ID=22059791

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002163023A Expired - Lifetime CA2163023C (en) 1993-05-24 1994-05-10 Secure communication system

Country Status (7)

Country Link
US (3) US5404394A (en)
EP (1) EP0700617A4 (en)
AU (1) AU684305C (en)
CA (1) CA2163023C (en)
IL (1) IL109668A (en)
SG (1) SG42826A1 (en)
WO (1) WO1994028654A2 (en)

Families Citing this family (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6389010B1 (en) * 1995-10-05 2002-05-14 Intermec Ip Corp. Hierarchical data collection network supporting packetized voice communications among wireless terminals and telephones
US5488653A (en) * 1991-09-04 1996-01-30 Comsat Corporation Facsimile interface unit (FIU) enhanced capabilities negotiation
US5404394A (en) * 1993-05-24 1995-04-04 Comsat Corporation Secure communication system
US5602880A (en) * 1993-06-02 1997-02-11 Alcatel Network Systems Method and system for minimizing resynchronization delays in digital microwave radio systems
CA2129418A1 (en) * 1993-10-04 1995-04-05 Mahendra Patel Data-driven autorating for use in data communications
US5802154A (en) * 1994-08-10 1998-09-01 Comsat Corporation Provision of proprietary and enhanced capabilities in Group 3 facsimile for mobile satellite communications
JP3584075B2 (en) * 1995-01-31 2004-11-04 キヤノン株式会社 Facsimile apparatus and facsimile communication method
GB9512283D0 (en) * 1995-06-16 1995-08-16 Int Mobile Satellite Org Communication method and apparatus
FI100570B (en) * 1995-11-15 1997-12-31 Nokia Telecommunications Oy Procedure and arrangement for synchronous data transmission
FI101670B (en) * 1995-12-15 1998-07-31 Nokia Mobile Phones Ltd A method for announcing the hiding of data transfer between a mobile station network and a mobile station
JP3658070B2 (en) * 1996-02-01 2005-06-08 キヤノン株式会社 Facsimile apparatus and facsimile communication method
JP3437706B2 (en) * 1996-03-19 2003-08-18 富士通株式会社 Switches and switching systems
GB2315951B (en) * 1996-07-31 2001-01-31 Internat Mobile Satellite Orga Data interface apparatus and method
US6154499A (en) * 1996-10-21 2000-11-28 Comsat Corporation Communication systems using nested coder and compatible channel coding
US6628780B2 (en) * 1997-10-31 2003-09-30 Lucent Technologies Inc. Echo cancellation in the network for data applications
US5999797A (en) * 1997-11-03 1999-12-07 Motorola, Inc. Method and apparatus for providing private global networks in a satellite communication system
US6408019B1 (en) 1997-12-29 2002-06-18 Georgia Tech Research Corporation System and method for communication using noise
US6381250B1 (en) 1998-01-23 2002-04-30 Innovative Communications Technologies, Inc. Capacity allocation system using semi-autonomous network elements to implement and control a transmission schedule
US6426959B1 (en) 1998-01-20 2002-07-30 Innovative Communications Technologies, Inc. System and method for facilitating component management in a multiple vendor satellite communications network
US6240074B1 (en) * 1998-02-19 2001-05-29 Motorola, Inc. Secure communication hub and method of secure data communication
US6822755B2 (en) * 1998-06-30 2004-11-23 Sun Microsystems, Inc. Method and apparatus for detecting facsimile transmissions over a network
US6725278B1 (en) * 1998-09-17 2004-04-20 Apple Computer, Inc. Smart synchronization of computer system time clock based on network connection modes
US6681016B1 (en) * 1999-06-11 2004-01-20 The United States Of America As Represented By The Secretary Of The Navy System for transfer of secure mission data
US6865187B1 (en) * 1999-06-30 2005-03-08 Cisco Technology, Inc. Method and apparatus using transition state protocol signaling for fax transport manner capability exchange
DE19962915A1 (en) 1999-12-23 2001-09-06 Intelligent Implants Gmbh Device for the protected operation of neuroprostheses and method therefor
US7254532B2 (en) * 2000-04-28 2007-08-07 Deutsche Telekom Ag Method for making a voice activity decision
US7024175B1 (en) 2000-05-16 2006-04-04 Mitel Corporation System for masking microphonic voice signals in wired telecommunications equipment
US6768771B1 (en) 2000-05-23 2004-07-27 L3-Communications Corporation Multimode modem with automatic negotiation of operational mode
US20020031126A1 (en) * 2000-09-12 2002-03-14 Crichton James Conrad Bit synchronizer and internetworking system and method
US7103017B2 (en) * 2001-01-30 2006-09-05 Globecomm Systems Inc. Techniques for implementing telephonic, fax, and/or data communications using internet protocols and satellite links
KR100380518B1 (en) * 2001-05-24 2003-04-18 한국전자통신연구원 Secure codeless phone having the bluetooth
US7085383B2 (en) * 2002-01-09 2006-08-01 International Business Machines Corporation Secured cellular telephone communications system, method, and computer program product
US7640485B1 (en) 2002-02-15 2009-12-29 Network Equipment Technologies, Inc. Non-relay initialization for modems
US7545819B1 (en) 2002-02-15 2009-06-09 Network Equipment Technologies, Inc. Techniques for asynchronous compensation for secure communications
US7228488B1 (en) 2002-02-15 2007-06-05 Network Equipment Technologies, Inc. System and method for secure communication over packet network
JP4615308B2 (en) * 2002-05-09 2011-01-19 オニシックス グループ エルエー エルエルシー Cryptographic apparatus and method, and cryptographic system
EP1592202A1 (en) * 2004-04-30 2005-11-02 Glocom, Inc. Secure communication system and method
US20070195825A1 (en) * 2004-04-30 2007-08-23 Yi-Sheng Wang Satellite Communication System and Method
US7752671B2 (en) 2004-10-04 2010-07-06 Promisec Ltd. Method and device for questioning a plurality of computerized devices
US7333014B2 (en) * 2004-11-04 2008-02-19 International Business Machines Corporation Notifying users of device events in a networked environment
US20060165020A1 (en) * 2004-11-24 2006-07-27 Allen Schultz Audio conference system
US20060182131A1 (en) * 2005-01-21 2006-08-17 L-3 Communications Corporation Gateway interface control
KR100748590B1 (en) * 2005-12-08 2007-08-10 (주)미라콤테크놀로지 The terminal equipment of speech secure communication service and method thereof
US20140258511A1 (en) * 2013-03-11 2014-09-11 Bluebox Security Inc. Methods and Apparatus for Reestablishing Secure Network Communications
KR20140139321A (en) * 2013-05-27 2014-12-05 한국전자통신연구원 Information security attachment apparatus for voice communications and information security method for voice communications thereby
US20170098046A1 (en) * 2015-10-02 2017-04-06 Ryan Coughlan Hipaa compliant communications system
GB2588107B (en) * 2019-10-07 2022-11-02 British Telecomm Secure publish-subscribe communication methods and apparatus

