CA2354149C - Telephony security system - Google Patents
Telephony security system Download PDFInfo
- Publication number
- CA2354149C CA2354149C CA002354149A CA2354149A CA2354149C CA 2354149 C CA2354149 C CA 2354149C CA 002354149 A CA002354149 A CA 002354149A CA 2354149 A CA2354149 A CA 2354149A CA 2354149 C CA2354149 C CA 2354149C
- Authority
- CA
- Canada
- Prior art keywords
- call
- enterprise
- access control
- control device
- calls
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
- 238000000034 method Methods 0.000 claims abstract description 57
- 230000009471 action Effects 0.000 claims abstract description 56
- 238000012544 monitoring process Methods 0.000 claims description 21
- 238000004458 analytical method Methods 0.000 claims description 15
- 238000007596 consolidation process Methods 0.000 claims description 7
- 238000001514 detection method Methods 0.000 claims description 7
- 230000010354 integration Effects 0.000 claims description 7
- 230000002730 additional effect Effects 0.000 claims description 6
- 230000008569 process Effects 0.000 description 30
- 230000000694 effects Effects 0.000 description 12
- 238000009434 installation Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 9
- 238000007726 management method Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 230000001276 controlling effect Effects 0.000 description 5
- 230000000875 corresponding effect Effects 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000004224 protection Effects 0.000 description 3
- 101001077660 Homo sapiens Serine protease inhibitor Kazal-type 1 Proteins 0.000 description 2
- 102100025144 Serine protease inhibitor Kazal-type 1 Human genes 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000001228 spectrum Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- KJLPSBMDOIVXSN-UHFFFAOYSA-N 4-[4-[2-[4-(3,4-dicarboxyphenoxy)phenyl]propan-2-yl]phenoxy]phthalic acid Chemical compound C=1C=C(OC=2C=C(C(C(O)=O)=CC=2)C(O)=O)C=CC=1C(C)(C)C(C=C1)=CC=C1OC1=CC=C(C(O)=O)C(C(O)=O)=C1 KJLPSBMDOIVXSN-UHFFFAOYSA-N 0.000 description 1
- 101001064302 Homo sapiens Lipase member I Proteins 0.000 description 1
- 102100030659 Lipase member I Human genes 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 239000004568 cement Substances 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000011900 installation process Methods 0.000 description 1
- 150000002500 ions Chemical class 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 201000009032 substance abuse Diseases 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/42—Systems providing special services or facilities to subscribers
- H04M3/436—Arrangements for screening incoming calls, i.e. evaluating the characteristics of a call before deciding whether to answer it
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/22—Arrangements for supervision, monitoring or testing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/38—Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M7/00—Arrangements for interconnection between switching centres
- H04M7/006—Networks other than PSTN/ISDN providing telephone service, e.g. Voice over Internet Protocol (VoIP), including next generation networks with a packet-switched transport layer
- H04M7/0078—Security; Fraud detection; Fraud prevention
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M2203/00—Aspects of automatic or semi-automatic exchanges
- H04M2203/20—Aspects of automatic or semi-automatic exchanges related to features of supplementary services
- H04M2203/2066—Call type detection of indication, e.g. voice or fax, mobile of fixed, PSTN or IP
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/42—Systems providing special services or facilities to subscribers
- H04M3/42314—Systems providing special services or facilities to subscribers in private branch exchanges
Abstract
A telephony security system (10) and method for controlling and logging acce ss between an enterprise's end-user stations (14) and their respective circuits into the public switched telephone network (PSTN). A security policy (32), such as a set of security rules, are defined for each of the extensions (20), the rules specifying actions to be taken based upon at least one attribute of the call on the extension. Calls are detected and sensed on the extensions (20) to determine attributes associated with each call. Actions are then performed on selected calls based upon their attributes in accordance with the security rules defined for those extensions (20).
Description
TECHNICAL FIEI:D
The invention relates generally to telecommunications access control systems and particularly to a telephony security system for controll ing and logging access between end-user stations and their respective circuits into the public switched telephone network (PSTN).
BACKGROUND
"Policy-based security management" refers to the application of a governing set of rules at strategically located points (chokepoints) for the purpose of enforcing security boundaries between two or more networks, such that only those events meeting certain criteria may pass between them, while all bther events are denied passage. For data network operations, this filtering process selectively discards packets in order to control access to the network, or to resources such as files and devices. Variations and improvements ofthis ba.Sic theme have resulted in devices known as firewalls today -- network components that provide a security barrier between networks or network segments. Much like a ;ward at a checkpoint, the firewall strictly enforces rules specified within an established pol icy for what shall pass the firewall on a case-by-case basis. The policy may alternatively dictate that other actions may apply as well, such as logging the event and/or sending an urgent electronic mail message notifying appropriate personnel of the event.
Security professionals consider firewalls to be essential in the protection ofan enterprise's private data network or virtual private data network from access to the enterprise's computers by unauthorized personnel or "hackers." Like any security measure, however, firewalls are not foolproof. Firewalls provide no protection for traffic routed around them, as is often the case when modems are used while connected to internal data networks; i.e., circumvention of the firewall ~ouP~ protected channels, such as through telephone lines or extensions normally used for voice or fax. Clearly, there is a need for <~ telephony security system and method for controlling access to an enterprise's data network throu~~h telephony resources that otherwise cannot be sufficiently protected by traditional firewall technology.
In addition to security need:. relevant to computer networks, there are issues in the toll fraud, phone misuse, call accounting and bill reconciliation arenas that warrant similar protections.
Currently, a need exists to address tle full spectrum of security issues across all locations of an enterprise that may span the entire globe. A need exists for a scalable and manageable telephony security system and a method for controlling and logging access to an enterprise's telephony resources.
SLTIVIIVIARY OF THE INVENTION
The present invention, accordingly, provides a system and method for performing security access control functions for an enterprise's telephone circuits between end-user stations and their respective circuits into the public: switched telephone network (PSTI~. In the most basic configuration, inbound and outbo~.u~d calls are allowed or denied (i.e.;
blocked or "hung-up"), content monitored, recorded or redirected according to a rule-set that is managed by a security administrator. In one aspect ofthe invention, the disclosed system and method combines call-progress monitoring, caller-id (CND) and/or automatic number identification (ANI) decoding, digital lineprotocol reception, decoding, demodulation, pulse dial detection, tone detection (DTMF
and MF), and speech recognition with microprocessor control, access-control logic, and call-interrupt circuitry.
The system and method ofthe present invention performs centrally managed, enterprise-wide enforcement ofan enterprise's telephony security policy and real-time notification in selected instances of attempted security breaches. The system utilizes a specialized device to monitor and control access to every telephone stiition, fax machine, and modem line for all locations within the enterprise having telephony resources that are routed through the device.
Specific attributes identified by the telephony access control device pertaining to all inbound and outbound calls determine wheth« certain calls, in accordance with a predefined security policy, are allowed, denied ("hung-up"), content monitored, recorded, redirected, logged, and/or initiate additional actions such as electronic mail notification, pager alerting, console messaging, or a Simple Network Management Protocol (~~NMP) trap notification. Attributes captured by the device include, as examples: station extension; inbound caller-lD information (when available); outbound number dialed; call-type (i.e., fax, modem, or voice); call content such as keywords detected via speech recognition or demodulated modem andlor fax data; time and date stamp; and call duration. As used herein, "keyword" is understood to refer to a predefined sequence of digital data.
The rule-set for control of call tray c by the device defines a security policy that governs how telephonyresources may be used within the enterprise. Each rule, upon meeting certain criteria, initiates appropriate security action(s).
I 0 In one embodiment, a system and method oftelephony security is provided that controls call access into and out ofthe enterprise on a per line (station extension or trunk line) basis. A
security policy, i.e., a set ofaccess rules, are defined for each line; the rules specifying actions to be taken based upon at least one attribute ofthe call present on the line. In this embodiment, calls are tracked and sensed on a per 1 ine basis, extracting specific attributes that are available at the I 5 time of the call. Actions are then performed based upon the detected call attributes in accordance with the security policy that applies to that line.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a schematic block diagram of a telephony security system of the present invention.
FIG. 2 is a fi~nctional block diagram ofthe system ofFIG. l showing a simplified example security policy and corresponding actions and features.
FIG. 3 is a flow diagram ilh~.strating example installation, configuration and operational processes for the system of FICi. 1.
FIG: 4 is a flow diagram illustrating details of an example installation and hardware configuration process for the system of FIG. I .
FIG. SA is a flow diagrarr~ illustrating concepts for an automated Amphenol pinout discovery process for the system of FIG. 1.
FIG. SB is a table illustratin g a simplified example Amphenol pinout for a small business enterprise.
FIG. 6A is a flow diagram il tustrating concepts for a line map discovery and configuration process for the system of FIG. 1.
FIG. 6B is a table illustrating a simplified example line map for a small business enterprise.
FIG. 7 is a table illustrating an example group list configuration for a small business enterprise.
FIG. 8A is a table illustrating an example security policy for a business enterprise.
FIG. 8B is a flow diagram il lustrating enforcement of a security policy in operation of the system of FIG. 1.
FIGs. 9A and 9B are a flow diagram illustrating details ofan example detect and analyze call activity process for the system of FIG. I .
DE'CAILED DESCRIPTION
In FIG.1, the reference numeral I 0 refers to a telephony security system of the present invention. The sya~tem 10 consists primarily of a telephony access control device 12 connected in-line betv,~een end-user stations 14 at one or more locations of an enterprise and the stations' circuits into the public switched telephone network (PSTI~_ While shown as a separate box in FIG.1, all functions of the telephony access control device l2 are inserted into the system 10 with line sensors at sensor points 18 (direct connect. lines), 22 (station-side of a PBX), and 24 (trunk-side of a PBX).
Also in FIG.1, numerals 14a, 14b, and 14c refer to end-user stations 14 connected through the telephony access control device 12, representing as examples, one or more telephones 14a, fax machines 14b and modems 14c. The modems 14c may support desktop or portable personal computers, for example. Individual station exten:;ions 20 connect each ofthe stations 14 through the device 12 to a PBX I 6 or a central office I I . As represented by sensor point 22 and its corresponding line, it is understood that the device 12 is configured to map the individual station extensions 20 through the device 12 to their respective wire pairs (not shown) within the PBX 16, and also to one or more telephone lines, as indicated at sensor point 18, directly connected to the central office 11.
Several configurations are possible, whereby connectivity of the line sensors) on the PSTN-side ofthe telephony access control device I 2 may be any combination ofthe PBX trunk-side connection at point 24, the PBX station-side connection at point 22, and direct connects at point 18. A completely PBX station-side implementation with the line sensor at point 22, for example, might exclusively consist ofAmphenol connec:tors (R1-21 X) (not shown); or other standard connectors and associated c;3bling, for interconnecting the PBX 16 with connection inputs of the device 12.
While not shown, it is under,~tood that more than one network-addressable device 12 may be utilized within an enterprise, at one or more locations, whereby security is provided by the devices) 12 for traffic into and out of a private network or virtual private network of the enterprise.
A management station 26 is connected to the device I 2 for consolidation, management, display or printing of recorded call content, reports and call logs and for programming the security policy and other operational featurea ofthe device 12. Historical logging and archiving ofcalls pursuant to a predetermined security policy may be accomplished on the local management station 26, or stored via ~a network accessible log server 28.
The device I 2 combines call-progress monitoring, caller-id (CND) and/or autamatic number identification (AN)7 decoding, digital line protocol reception, decoding, demodulation, pulse dial detection, tone detection (DTMF and MF), and speech recognition with microprocessor control, access-control logic, and call-interrupt circuitry for implementing the desired access control functions. The inventive functions performed by the device 12, as further described below, may be implemented with commercially available components as will be understood by those skilled in the art. While also not shown, it is understood that the device 12 is controlled by computer prograrr>rning instructions stored in memory within the device 12 and which may also be stored in memory within other components of the system I 0 connected to the device 12.
Referring also to FIG. 2, a functional schematic 30 illustrates certain operational aspects of the system 10. An example (very simplified) security policy 32 is shown for controlling the flow of calls through the device 12. The policy 32 implements a rule-set that depends upon the type of equipment (phone 14a, fax machine 14b, modem 14c) being used on the extension for either > inbound or outbound calls. It is understood that the :rule-set is implemented by software instructions within the device 12 that may, for example, be programmed or modified at either the device 12 or at the management station 26 (FIG. 1 ) located nearby or at a very remote distance therefrom within the enterprise.
As exemplified in FIG. 2, the security policy 32 dicaates the type of actions associated with individual or groups of calls (e.g., al low, terminate, monitor content , record, redirect, log, alert, report), according to specified roles. In the present example, the security rules specify that: (1 ) no data calls are permitted on designated voice lines; (2) no computer modem calls are permitted on designated fax lines; (3) no modem calls are permitted during a designated time (e.g., after 8pm);
and (4) no outbound calls are permitted to a certain destination identified by a digital sequence (e.g., 1 9XX - where 9XX indicates a Numbering Plan Area code).
A call log 34 is generated fix calls, designating attributes of the calls, for example, the line (extension); the call number; the call direction (inbound, outbound); the call type; call content; the date and time; the call duration; and the description ofthe call-event (e.g., unauthorized outbound modem; keywords detected in cal I content; call content recorded). Example reporting options include post-event or batch anal~~sis 36 (trending), and alert options include electronic mail notification 38, pager alerting 40, console messaging and SNMP trap notification. While not shown, it is understood that the device 12 is able to communicate within the enterprise network with various host computers for providing the reporting functions.
FIG. 3 is a process flow diagram 300 illustrating installation, configuration and operation processes for the system l 0. Once installed and configured, it is understood that the system 10 is capable of operating in a continuous processing loop, including detecting call attributes and analyzing call activity while simultaneously performing appropriate actions in accordance with the rules in the defined security policy. There are, however, a number of processes that are first performed as part of the installation .and configuration ofthe system 10 within an enterprise or one or more of its locations-Step 302 refers to the process of system installation and hardware configuration, discussed below with respect to FIG. 4 and hI(is. SA-SB. Step 304 refers to the process of system line map discovery and configuration, discussed below with reference to FIGS. 6A
and 6B. Step 306 refers to user list and group list configuration, discussed below with reference to FIG. 7. Step 308 refers to security policy configuration, discussed below with reference to FIG. 8A. Steps 310-320 refer fo the process of detecting call attributes and analyzing call activity, whereupon actions are taken for each call according to the security policy, discussed below and in filrther detail laterwith reference to FIGS. 9A and 9B.
