Subscribers of communication services on fixed or mobile networks register terminals for use within a given network with the operator of that network. The network operator can thus deliver relevant subscriber services and support call origination and delivery for that registered terminal. For example, following user registration, the network can perform connection set up, call routing and billing functions. Where a subscriber is mobile and visits another network, communication services may still be available by means of roaming agreements between the network operators.
Internet applications and particularly wireless Internet applications have been proposed which allow subscribers of secure local networks to choose between communication routes which are deemed relatively secure and alternative communication routes which are inherently less secure. The Internet is regarded as providing insecure communication routes, particularly when compared with traditional communication networks such as a fixed-cable telecommunication network or a mobile telecommunication network. Accordingly, if a terminal located in a first secure network wishes to communicate with a terminal located in a second secure network, the intermediate communication route can either be secure or insecure. For example an intermediate network such as the PLMN, PSTN or ISDN networks would be deemed relatively secure. However, an intermediate network incorporating the Internet would render the communication route insecure.
Where an insecure network is used the originating and terminating end terminals may use an encryption technique. Applications for implementing the chosen encryption technique need to be provided at both the originating and destination end terminals. In practice, situations arise where a plurality of end terminals in one network wish to communicate with a plurality of end terminals in another network and mutually compatible encryption applications must be provided to each of the plurality of end terminals.
Security services employed on fixed and mobile networks include encryption, certification and authentication. Encryption, for example, typically employs systems based on key pairs. That is, before transmission a subscriber protects the transmission by running an encryption application on the originating end terminal using a key. The transfer is made with the content of the message in an encrypted (protected) format. At the destination end terminal, the message is decrypted by running a mutually compatible decryption application also with a key.
One well known type of encryption application employs a “private/public key pair system”, where the originating subscriber protects his transmission using a private key and the message is then transferred via an intermediate network to an end terminal where it can be decrypted by the destination subscriber by means of a public key. This system requires that the originating subscriber makes the relevant public key available to the or each destination subscriber. Subscribers do not usually make private keys available. Options for making public keys available to destination subscribers include, for example, email or posting the key on web sites which are accessible to destination subscribers. Although the keys are available to the intended recipients, this system is inconvenient and vulnerable to those who are intent on obtaining public keys for deciphering messages not intended for them. Imitation (hoax) web sites have been used to manipulate such arrangements.
Another type of key system employed in encryption applications is the “shared secret key pair system”. This system requires that the originating subscriber projects his transmission using a secret key and the terminating subscriber uses the same key (shared secret key) to extract the message information. This system differs from the private/public key pair system in that it requires that each receiving subscriber has access to the senders secret key. This arrangement is only acceptable where there is a high degree of trust between originating and receiving subscribers and secure networks therebetween.
In general, encryption techniques require that both the communicating end terminals of the subscribers have access to the relevant encryption/decryption algorithms/keys etc. The communicating end terminals must also be provided with and be able to run a suitable application. Any changes or modifications to the encryption technique at the originating end must be provided to the relevant terminal at the receiving end.