The present invention is directed to a method for exchanging information on a per call basis in encrypted or unencrypted form between ISDN terminal equipment (data terminals, terminals or telecommunication systems) having ISDN standard interfaces without special functions upon employment of basic call procedures.
When information is to be exchanged encrypted or unencrypted form on a per call basis between ISDN terminal equipment (ISDN means Integrated Services Digital Network), that is, between data terminals, terminals or telecommunication systems having ISDN standard interfaces without special functions, then only the ISDN basic call procedures and/or supplementary services are available at the interfaces for this purpose. These latter supplementary services, however, may not yet be offered by all network operators under certain circumstances, at least in the ISDN introduction phase.
FIGS. 1-3 show various configuration possibilities of an arrangement of cryptographic equipment for ISDN telecommunication terminal equipment. In the example of FIG. 1, a plurality of telecommunication data terminals 3 are each respectively connected via a cryptographic equipment 4 to a public or private network 1 via a S.sub.o bus 2. The cryptographic equipment 4 in this example thus lie at an ISDN terminal equipment that is respectively formed by a telecommunications terminal 3. In the example of FIG. 2, a single cryptographic equipment 4 is connected via a network interface 6 to the public or private network 1 in the S.sub.o bus 2. This cryptographic equipment 4 precedes a plurality of different ISDN terminal equipment in the S.sub.o bus 2, these terminal equipment being formed by telecommunications terminals 3. In the example of FIG. 3, a plurality of cryptographic equipment 10 lie at a plurality of parallel interfaces between a public network 8 and a private network 9 that is a telecommunications system. The interfaces between the cryptographic equipment 10 and the public network 8 or, respectively, the private network 9 are referenced 11 and, respectively, 12. A plurality of bus-controlled ISDN terminal equipment in the form of telecommunications terminals 3 belong to the private network 9. The bus interface that leads from the private network 9 to the individual ISDN terminal equipment 3 is referenced 13. Terminals 5 having interfaces 7 that technologically differ from the bus interfaces 13 can also be connected to the telecommunications systems, that is, to the private network 9, whereby the encoding function in the cryptographic equipment 10 is likewise accessible to these terminals 5.
The network offers the users specific basic functions in what are referred to as bearer services for the communication of the greatest variety of information types, for example voice, data, audio, video. Calling ISDN terminal equipment must therefore signal the desired bearer service given a call setup. Called ISDN terminal equipment check their compatibility therewith given incoming calls. Moreover, ISDN terminal equipment can additionally transmit compatibility information end-to-end dependent on employment and can involve these in the decision for call acceptance.
When the aforementioned types of information are communicated encrypted, then the bearer service "unrestricted digital information" must be employed for preserving the bit integrity, as in the case of a data transmission. The following problems therefore exist for the communication in the configurations shown by way of example in FIGS. 1-3:
a) The calling cryptographic equipment must clearly indicate to the called cryptographic equipment per connection whether an encrypted or unencrypted communication is desired. The ISDN basic call procedures have hitherto not offered a general solution for this problem since, for example given employment of the attribute "unrestricted digital information", there is ambiguity without auxiliary information (encrypted information or unencrypted data). PA1 b) Given encrypted communication, the called cryptographic equipment must reconstruct the compatibility elements for the original type of information for delivering the call to the connected ISDN terminal equipment so that these can handle the call acceptance in conformity with the standards. PA1 The calling ISDN terminal equipment reaches a specific intermediate status in the call setup; PA1 The calling cryptographic equipment produces the connection to the called cryptographic equipment in the status across the network and communicates the required auxiliary information in-band; PA1 After this, the called cryptographic equipment starts the call setup to the called ISDN terminal equipment and thereby also employs the auxiliary information communicated in-band.
Both problems seem resolvable on the basis of the basic call procedures in combination with a few supplementary services such as, for example, preferably the service UUS1 (or sub-addressing as well). Information that cannot be communicated according to the rules of the basic call procedures is thereby transported call-accompanying with the assistance of the supplementary services. This method would offer the advantage that only the ISDN terminal equipment as well as the network actively control the call setup and the cryptographic equipment must fundamentally intervene in the procedures in only a modifying way.
Since these supplementary services, however, may not be offered internetwork by all network operators under certain circumstances, an additional in-band signalling must be employed at least as a substitute. One skilled in the art would thereby have to proceed in the following manner:
As may be seen, however, the calling ISDN terminal equipment, the called ISDN terminal equipment and the network are not synchronous in this phase with respect to their call status. The ISDN terminal equipment are in various phases of the call setup, whereas the network has already setup the connection between the cryptographic equipment. The basic call procedures at the network interface can thus no longer be utilized for producing the complete call.