In FIG. 3, the process ofcall detecting and analyzing call activity begins in step 310. For each station 14 connected by an extension 20 through the device 12, the device 12 will capture and analyze call-activity, then consolidate and report details of the activity for further processing.
An aspect ofthis process involves the ability ofthe device 12 to distinguish between fax, modem, and voice call-types. Algorithms for call-type distinction are utilized that, in one implementation, distinguish the call-type based upon spec:iral analysis associated with typical fax and other data transmission protocols. Further analysis of call activity involves the ability ofthe device 12 to detect keywords in call content via speech recognition or demodulated modem/fax data.
While not shown, it is understood that the "Action Policy" 3 I 2 and the "Event Policy" 3 I 8 are aspects of the overall security policy as discussed previously. In step 312, an "Action Policy"
determines what action to take for a particular call, depending upon attributes of the call as I 0 determined in step 310. The rule-set for the "Action Policy" in step 3 I 2 may be determined and programmed to meet the security needs ofthe enterprise, which may include allowing the call, denying the call, or performing some other specific action such as redirecting the call or recording the call (step 316). In step 314, a denied call is terminated ("Hang Up Call"). Policy may also dictate that an event is logged (step 320) and what detail the log entry should include. While not 15 shown, it is understood that there will be different levels of log entries, ranging from very briefto verbose.
Example rule-sets for the "Action Policy" and the "Log Event Policy" are discussed below with reference to FIG. 8A.
Installation and hardware Configuration FIG. 4 illustrates the proce:;s 302 of system instal:fation and hardware configuration. In step 400, a cable concentrator (not shown) is installed to connect the device 12. Because the telephony access control device 12 is positioned in-line between the end-user stations 14 and the PSTN (or PBX), cabling must be routed to and from the telephony access control device 12 and the point of interconnection with the telephone network. In the case of a PBX
station-side implementation, 25-pair wire cables terminated with Amphenol connectors leading from the PBX .
would be re-routed to one side of an cable concentrator of a line sensor at point 22, while cables on the other side ofthe cable concentrator at point 22 would complete the original circuits by routing to their respective 66-type blocks ("punch-down blocks"). Switches, placed in-line for each wire-pair in the cable concentrator at point 22, are controlled by the telephony access control device 12, providing the capability for hanging up the call (for analog lines only). The combination ofthe cable concentrator (when required), and the associated switches and associated control logic (when required), and the associated control logic embodied in what is described as device 12 are collectively referred to herein as ~i line sensor.
In step 402, the remote management station 26 is set up, whereby a personal computer, meeting certain performance specifications, is acquired and configured with an operating system, booted, and made ready for operati on. In step 404, software required to operate the telephony access control device 12, including fcrr example defining amd maintaining the security policy, is installed onto the remote management station 26. Although not shown, it is understood that installation of control software may include writing firm watt: instructions for the associated switches and/or the associated control lc>gic for the line sensors as required.
In step 406, a process is performed that determines Amphenol connector pinouts so that the individual station extensions 20 are properly connected through the device 12 to the wire pairs from the PBX 16 or from the CO 11. The process uti lizes an automated (or partially automated) mechanism for determining the correct Amphenol pinout, described in more detail below.
In steps 408-414, the cable and pinout connections are tested and troubleshooting is performed until complete. Testing of connectivity may take place manually by a service technician, or automatically through a software: test algorithm, or a combination ofboth.
After installed, and with power off, the telephony acceas control device 12 should be transparent to the enterprise telecommunications system; i.e., :rll wire-pairs should be terminated at the same points as they were prior to the installation. Should the installation process alter this mapping in any way, a service technician will have to determine thc~ cause and correct it. Step 414 indicates the service technician has met these requirements.
Autornat:ed Amphenol Pinout Discovery FIGs. SA and SB illustrate the process 406 of automated Amphenol pinout discovery, in particular with reference to steps 500-522 (FIG. SA) and an example Amphenol connectorpinout (FIG. SB).
Line-side Amphenol connecaors (not shown) have different pinouts depending on both the manufacturer and the subscriber line interface card (SLIC) they are attached to. "Pinout" refers ZL
to the association of connector pins to lines. For example, line # I may only use pins l and 2, or as many as pins 1 through 6; then line #2 would use either only pins 3 and 4, or pins 7 through 12;
and so on. In the PBX environment, pinout designation is non-standard because, for example, pins normally intepded for line #2 might instead be used for "vo ice on hold" at the installer's disc.~retion;
the effect of which is that line #2 would actually use pins l3 through 18.
Installation of the device 12 is accompanied by a process for automatically determining card-types and manufacturers to help resolve this problem. One method, for example, is illustrated with reference to steps 5.00-522. Ln step 500, for each Arnphenol connector on the station-side ofthe PBX 16, line levels are sampled and digitized, providing a digital data stream to aprocessor (not shown) for each pin in the a:>nnector. This involves digitizing both analog and digital signal levels and presenting that information to a processor for reconstruction in digital form for analysis. -Step 502 determines the card-type by analyzing line levels and signatures associated with known types. Step 504 determines the system-type (manufacW rer) by analyzing signal patterns and distribution across all fifty pins associated with known types. In steps 506-508, ifthe card-type is digital, a deterrnination is made ofthe PCM-coding scheme employed by the PBX 16. In step 510, given the information gathered so far, the pinout for this particular Amphenol connector is determined, i.e., pin numbers are assigned to lines (wire-pairs). In steps S
12-522, for each line, it is determined whether the line is terminated with an end--user station (phone, fax, modem), or if the line is assigned to an auxiliary device such as "voice on hold", voice mail, or intercom.
FIG. SB is a table illustrating an example Amphenol connector pinout configuration for a srriall business serviced by a single "Company X" PBX and several direct analog lines for fax and 1?
dial-up. Notice that each end-user station uses 2 wire--pairs (4 wires) and that the office intercom system was wired into pins 45-48 on Amphenol connector J0. Another Amphenol connector J 1 was used to run the analog lines, ~°ach using only two pins per station.
Line Map Confieuration FIGs. 6A and 6B illustrate the process 304 of line map configuration, in particularwith reference to steps 600-624 (FIG. 6A), and an example line map (FIG. 6B).
After installation ofthe hardware and software, the system 10 must be configured to map individual stations 14 (station extensions 20) to their respective wire-pairs inside the PBX 16, as well as assign telephone numbers to direct connect lines that come directly from a central office 1 I .
I 0 From the Amphenol connector pinout determination previously made, for example, it is known that pins 5 through 8 map to line #2 in the PBX 16. A line map can then be generated that indicates the association of a particular line to a station's extension (e.g., line #2 in the PBX 16 is associated with station 14 having an extension number "6251 ").
Steps 600-624 describe example line mapping processes for the mapping ofports in the 15 PBX 16 to their respective end-user stations 14 (phone, fax, or modem), thereby generating a list of what PBX ports belong to what station numbers. Recognizing that the configuration is maintained by the PBX I 6 as well, it can be obtained from the PBX for use by the device 12, as described with re ference to steps 600-612. In the case of lines that are directly connected to the central office 1 l, the extension number must be identified and included in the line map as well.
Various methods are contemplated for obtaining this information, including aspects that can be automated with software.
In steps 618-620, an auto-dial process is utilized to determine the line map configuration whereby the device 12 sequentially dials a range of extensions, then detects and maps each telephone number to the station 14 that responded. For some analog lines, this process may be enhanced by trmlsmitting and dete cling sequences of out-of band signals that only the device 12 .
can recognize.
FIG. 6B is a table illustrating an example line map configuration for a small business serviced by one PBX. After acccasing the PBX and examining the punch-down blocks (not shown), an installer of the system 10 can create a 1 ine map for the system that might look like the table ofFIG. 6B. Note that intercom lines are not included in the line map since intercom lines are not a security concern.
User List and Grou~List Configuration Referring again to FIG. 3, after the line map is configured (step 304), a user list and group list configuration process is performed, as indicated in step 306.
Specifically, the user ofthe system 10 can, usingthe line map, create a list ofusers, aliases, and groups ofobjects, thereby facilitating ease of management.
The user list and group list configuration defines an authentication mechanism that associates users with privileges, thus controlling access to the system I 0 in the same manner that 1 r7 operating systems control access to resources. In addition, aliases can be created to associate meaningful names with inanimate objects, such as, in this particular case, telephone numbers; for example, it will be easier to work with an extension named "John" than to have to remember that extension 6251 is John's.
It is contemplated that the system 10 will make extensive use of groups, where objects of the same type can be collectively referred to by a meaningfiil alias. For example, the "Sales" group may consist of extensions pointed by the aliases "John," "Mary," "Robert," and all extensions in the range 6200 through 6500.
FIG. 7 ill ustrates an example group list configuration for the system 10.
After the line map is defined, a group list can be created using the information in the line map.
In this case, the stations are grouped according to office-department (sales and engineering) and by function (voice, fax, modem). Groups may overlap one another and even contain other groups entirely, as in the case of the "Voice-Only" goup that contains the entire "Sales" group as well as all extensions within the range 210-402-66XX.
Security Polic~Confi,~uration FIG. 8A illustrates details of an example security policy configuration for the system 10, as previously mentioned with respect to step 308 in F1G. 3.
Determining the security policy for the system 10 involves creating a set of rules, collectively referred to as a policy, that define what actions will be associated with particular groups of objects. For example, a rule might read "all outbound modem calls from the Engineering group, during the hours of Spm and Sam on any given day should be denied and logged."
Referring to FICi. 8A, an example security policy defines "Rules" that, based upon call attributes of "Source," "Destination," "Call-type (e.g., fax, modem, voice),"
"Date," and "Time,"
implement an "Action" (allow or deny the call) and a reporting function, "Track" (full spectrum from brief to verbose log entry).
In FIG. 8A, Rules 1-lU axe explained as follows:
Rule 1 This rule states "Any long distance calls between 8pm and 4am on the phones in the Voice-Q,~Iy group will be denied and an alert will be generated; notifying in real-time ofthe event". Note that the "1 *" in the "Destination" column means a " 1 " fo:llowed by any other number. This rule might be used to prevent unauthorized persons, such as cleaning crews, from placing long distance calls from a business during late evening hours.
Rule 2 This rule states "Allow all outbound voice calls from the phones in the Voice-Only group any time on any day, and then log the call". This rule will allow business as usual while logging the call for accounting purposes.
Rul a 3 This rule states "Allow all 'inbound voice calls to the phones in the Voice-Only group any time on any day, and then log the call". Again, this rule will allow business as usual while logging the call for accounting purposes.
S Rule 4 This rule states "Any call into the Voice-Only group that is not voice will be denied and an alert will be ,generated, notifying in real-time ofthe event". Note that the "!"proceeding "voice"
in the "Type" column means "NOT"; e.g., NOT voice. 'This rule might be used to alert security personnel to potential hacking attempts such as "war-dialing."
Rule S
This rule states "Allow all outbound faxes from the Fax group any time on any day, and then log the call". This rule will allow normal fax traffic while logging the call for accaunting purposes.
Rule 6 I S This rule states "Allow all inbound faxes to the F~uc group any time on any day, and then log the call". Again, this rule will allow normal fax traffic while logging the call for accounting purposes.
Rule 7 This rule states "Any outbound call from the Fax group that is not a fax will be denied and an alert will be generated, notifying [me] in real-time of the event". Note that the "!" proceeding "fax" in the "Type" column means "NOT"; e.g., NO'T fax. 'Chis rule might be used to alert security personnel to potential abuses of the fax lines, such as attempts to dial out using a modem ox simply using the line for a voice call.
Rule 8 This rule states "Only a modem from 680-8272 may dial into the phone named C.'04 (the lab dial-in modem line) and the call will be logged". T'his rule will lock down remote administration through a dial-up to the system administrator's home phone.
Rule 9 This rule states "Any call into the line named C:04 (the lab dial-in modem line;) will be denied and an alert will be generated, sending a real-time notification of the event". This rule might be used to alert a security administrator of unauthorized attempts to access the dial-in modem line.
1 S Rule 10 This catch-all rule states "Log all calls from anywhere to anywhere at any time of any day".
This rule is typically appended to log all denied calls that do not fit into any ofthe preceding rules.
At first glance, this rule seems counter-intuitive since it seems to deny any call from anywhere. This l9 is not the case. Each rule is evaluated in sequential order, exiting immediately after any one rule matches the criteria.
Security Polic~Enfor~cement FIG. 8B illustrates an example process flow 800 for implementing a security policy of the system 10.
In step 802 a determination is made as to whether the call is inbound or outbound. In step 804, for outbound calls the system sets the source equal to the line map, such that the extension from which the call is being made can be identified. The destination is set equal to the user-dialed digits, indicating that the line sensor or the device 12 will determine the destination number ofthe call. In step 806, for inbound calls the source is set equal to caller->D so that a caller identification device can determine the source of the inbound call. The destination is set equal to the line map so that the destination extension can be determined according to the line map.
As indicated in steps 808-822, a process loop is applied for each rule until an action is indicated for the current rule, as indicated- in step 818.
Referring now to both F'IGs. 8A and 8B, operation ofthe system 10 to enforce a security policy is now described with reference to an example call scenario.
In this example scenario, assume that a person unhooks a fax line at an enterprise during the evening hours and attempts to dial out with a modem for the purpose of sending proprietary information outside the enterprise network (e.g., to a competitor). First, the fax machine is unplugged, a modem is plugged in, and the user dials out from 402-7002 to a local ISP at 353-0005. The device 12 detects the call, determines that the call-type is a modem, collects call attributes into a record and applies the rules in F1G. 8A:
Rule I: The source number is not in the Voice-Only group, so skip to rule 2.
Rule 2: The source number is not in the Voice-Only group, so skip to 3:
Rule 3: The source number matches, but destination number is not in the Voice-Only group, so skip to 4.
Rule 4: The source number matches but not the destination, so skip to 5.
Rule 5: The source number is in the Fax group, and fhe destination matches, but the call-type is modem (not fax), so skip to 6.
Rule 6: The souice number matches but destination is not in the Fax group, so skip to 7.
Rule 7: The source number matches, destination number matches, call-type is not fax, and the date and time match (any), so DENY the call, log it, and ALERT the security administrator of the attempted breach. At this point the process is done, and execution proceeds to handle the next call. If an event does not rriatch any rule, it optionally may then be handled by a user-configurable "catch-all" rule.
