Patent Grant
8503621
The present invention relates generally to the related fields of communication, telephony, and messaging systems; more specifically, to systems and methods of operation that provide for secure data communications in an enterprise messaging environment.
Modern enterprise communication systems often combine call processing and Internet Protocol (IP) telephony capabilities with a private branch exchange (PBX) system in a way that extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. Typical features of such systems include unified messaging and multimedia conferencing capabilities. Additionally, the pervasive growth in voice and data networks has lead to the development of ever more sophisticated communication and messaging systems that enable users to send and retrieve voice, text, and electronic mail messages from a variety of communication devices.
A unified messaging system (UMS), such as the commercially-available Cisco® Unity integrated system, handles voice, facsimile and regular text messages as objects in a single mailbox that a user can access either with a regular email client, or by telephone. A UMS typically connects to an IP-PBX to provide automated attendant, audiotext, and voice mail services to subscribers or users. For instance, a personal computer (PC) user with multimedia capabilities can open and playback voice messages, either as speech or text. Similarly, a person may retrieve their email messages as speech from a voice-over-IP (VoIP) phone connected through an IP network, or from a traditional telephone device connected with the enterprise via a conventional public switched telephone network (PSTN). Unified messaging is thus particularly convenient for mobile business users because it allows them to reach colleagues and customers through a PC or telephone device, whichever happens to be available.
An example of a unified messaging system is found in U.S. Patent Publication No. 2005/0177622, which teaches a scalable UMS that outputs a notification delivery message according to a prescribed open protocol based, in part, on a subscriber's notification preference. U.S. Patent Publication No. 2005/0157708 teaches a system and method providing UMS services that includes a PSTN interface for a telephone network service, a VMS, a facsimile, and an IP interface for connection to a packet-based network for an Internet messaging (e.g., an email service).
As networks have grown larger and use of electronic communication devices has become ubiquitous, the risk of improper interception of data and messages containing confidential information has risen. To combat the problem of unwarranted interception or eavesdropping of confidential information, sophisticated data encryption algorithms have been utilized to encrypt data and email messages prior to transmission, thereby securing the communication channel. By way of example, U.S. Pat. No. 6,905,414 teaches a secure communication mechanism for communicating credit card or other sensitive information transmitted over a data network (e.g., Internet). Similarly, a method for enabling secure communications over a network that employs a public/private key encryption algorithm through a secure communication device is described in U.S. Patent Publication No. 2003/0061496.
In many enterprises, mail encryption schemes are commonly employed to protect confidential email messages transmitted outside of the enterprise. However, if the email recipient's messaging system is a unified messaging system, then a user may listen to his email messages over an unsecured telephone line or voice channel. For instance, a recipient may listen to an email message using his cellular telephone (i.e., cellphone) over an unsecured voice channel of a wireless cellular network service provider, thereby defeating the entire encryption scheme that was originally intended to protect the message content.
Therefore, what is needed is a system and method of operation that ensures that sensitive or confidential voicemail or email messages cannot be retrieved or heard over an unsecured or unencrypted voice channel.
The present invention will be understood more fully from the detailed description that follows and from the accompanying drawings, which however, should not be taken to limit the invention to the specific embodiments shown, but are for explanation and understanding only.
A messaging/telephony system and method that provides a mechanism for ensuring that confidential messages can only be listened to over a secure voice channel is described. In the following description specific details are set forth, such as device types, system configurations, protocols, methods, etc., in order to provide a thorough understanding of the present invention. However, persons having ordinary skill in the relevant arts will appreciate that these specific details may not be needed to practice the present invention.
According to one aspect of the present invention, the message description meta-data is enhanced to include a voice channel security level (VCSL) as a basic property or attribute of the message. In one embodiment, a unified messaging system (UMS) provides the capability: (1) to specify the VCSL of a composed or sent message; and (2) to ensure that messages having a high VCSL are heard only over an encrypted (i.e., secure) voice channel. In a specific implementation, email messages that are marked or include words such as “confidential”, “private”, or other semantic characteristics that indicate the content is sensitive and only to be read by the recipient are automatically assigned a high VCSL. In another specific implementation, the email client provides an option to the email sender to specify the VCSL of a message that he is composing or has already composed. In the case of a voicemail message, an interactive voice response (IVR) associated with the voicemail system may provide an option to the caller who is leaving a voicemail message to specify a VCSL for the message.
