1. Field of the Invention
The present invention relates to securing voice communications and more particularly to securing cellular telephone communications utilizing cryptographic keys and algorithms, and further relates to securing telephone communications with a cryptographic key and algorithm exchange system.
2. Brief Description of the Related Art
Communications may be made through the implementation of a variety of technologies that are used to enable signals to be transmitted from one point to another. Some of these technologies include, for example, analog, cellular and voice over internet protocol (VoIP). Traditionally, analog telephone service involves an analog signal that is measured in volts and its frequency in Hertz (e.g., Hz). Telephone communications also may involve the transmission of digital signals which are in binary form. Analog signals may be converted to digital signals through modulation and digital signals likewise may be converted to analog signals through demodulation. Another type of technology for telephone communications involves VOIP, which utilizes packet switched networks to send and receive data transmissions. Internet protocol (IP) may be used, and generally, this process involves the switching of the analog signal (voice) to a digital format signal, and then, compression/translation of the signal into IP packets which are transmitted over the Internet. Cellular telephones generally involve the relaying of radio signals from a cellular device (e.g., a cellular telephone) to a low powered transmitter (i.e., where the maximum power radiated in any given direction usually is less than 50 watts). The signal is communicated from one transmitter to another, and ultimately, to another cellular device (e.g., another cellular telephone). For example, many of the radio signals used in connection with cellular telephones generally have frequencies in the upper 300 MHz range to about just below 2000 MHz.
Securing communications has become an important issue. In many instances, telephone communications may be intercepted. Though a digital signal communicated from a cellular telephone may sound something like the noise of a fax machine, there are devices that may decode the signal so that the contents of the communication may not only be intercepted but also may be discerned. Law enforcement may be provided with technology that permits the interception of telephone signals, but others, desiring to unlawfully ascertain the content of a communication also may use intercepting devices to breach privacy among communicating users.
VOIP communications may be susceptible to interception. One type of attack on data that is communicated over the Internet (as in a VOIP communication) involves a Man-In-The-Middle Attack which refers activity involving the intercepting of the connection between a computer and a device (such as, for example, wireless router) that is providing the connection. For example, this type of attack may enable a hacker to collect the information transferred and then replay the data on another computer in order to ascertain its contents. Another type of interception of Internet traffic is known as eavesdropping which generally involves the use of sniffer software to steal data that is being transmitted over the network. A sniffer is the term for a an application or device that is designed to read, monitor, and capture network data. Communications, including telephone communications, are susceptible to methods and equipment that are designed to intercept and obtain data. Attempts have been made to secure data transmissions. One type of security system involves the use of keys and encryption of data.
There are three basic types of cryptographic key management systems. The first is known as symmetric or secret keys. These are the most secure form of keys and rely on the same preset secret key to be at both ends of the communications. The next system is a computed key. Computed keys generally use a secret seed key and therefore have the same key management issues as a secret key. The last key management system are public keys. The most common implementation of public keys is called Public Key Infrastructure (PKI). There are serious drawbacks to the PKI system, mostly the fact that the key exchange may be intercepted and the encrypted data compromised. Secret keys do not have the problem of interception since the keys are generally not distributed using the same communications system as the data. Secret keys can be combined with computed keys.
The problem with secret keys is that they are preset. That is, both ends of a communication must already have the keys in order to encrypt or decrypt and access the data. This means that both ends of the communications must already know each other to the extent needed to arrange keys in advance. This is not practical on the Internet or other live transaction systems or ad-hoc systems such as telecommunications (line, cell or satellite phone) where encryption for online purchases, online banking and just general privacy issues is made on an as-needed, when-needed basis. For this reason, PKI is the most popular encryption method for live transactions. In addition, there is a large cost to managing secret keys whereas these costs do not exist with public keys.
There is a further problem in that most cryptographic algorithms, and, sometimes implementations of the same algorithms, are not compatible with each other. For example, the legacy encryption algorithms known as DES is not compatible with the currently favored encryption algorithm AES. This means that users who have older equipment/software using DES cannot communicate with users who have newer equipment/software using AES, regardless of the keys.
For example, VOIP communication systems may use public key cryptography, such as, for example, Diffie-Hellman (“DH”) key agreement method. A public key infrastructure (PKI) allows users to securely exchange data over the Internet through the use of a public and private key exchange pair. However, this has drawbacks, as discussed. In some instances, commercial secure phones may augment a DH exchange with a voice authentication digest which even may be combined with a hash commitment at the inception of the key exchange. Voice authentication digests, for example, may involve two users desiring to communicae who exchange short strings verbally in order to authenticate their connection. Implementation of this authentication requires an agreed on cryptographic hash. This method may be an alternative to using a PKI to authenticating the DH exchange. However, there are drawbacks with the combined voice authentication digest type systems, such as, failure of a user to execute the voice authentication procedure, calls to voice mail servers or other machines including those, for example, requiring menu selection options, that cannot execute the voice authentication procedure (such as when a phone is unattended).
US patent application 2007/0157026 discloses a method and system for key management in voice over internet protocol (VOIP). The '026 application attempts to provide a method and system that may be implemented over the Internet using VOIP protocols, SIP, RTP and SRTP, and involves a shared secret value that is cached and re-used later to authenticate a long series of session keys for a number of separate secure phone calls over a long period of time, without the need for voice authentication. The '026 method and system appears to calculate one-time keys based on a “seed” value that was saved, and involves users that utilize the same cryptographic algorithm.
A need exists for a method and device that can provide secure telephone communications for users desiring to make secure calls through cellular, internet, analog or other telephone communication systems, where the secure telephone system may be used independent of the carrier or phone service provided.