In the actual public discussions concerning the security of Digital Enhanced Cordless Telecommunications products, hereinafter referred to as DECT products, a point often criticised is that even in basically encoded connections dialing information yet often is transmitted uncoded before the encoding process actually is activated. DECT is a standard for cordless telephones as well as for cordless data transmission in general. DECT is defined in the ETSI standard EN 300 175, wherein ETSI stands for European Telecommunications Standards Institute. CAT-iq, short for Cordless Advanced Technology —Internet and Quality, is envisaged as a novel standard for DECT. DECT is a successor to the standards CT1+ and CT2 the operating license of which in Germany has expired on 31 Dec. 2008. DECT presently is subjected to an operating license until at least 2020.
The reason for the deficiency often criticised that, for example, during the establishment of a DECT connection dialing information is encoded only after the elapse of a few seconds is that the initiation of the encoding process initially requires the generation of a common key, a so-called derived cipher key, within the base and the mobile handset. This occurs within the frame of the network procedure “authentication of PT”, wherein PT stands for portable terminal. Following this in the conventional “cipher switching initiated by FT”, wherein FT stands for fixed terminal, the base requests the activation of the encoding process from the mobile handset on the network layer. The procedure “cipher switching initiated by FT” is indispensable for the Generic Access Protocol abbreviated as GAP at the mobile handset. According to this the mobile handset actually activates the encoding process on the Media Access Control layer abbreviated as MAC layer. These processes run parallel to the Call Control messages, hereinafter referred to as CC messages, which serve for the establishment of the actual call. Until the encoding process is actually activated on the air interface dialing information has typically already been transmitted. This results in the so-called security gap in DECT products. Normally in modern devices this problem has not been taken into consideration, i.e. it occurs occasionally and is partially dependent on the external circumstances such as user interactions, the point of time when the dialing or the CLIP information short for Calling Line Identification Presentation information is transmitted and if at that point of time the encoding process is already activated or not. Typically this is not the case.
Blocking the connection establishment until the encoding process is activated leads to the disadvantages that this delay is directly at the cost of the performance at the user interface; the solution is prone to errors and a complex buffering of messages becomes necessary accompanied by the simultaneous danger of buffer overflows; the solution seems realisable only for CC messages or for mobile management or for Call Independent Supplementary Service status messages, abbreviated as CISS status messages, is only separately and very difficult realisable; and the solution seems hardly to be standardizable.
It is also extremely problematic to generate an instant encoding during a connection establishment between a base and a mobile handset.