In another embodiment, a system administrator may establish an enterprise-wide policy that sets the VCLS of a message according to predefined rules depending on the content of the message. For instance, a system administrator may assign a high VCLS to all email and voicemail messages sent to employees in the Human Resources department. In other cases, the content of the message may be automatically scanned for certain “hot” words or phrases (e.g., “confidential”, “secret”, “proprietary”, “do not disclose”, etc.) prior to transmission or sending. The presence of any such words or phrases automatically results in the system assigning a high VCSL to that message.
In yet another embodiment, the message recipient may establish a set of personal rules or criteria (e.g., user preferences) that determine the VCSL assigned to a particular message. For example, a user may set a rule to mark as sensitive (i.e., high VCSL) all email and voicemail messages that are sent to him by his immediate supervisor.
Also shown in
Alternatively, the VCSL may be automatically set by the unified messaging system or the email client based on the content in any of the data entry fields 26-29. For example, certain names in the recipient (“addressee”) fields 26 & 27 may trigger a high VCSL setting. Likewise, certain sensitive (i.e., “hot”) words, phrases, or semantic characteristics in subject field 28 or message body field 29 may automatically result in the message being assigned a high VCSL, meaning that the recipient may only listen to the message over a secure voice channel.
It should be understood that for embodiments in which the UMS assigns the VCSL, the message inspection step shown in block 42 (and subsequent steps) may occur either before sending or after receiving the message. Additionally, although the example of
In another embodiment, the VCSL property of a message is retained across different modalities. For example, when the UMS sends a high VCSL message (voice or text) as an email attachment to a user, the email message retains the information that the attachment contains confidential information. The enterprise messaging system may utilize this information and apply system wide policies to the handling of the message. By way of specific example, if the enterprise wide policy forbids forwarding confidential messages, then the unified messaging system will forbid forwarding of the email message (with the attachment). Alternatively, if forwarding of confidential messages is permitted (e.g., on a restricted basis), the system may require that the forwarding communication channel be secured prior to transmission.
With continued reference to
Security circuit 31 further includes a memory 35, a timer 36, and an encrypt/decrypt engine 37, each of which is coupled with processor 32. Engine 37 may comprise encryption algorithms, tables, and one or more processing units used for encrypting the voice channel and decrypting the received message. Encryption key information may be stored in memory 35, which may include magnetic, SRAM, or non-volatile storage systems. Timer 36 is included for synchronizing with UMS 13 and since different encryption techniques may operate based on real-time communications.
When a user dials into UMS 13 to listen to a voicemail or email message that has been accorded a high VCSL, UMS 13 first checks whether the voice channel is secure. That is, before transmitting the message to the user (caller), UMS 13 examines the voice channel to determine whether it is encrypted.
In the case where a user is listening to his messages in a sequence, then the system may be configured so as to skip high VCSL messages when the voice channel is not, or cannot be, secured. As described above, appropriate feedback, e.g., in the form of a voice recording indicating that the message cannot be played, may be provided to the listener.
With continuing reference to
Triangulation is a known process by which the location of a radio transmitter (e.g., wireless phone 61) can be determined by measuring either the radial distance, or the direction, of the received signal from two or three different points (e.g., access points 65-67). User location monitoring and triangulation calculations may be performed by one or more processors located anywhere on the corporate network or within PBX 62 or UMS 63. For example, in the scenario shown in
In the case where user 60 is well within the boundaries of the corporate environment, the user may continue to listen to the message as usual (block 73). However, if the system detects user 60 nearing transmission range limit or boundary line 74 of the secure enterprise wireless network, it may attempt to negotiate a secure communication channel with a public cellular wireless network 71 (block 74). If the negotiation is successful (block 75) the system simply hands off the encrypted call to the cellular network. In the diagram of
In the event that the system is unable to secure a voice channel with cellular wireless network 71, it may optionally issue a warning to the user that it will stop playing the high VCSL message if the user moves any further away from the building or enterprise campus environment (block 77). Whether or not the system provides an advance warning, when the user crosses boundary line 74 and the system has been unsuccessful in securing a voice channel with cellular wireless network 71, the encrypted call is disconnected (block 78).
It should be further understood that elements of the present invention may also be provided as a computer program product which may include a machine-readable medium having stored thereon instructions which may be used to program a computer (e.g., a processor or other electronic device) to perform a sequence of operations. Alternatively, the operations may be performed by a combination of hardware and software. The machine-readable medium may include, but is not limited to, floppy diskettes, optical disks, CD-ROMs, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, magnet or optical cards, or other type of machine-readable medium suitable for storing electronic instructions.