Rules are evaluated for an event in sequential order until either one is met, or no rules meet the call attributes. The call attributes in this case can include, but is not limited to, any boolean combination (AND, OR, NOT) of the following: ( 1 ) source telephone number, numbers, or mask (e.g., 210-402-~ where the source number is the number ofthe party initiating the call; i.e., the extension assigned to a station for outbound calls, or the number extracted from caller-m (or any other means) for inbound calls; (2) destination telephone number, numbers, or mask where the destination number is the number of the party receiving the call; i.e., the extension assigned to a station for inbound calls, or the number dialed (DTMF decoded or by any other means) for outbound calls; (3) type of call, defined as either fax, modem, or voice; (4) date of call, de:fmed as specific dates, ranges of dates, day(s)-of week, or any combination thereof;
(5) time of call, defined as specific times, ranges of times, time(s)-of day, or any Eombination thereof; (6) keywords detected in call content; and (7) duration of the call (in seconds).
Detection and Anal sW~s of Call Activity FIGS. 9A and 9B illustrate details of an example process for detecting call attributes and analyzing call activity, as previously mentioned with respect to step 310 in FIG. 3 Steps 900-924 illustrate that for each station under control ofthe device 12, the system 10 will capture call attributes such as station extension identification;
inbound caller-)D infozmation (when available); outbound number dialed; call type (i.e., fax, modem, or voice); call content such as keywords detected via speech recognition or demodulated modem and/or fax data; time and date stamp; and call duration; and analyze call-activity, then consolidate and report details ofthe 1 S activity for further processing.
An aspect of the process involves the distinction between fax, modem, and voice call-types, whereby "fax," "modem," and "voice" call-types are assigned to each call (steps 910, 914, 916) by capturing and analyzing the call handshake signals (step 906), in the case of both inbound and outbound calls. Ifrequired by the rule (steps 911 and 915), the process may fiuther involve monitoring call content to detect keywords via speech recognition or demodulation ofmodem/fax data (steps 913 and 917). A call-event record is created (step 918) which is then utilized in implementing the security policy.
It is understood that the present invention can take many forms and embodiments. The embodiments shown herein are intended to illustrate rather than to limit the invention, it being appreciated that variations may be made without departing from the spirit of the scope of the invention. For example, any number of different rule criteria for the security policy may be defined.
Different attribute descriptions and rule descriptions are contemplated. The algorithms and process functions performed by the system may be organized into any number of different modules or computer programs for operati on on one or more processors or workstations within the system.
Different configurations of computers and processors for the system are contemplated. As previously indicated, the functions of the device 12 may be implemented on the tmnk-side ofthe PBX at point 24, on the station-side of the PBX at point 22, on direct connect I roes at point 18, or in any combination thereof: The device 12 may be complemented with a computer telephony integration (CT17 interfaces) to specific PBXs. In this alternate embodiment ofthe invention, the 1 S device 12 may issue commands to the PBX 16 (via the CTI interface), for the PBX to perform designated actions on the call. Additionally, the PBX 16 may provide designated call attri butes to the device 12 (via the CTI interface), for use in applying the security rule-set to the call. Action commands issued to, and call attributes provided by the PBX are in accordance with the rule-set and within PBX capabilities. Tlae programs used to implement the methods and processes of the system may be implemented in any appropriate progr~rnlming lanbwage and nm in cooperation with any hardware device. The system may be used for enterprises as small as a private home or business with just a few phone lines as well as for large enterprises with multiple PBX locations around the world, interconnected in one or more private networks or virtual, private networks. In the case where multiple extensions are involved, it is understood that the extensions may be PBX
extensions or direct line extensions_ Although illustrative embodiments of the invention have been shown and described, a wide range of modification; change and substitution is intended in the foregoing disclosure and in some instances some features of the present invention may be employed without a corresponding use of the other features. Accordingly, it is appropriate that the appended claims be construed broadly and in a manner consistent with the scope of the invention.
The invention relates generally to telecommunications access control systems and particularly to a telephony security system for controll ing and logging access between end-user stations and their respective circuits into the public switched telephone network (PSTN).
BACKGROUND
"Policy-based security management" refers to the application of a governing set of rules at strategically located points (chokepoints) for the purpose of enforcing security boundaries between two or more networks, such that only those events meeting certain criteria may pass between them, while all bther events are denied passage. For data network operations, this filtering process selectively discards packets in order to control access to the network, or to resources such as files and devices. Variations and improvements ofthis ba.Sic theme have resulted in devices known as firewalls today -- network components that provide a security barrier between networks or network segments. Much like a ;ward at a checkpoint, the firewall strictly enforces rules specified within an established pol icy for what shall pass the firewall on a case-by-case basis. The policy may alternatively dictate that other actions may apply as well, such as logging the event and/or sending an urgent electronic mail message notifying appropriate personnel of the event.
Security professionals consider firewalls to be essential in the protection ofan enterprise's private data network or virtual private data network from access to the enterprise's computers by unauthorized personnel or "hackers." Like any security measure, however, firewalls are not foolproof. Firewalls provide no protection for traffic routed around them, as is often the case when modems are used while connected to internal data networks; i.e., circumvention of the firewall ~ouP~ protected channels, such as through telephone lines or extensions normally used for voice or fax. Clearly, there is a need for <~ telephony security system and method for controlling access to an enterprise's data network throu~~h telephony resources that otherwise cannot be sufficiently protected by traditional firewall technology.
In addition to security need:. relevant to computer networks, there are issues in the toll fraud, phone misuse, call accounting and bill reconciliation arenas that warrant similar protections.
Currently, a need exists to address tle full spectrum of security issues across all locations of an enterprise that may span the entire globe. A need exists for a scalable and manageable telephony security system and a method for controlling and logging access to an enterprise's telephony resources.
SLTIVIIVIARY OF THE INVENTION
The present invention, accordingly, provides a system and method for performing security access control functions for an enterprise's telephone circuits between end-user stations and their respective circuits into the public: switched telephone network (PSTI~. In the most basic configuration, inbound and outbo~.u~d calls are allowed or denied (i.e.;
blocked or "hung-up"), content monitored, recorded or redirected according to a rule-set that is managed by a security administrator. In one aspect ofthe invention, the disclosed system and method combines call-progress monitoring, caller-id (CND) and/or automatic number identification (ANI) decoding, digital lineprotocol reception, decoding, demodulation, pulse dial detection, tone detection (DTMF
and MF), and speech recognition with microprocessor control, access-control logic, and call-interrupt circuitry.
The system and method ofthe present invention performs centrally managed, enterprise-wide enforcement ofan enterprise's telephony security policy and real-time notification in selected instances of attempted security breaches. The system utilizes a specialized device to monitor and control access to every telephone stiition, fax machine, and modem line for all locations within the enterprise having telephony resources that are routed through the device.
Specific attributes identified by the telephony access control device pertaining to all inbound and outbound calls determine wheth« certain calls, in accordance with a predefined security policy, are allowed, denied ("hung-up"), content monitored, recorded, redirected, logged, and/or initiate additional actions such as electronic mail notification, pager alerting, console messaging, or a Simple Network Management Protocol (~~NMP) trap notification. Attributes captured by the device include, as examples: station extension; inbound caller-lD information (when available); outbound number dialed; call-type (i.e., fax, modem, or voice); call content such as keywords detected via speech recognition or demodulated modem andlor fax data; time and date stamp; and call duration. As used herein, "keyword" is understood to refer to a predefined sequence of digital data.
The rule-set for control of call tray c by the device defines a security policy that governs how telephonyresources may be used within the enterprise. Each rule, upon meeting certain criteria, initiates appropriate security action(s).
I 0 In one embodiment, a system and method oftelephony security is provided that controls call access into and out ofthe enterprise on a per line (station extension or trunk line) basis. A
security policy, i.e., a set ofaccess rules, are defined for each line; the rules specifying actions to be taken based upon at least one attribute ofthe call present on the line. In this embodiment, calls are tracked and sensed on a per 1 ine basis, extracting specific attributes that are available at the I 5 time of the call. Actions are then performed based upon the detected call attributes in accordance with the security policy that applies to that line.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a schematic block diagram of a telephony security system of the present invention.
FIG. 2 is a fi~nctional block diagram ofthe system ofFIG. l showing a simplified example security policy and corresponding actions and features.
FIG. 3 is a flow diagram ilh~.strating example installation, configuration and operational processes for the system of FICi. 1.
FIG: 4 is a flow diagram illustrating details of an example installation and hardware configuration process for the system of FIG. I .
FIG. SA is a flow diagrarr~ illustrating concepts for an automated Amphenol pinout discovery process for the system of FIG. 1.
FIG. SB is a table illustratin g a simplified example Amphenol pinout for a small business enterprise.
FIG. 6A is a flow diagram il tustrating concepts for a line map discovery and configuration process for the system of FIG. 1.
FIG. 6B is a table illustrating a simplified example line map for a small business enterprise.
FIG. 7 is a table illustrating an example group list configuration for a small business enterprise.
FIG. 8A is a table illustrating an example security policy for a business enterprise.
FIG. 8B is a flow diagram il lustrating enforcement of a security policy in operation of the system of FIG. 1.
FIGs. 9A and 9B are a flow diagram illustrating details ofan example detect and analyze call activity process for the system of FIG. I .
DE'CAILED DESCRIPTION
In FIG.1, the reference numeral I 0 refers to a telephony security system of the present invention. The sya~tem 10 consists primarily of a telephony access control device 12 connected in-line betv,~een end-user stations 14 at one or more locations of an enterprise and the stations' circuits into the public switched telephone network (PSTI~_ While shown as a separate box in FIG.1, all functions of the telephony access control device l2 are inserted into the system 10 with line sensors at sensor points 18 (direct connect. lines), 22 (station-side of a PBX), and 24 (trunk-side of a PBX).
Also in FIG.1, numerals 14a, 14b, and 14c refer to end-user stations 14 connected through the telephony access control device 12, representing as examples, one or more telephones 14a, fax machines 14b and modems 14c. The modems 14c may support desktop or portable personal computers, for example. Individual station exten:;ions 20 connect each ofthe stations 14 through the device 12 to a PBX I 6 or a central office I I . As represented by sensor point 22 and its corresponding line, it is understood that the device 12 is configured to map the individual station extensions 20 through the device 12 to their respective wire pairs (not shown) within the PBX 16, and also to one or more telephone lines, as indicated at sensor point 18, directly connected to the central office 11.
Several configurations are possible, whereby connectivity of the line sensors) on the PSTN-side ofthe telephony access control device I 2 may be any combination ofthe PBX trunk-side connection at point 24, the PBX station-side connection at point 22, and direct connects at point 18. A completely PBX station-side implementation with the line sensor at point 22, for example, might exclusively consist ofAmphenol connec:tors (R1-21 X) (not shown); or other standard connectors and associated c;3bling, for interconnecting the PBX 16 with connection inputs of the device 12.
While not shown, it is under,~tood that more than one network-addressable device 12 may be utilized within an enterprise, at one or more locations, whereby security is provided by the devices) 12 for traffic into and out of a private network or virtual private network of the enterprise.
A management station 26 is connected to the device I 2 for consolidation, management, display or printing of recorded call content, reports and call logs and for programming the security policy and other operational featurea ofthe device 12. Historical logging and archiving ofcalls pursuant to a predetermined security policy may be accomplished on the local management station 26, or stored via ~a network accessible log server 28.
The device I 2 combines call-progress monitoring, caller-id (CND) and/or autamatic number identification (AN)7 decoding, digital line protocol reception, decoding, demodulation, pulse dial detection, tone detection (DTMF and MF), and speech recognition with microprocessor control, access-control logic, and call-interrupt circuitry for implementing the desired access control functions. The inventive functions performed by the device 12, as further described below, may be implemented with commercially available components as will be understood by those skilled in the art. While also not shown, it is understood that the device 12 is controlled by computer prograrr>rning instructions stored in memory within the device 12 and which may also be stored in memory within other components of the system I 0 connected to the device 12.
Referring also to FIG. 2, a functional schematic 30 illustrates certain operational aspects of the system 10. An example (very simplified) security policy 32 is shown for controlling the flow of calls through the device 12. The policy 32 implements a rule-set that depends upon the type of equipment (phone 14a, fax machine 14b, modem 14c) being used on the extension for either > inbound or outbound calls. It is understood that the :rule-set is implemented by software instructions within the device 12 that may, for example, be programmed or modified at either the device 12 or at the management station 26 (FIG. 1 ) located nearby or at a very remote distance therefrom within the enterprise.
As exemplified in FIG. 2, the security policy 32 dicaates the type of actions associated with individual or groups of calls (e.g., al low, terminate, monitor content , record, redirect, log, alert, report), according to specified roles. In the present example, the security rules specify that: (1 ) no data calls are permitted on designated voice lines; (2) no computer modem calls are permitted on designated fax lines; (3) no modem calls are permitted during a designated time (e.g., after 8pm);
and (4) no outbound calls are permitted to a certain destination identified by a digital sequence (e.g., 1 9XX - where 9XX indicates a Numbering Plan Area code).
A call log 34 is generated fix calls, designating attributes of the calls, for example, the line (extension); the call number; the call direction (inbound, outbound); the call type; call content; the date and time; the call duration; and the description ofthe call-event (e.g., unauthorized outbound modem; keywords detected in cal I content; call content recorded). Example reporting options include post-event or batch anal~~sis 36 (trending), and alert options include electronic mail notification 38, pager alerting 40, console messaging and SNMP trap notification. While not shown, it is understood that the device 12 is able to communicate within the enterprise network with various host computers for providing the reporting functions.
FIG. 3 is a process flow diagram 300 illustrating installation, configuration and operation processes for the system l 0. Once installed and configured, it is understood that the system 10 is capable of operating in a continuous processing loop, including detecting call attributes and analyzing call activity while simultaneously performing appropriate actions in accordance with the rules in the defined security policy. There are, however, a number of processes that are first performed as part of the installation .and configuration ofthe system 10 within an enterprise or one or more of its locations-Step 302 refers to the process of system installation and hardware configuration, discussed below with respect to FIG. 4 and hI(is. SA-SB. Step 304 refers to the process of system line map discovery and configuration, discussed below with reference to FIGS. 6A
and 6B. Step 306 refers to user list and group list configuration, discussed below with reference to FIG. 7. Step 308 refers to security policy configuration, discussed below with reference to FIG. 8A. Steps 310-320 refer fo the process of detecting call attributes and analyzing call activity, whereupon actions are taken for each call according to the security policy, discussed below and in filrther detail laterwith reference to FIGS. 9A and 9B.
