The desire to communicate privately is a human trait that dates back to earliest times. There are also good business reasons to maintain privacy in telecommunications systems. For example, users of these telecommunications systems are frequently transferring sensitive data, such as financial data or passwords, in order to conduct business transactions, or access sensitive data or controls. Purchasing goods and services via the internet is another example where sensitive data is transferred using a telecommunication system, the internet.
In a cellular communications system, sensitive data associated with cellular subscribers is routinely transferred throughout the cellular communication system and other networks that connect to other databases or centers for authorization. Such sensitive information may include a subscriber's credit card, secret keys, mobile equipment serial numbers, passwords, and the like. This information may be communicated via radio frequency (RF) transceivers, mobile switching equipment, and leased lines in the public switched telephone network (PSTN).
In the past, most security management efforts have been directed to detection, containment, and recovery; efforts directed toward preventing secure information from being collected have been lacking.
In addition to the need for additional security, government export controls of strong encryption algorithms have become a problem for telecommunications systems manufacturers that compete in international markets. For example, in the United States, the government will not allow the export of strong encryption algorithms, while many other world governments do not have the same restrictions. This may place United States manufactures at a disadvantage when bidding for telecommunications systems installations in foreign countries.
Within the United States, the government allows the encryptions of different types of data at different levels of security. For example, the U.S. government mandates that voice information or voice data be encrypted at a level that can be monitored by authorized government agencies, or otherwise provide monitoring capability by an authorized government agency. The U.S. government allows a higher level of encryption for financial, access, and control data. The level of security of the encryption method relates to the complexity of the encryption algorithm, the length of the key used during encryption, and, to a lesser extent in higher security encryption techniques, the control of access to the algorithm's operational details.
Therefore, one solution that provides for the simultaneous needs of eaves dropping by an authorized government agency and the protection of highly secure financial and control information uses two different encryption engines--one to encrypt voice data at a lower security level, and another to encrypt financial or control data at a higher security level. A problem with this solution is that when the higher and lower security data streams are monitored the streams may be clearly identifiable by headers needed to separate the two levels of encrypted data. This points out to the unauthorized eaves dropper exactly where in the data stream the highly sensitive data resides. This highlighted exposure of highly sensitive data increases the probability that the eaves dropper may decipher the sensitive information because multiple instances of the encrypted sensitive information are readily available to the eaves dropper.
Therefore, a need exists for an improved method and system for securely transferring a data set in a telecommunications system, wherein data in the data set may be encrypted with different levels of security and the more secure portion of the data set is not readily apparent to an eaves dropper.