Additionally, although the present invention has been described in conjunction with specific embodiments, numerous modifications and alterations are well within the scope of the present invention. Accordingly, the specification and drawings are to be regarded in an illustrative rather than a restrictive sense.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4805210 | Griffith, Jr. | Feb 1989 | A |
| 5432844 | Core et al. | Jul 1995 | A |
| 5608786 | Gordon | Mar 1997 | A |
| 5615213 | Griefer | Mar 1997 | A |
| 5794218 | Jennings et al. | Aug 1998 | A |
| 5937040 | Wrede et al. | Aug 1999 | A |
| 5974142 | Heer et al. | Oct 1999 | A |
| 5999599 | Shaffer et al. | Dec 1999 | A |
| 6044081 | Bell et al. | Mar 2000 | A |
| 6259405 | Stewart et al. | Jul 2001 | B1 |
| 6271764 | Okamura | Aug 2001 | B1 |
| 6421544 | Sawada | Jul 2002 | B1 |
| 6438600 | Greenfield et al. | Aug 2002 | B1 |
| 6526293 | Matsuo | Feb 2003 | B1 |
| 6545596 | Moon | Apr 2003 | B1 |
| 6564261 | Gudjonsson et al. | May 2003 | B1 |
| 6587680 | Ala-Laurila | Jul 2003 | B1 |
| 6643774 | McGarvey | Nov 2003 | B1 |
| 6654455 | Isaka | Nov 2003 | B1 |
| 6769000 | Akhtar et al. | Jul 2004 | B1 |
| 6792296 | Van Bosch | Sep 2004 | B1 |
| 6792297 | Cannon et al. | Sep 2004 | B2 |
| 6798874 | Ohlinger et al. | Sep 2004 | B1 |
| 6799052 | Agness et al. | Sep 2004 | B2 |
| 6804334 | Beasley et al. | Oct 2004 | B1 |
| 6816469 | Kung et al. | Nov 2004 | B1 |
| 6839761 | Kadyk et al. | Jan 2005 | B2 |
| 6847715 | Swartz | Jan 2005 | B1 |
| 6870835 | Chen et al. | Mar 2005 | B1 |
| 6876734 | Summers et al. | Apr 2005 | B1 |
| 6905414 | Danieli et al. | Jun 2005 | B2 |
| 6912275 | Kaplan | Jun 2005 | B1 |
| 6917672 | Brown et al. | Jul 2005 | B2 |
| 6918034 | Sengodan et al. | Jul 2005 | B1 |
| 6931001 | Deng | Aug 2005 | B2 |
| 6934858 | Woodhill | Aug 2005 | B2 |
| 6947417 | Laursen et al. | Sep 2005 | B2 |
| 6959184 | Byers et al. | Oct 2005 | B1 |
| 6985745 | Quaid | Jan 2006 | B2 |
| 6987744 | Harrington et al. | Jan 2006 | B2 |
| 7333614 | Jarosinski et al. | Feb 2008 | B2 |
| 20020010008 | Bork et al. | Jan 2002 | A1 |
| 20020068537 | Shim et al. | Jun 2002 | A1 |
| 20020086680 | Hunsinger | Jul 2002 | A1 |
| 20020098831 | Castell et al. | Jul 2002 | A1 |
| 20020178228 | Goldberg | Nov 2002 | A1 |
| 20020198004 | Heie et al. | Dec 2002 | A1 |
| 20030061496 | Ananda | Mar 2003 | A1 |
| 20040078334 | Malcolm et al. | Apr 2004 | A1 |
| 20040121774 | Rajkotia et al. | Jun 2004 | A1 |
| 20040131206 | Cao et al. | Jul 2004 | A1 |
| 20040205330 | Godfrey et al. | Oct 2004 | A1 |
| 20040248586 | Patel et al. | Dec 2004 | A1 |
| 20050157708 | Chun | Jul 2005 | A1 |
| 20050177622 | Spielman et al. | Aug 2005 | A1 |
| 20050272413 | Bourne | Dec 2005 | A1 |
| 20060034336 | Huh et al. | Feb 2006 | A1 |
| 20060068731 | Seier | Mar 2006 | A1 |
| 20060116175 | Chu | Jun 2006 | A1 |
| 20060173968 | Vaarala et al. | Aug 2006 | A1 |
| 20070173256 | Laroia et al. | Jul 2007 | A1 |
| Entry |
|---|
| How to Build Smart Appliances, Albercht Schmidt, Kristof Van Laerhoven, IEEE Personal Communications, Aug. 2001, pp. 66-71. |
| Number | Date | Country | |
|---|---|---|---|
| 20070206738 A1 | Sep 2007 | US |