In FIG. 3, the process ofcall detecting and analyzing call activity begins in step 310. For each station 14 connected by an extension 20 through the device 12, the device 12 will capture and analyze call-activity, then consolidate and report details of the activity for further processing.
An aspect ofthis process involves the ability ofthe device 12 to distinguish between fax, modem, and voice call-types. Algorithms for call-type distinction are utilized that, in one implementation, distinguish the call-type based upon spec:iral analysis associated with typical fax and other data transmission protocols. Further analysis of call activity involves the ability ofthe device 12 to detect keywords in call content via speech recognition or demodulated modem/fax data.
While not shown, it is understood that the "Action Policy" 3 I 2 and the "Event Policy" 3 I 8 are aspects of the overall security policy as discussed previously. In step 312, an "Action Policy"
determines what action to take for a particular call, depending upon attributes of the call as I 0 determined in step 310. The rule-set for the "Action Policy" in step 3 I 2 may be determined and programmed to meet the security needs ofthe enterprise, which may include allowing the call, denying the call, or performing some other specific action such as redirecting the call or recording the call (step 316). In step 314, a denied call is terminated ("Hang Up Call"). Policy may also dictate that an event is logged (step 320) and what detail the log entry should include. While not 15 shown, it is understood that there will be different levels of log entries, ranging from very briefto verbose.
Example rule-sets for the "Action Policy" and the "Log Event Policy" are discussed below with reference to FIG. 8A.
Installation and hardware Configuration FIG. 4 illustrates the proce:;s 302 of system instal:fation and hardware configuration. In step 400, a cable concentrator (not shown) is installed to connect the device 12. Because the telephony access control device 12 is positioned in-line between the end-user stations 14 and the PSTN (or PBX), cabling must be routed to and from the telephony access control device 12 and the point of interconnection with the telephone network. In the case of a PBX
station-side implementation, 25-pair wire cables terminated with Amphenol connectors leading from the PBX .
would be re-routed to one side of an cable concentrator of a line sensor at point 22, while cables on the other side ofthe cable concentrator at point 22 would complete the original circuits by routing to their respective 66-type blocks ("punch-down blocks"). Switches, placed in-line for each wire-pair in the cable concentrator at point 22, are controlled by the telephony access control device 12, providing the capability for hanging up the call (for analog lines only). The combination ofthe cable concentrator (when required), and the associated switches and associated control logic (when required), and the associated control logic embodied in what is described as device 12 are collectively referred to herein as ~i line sensor.
In step 402, the remote management station 26 is set up, whereby a personal computer, meeting certain performance specifications, is acquired and configured with an operating system, booted, and made ready for operati on. In step 404, software required to operate the telephony access control device 12, including fcrr example defining amd maintaining the security policy, is installed onto the remote management station 26. Although not shown, it is understood that installation of control software may include writing firm watt: instructions for the associated switches and/or the associated control lc>gic for the line sensors as required.
In step 406, a process is performed that determines Amphenol connector pinouts so that the individual station extensions 20 are properly connected through the device 12 to the wire pairs from the PBX 16 or from the CO 11. The process uti lizes an automated (or partially automated) mechanism for determining the correct Amphenol pinout, described in more detail below.
In steps 408-414, the cable and pinout connections are tested and troubleshooting is performed until complete. Testing of connectivity may take place manually by a service technician, or automatically through a software: test algorithm, or a combination ofboth.
After installed, and with power off, the telephony acceas control device 12 should be transparent to the enterprise telecommunications system; i.e., :rll wire-pairs should be terminated at the same points as they were prior to the installation. Should the installation process alter this mapping in any way, a service technician will have to determine thc~ cause and correct it. Step 414 indicates the service technician has met these requirements.
Autornat:ed Amphenol Pinout Discovery FIGs. SA and SB illustrate the process 406 of automated Amphenol pinout discovery, in particular with reference to steps 500-522 (FIG. SA) and an example Amphenol connectorpinout (FIG. SB).
Line-side Amphenol connecaors (not shown) have different pinouts depending on both the manufacturer and the subscriber line interface card (SLIC) they are attached to. "Pinout" refers ZL
to the association of connector pins to lines. For example, line # I may only use pins l and 2, or as many as pins 1 through 6; then line #2 would use either only pins 3 and 4, or pins 7 through 12;
and so on. In the PBX environment, pinout designation is non-standard because, for example, pins normally intepded for line #2 might instead be used for "vo ice on hold" at the installer's disc.~retion;
the effect of which is that line #2 would actually use pins l3 through 18.
Installation of the device 12 is accompanied by a process for automatically determining card-types and manufacturers to help resolve this problem. One method, for example, is illustrated with reference to steps 5.00-522. Ln step 500, for each Arnphenol connector on the station-side ofthe PBX 16, line levels are sampled and digitized, providing a digital data stream to aprocessor (not shown) for each pin in the a:>nnector. This involves digitizing both analog and digital signal levels and presenting that information to a processor for reconstruction in digital form for analysis. -Step 502 determines the card-type by analyzing line levels and signatures associated with known types. Step 504 determines the system-type (manufacW rer) by analyzing signal patterns and distribution across all fifty pins associated with known types. In steps 506-508, ifthe card-type is digital, a deterrnination is made ofthe PCM-coding scheme employed by the PBX 16. In step 510, given the information gathered so far, the pinout for this particular Amphenol connector is determined, i.e., pin numbers are assigned to lines (wire-pairs). In steps S
12-522, for each line, it is determined whether the line is terminated with an end--user station (phone, fax, modem), or if the line is assigned to an auxiliary device such as "voice on hold", voice mail, or intercom.
FIG. SB is a table illustrating an example Amphenol connector pinout configuration for a srriall business serviced by a single "Company X" PBX and several direct analog lines for fax and 1?
dial-up. Notice that each end-user station uses 2 wire--pairs (4 wires) and that the office intercom system was wired into pins 45-48 on Amphenol connector J0. Another Amphenol connector J 1 was used to run the analog lines, ~°ach using only two pins per station.
Line Map Confieuration FIGs. 6A and 6B illustrate the process 304 of line map configuration, in particularwith reference to steps 600-624 (FIG. 6A), and an example line map (FIG. 6B).
After installation ofthe hardware and software, the system 10 must be configured to map individual stations 14 (station extensions 20) to their respective wire-pairs inside the PBX 16, as well as assign telephone numbers to direct connect lines that come directly from a central office 1 I .
I 0 From the Amphenol connector pinout determination previously made, for example, it is known that pins 5 through 8 map to line #2 in the PBX 16. A line map can then be generated that indicates the association of a particular line to a station's extension (e.g., line #2 in the PBX 16 is associated with station 14 having an extension number "6251 ").
Steps 600-624 describe example line mapping processes for the mapping ofports in the 15 PBX 16 to their respective end-user stations 14 (phone, fax, or modem), thereby generating a list of what PBX ports belong to what station numbers. Recognizing that the configuration is maintained by the PBX I 6 as well, it can be obtained from the PBX for use by the device 12, as described with re ference to steps 600-612. In the case of lines that are directly connected to the central office 1 l, the extension number must be identified and included in the line map as well.
Various methods are contemplated for obtaining this information, including aspects that can be automated with software.
In steps 618-620, an auto-dial process is utilized to determine the line map configuration whereby the device 12 sequentially dials a range of extensions, then detects and maps each telephone number to the station 14 that responded. For some analog lines, this process may be enhanced by trmlsmitting and dete cling sequences of out-of band signals that only the device 12 .
can recognize.
FIG. 6B is a table illustrating an example line map configuration for a small business serviced by one PBX. After acccasing the PBX and examining the punch-down blocks (not shown), an installer of the system 10 can create a 1 ine map for the system that might look like the table ofFIG. 6B. Note that intercom lines are not included in the line map since intercom lines are not a security concern.
User List and Grou~List Configuration Referring again to FIG. 3, after the line map is configured (step 304), a user list and group list configuration process is performed, as indicated in step 306.
Specifically, the user ofthe system 10 can, usingthe line map, create a list ofusers, aliases, and groups ofobjects, thereby facilitating ease of management.
The user list and group list configuration defines an authentication mechanism that associates users with privileges, thus controlling access to the system I 0 in the same manner that 1 r7 operating systems control access to resources. In addition, aliases can be created to associate meaningful names with inanimate objects, such as, in this particular case, telephone numbers; for example, it will be easier to work with an extension named "John" than to have to remember that extension 6251 is John's.
It is contemplated that the system 10 will make extensive use of groups, where objects of the same type can be collectively referred to by a meaningfiil alias. For example, the "Sales" group may consist of extensions pointed by the aliases "John," "Mary," "Robert," and all extensions in the range 6200 through 6500.
FIG. 7 ill ustrates an example group list configuration for the system 10.
After the line map is defined, a group list can be created using the information in the line map.
In this case, the stations are grouped according to office-department (sales and engineering) and by function (voice, fax, modem). Groups may overlap one another and even contain other groups entirely, as in the case of the "Voice-Only" goup that contains the entire "Sales" group as well as all extensions within the range 210-402-66XX.
Security Polic~Confi,~uration FIG. 8A illustrates details of an example security policy configuration for the system 10, as previously mentioned with respect to step 308 in F1G. 3.
Determining the security policy for the system 10 involves creating a set of rules, collectively referred to as a policy, that define what actions will be associated with particular groups of objects. For example, a rule might read "all outbound modem calls from the Engineering group, during the hours of Spm and Sam on any given day should be denied and logged."
Referring to FICi. 8A, an example security policy defines "Rules" that, based upon call attributes of "Source," "Destination," "Call-type (e.g., fax, modem, voice),"
"Date," and "Time,"
implement an "Action" (allow or deny the call) and a reporting function, "Track" (full spectrum from brief to verbose log entry).
In FIG. 8A, Rules 1-lU axe explained as follows:
Rule 1 This rule states "Any long distance calls between 8pm and 4am on the phones in the Voice-Q,~Iy group will be denied and an alert will be generated; notifying in real-time ofthe event". Note that the "1 *" in the "Destination" column means a " 1 " fo:llowed by any other number. This rule might be used to prevent unauthorized persons, such as cleaning crews, from placing long distance calls from a business during late evening hours.
Rule 2 This rule states "Allow all outbound voice calls from the phones in the Voice-Only group any time on any day, and then log the call". This rule will allow business as usual while logging the call for accounting purposes.
Rul a 3 This rule states "Allow all 'inbound voice calls to the phones in the Voice-Only group any time on any day, and then log the call". Again, this rule will allow business as usual while logging the call for accounting purposes.
S Rule 4 This rule states "Any call into the Voice-Only group that is not voice will be denied and an alert will be ,generated, notifying in real-time ofthe event". Note that the "!"proceeding "voice"
in the "Type" column means "NOT"; e.g., NOT voice. 'This rule might be used to alert security personnel to potential hacking attempts such as "war-dialing."
Rule S
This rule states "Allow all outbound faxes from the Fax group any time on any day, and then log the call". This rule will allow normal fax traffic while logging the call for accaunting purposes.
Rule 6 I S This rule states "Allow all inbound faxes to the F~uc group any time on any day, and then log the call". Again, this rule will allow normal fax traffic while logging the call for accounting purposes.
Rule 7 This rule states "Any outbound call from the Fax group that is not a fax will be denied and an alert will be generated, notifying [me] in real-time of the event". Note that the "!" proceeding "fax" in the "Type" column means "NOT"; e.g., NO'T fax. 'Chis rule might be used to alert security personnel to potential abuses of the fax lines, such as attempts to dial out using a modem ox simply using the line for a voice call.
Rule 8 This rule states "Only a modem from 680-8272 may dial into the phone named C.'04 (the lab dial-in modem line) and the call will be logged". T'his rule will lock down remote administration through a dial-up to the system administrator's home phone.
Rule 9 This rule states "Any call into the line named C:04 (the lab dial-in modem line;) will be denied and an alert will be generated, sending a real-time notification of the event". This rule might be used to alert a security administrator of unauthorized attempts to access the dial-in modem line.
1 S Rule 10 This catch-all rule states "Log all calls from anywhere to anywhere at any time of any day".
This rule is typically appended to log all denied calls that do not fit into any ofthe preceding rules.
At first glance, this rule seems counter-intuitive since it seems to deny any call from anywhere. This l9 is not the case. Each rule is evaluated in sequential order, exiting immediately after any one rule matches the criteria.
Security Polic~Enfor~cement FIG. 8B illustrates an example process flow 800 for implementing a security policy of the system 10.
In step 802 a determination is made as to whether the call is inbound or outbound. In step 804, for outbound calls the system sets the source equal to the line map, such that the extension from which the call is being made can be identified. The destination is set equal to the user-dialed digits, indicating that the line sensor or the device 12 will determine the destination number ofthe call. In step 806, for inbound calls the source is set equal to caller->D so that a caller identification device can determine the source of the inbound call. The destination is set equal to the line map so that the destination extension can be determined according to the line map.
As indicated in steps 808-822, a process loop is applied for each rule until an action is indicated for the current rule, as indicated- in step 818.
Referring now to both F'IGs. 8A and 8B, operation ofthe system 10 to enforce a security policy is now described with reference to an example call scenario.
In this example scenario, assume that a person unhooks a fax line at an enterprise during the evening hours and attempts to dial out with a modem for the purpose of sending proprietary information outside the enterprise network (e.g., to a competitor). First, the fax machine is unplugged, a modem is plugged in, and the user dials out from 402-7002 to a local ISP at 353-0005. The device 12 detects the call, determines that the call-type is a modem, collects call attributes into a record and applies the rules in F1G. 8A:
Rule I: The source number is not in the Voice-Only group, so skip to rule 2.
Rule 2: The source number is not in the Voice-Only group, so skip to 3:
Rule 3: The source number matches, but destination number is not in the Voice-Only group, so skip to 4.
Rule 4: The source number matches but not the destination, so skip to 5.
Rule 5: The source number is in the Fax group, and fhe destination matches, but the call-type is modem (not fax), so skip to 6.
Rule 6: The souice number matches but destination is not in the Fax group, so skip to 7.
Rule 7: The source number matches, destination number matches, call-type is not fax, and the date and time match (any), so DENY the call, log it, and ALERT the security administrator of the attempted breach. At this point the process is done, and execution proceeds to handle the next call. If an event does not rriatch any rule, it optionally may then be handled by a user-configurable "catch-all" rule.
