1. Field of the Invention
The invention relates to the securing of a telephone link connecting two subscriber sets, that is to say in particular the protection of this telephone link against the pirating of the information exchanged between the two subscriber sets.
2. Description of the Related Art
In terms of hardware, a telephone link comprises various items of equipment such as network terminals, line terminals, subscriber lines, local switching centers and the public switched telephone network. When this telephone link is established by using a nonswitched telephone network (for example the Internet network) there is also provision for routing devices specific to this network.
More precisely, each subscriber set, for example a telephone set or a modem linked to a computer, is connected, by way of a subscriber tap, to a network terminal, consisting essentially, in terms of hardware, of a specific card, such as for example a so-called TNR card marketed by various companies such as ALCATEL, SAT, SIEMENS or PHILIPS. Each network terminal is linked by way of a subscriber line to a line terminal situated at a local switching center. In terms of hardware, the line terminal also comprises a specific card, in particular a TABN card marketed by these same companies, and comprising eight inputs/outputs so as to manage eight subscriber lines. The two local switching centers associated with the telephone link connecting the two relevant subscriber sets are mutually linked by a public switched telephone network.
Moreover, these two line terminals are also linked by way of specific routing devices connected to a nonswitched public telephone network (for example Internet). The person skilled in the art is aware that such a nonswitched public telephone network does not differ, in terms of hardware, from the public switched telephone network. It is in fact a virtual network which uses the hardware resources of the public switched telephone network when they are available. One speaks of a nonswitched telephone network since it does not employ the local switching centers to establish a fully defined and identified link for exchanging useful information between the two subscriber sets.
The transfer, exchange of data and of documents performed by means of these subscriber sets have, in the course of the present decade, become methods for routine communications between geographically remote individuals and/or entities. This worldwide process of electronic communication has been further accelerated in the course of recent years with the planet-wide development of the Internet network. Through these technologies, without the obvious intervention of an intermediary and almost in real time, the economic world exchanges and transmits information which may exhibit higher or lower degrees of confidentiality.
The current use of these new forms of communication has highlighted the problem of the securing of exchanges between opposite parties, that is to say between a sender and his intended recipient. One of the priority objectives of these is then to avoid it being possible for the information which they convey by way of the switched or nonswitched public telephone network to be picked up and used without their knowledge by third parties. A solution to this problem could consist in installing encryption/decryption means in the local network of each subscriber, that is to say upstream of the subscriber tap. In this case, the information exchanged between the two subscriber sets is encrypted end-to-end between each encryption/decryption means installed at the subscriber""s local level. However, such a solution has numerous drawbacks.
It requires firstly that the encryption/decryption hardware, and the corresponding software implemented in this hardware, be fully mutually compatible. In practice, the hardware and the software will have to be almost identical. Now, this is difficult to achieve, having regard to the very large disparity which may exist between the various subscribers. Moreover, such a solution requires a third-party agency managing the allocation of the various encryption keys to the subscribers. Furthermore, the communicating of the encryption keys between this third-party agency and each of the subscribers must also be secure, this constituting an additional difficulty.
Finally, in the case in which a secure subscriber wishes to contact a nonsecure subscriber, the former must provide for means internal to his local network, which are capable of disconnecting his own encryption/decryption means.
Described herein is a system for securing of a telephone link between two subscriber sets, whether this telephone link be established on the switched telephone network or on the nonswitched network, for example Internet, and which is simple to manage at the level of the encryption keys used, and which leaves the entire network transparent and open in the event of an exchange of information between a nonsecure subscriber and a secure subscriber.
Also described is a securing system which adapts without any additional constraint, other than those already fixed by the telecommunication operator on the already existing network, whilst ensuring good security of the data transmitted.
In one embodiment, the system secures a telephone link-between two subscriber sets, this link being established by way of a switched telephone network or a nonswitched telephone network at the request of the calling subscriber.