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2649795B2 (en) * 1986-02-26 1997-09-03 キヤノン株式会社 Communication device
US4920567A (en) * 1986-07-03 1990-04-24 Motorola, Inc. Secure telephone terminal
US4815128A (en) * 1986-07-03 1989-03-21 Motorola, Inc. Gateway system and method for interconnecting telephone calls with a digital voice protected radio network
US4805208A (en) * 1988-01-15 1989-02-14 Niravoice, Inc. Modem compression system for telephone network
US4931250A (en) * 1988-05-12 1990-06-05 Codex Corporation Multimode modem
JPH0294836A (en) * 1988-09-30 1990-04-05 Aisin Seiki Co Ltd Privacy telephone communication controller
IL89461A (en) * 1989-03-02 1994-06-24 Eci Telecom Limited Facsimile telecommunication compression system
JP3103850B2 (en) * 1989-03-07 2000-10-30 アイシン精機株式会社 Secret communication control device
US5150401A (en) * 1990-12-04 1992-09-22 Chips International, Inc. Retrofittable encryption/decryption apparatus using modified frequency modulation
US5282238A (en) * 1991-04-16 1994-01-25 Silicon Engines, Ltd. Facsimile radio communication system
US5166977A (en) * 1991-05-31 1992-11-24 Encrypto, Inc. Protocol converter for a secure fax transmission system
US5488653A (en) * 1991-09-04 1996-01-30 Comsat Corporation Facsimile interface unit (FIU) enhanced capabilities negotiation
US5392357A (en) * 1991-12-09 1995-02-21 At&T Corp. Secure telecommunications
US5404394A (en) * 1993-05-24 1995-04-04 Comsat Corporation Secure communication system
US5487175A (en) * 1993-11-15 1996-01-23 Qualcomm Incorporated Method of invoking and canceling voice or data service from a mobile unit

Also Published As

Publication number Publication date
EP0700617A4 (en) 1999-12-29
CA2163023A1 (en) 1994-12-08
US5404394A (en) 1995-04-04
AU684305B2 (en) 1997-12-11
AU7549594A (en) 1994-12-20
EP0700617A1 (en) 1996-03-13
US5963621A (en) 1999-10-05
WO1994028654A2 (en) 1994-12-08
WO1994028654A3 (en) 1995-01-26
SG42826A1 (en) 1997-10-17
US5724414A (en) 1998-03-03
AU684305C (en) 2002-05-09
IL109668A (en) 1997-03-18

Similar Documents

Publication Publication Date Title
CA2163023C (en) Secure communication system
US5475691A (en) Voice activated date rate change in simultaneous voice and data transmission
US5530724A (en) Echo canceler with automatic enablement/disablement on a per-call basis
US6272358B1 (en) Vocoder by-pass for digital mobile-to-mobile calls
US5506866A (en) Side-channel communications in simultaneous voice and data transmission
JPH0211057A (en) Data communication method and communication network
CA2134131A1 (en) A dual mode cellular modem
US6353666B1 (en) System and method for providing an enhanced audio quality telecommunication session
WO2000007353A1 (en) Method and apparatus for detecting and determining characteristics of a digital channel in a data communication system
US20030123487A1 (en) SHDSL over POTS
US7155016B1 (en) Communication device and method for using non-self-synchronizing scrambling in a communication system
US20070195825A1 (en) Satellite Communication System and Method
US6633536B1 (en) Signalling in a digital mobile communications system
KR100243960B1 (en) Network signaling arrangement for controlling tandem network functions
US5712915A (en) Encrypted digital circuit multiplication system
GB2294841A (en) Digital audio signal transmitting apparatus with a bypass to reduce quantization errors
Dahlbom et al. Common channel interoffice signaling: History and description of a new signaling system
Calpe et al. Toll-quality digital secraphone
Brewster ISDN technology
KR19990083480A (en) Data optimized codec
EP1592202A1 (en) Secure communication system and method
KR100276626B1 (en) Signal Processing Method for Performance Improvement of Interworking Function in Asynchronous Transmission Mode Public Network
US6421326B1 (en) Wireless communications system and method
JPS59134939A (en) Privacy telephone system
KR20050044196A (en) Wiretapping preventer for voice communication in voip system

Legal Events

Date Code Title Description
EEER Examination request
MKEX Expiry

Effective date: 20140512