Rules are evaluated for an event in sequential order until either one is met, or no rules meet the call attributes. The call attributes in this case can include, but is not limited to, any boolean combination (AND, OR, NOT) of the following: ( 1 ) source telephone number, numbers, or mask (e.g., 210-402-~ where the source number is the number ofthe party initiating the call; i.e., the extension assigned to a station for outbound calls, or the number extracted from caller-m (or any other means) for inbound calls; (2) destination telephone number, numbers, or mask where the destination number is the number of the party receiving the call; i.e., the extension assigned to a station for inbound calls, or the number dialed (DTMF decoded or by any other means) for outbound calls; (3) type of call, defined as either fax, modem, or voice; (4) date of call, de:fmed as specific dates, ranges of dates, day(s)-of week, or any combination thereof;
(5) time of call, defined as specific times, ranges of times, time(s)-of day, or any Eombination thereof; (6) keywords detected in call content; and (7) duration of the call (in seconds).
Detection and Anal sW~s of Call Activity FIGS. 9A and 9B illustrate details of an example process for detecting call attributes and analyzing call activity, as previously mentioned with respect to step 310 in FIG. 3 Steps 900-924 illustrate that for each station under control ofthe device 12, the system 10 will capture call attributes such as station extension identification;
inbound caller-)D infozmation (when available); outbound number dialed; call type (i.e., fax, modem, or voice); call content such as keywords detected via speech recognition or demodulated modem and/or fax data; time and date stamp; and call duration; and analyze call-activity, then consolidate and report details ofthe 1 S activity for further processing.
An aspect of the process involves the distinction between fax, modem, and voice call-types, whereby "fax," "modem," and "voice" call-types are assigned to each call (steps 910, 914, 916) by capturing and analyzing the call handshake signals (step 906), in the case of both inbound and outbound calls. Ifrequired by the rule (steps 911 and 915), the process may fiuther involve monitoring call content to detect keywords via speech recognition or demodulation ofmodem/fax data (steps 913 and 917). A call-event record is created (step 918) which is then utilized in implementing the security policy.
It is understood that the present invention can take many forms and embodiments. The embodiments shown herein are intended to illustrate rather than to limit the invention, it being appreciated that variations may be made without departing from the spirit of the scope of the invention. For example, any number of different rule criteria for the security policy may be defined.
Different attribute descriptions and rule descriptions are contemplated. The algorithms and process functions performed by the system may be organized into any number of different modules or computer programs for operati on on one or more processors or workstations within the system.
Different configurations of computers and processors for the system are contemplated. As previously indicated, the functions of the device 12 may be implemented on the tmnk-side ofthe PBX at point 24, on the station-side of the PBX at point 22, on direct connect I roes at point 18, or in any combination thereof: The device 12 may be complemented with a computer telephony integration (CT17 interfaces) to specific PBXs. In this alternate embodiment ofthe invention, the 1 S device 12 may issue commands to the PBX 16 (via the CTI interface), for the PBX to perform designated actions on the call. Additionally, the PBX 16 may provide designated call attri butes to the device 12 (via the CTI interface), for use in applying the security rule-set to the call. Action commands issued to, and call attributes provided by the PBX are in accordance with the rule-set and within PBX capabilities. Tlae programs used to implement the methods and processes of the system may be implemented in any appropriate progr~rnlming lanbwage and nm in cooperation with any hardware device. The system may be used for enterprises as small as a private home or business with just a few phone lines as well as for large enterprises with multiple PBX locations around the world, interconnected in one or more private networks or virtual, private networks. In the case where multiple extensions are involved, it is understood that the extensions may be PBX
extensions or direct line extensions_ Although illustrative embodiments of the invention have been shown and described, a wide range of modification; change and substitution is intended in the foregoing disclosure and in some instances some features of the present invention may be employed without a corresponding use of the other features. Accordingly, it is appropriate that the appended claims be construed broadly and in a manner consistent with the scope of the invention.
Claims (103)
- The embodiments of the invention in which an exclusive property or privilege is claimed are defined as follows:
A telephony security system for controlling and logging incoming and outgoing calls between end-user stations within an enterprise at one or more of its locations and their respective circuits into a Public Switched Telephone Network (PSTN), said system comprising:
a database controlled by system administrators at one or more enterprise locations containing security rules including the action of permitting or denying an incoming or an outgoing call for each of the end-user stations, said security rules specifying actions to be taken based upon at least one designated attribute of the call on the line, wherein said at least one attribute is determined within the enterprise; and a line sensor within the enterprise for periodically determining a call-type of the call, wherein said line sensor includes means for determining at least one attribute of each call present on the line and for performing actions on selected calls based upon said at least one attribute of the call, in accordance with said security rules and wherein the line sensor senses both incoming and outgoing calls and does not interrupt the calls unless specified in said security rules. - 2. The system of claim 1, wherein other attributes of calls sensed by the system include at least one from the group consisting of call type, call content, call date, call time, call duration (in seconds), line identification, inbound number, and outbound number dialed.
- 3. The system of claim 1, wherein said security rules specify additional actions that include one or more of the following: redirect the call, log the call, record the call content, monitor call content for keywords, generate a report, or provide an alert, whereby options for said alert may include one or more of the following:
electronic mail notification, pager dialing, console messaging, or via a Simple Network Management Protocol (SNMP) trap. - 4. The system as defined in claim 3, wherein said generated report includes post event analysis or batch analysis.
- 5. The system as defined in claim 3, wherein said action of content monitoring includes detecting keywords via speech recognition or demodulated data.
- 6. The telephony security system as defined in claim 1, wherein said line sensor is programmed at the line sensor or programmed from a remote management station.
- 7. A method of telephony security for an enterprise for controlling and logging incoming and outgoing calls between end-user stations at one or more enterprise locations and their respective circuits into a Public Switched Telephone Network (PSTN), said method comprising the steps of:
defining security rules by a system administrator at one or more enterprise locations for each of the end-user stations which include the action of permitting or denying an incoming or outgoing call, said rules specifying actions to be taken based upon at least one designated attribute of the call on the line and contained in a database;
detecting and sensing calls on the line to determine at least one attribute of each call present on the line, wherein said at least one attribute of the call detected and sensed periodically by the system is whether the call-type is voice, fax, data (modem), and wherein said detecting and sensing occurs at one or more of the enterprise locations for both incoming and outgoing calls and does not interrupt the call unless specified in said security rules; and performing actions on selected calls based upon their the determined at least one attribute, in accordance with said security rules defined for those end-user stations. - 8. The method of claim 7, wherein other sensed attributes of calls sensed by the system include one or more of call content, call date, call time, call duration (in seconds), line identification, inbound number, and outbound number dialed.
- 9. The method of claim 7, wherein said security rules specify additional actions that include one or more of the following:
redirect the call, record the call content, monitor the call content for keywords, log the call, generate a report, or provide an alert. - 10. The method as defined in claim 9, wherein said additional action of monitoring the call content for keywords includes detecting keywords via speech recognition or demodulated data.
- 11. A telephony security system for controlling incoming and outgoing calls between a plurality of end-user stations in one or more enterprise locations and a plurality of respective circuits into a Public Switched Telephone Network (PSTN), said system comprising:
a database controlled by system administrators at one or more enterprise locations containing security rules for the plurality of end-user stations which include the action of permitting or denying an incoming or an outgoing call, said security rules specifying actions to be taken based upon at least one attribute designated of a call on each of the lines, wherein said at least one attribute is determined within the enterprise;
a line sensor within the enterprise for periodically determining a call-type of the call present on the line, wherein said line sensor includes determining at least one attribute of each call present on the line and wherein said line sensor does not interrupt the incoming and outgoing calls unless specified in said security rules; and means for performing actions on selected calls based upon the determined at least one attribute of the call, in accordance with said security rules, and wherein said actions are performed within the enterprise. - 12. The system of claim 11, wherein said line sensor includes the means for performing actions on selected calls.
- 13. The system of claim 11, wherein other attributes of calls sensed by the system include at least one from the group consisting of:
call content, call date, call time, call duration (in seconds), line identification, inbound number, and outbound number dialed. - 14. The system of claim 11, further including a remote management station containing said database, said remote management station being utilized for downloading said database to said line sensor.
- 15. The system of claim 11, wherein said security rules specify additional actions that include one or more of the following: redirect the call, record the call content, monitor the call content for keywords, log the call, generate a report or provide an alert.
- 16. The system as defined in claim 15, wherein said additional action of monitoring the call content for keywords includes detecting keywords via speech recognition or demodulated data.
- 17. The system of claim 11, further including a remote log server utilized to log all attempted access to or from each of the lines and any actions taken on each of the lines.
- 18. The system of claim 11, wherein the telephone security system exists on the enterprise side of a local telephony company's central office.
- 19. The system of claim 11, wherein said line sensor exists between the end-user station and a local telephony company's central office.
- 20. The system of claim 11, further including a private branch exchange (PBX) and wherein said line sensor exists between said PBX and a local telephony company's central office.
- 21. The system of claim 11, further including a private branch exchange (PBX) and wherein said line sensor exists between said PBX and the end-user station.
- 22. The system of claim 11, whereby options for said alert may include one or more of the following: electronic mail notification, pager dialing, console messaging, or via a Simple Network Management Protocol (SNMP) trap notification of a call.
- 23. The telephony security system as defined in claim 11, wherein said line sensor is programmed at the line sensor or programmed from a remote management station.
- 24. A security apparatus for controlling and monitoring access to the telephony resources of an enterprise, said security apparatus comprising:
a microprocessor controlled telephony access control device;
said microprocessor controlled telephony access control device connected between a public switched telephone network and the end-user stations in an enterprise, said end-user stations including voice capability, fax capability, and data transfer capability;
a set of security rules contained within said microprocessor controlled telephony access control device;
means for periodically determining if an incoming call or an outgoing call is a voice, fax, or data transfer call contained within said microprocessor controlled telephony access control device and for determining at least one attribute of each call present on the line and wherein said access control device does not interrupt the incoming and outgoing calls unless specified in said security rules;
means for applying said set of security rules based on the end-user station to which an incoming call is directed or from which an outgoing call has been initiated;
means for denying incoming calls or denying outgoing calls based on whether said incoming or outgoing call is a voice, fax, or data transfer call and the extension to which said incoming call is directed or from which said outgoing call has been initiated. - 25. The security apparatus as defined in claim 24, wherein said microprocessor controlled telephony access control device includes one or more functionalities selected from a group including: call progress monitoring, caller identification, automatic number identification, digital line protocol reception, decoding, demodulation, speech recognition, pulse dial detection, tone detection, call interrupt circuitry, and access control logic.
- 26. The security apparatus as defined in claim 24, further including a line sensor for providing input to said microprocessor controlled telephony access control device.
- 27. The security apparatus as defined in claim 26, wherein said line sensor is programmed at the line sensor or programmed from a remote management station.
- 28. The security apparatus as defined in claim 24, wherein said microprocessor controlled telephony access control device captures one or more call attributes selected from a group including: line identification, inbound caller identification information, outbound number dialed, call type, keywords in call content, date of call, time of call, and duration of call.
- 29. The security apparatus as defined in claim 24, wherein said security rules define one or more actions selected from a group including: redirecting the call, recording the call, content monitoring the call content for keywords, reporting a call or batch of calls, logging a call, providing an alert.
- 30. The security apparatus as defined in claim 29, wherein said microprocessor controlled telephony access control device is connected to a management station for consolidation, management, display, or printing of one or more of the following: call logs, recorded content, or call-event record, or programming said security rules into said microprocessor controlled telephony access control device.
- 31. The security apparatus as defined in claim 29, wherein said call log designates one or more of the following: line, call number, call direction, call type, call content, date and time of call, call duration, call event description.
- 32. The security apparatus as defined in claim 29, wherein said report includes post event analysis or batch analysis.
- 33. The security apparatus as defined in claim 29, wherein content monitoring the call for keywords includes detecting keywords via speech recognition or demodulated data.
- 34. The security apparatus as defined in claim 29, wherein said action of providing an alert includes one or more of the following: email notification of a call, pager notification, console messaging notification, or a Simple Network Management Protocol (SNMP) trap notification of a call.
- 35. The security apparatus as defined in claim 24, wherein one or more of said security rules are selected from a group including:
no data transfer calls permitted on designated fax lines;
no modem calls permitted on designated fax lines;
no modem calls permitted during the designated time period; and no outbound calls permitted to a certain destination identified by a designated digital sequence;
no long distance calls permitted during a designated time period; and no modem calls permitted from non-designated sources. - 36. The security apparatus as defined in claim 35, wherein modem calls from non-designated sources are denied or reported on their first use.
- 37. The security apparatus as defined in claim 35, wherein said destination identified by a designated digital sequence is a Numbering Plan Area (NPA) code.
- 38. The security apparatus as defined in claim 24, further including a remote log server utilized to log all attempted access to or from each of the lines and any actions taken on each of the lines.
- 39. A method for controlling and monitoring access to the telephony resources of an enterprise at one or more of its locations through a public switched telephone network, said method comprising the steps of:
connecting a microprocessor controlled telephony access control device between the publicly switched telephone network and the telephony lines in one or more enterprise locations, said telephony lines including voice, fax, and data transfer capabilities;
including a database of security rules within said microprocessor controlled telephony access control device;
periodically determining if an incoming call is a voice, fax, or a data transfer call and determining at least one attribute of the call present on the line and wherein said access control device does not interrupt the incoming and outgoing calls unless specified in said security rules;
applying said security rules based on the extension to which an incoming call is directed or from which an outgoing call has been initiated;
permitting or denying incoming calls based on whether said incoming call is a voice, fax, or data transfer call and the extension to which said incoming call is directed; or permitting or denying outgoing calls based on whether said outgoing call is a voice, fax, or data transfer call and the extension from which said outgoing call has been initiated. - 40. The method as defined in claim 39, further including the step of capturing one or more call attributes selected from a group including: line identification, inbound caller identification information, outbound number dialed, keywords in call content, date of call, time of call, and duration of call.
- 41. The method as defined in claim 39, wherein said security rules define one or more actions selected from a group including: redirect the call, record the call content, monitor call content for keywords, log the call, generate a report of the call, or provide an alert.
- 42. The method as defined in claim 41, further including connecting said microprocessor controlled telephony access control device to a management station for consolidation, management, display, or printing of one or more of the following: call logs, recorded call content, call-event record, and programming said security rules into said microprocessor controlled telephony access control device.
- 43. The method as defined in claim 41, wherein said call log designates one or more of the following: line identification, call number, call direction, call type, call content, date and time of call, call-event description.
- 44. The method as defined in claim 41, wherein said report includes post event analysis or batch analysis.
- 45. The method as defined in claim 41, wherein said action of monitoring call content for keywords includes detecting keywords via speech recognition or demodulated data.