According to one formulation, the system comprises:
two network terminals each comprising a specific input/output port to which is connected a subscriber set, network encryption/decryption means and a memory containing an identifier of the said port,
two line terminals mutually linked both by the nonswitched telephone network and by the switched telephone network, and linked furthermore to the two network terminals by two subscriber lines,
checking means connected to the switched and nonswitched telephone networks, able to verify the identifiers of the two relevant input/output ports and to deliver or not to deliver an encryption authorization signal,
generating means connected to the switched and nonswitched telephone networks, able in the presence of the encryption authorization signal to generate at least one encryption key, to vary it temporally in a pseudo-random manner, and to forward it to the network encryption means as well as to the checking means,
the network encryption means encrypting, between the two network terminals and on the basis of the encryption key, the useful information exchanged between the two subscriber sets, the information exchanged between the two call sets being transmitted unenciphered between each network terminal and the corresponding subscriber set.
Stated otherwise, the system provides for the installing in the network terminal of each secure subscriber, of encryption/decryption means capable of employing security protocols on the basis of encryption keys generated by generating means connected to the switched telephone network and to the nonswitched telephone network.
Moreover, the telecommunication operator is the sole owner of the solutions and of the technical hardware which he uses to secure his subscriber lines. In practice, he will install identical hardware and identical software in the various local switching centers and in the various network terminals. The problem of the compatibility of the encryption/decryption software used at the various sites of the telephone network is therefore automatically catered for.
Moreover, the checking means, for example a server connected both to the switched telephone network and to the nonswitched telephone network, caters for a dual function of verifying the identifiers of the two relevant input/output ports, and hence verifying that the two subscribers are registered with the secure service and also storage of the various encryption keys used in real time so that the operator can, for security reasons, ascertain in real time, if relevant, the encryption key used at the current instant.
In this regard, the server can incorporate the encryption key generating means and transmit them to the various encryption/decryption means.
As a variant, each network terminal can incorporate means for generating the encryption keys. In this case, the encryption keys are generated in a stand-alone manner and on the initiative of the calling network terminal, thereby making access to these keys even more difficult for any third party.
However, in this case, the generating means transmit in real time the encryption keys thus automatically generated to the checking means (server).
Although the invention is applicable to all telephone networks, in particular analog telephone networks on condition that provision is made for analog/digital conversions for the encrypting of information, the invention applies preferably and advantageously to a digital telephone network such as the integrated services digital network (ISDN) defined in ITU-T recommendations of Series I, published by the International Telecommunications Union (formerly CCITT).
More generally, in a digital telephone link, there are provided at least two bidirectional channels, or B channels, for exchanging useful information proper between the two subscriber sets, that is to say for example verbal information or computer data or else contents of letters transmitted by facsimile, as well as a service channel, or D channel, operating in message mode for transporting the signaling and packet mode services.
In the case of an application of the invention to a digitized network, analog/digital conversion is thus completely circumvented, thereby simplifying the means utilized, and the checking means then advantageously verify the identifiers of the two input/output ports by using the service channel, whether the telephone link for exchanging useful information between the two subscriber sets be established on the switched network or on the nonswitched network (Internet). Likewise, it is particularly advantageous for the means for generating encryption keys to transmit in real time the various encryption keys used in the course of a telephone link, likewise by using the service channel or D channel, whether the telephone link for exchanging useful information between the two subscriber sets be established on the switched network or on the nonswitched network.
This embodiment makes it possible, especially when a telephone link is established on the Internet network, to make attempts at pirating almost impossible since the transmission of the encryption keys is not performed over the Internet network but over the D channel of the switched telephone network by way of the local switching centers.
The invention also makes provision for the network encryption/decryption means of each network terminal advantageously to be situated between the U interface and S interface of the terminal. This is because, on the subscriber line, when a network of the ISDN type is used, the B bidirectional channels and the D service channel are not discernible. In combination with this locating of the encryption/decryption means between the U interface and the S interface, there is provision for each network terminal to comprise routing means for routing the data received by the U interface either toward the network encryption/decryption means if the link is to be made secure, or directly toward the S interface, that is to say without going via the network encryption/decryption means, if the link is not secure.
When the telephone link uses the nonswitched network (Internet), provision is then made for each network terminal to possess a locating address on the nonswitched network (Internet address). The network encryption/decryption means of the calling network terminal are thus advantageously able to encapsulate the locating address of the called subscriber set as well as the useful information in the locating address of the called network terminal.