The present disclosure relates to providing real-time encrypted communication, and more particularly to providing real time encrypted communication between end points of a multi-platform communication system.
There is an established field of real-time communications over Internet Protocol (IP) networks, which underpins widespread applications such as Voice over IP (VoIP). There are standard protocols such as Session Initiation Protocol (SIP) and Real-Time Transport Protocol (RTP) which support unencrypted real-time traffic. Secure RTP (SRTP) has been extended to encrypt real-time traffic.
Nevertheless, these mechanisms are not well suited to communication between mobile phones on General Packet Radio Service (GPRS), 3G Global Systems for Mobile Communication (GSM), HSPA and UMTS networks and Enhanced Data Rates for GSM Evolution (EDGE), where bandwidth is typically restricted and expensive, relative to wired networks. Furthermore, the aforementioned mechanisms are not well suited for encrypted communication between cellular networks and existing telephony systems, such as, Public Switched Telephone Network (PSTN) and Private Branch Exchange (PBX) telephone systems.
Accordingly, the disclosed methods and system are directed toward resolving the above noted problems with current encryption techniques.
Exemplary embodiments disclosed herein provide an apparatus and method for real-time encrypted communication. The apparatus, for example, includes one or more mobile end points, wherein each mobile end point includes mobile equipment and an encryption module; an IP network, which may be a private network of an internet cloud; a first gateway coupled to a Private Branch Exchange (PBX) telephone system, wherein the PBX telephone system is connected to a telephone, a conferencing service and a voicemail service; a second gateway coupled to a Public Switch Networking System (PSTN), wherein the PSTN is connected to a telephone; the IP network interconnects the one or more mobile end points, the first gateway and the second gateway. The first gateway and second gateway each include encryption modules to effectuate seamless data encryption with the one or more mobile end points.
The method, for example, includes sending a request to initiate a call with an end point in a communication system; executing protocols to set up a call between two end points in the communication system; establishing a secure connection between the two end points; and encrypting data for transmission and transmitting the encrypted data over the secure connection.
The present disclosure describes a communication system which provides point to point real time encrypted communication across heterogeneous bearer channels. The communication system provides point to point encrypted communication between, for example, two end points communicating over a GSM network, between an end point connected to a GSM network and an end point connected to a PBX telephony system, and between an end point connected to a GSM network and an end point connected to a Public Switched Telephone Network.
Although some of the exemplary embodiments are tailored to GSM, PSTN and PBX systems, the present invention is not limited to such systems, and can be used with other systems including Code Division Multiple Access (CDMA), 1× RTT and EV-DO, United States Time Division Multiple Access (US-TDMA) and Wi-Fi.
Network 102 is a wireless network system, such as, for example, GSM, EDGE, GPRS, 3G GSM, CDMA and Wi-Fi. The network may include one or more signaling servers and one or more media servers. An end point sends a request to the signaling server to make a call to another end point. The signaling server sets up the call, telling each end-point to contact the same media server. The end points send the real-time data to each other through the media server. The signaling server uses signaling protocols to establish and set up the call. The media server uses media protocols for receiving voice data and sending it across the network.
Mobile end points 110 and 120 are comprised of mobile equipment (e.g., mobile phone) equipped with encryption modules. The encryption modules provide encryption and decryption functions for voice data in real time and establish a secure communication link with another end point in the communication system. The encryption modules can be processors embedded with computer readable instructions that when executed perform encryption and decryption functions.
Gateways 130 and 140 are devices used to convert telephony traffic (e.g., PSTN or PBX) into an IP format for transmission over an IP network. Gateway 130 connects the traditional PBX phone system 104 to the IP network 102. Gateway 140 connects the PSTN 105 to IP network 102. Gateway 150 is a device used to convert telephony traffic between telephone systems (e.g. PBX and PSTN). Gateways 130 and 140 are equipped with encryption modules to facilitate encryption and decryption functions. Gateway 130 is arranged to provide transparent point to point encryption between a mobile end point (e.g., mobile end point 110) and gateway 130. Gateway 140 is arranged to provide transparent point to point encryption between a mobile point (e.g., mobile end point 110) and gateway 140, where it is sent in plain text to an end point of the PSTN 105 (e.g., telephone 105a).
In another exemplary embodiment of the present disclosure, gateway 130 decrypts the data received from an end point (e.g., mobile end point 110) and re-encrypts the data to transmit to suitable end points in the PBX 104.
In another exemplary embodiment of the present disclosure, end to end encryption is provided between a mobile end point (e.g., end point 110) and a telephone system (e.g., 104a or 105b).
In another exemplary embodiment of the present disclosure, calling groups may be associated with each gateway.
The encryption modules of system environment 100 may use redundant encryption schemes for session, authentication, digesting and/or key exchange. Preferred embodiments use two strong algorithms at the same time in series. The encryption of the data may be performed using any known cryptography algorithm, such as, for example, Elliptic curve Diffie-Hellman (ECDH), Rivest, Shamir and Adleman (RSA), Advanced Encyrption Standard (AES), Digital Signature Algorithm (DSA), etc.
At step 220, a secure communication channel is established between end points 110 and 120 using the encryption modules embedded in each end point. The encryption module at end point 110 encrypts the data and the encrypted data is transferred in real time via the secure communication channel to end point 120, at step 230.
At step 320, a secure communication channel is established between end point 110 and gateway 130 using the encryption modules embedded in the mobile end point and the gateway, respectively. Gateway 130 establishes a connection with the PBX telephony system 104 to transfer data to telephone 104a.
The encryption module at end point 110 encrypts the data and the encrypted data is transferred in real time via the secure communication channel to gateway 130, at step 330. Transparently, gateway 130 converts the encrypted data received from mobile end point 110 into a format suitable for the PBX telephone system, thereby, effectively providing point to point encrypted data communication across heterogeneous bearer channels. The converted encrypted data is subsequently transferred to telephone 104a.
Point to point encrypted data communication between mobile end point 110 and non-mobile end point 140 occurs in a manner similar to that shown in
As disclosed herein, embodiments and features of the invention can be implemented through computer hardware and/or software. Such embodiments can be implemented in various environments, such as networked and computing-based environments. The present invention is not limited to such examples, and embodiments of the invention can be implemented with other platforms and in other environments.
Moreover, while illustrative embodiments of the invention have been described herein, further embodiments can include equivalent elements, modifications, omissions, combinations (e.g., of aspects across various embodiments) adaptations and/or alterations as would be appreciated by those skilled in the art based on the present disclosure.