- 46. The method as defined in claim 41, wherein said action of provide an alert includes providing email notification of a call, pager notification of a call, console messaging, or a Simple Network Management Protocol (SNMP) trap notification of a call.
- 47. The method as defined in claim 39, wherein one or more of said security rules are selected from a group including:
no data transfer calls permitted on designated fax lines;
no modem calls permitted on designated fax lines;
no modem calls permitted during a designated time period;
no outbound calls permitted to a certain destination identified by a designated digital sequence;
no long distance calls permitted during a designated time period; and no modem calls permitted from non-designated sources. - 48. The method as defined in claim 47, wherein modem calls from non-designated sources are denied or reported on their first use.
- 49. The method as defined in claim 47, wherein said destination identified by a designated digital sequence is a Numbering Plan Area (NPA) code.
- 50. A system for monitoring and logging access to the telephony resources of an enterprise at one or more of its locations, said system comprising:
an access control device constructed and arranged to be connected in-line between a plurality of telephony end-user stations at one or more enterprise locations and the connections to a public switched telephone network;
said plurality of telephony end-user stations including voice telephones, fax machines, and data transfer devices;
said access control device including a set of rules to be applied to all incoming and outgoing calls passing through said access control device;
said access control device further including means for periodically determining if an incoming call or an outgoing call is a voice, fax, or data transfer call;
whereby said access control device will detect and analyze at least one predetermined attribute of each call present on the line and wherein said access control device does not interrupt the incoming and outgoing calls unless specified in said set of rules. - 51. The system as defined in claim 50, further including a line sensor for providing input to said access control device.
- 52. The system as defined in claim 51, wherein said line sensor is programmed at the line sensor or programmed from a remote management station.
- 53. The system as defined in claim 50, wherein said access control device captures one or more call attributes selected from a group including: call-type, line identification, inbound caller identification information, outbound number dialed, keywords via speech recognition or demodulated fax/modem data, date of call, time of call, and duration of call.
- 54. The system as defined in claim 50, wherein said analysis of call attributes generates one or more actions selected from a group including reporting a call, redirecting a call, monitoring call content, recording call content, logging a call, providing e-mail notification of a call, and providing an alert.
- 55. The system as defined in claim 54, wherein said access control device is connected to a management station for consolidation, management, display, or printing of call logs, recorded call content, or a call-event record, or programming said security rules into said access control device.
- 56. The system as defined in claim 54, wherein said call log designates one or more of the following: line identification, call number, call direction, call type, date and time of call, call description.
- 57. The system as defined in claim 54, wherein said report includes post event analysis or batch analysis.
- 58. The system as defined in claim 54, wherein said monitoring call content includes detecting keywords via speech recognition or demodulated data.
- 59. The system as defined in claim 54, further including the action of providing an alert by: email notification of a call, pager notification of a call, console message notification of a call, or a Simple Network Management Protocol (SNMP) trap notification of a call.
- 60. The system as defined in claim 50, wherein one or more of said analysis rules are selected from a group including:
logging data transfer calls attempted on designated fax lines;
logging modern calls attempted on designated fax lines;
logging modem calls attempted during a designated time period;
logging outbound calls attempted to a certain destination identified by a designated digital sequence;
logging long distance calls attempted during a designated time period; and logging modem calls attempted from non-designated sources. - 61. The system as defined in claim 60, wherein modem calls from non-designated sources are denied or reported on their first use.
- 62. The system as defined in claim 60, wherein said destination identified by a designated digital sequence is a Numbering Plan Area (NPA) code.
- 63. The system as defined in claim 50, further including a remote log server utilized to log all attempted access to or from each of the lines and any actions taken on each of the lines.
- 64. An enterprise telephony system connected to a Public Switched Telephone Network (PSTN) comprising:
at least one private branch exchange (PBX) connected to the PSTN;
a plurality of telephony end-user stations connected either to said at least one PBX or directly to the PSTN;
said plurality of telephony end-user stations including voice telephones, fax machines, and data transfer devices;
a security system for monitoring, controlling, and logging access to the telephony resources of an enterprise at one or more of its locations, said security system including:
an access control device constructed and arranged to be connected in-line between said plurality of telephony end-user stations at one or more enterprise locations and said connections to said PSTN or said at least one PBX;
said access control device including a set of security rules to be applied to all incoming and outgoing calls passing through said access control device;
said access control device further including means for periodically determining if an incoming call or an outgoing call is a voice, fax or data transfer call and for determining at least one attribute of each call present on the line and wherein said access control device does not interrupt the incoming and outgoing calls unless specified in said security rule;
whereby said access control device will either permit or deny all incoming calls or permit or deny all outgoing calls based on the extension to which said incoming call is directed or from which extension said outgoing call is initiated, a determination of said incoming or said outgoing call is a voice, fax, or data transfer call, and an application of said security rules to said incoming or said outgoing call. - 65. The enterprise telephony system as defined in claim 64, wherein said access control device is connected to the enterprise telephone system by a line sensor, said line sensor being placed between said PBX and the PSTN.
- 66. The enterprise telephony system as defined in claim 65, wherein said line sensor is programmed at the line sensor or programmed from a remote management station.
- 67. The enterprise telephony system as defined in claim 64, wherein said access control device is connected to the enterprise telephone system by a line sensor, said line sensor being placed between said PBX and said access control device.
- 68. The enterprise telephony system as defined in claim 64, wherein said access control device is connected to the enterprise telephone system by a line sensor, said line sensor being placed between said PSTN and said access control device.
- 69. The enterprise telephony system as defined in claim 64, wherein said access control device captures one or more call attributes selected from a group including: end-user station identification, inbound caller identification information, outbound number dialed, keywords via speech recognition or demodulation fax/modem data, date of call, time of call, and duration of call.
- 70. The enterprise telephony system as defined in claim 64, wherein said security rules define one or more actions selected from a group including: monitoring call content, recording call content, redirecting a call, reporting a call, logging a call, providing e-mail notification of a call, and providing an alert.
- 71. The enterprise telephony system as defined in claim 70, wherein said access control device is connected to a management station for consolidation, management, display, or printing of call logs, recorded call content or a call-event record, and programming said security rules into said access control device.
- 72. The enterprise telephony system as defined in claim 70, wherein said call log designates one or more of the following: line identification, call number, call content, call direction, call-type, date and time of call, call duration and call description.
- 73. The enterprise telephony system as defined in claim 70, wherein said report includes post event or batch analysis.
- 74. The enterprise telephony system as defined in claim 70, wherein said action of monitoring call content includes detecting keywords via speech recognition or demodulated data.
- 75. The enterprise telephony system as defined in claim 70, further including the action of providing an alert by pager notification of a call, providing console message notification of a call, providing a Simple Network Management Protocol (SNMP) trap notification of a call.
- 76. The enterprise telephony system as defined in claim 64, wherein one or more of said security rules are selected from a group including:
no data transfer calls permitted on designated voice lines;
no modem calls permitted on designated voice lines;
no modem calls permitted during a designated time period;
no outbound calls are permitted to a certain destination identified by a designated digital sequence;
no long distance calls permitted during a designated time period; and no modem calls permitted from non-designated sources. - 77. The enterprise telephony system as defined in claim 76, wherein modem calls from non-designated sources are denied or reported on their first use.
- 78. The enterprise telephony system as defined in claim 76, wherein said destination identified by a designated digital sequence is a Numbering Plan Area (NPA) code.
- 79. The enterprise telephony system as defined in claim 64, wherein said access control device is complemented with computer telephony integration to said PBX.
- 80. The enterprise telephony system as defined in claim 64, further including a remote log server utilized to log all attempted access to or from each of the lines and any actions taken on each of the lines.
- 81. A telephony system for controlling and logging incoming and outgoing calls between end-user stations within an enterprise at one or more of its locations and their respective circuits into a Public Switched Telephone Network (PSTN), said system comprising:
a database controlled by system administrators at one or more enterprise locations containing security rules including the action of permitting or denying an incoming or an outgoing call for each of the end-user stations, said security rules specifying actions to be taken based upon at least one designated call attribute on the line, wherein said at least one call attribute is determined within the enterprise;
a line sensor within the enterprise for periodically determining the call type and for determining at least one call attribute of each call present on the line and for performing actions on selected calls based upon said at least one call attribute in accordance with said security rules and wherein the line sensor senses both incoming and outgoing calls and does not interrupt the calls unless specified in said security rules. - 82. The telephony system as defined in claim 81, wherein said line sensor is programmed at the line sensor or programmed from a remote management station.
- 83. The telephony system as defined in claim 81, wherein said line sensor captures said call attributes.
- 84. An enterprise telephony system including a plurality of telephony end-user stations, said plurality of telephony end-user stations including voice telephones, fax machines, and data transfer devices, said enterprise telephony system being connected to a Public Switch Telephone Network (PSTN) and comprising:
a private branch exchange (PBX) connected to the PSTN;
said PBX being connected to said plurality of telephony end-user stations;
a security system for monitoring, controlling, and logging access to the plurality of telephony end-user stations of the enterprise at one or more of its locations, said security system including:
an access control device constructed and arranged to be connected in-line between said plurality of telephony end-user stations at one or more enterprise locations, and said connections to the PSTN or said PBX;
said access control device including set of security rules to be applied to all incoming and outgoing calls passing through said access control device;
said access control device further including means for periodically determining if an incoming call or an outgoing call is a voice, fax, or data transfer call and for determining at least one attribute of each call present on the line and wherein said access control device does not interrupt the incoming and outgoing calls unless specified in said security rules;
whereby said access control device will either permit or deny all incoming calls or permit or deny outgoing calls based on the extension to which said incoming call is directed or from which extension said outgoing call is initiated, a determination of said incoming or said outgoing call is a voice, fax, or data transfer call, and an application of said security rules to said incoming or said outgoing call. - 85. The enterprise telephony system as defined in claim 84, wherein said access control device is connected to the enterprise telephony system by a line sensor, said line sensor being placed between said PBX and the PSTN.
- 86. The enterprise telephony system as defined in claim 84, wherein said access control device is connected to the enterprise telephony system by a line sensor, said line sensor being placed between said PBX and said access control device.
- 87. The enterprise telephony system as defined in claim 84, wherein said access control device is connected to the enterprise telephony system by a line sensor, said line sensor being placed between said PSTN and said access control device.
- 88. The enterprise telephony system as defined in claim 84, wherein said access control device captures one or more call attributes selected from a group including: line identification, inbound caller identification information, outbound number dialed, keywords via speech recognition or demodulated data, fax/modem data, date of call, time of call, and duration of call.
- 89. The enterprise telephony system as defined in claim 84, wherein said security rules define one or more actions selected from a group including: monitoring call content, recording call content, redirecting a call, reporting a call, logging a call, and providing an alert.
- 90. The enterprise telephony system as defined in claim 89, wherein said action of providing an alert includes providing pager notification of a call, providing console message notification of a call, providing a Simple Network Management Protocol trap notification of a call.
- 91. The enterprise telephony system as defined in claim 89, wherein said access control device is connected to a management station for consolidation, management, display, or printing of call logs, recorded call content or a call event record, or programming said security rules into said access control device.
- 92. The enterprise telephony system as defined in claim 89, wherein said call log designates one or more of the following: line identification, call number, call content, call direction, call-type, date and time of call, call duration, and call description.
- 93. The enterprise telephony system as defined in claim 89, wherein said report includes post event or batch analysis.
- 94. The enterprise telephony system as defined in claim 84, wherein one or more of said security rules are selected from a group including:
no data transfer calls permitted on designated fax lines;
no modem calls permitted on designated fax lines;
no modem calls permitted during a designated time period;
no outbound calls are permitted to a certain destination identified by a designated digital sequence;
no long distance calls permitted during a designated time period; and no modem calls permitted from non-designated sources. - 95. The enterprise telephony system as defined in claim 94, wherein said destination identified by a designated digital sequence is a Numbering Plan Area code.
- 96. The enterprise telephony system as defined in claim 84, wherein said access control device is complemented with computer telephony integration to said PBX.
- 97. A security breach alert system located in the connections between the end-user stations and the PBX of an enterprise or between the PBX of an enterprise and a Public Switched Telephone Network, to enable said security breach alert system to monitor both incoming and outgoing telecommunications directed to or originating from an enterprise, said security breach alert system comprising:
an access control device located in the connections between the end-user stations and the PBX of an enterprise or between the PBX of the enterprise and the Public Switched Telephone Network;
said access control device including a set of security rules defining one or more actions to be applied to the incoming and outgoing calls passing through said access control device wherein said one or more actions are based on the one or more designated attributes of the incoming and outgoing calls passing through said access control device;
a computer telephony integration device, said computer telephony integration device being constructed and arranged for connection between said access control device and the PBX of the enterprise;
whereby said one or more actions to be applied to said incoming and outgoing calls according to said set of security rules originate with said access control device and are passed to said computer telephony integration device for execution at the PBX
of the enterprise;
wherein said access control device includes means for periodically determining if an incoming call or an outgoing call is a voice, fax, or data transfer call and for determining at least one attribute of each call present on the line and wherein said access control device does not interrupt the incoming and outgoing calls unless specified in said security rules. - 98. The system as defined in claim 97, wherein said one or more actions are selected from a group including: allowing a call, denying a call, reporting a call, redirecting a call, monitoring call content, recording call content, logging a call, and providing an alert.
- 99. The system as defined in claim 97, wherein said one or more attributes are selected from a group including: call-type, station extension identification, inbound caller identification, outbound number dialed, keywords in call content, date of call, time of call, and duration of call.
- 100. The system as defined in claim 97, wherein said access control device is connected to a management station located nearby or at a very remote distance therefrom within the enterprise for consolidation, management, display or printing of call logs, recorded call content or reports, and programming said security rules into said access control device.
- 101. The system as defined in claim 97, wherein one or more of said security rules are selected from a group including:
no data transfer calls permitted on designated fax lines;
no modem calls permitted on designated fax lines;
no modem calls permitted during a designated time period;
no outbound calls permitted to a certain destination identified by a predetermined numerical sequence;
no long distance calls permitted during a designated time period; and no modem calls permitted from non-designated sources. - 102. The system as defined in claim 97, wherein said security rules are programmed into said access control device at said access control device or from the management station located nearby or at a very remote distance therefrom within the enterprise.
- 103. The system as defined in claim 97, whereby said one or more attributes of said incoming and outgoing calls originate from said PBX and are passed from said computer telephony integration device to said access control device for selecting said one or more actions to be applied to said incoming and outgoing calls according to said set of security rules.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/210,347 US6249575B1 (en) | 1998-12-11 | 1998-12-11 | Telephony security system |
US09/210,347 | 1998-12-11 | ||
PCT/US1999/022183 WO2000035172A1 (en) | 1998-12-11 | 1999-09-23 | Telephony security system |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2354149A1 CA2354149A1 (en) | 2000-06-15 |
CA2354149C true CA2354149C (en) | 2004-12-07 |
Family
ID=22782551
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002354149A Expired - Lifetime CA2354149C (en) | 1998-12-11 | 1999-09-23 | Telephony security system |
Country Status (7)
Country | Link |
---|---|
US (4) | US6249575B1 (en) |
EP (1) | EP1138144A4 (en) |
JP (1) | JP2002532967A (en) |
KR (1) | KR20010101174A (en) |
AU (1) | AU6161699A (en) |
CA (1) | CA2354149C (en) |
WO (1) | WO2000035172A1 (en) |
Families Citing this family (117)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6778651B1 (en) | 1997-04-03 | 2004-08-17 | Southwestern Bell Telephone Company | Apparatus and method for facilitating service management of communications services in a communications network |
US20010048738A1 (en) | 1997-04-03 | 2001-12-06 | Sbc Technology Resourses, Inc. | Profile management system including user interface for accessing and maintaining profile data of user subscribed telephony services |
US6574321B1 (en) | 1997-05-08 | 2003-06-03 | Sentry Telecom Systems Inc. | Apparatus and method for management of policies on the usage of telecommunications services |
JP3048995B2 (en) * | 1998-01-05 | 2000-06-05 | 静岡日本電気株式会社 | Radio selective call receiver |
US6647099B1 (en) * | 1998-06-08 | 2003-11-11 | Hewlett-Packard Development Company, L.P. | Administrative control and security of modems |
US20030120775A1 (en) * | 1998-06-15 | 2003-06-26 | Compaq Computer Corporation | Method and apparatus for sending address in the message for an e-mail notification action to facilitate remote management of network devices |
US6700964B2 (en) * | 2001-07-23 | 2004-03-02 | Securelogix Corporation | Encapsulation, compression and encryption of PCM data |
US6879671B2 (en) * | 2003-08-27 | 2005-04-12 | Securelogix Corporation | Virtual private switched telecommunications network |
US6760420B2 (en) * | 2000-06-14 | 2004-07-06 | Securelogix Corporation | Telephony security system |
US7133511B2 (en) * | 1998-12-11 | 2006-11-07 | Securelogix Corporation | Telephony security system |
US20050025302A1 (en) * | 2002-07-23 | 2005-02-03 | Greg Schmid | Virtual private switched telecommunications network |
US6891940B1 (en) * | 2000-07-19 | 2005-05-10 | Sbc Technology Resources, Inc. | System and method for providing remote access to telecommunications services |
US6463292B1 (en) * | 1999-06-04 | 2002-10-08 | Lucent Technologies Inc. | System and method for redirecting data messages |
US6493355B1 (en) * | 1999-09-27 | 2002-12-10 | Conexant Systems, Inc. | Method and apparatus for the flexible use of speech coding in a data communication network |
US6671357B1 (en) * | 1999-12-01 | 2003-12-30 | Bellsouth Intellectual Property Corporation | Apparatus and method for interrupting data transmissions |
US20040073617A1 (en) | 2000-06-19 | 2004-04-15 | Milliken Walter Clark | Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail |
US7184538B1 (en) * | 2000-06-30 | 2007-02-27 | Verizon Services Corp. | Method of and apparatus for mediating common channel signaling message between networks using control message templates |
US7224686B1 (en) | 2000-06-30 | 2007-05-29 | Verizon Services Corp. | Method of and apparatus for mediating common channel signaling messages between networks using a pseudo-switch |
US7218613B1 (en) | 2000-06-30 | 2007-05-15 | Verizon Services Corp | Method and apparatus for in context mediating common channel signaling messages between networks |
US7360090B1 (en) | 2000-06-30 | 2008-04-15 | Verizon Services Corp. | Method of and apparatus for authenticating control messages in a signaling network |
US7363100B2 (en) * | 2000-08-03 | 2008-04-22 | Nordson Corporation | Material application system with remote access |
US8150013B2 (en) * | 2000-11-10 | 2012-04-03 | Securelogix Corporation | Telephony security system |
US7155001B2 (en) | 2001-10-24 | 2006-12-26 | Sbc Properties, L.P. | System and method for restricting and monitoring telephone calls |
US6775358B1 (en) * | 2001-05-17 | 2004-08-10 | Oracle Cable, Inc. | Method and system for enhanced interactive playback of audio content to telephone callers |
US20030031311A1 (en) * | 2001-06-26 | 2003-02-13 | Menesses Larry Louis | System and method for blocking data transmissions |
US7039732B1 (en) * | 2001-07-12 | 2006-05-02 | Cisco Technology, Inc. | Method and apparatus for providing redundancy between card elements in a chassis |
US8000269B1 (en) * | 2001-07-13 | 2011-08-16 | Securus Technologies, Inc. | Call processing with voice over internet protocol transmission |
US7899167B1 (en) * | 2003-08-15 | 2011-03-01 | Securus Technologies, Inc. | Centralized call processing |
JP4690607B2 (en) * | 2001-09-11 | 2011-06-01 | プラス株式会社 | Coating film transfer tool and coating film transfer tape replacement method |
US7076529B2 (en) * | 2001-09-27 | 2006-07-11 | Bellsouth Intellectual Property Corporation | Systems and methods for notification of electronic mail receipt in a shared computer environment via advanced intelligent network systems |
KR100439171B1 (en) * | 2001-11-21 | 2004-07-05 | 한국전자통신연구원 | Method for providing a trusted path between client and system |
US7502457B2 (en) * | 2002-02-28 | 2009-03-10 | At&T Intellectual Property I, L.P. | Outbound call rules routing |
US20030172291A1 (en) | 2002-03-08 | 2003-09-11 | Paul Judge | Systems and methods for automated whitelisting in monitored communications |
US8578480B2 (en) | 2002-03-08 | 2013-11-05 | Mcafee, Inc. | Systems and methods for identifying potentially malicious messages |
US7694128B2 (en) | 2002-03-08 | 2010-04-06 | Mcafee, Inc. | Systems and methods for secure communication delivery |
US7124438B2 (en) | 2002-03-08 | 2006-10-17 | Ciphertrust, Inc. | Systems and methods for anomaly detection in patterns of monitored communications |
US7870203B2 (en) | 2002-03-08 | 2011-01-11 | Mcafee, Inc. | Methods and systems for exposing messaging reputation to an end user |
US7693947B2 (en) | 2002-03-08 | 2010-04-06 | Mcafee, Inc. | Systems and methods for graphically displaying messaging traffic |
US8132250B2 (en) | 2002-03-08 | 2012-03-06 | Mcafee, Inc. | Message profiling systems and methods |
US8561167B2 (en) | 2002-03-08 | 2013-10-15 | Mcafee, Inc. | Web reputation scoring |
US7903549B2 (en) | 2002-03-08 | 2011-03-08 | Secure Computing Corporation | Content-based policy compliance systems and methods |
US20060015942A1 (en) | 2002-03-08 | 2006-01-19 | Ciphertrust, Inc. | Systems and methods for classification of messaging entities |
US7603452B1 (en) | 2002-03-26 | 2009-10-13 | Symantec Corporation | Networked computer environment assurance system and method |
US9020114B2 (en) | 2002-04-29 | 2015-04-28 | Securus Technologies, Inc. | Systems and methods for detecting a call anomaly using biometric identification |
US9026468B2 (en) | 2002-04-29 | 2015-05-05 | Securus Technologies, Inc. | System and method for proactively establishing a third-party payment account for services rendered to a resident of a controlled-environment facility |
US7860222B1 (en) | 2003-11-24 | 2010-12-28 | Securus Technologies, Inc. | Systems and methods for acquiring, accessing, and analyzing investigative information |
US7916845B2 (en) | 2006-04-13 | 2011-03-29 | Securus Technologies, Inc. | Unauthorized call activity detection and prevention systems and methods for a Voice over Internet Protocol environment |
US7957509B2 (en) | 2002-04-30 | 2011-06-07 | At&T Intellectual Property I, L.P. | Voice enhancing for advance intelligent network services |
US7532895B2 (en) | 2002-05-20 | 2009-05-12 | Air Defense, Inc. | Systems and methods for adaptive location tracking |
US20040203764A1 (en) * | 2002-06-03 | 2004-10-14 | Scott Hrastar | Methods and systems for identifying nodes and mapping their locations |
US7042852B2 (en) * | 2002-05-20 | 2006-05-09 | Airdefense, Inc. | System and method for wireless LAN dynamic channel change with honeypot trap |
US7058796B2 (en) | 2002-05-20 | 2006-06-06 | Airdefense, Inc. | Method and system for actively defending a wireless LAN against attacks |
US7086089B2 (en) * | 2002-05-20 | 2006-08-01 | Airdefense, Inc. | Systems and methods for network security |
US7383577B2 (en) * | 2002-05-20 | 2008-06-03 | Airdefense, Inc. | Method and system for encrypted network management and intrusion detection |
US7277404B2 (en) * | 2002-05-20 | 2007-10-02 | Airdefense, Inc. | System and method for sensing wireless LAN activity |
US7322044B2 (en) | 2002-06-03 | 2008-01-22 | Airdefense, Inc. | Systems and methods for automated network policy exception detection and correction |
US7127048B2 (en) * | 2002-10-07 | 2006-10-24 | Paradyne Corporation | Systems and methods for integrating analog voice service and derived POTS voice service in a digital subscriber line environment |
US7616748B1 (en) * | 2002-11-05 | 2009-11-10 | Telebuyer, Llc | Central call screening system |
US7379544B2 (en) * | 2002-11-05 | 2008-05-27 | Telebuyer, Llc | Comprehensive telephone call screening system |
US20040162900A1 (en) * | 2002-12-17 | 2004-08-19 | Tim Bucher | Distributed content management system |
US20040125396A1 (en) * | 2002-12-19 | 2004-07-01 | James Burke | System and method for routing voice/video/fax mail |
US6961413B2 (en) * | 2003-02-19 | 2005-11-01 | Sarakas Stephen T | Residential telephone system and method |
US7643164B2 (en) * | 2003-02-28 | 2010-01-05 | Portauthority Technologies Inc. | Method and system for distribution policy enforcement on fax |
US7359676B2 (en) | 2003-04-21 | 2008-04-15 | Airdefense, Inc. | Systems and methods for adaptively scanning for wireless communications |
US7355996B2 (en) * | 2004-02-06 | 2008-04-08 | Airdefense, Inc. | Systems and methods for adaptive monitoring with bandwidth constraints |
US7522908B2 (en) | 2003-04-21 | 2009-04-21 | Airdefense, Inc. | Systems and methods for wireless network site survey |
US7324804B2 (en) | 2003-04-21 | 2008-01-29 | Airdefense, Inc. | Systems and methods for dynamic sensor discovery and selection |
US20050060281A1 (en) * | 2003-07-31 | 2005-03-17 | Tim Bucher | Rule-based content management system |
US7529357B1 (en) | 2003-08-15 | 2009-05-05 | Evercom Systems, Inc. | Inmate management and call processing systems and methods |
US7450937B1 (en) | 2003-09-04 | 2008-11-11 | Emc Corporation | Mirrored data message processing |
US7035387B2 (en) * | 2004-02-24 | 2006-04-25 | Tekelec | Methods and systems for detecting and mitigating intrusion events in a communications network |
US7130401B2 (en) | 2004-03-09 | 2006-10-31 | Discernix, Incorporated | Speech to text conversion system |
US8249232B2 (en) * | 2004-04-08 | 2012-08-21 | Gryphon Networks Corp. | System and method for control of communications connections |
US8005200B2 (en) * | 2004-04-08 | 2011-08-23 | Gryphon Networks Corp. | System and method for control of communications connections and notifications |
US8050394B2 (en) * | 2004-04-08 | 2011-11-01 | Gryphon Networks Corp. | System and method for control of communications connections and notifications |
US8526428B2 (en) | 2004-04-08 | 2013-09-03 | Gryphon Networks Corp. | System and method for control of communications connections and notifications |
US20060017982A1 (en) * | 2004-07-22 | 2006-01-26 | Sharp Laboratories Of America, Inc. | Apparatus and method of limiting facsimile usage on an MFP |
US8196199B2 (en) | 2004-10-19 | 2012-06-05 | Airdefense, Inc. | Personal wireless monitoring agent |
US8635690B2 (en) | 2004-11-05 | 2014-01-21 | Mcafee, Inc. | Reputation based message processing |
US9167471B2 (en) | 2009-05-07 | 2015-10-20 | Jasper Technologies, Inc. | System and method for responding to aggressive behavior associated with wireless devices |
US7937480B2 (en) | 2005-06-02 | 2011-05-03 | Mcafee, Inc. | Aggregation of reputation data |
US8059805B2 (en) * | 2005-06-30 | 2011-11-15 | Emc Corporation | Enhanced services provided using communication redirection and processing |
US8605878B2 (en) * | 2005-06-30 | 2013-12-10 | Emc Corporation | Redirecting and mirroring of telephonic communications |
US8831194B2 (en) * | 2005-06-30 | 2014-09-09 | Emc Corporation | Telephonic communication redirection and compliance processing |
US7653188B2 (en) | 2005-07-20 | 2010-01-26 | Avaya Inc. | Telephony extension attack detection, recording, and intelligent prevention |
CA2531431C (en) * | 2005-08-08 | 2013-06-04 | Bce Inc | Method, system and apparatus for communicating data associated with a user of a voice communication device |
CA2531552C (en) * | 2005-08-08 | 2013-02-26 | Bce Inc | Method, system and apparatus for controlling a voice recorder |
US7974395B2 (en) * | 2005-09-28 | 2011-07-05 | Avaya Inc. | Detection of telephone number spoofing |
US8775586B2 (en) * | 2005-09-29 | 2014-07-08 | Avaya Inc. | Granting privileges and sharing resources in a telecommunications system |
US8964956B2 (en) * | 2005-12-13 | 2015-02-24 | Gryphon Networks Corp. | System and method for integrated compliance and contact management |
US7577424B2 (en) | 2005-12-19 | 2009-08-18 | Airdefense, Inc. | Systems and methods for wireless vulnerability analysis |
US7715800B2 (en) | 2006-01-13 | 2010-05-11 | Airdefense, Inc. | Systems and methods for wireless intrusion detection using spectral analysis |
US7971251B2 (en) | 2006-03-17 | 2011-06-28 | Airdefense, Inc. | Systems and methods for wireless security using distributed collaboration of wireless clients |
US7970013B2 (en) | 2006-06-16 | 2011-06-28 | Airdefense, Inc. | Systems and methods for wireless network content filtering |
US20080007793A1 (en) * | 2006-07-06 | 2008-01-10 | Walter Filbrich | System and method to limit the use of the outgoing facsimile feature of a multi-function peripheral (MFP) to a list of valid destinations |
US8281392B2 (en) | 2006-08-11 | 2012-10-02 | Airdefense, Inc. | Methods and systems for wired equivalent privacy and Wi-Fi protected access protection |
US7945037B1 (en) | 2006-11-22 | 2011-05-17 | Securus Technologies, Inc. | System and method for remote call forward detection using signaling |
US8214497B2 (en) | 2007-01-24 | 2012-07-03 | Mcafee, Inc. | Multi-dimensional reputation scoring |
US7949716B2 (en) | 2007-01-24 | 2011-05-24 | Mcafee, Inc. | Correlation and analysis of entity attributes |
US8763114B2 (en) | 2007-01-24 | 2014-06-24 | Mcafee, Inc. | Detecting image spam |
US8179798B2 (en) | 2007-01-24 | 2012-05-15 | Mcafee, Inc. | Reputation based connection throttling |
US7779156B2 (en) | 2007-01-24 | 2010-08-17 | Mcafee, Inc. | Reputation based load balancing |
US8185930B2 (en) | 2007-11-06 | 2012-05-22 | Mcafee, Inc. | Adjusting filter or classification control settings |
US8045458B2 (en) | 2007-11-08 | 2011-10-25 | Mcafee, Inc. | Prioritizing network traffic |
US8160975B2 (en) | 2008-01-25 | 2012-04-17 | Mcafee, Inc. | Granular support vector machine with random granularity |
US8706498B2 (en) * | 2008-02-15 | 2014-04-22 | Astute, Inc. | System for dynamic management of customer direction during live interaction |
US8589503B2 (en) | 2008-04-04 | 2013-11-19 | Mcafee, Inc. | Prioritizing network traffic |
US8730871B2 (en) * | 2009-05-22 | 2014-05-20 | Raytheon Company | System and method for providing voice communications over a multi-level secure network |
US8621638B2 (en) | 2010-05-14 | 2013-12-31 | Mcafee, Inc. | Systems and methods for classification of messaging entities |
US8572113B2 (en) | 2010-09-02 | 2013-10-29 | Gryphon Networks Corp. | Network calling privacy with recording |
US8732190B2 (en) | 2010-09-02 | 2014-05-20 | Gryphon Networks Corp. | Network calling privacy with recording |
US9860076B2 (en) | 2014-05-07 | 2018-01-02 | Vivint, Inc. | Home automation via voice control |
US9356969B2 (en) * | 2014-09-23 | 2016-05-31 | Intel Corporation | Technologies for multi-factor security analysis and runtime control |
JP6032774B1 (en) * | 2015-12-21 | 2016-11-30 | Necプラットフォームズ株式会社 | Telephone exchange system, telephone exchange method, telephone exchange program, telephone exchange, management terminal |
US11356551B2 (en) | 2018-06-19 | 2022-06-07 | Securelogix Corporation | Active audio calling device identification system |
US11349987B2 (en) | 2018-06-21 | 2022-05-31 | Securelogix Corporation | Call authentication service systems and methods |
CN110381088B (en) * | 2019-08-21 | 2021-11-12 | 牡丹江师范学院 | Data security guarantee method based on Internet of things |
Family Cites Families (54)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4332982A (en) | 1980-09-05 | 1982-06-01 | Ident-A-Call, Inc. | Telephone toll call security and logging device and method |
US4783796A (en) | 1982-09-28 | 1988-11-08 | Opcom | PBX telephone call control system |
US4653085A (en) | 1984-09-27 | 1987-03-24 | At&T Company | Telephone switching system adjunct call processing arrangement |
US4639557A (en) | 1985-09-27 | 1987-01-27 | Communications Technology Corporation | Remote testing system for electrical circuits |
CA1287910C (en) | 1986-09-30 | 1991-08-20 | Salvador Barron | Adjunct processor for providing computer facility access protection via call transfer |
CA1314101C (en) | 1988-02-17 | 1993-03-02 | Henry Shao-Lin Teng | Expert system for security inspection of a digital computer system in a network environment |
US4905281A (en) | 1988-05-04 | 1990-02-27 | Halliburton Company | Security apparatus and method for computers connected to telephone circuits |
US5276687A (en) * | 1989-04-14 | 1994-01-04 | Fujitsu Limited | Network system having different attributes of terminal equipment devices |
US4965459A (en) * | 1989-05-26 | 1990-10-23 | Murray Thorntone E | Telephone line security system |
US5018190A (en) | 1989-09-21 | 1991-05-21 | Hewlett-Packard Company | Device to block unauthorized modem access over a PBX line |
US5276529A (en) | 1991-01-28 | 1994-01-04 | C & P Of Virginia | System and method for remote testing and protocol analysis of communication lines |
US5276731A (en) | 1991-04-26 | 1994-01-04 | Rolm Company | Method and apparatus for handling incoming telephone calls |
CA2078246C (en) * | 1991-09-23 | 1998-02-03 | Randolph J. Pilc | Improved method for secure access control |
US5557616A (en) | 1992-04-02 | 1996-09-17 | Applied Digital Access, Inc. | Frame synchronization in a performance monitoring and test system |
US5311593A (en) | 1992-05-13 | 1994-05-10 | Chipcom Corporation | Security system for a network concentrator |
US5345595A (en) * | 1992-11-12 | 1994-09-06 | Coral Systems, Inc. | Apparatus and method for detecting fraudulent telecommunication activity |
US5351287A (en) | 1992-12-11 | 1994-09-27 | Bell Communications Research, Inc. | Method and apparatus for data evidence collection |
US5353346A (en) | 1992-12-22 | 1994-10-04 | Mpr Teltech, Limited | Multi-frequency signal detector and classifier |
US5436957A (en) * | 1992-12-24 | 1995-07-25 | Bell Atlantic Network Services, Inc. | Subscriber control of access restrictions on a plurality of the subscriber's telephone lines |
JPH06282527A (en) | 1993-03-29 | 1994-10-07 | Hitachi Software Eng Co Ltd | Network control system |
TW225623B (en) * | 1993-03-31 | 1994-06-21 | American Telephone & Telegraph | Real-time fraud monitoring system |
US5495521A (en) * | 1993-11-12 | 1996-02-27 | At&T Corp. | Method and means for preventing fraudulent use of telephone network |
US5535265A (en) * | 1993-11-15 | 1996-07-09 | Ast Research, Inc. | Method and circuitry for controlling voice mail, call logging and call blocking functions using a modem |
US5606604A (en) * | 1993-12-13 | 1997-02-25 | Lucent Technologies Inc. | System and method for preventing fraud upon PBX through a remote maintenance or administration port |
US5557742A (en) | 1994-03-07 | 1996-09-17 | Haystack Labs, Inc. | Method and system for detecting intrusion into and misuse of a data processing system |
US5926533A (en) * | 1994-04-19 | 1999-07-20 | Opus Telecom, Inc. | Computer-based method and apparatus for controlling, monitoring, recording and reporting telephone access |
US5583933A (en) * | 1994-08-05 | 1996-12-10 | Mark; Andrew R. | Method and apparatus for the secure communication of data |
US5627886A (en) * | 1994-09-22 | 1997-05-06 | Electronic Data Systems Corporation | System and method for detecting fraudulent network usage patterns using real-time network monitoring |
US5623601A (en) | 1994-11-18 | 1997-04-22 | Milkway Networks Corporation | Apparatus and method for providing a secure gateway for communication and data exchanges between networks |
SE516006C2 (en) | 1995-01-10 | 2001-11-05 | Ericsson Telefon Ab L M | Communication system for a company / organization |
US5907602A (en) * | 1995-03-30 | 1999-05-25 | British Telecommunications Public Limited Company | Detecting possible fraudulent communication usage |
US5802157A (en) * | 1995-04-26 | 1998-09-01 | U S West Technologies, Inc. | Method and apparatus for controlling outgoing calls on a telephone line |
JP3262689B2 (en) | 1995-05-19 | 2002-03-04 | 富士通株式会社 | Remote control system |
US5838682A (en) | 1995-11-28 | 1998-11-17 | Bell Atlantic Network Services, Inc. | Method and apparatus for establishing communications with a remote node on a switched network based on hypertext dialing information received from a packet network |
US5805686A (en) | 1995-12-22 | 1998-09-08 | Mci Corporation | Telephone fraud detection system |
WO1997028631A1 (en) * | 1996-02-01 | 1997-08-07 | Northern Telecom Limited | Telecommunications functions management system |
US5826014A (en) | 1996-02-06 | 1998-10-20 | Network Engineering Software | Firewall system for protecting network elements connected to a public network |
US5898830A (en) | 1996-10-17 | 1999-04-27 | Network Engineering Software | Firewall providing enhanced network security and user transparency |
JPH09214493A (en) | 1996-02-08 | 1997-08-15 | Hitachi Ltd | Network system |
US5946386A (en) * | 1996-03-11 | 1999-08-31 | Xantel Corporation | Call management system with call control from user workstation computers |
US5923849A (en) | 1996-05-07 | 1999-07-13 | International Network Services | Method of auditing communication traffic |
US5854889A (en) | 1996-06-26 | 1998-12-29 | Mci Worldcom, Inc. | Method and system for heterogeneous telecommunications network testing |
US5918019A (en) | 1996-07-29 | 1999-06-29 | Cisco Technology, Inc. | Virtual dial-up protocol for network communication |
US5892903A (en) | 1996-09-12 | 1999-04-06 | Internet Security Systems, Inc. | Method and apparatus for detecting and identifying security vulnerabilities in an open network computer communication system |
US5864613A (en) | 1996-09-16 | 1999-01-26 | Mci Communications Corporation | System and method for controlling telephone use |
US5950195A (en) | 1996-09-18 | 1999-09-07 | Secure Computing Corporation | Generalized security policy management system and method |
AU4574897A (en) | 1996-10-14 | 1998-05-11 | Kyung Duck Kim | Dialing device |
US5944823A (en) | 1996-10-21 | 1999-08-31 | International Business Machines Corporations | Outside access to computer resources through a firewall |
US5864666A (en) | 1996-12-23 | 1999-01-26 | International Business Machines Corporation | Web-based administration of IP tunneling on internet firewalls |
US5949864A (en) | 1997-05-08 | 1999-09-07 | Cox; Neil B. | Fraud prevention apparatus and method for performing policing functions for telephone services |
US5805803A (en) | 1997-05-13 | 1998-09-08 | Digital Equipment Corporation | Secure web tunnel |
DE19720719C2 (en) | 1997-05-16 | 2002-04-11 | Deutsche Telekom Ag | Connection-monitoring device |
US6098172A (en) | 1997-09-12 | 2000-08-01 | Lucent Technologies Inc. | Methods and apparatus for a computer network firewall with proxy reflection |
US6154775A (en) | 1997-09-12 | 2000-11-28 | Lucent Technologies Inc. | Methods and apparatus for a computer network firewall with dynamic rule processing with the ability to dynamically alter the operations of rules |
-
1998
- 1998-12-11 US US09/210,347 patent/US6249575B1/en not_active Expired - Lifetime
-
1999
- 1999-09-23 CA CA002354149A patent/CA2354149C/en not_active Expired - Lifetime
- 1999-09-23 KR KR1020017007294A patent/KR20010101174A/en not_active Application Discontinuation
- 1999-09-23 JP JP2000587514A patent/JP2002532967A/en active Pending
- 1999-09-23 EP EP99948442A patent/EP1138144A4/en not_active Withdrawn
- 1999-09-23 AU AU61616/99A patent/AU6161699A/en not_active Abandoned
- 1999-09-23 WO PCT/US1999/022183 patent/WO2000035172A1/en not_active Application Discontinuation
-
2000
- 2000-06-14 US US09/593,888 patent/US6320948B1/en not_active Expired - Lifetime
-
2001
- 2001-10-19 US US10/035,639 patent/US6760421B2/en not_active Expired - Lifetime
-
2003
- 2003-02-03 US US10/357,249 patent/US20030112940A1/en not_active Abandoned
Also Published As
Publication number | Publication date |
---|---|
EP1138144A4 (en) | 2005-01-12 |
KR20010101174A (en) | 2001-11-14 |
WO2000035172A1 (en) | 2000-06-15 |
CA2354149A1 (en) | 2000-06-15 |
AU6161699A (en) | 2000-06-26 |
EP1138144A1 (en) | 2001-10-04 |
US20030112940A1 (en) | 2003-06-19 |
US6249575B1 (en) | 2001-06-19 |
JP2002532967A (en) | 2002-10-02 |
US6320948B1 (en) | 2001-11-20 |
US20020090073A1 (en) | 2002-07-11 |
US6760421B2 (en) | 2004-07-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2354149C (en) | Telephony security system | |
EP1415459B1 (en) | Telephony security system | |
US7231027B2 (en) | Encapsulation, compression, and encryption of PCM data | |
US6226372B1 (en) | Tightly integrated cooperative telecommunications firewall and scanner with distributed capabilities | |
US7133511B2 (en) | Telephony security system | |
US8150013B2 (en) | Telephony security system | |
US20070025537A1 (en) | Telephonic communication redirection and compliance processing | |
JPH03133243A (en) | Device for blocking access of non- admitted modem on pbx circuit | |
US8705520B2 (en) | Methods and apparatus to protect and audit communication line status | |
US6718024B1 (en) | System and method to discriminate call content type | |
EP1264468A4 (en) | Termination number screening | |
EP0860967A1 (en) | Technique for detecting modem devices to enhance computer network security | |
US10291772B2 (en) | Telephony communications system for detecting abuse in a public telephone network | |
Vaughn | Interprise Telecom Management Solutions | |
Hancock | Issues and problems in secure remote access | |
Amoroso et al. | Local area detection of incoming war dial activity | |
WO2004075515A2 (en) | An improved telephony security system | |
CA2276983A1 (en) | Apparatus and method for management of policies on the usage of telecommunications services | |
CA2308808A1 (en) | A system and method to discriminate call content type |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKEX | Expiry |
Effective date: 20190923 |