Historically, government and business entities could be reasonably confident that their sensitive information communicated by telephone, fax, or modem was confidential, and that no one would monitor or eavesdrop on their plans and strategies. This is no longer true. In the past several years, as interception and penetration technologies have multiplied, information assets have become increasingly vulnerable to interception while in transit between the intended parties.
A wide range of communications, from those concerning military, government, and law enforcement actions, to contract negotiations, legal actions, and personnel issues all require confidentiality; as do communications concerning new-product development, strategic planning, financial transactions, or any other competition-sensitive matter. These confidential matters often require exchanges via telephone, facsimile (fax), Video TeleConference (VTC), data (modem) transmission, and other electronic communication. As businesses depend on their communications systems more and more, those systems are delivering an ever-increasing volume of information, much of which is proprietary and extremely valuable to competitors.
The increasing prevalence of digital communications systems has led to the widespread use of digital encryption systems by governments and enterprises concerned with communications security. These systems have taken several forms, from data Virtual Private Networks (VPN), to secure voice/data terminals.
As used herein, the following terms carry the connotations described below:                Data VPN is understood to refer to a shared or public packet data network wherein privacy and security issues are mitigated through the use of a combination of authentication, encryption, and tunneling.        Tunneling is understood to refer to provision of a secure, temporary path over an Internet Protocol (IP)-based network by encapsulating encrypted data inside an IP packet for secure transmission across an inherently insecure IP network, such as the Internet.        Secure is understood to refer to the use of combinations of encapsulation, compression and encryption to provide telecommunications privacy and security between two devices across an untrusted network, or the result thereof.        Telephony Appliance is understood to refer to a component of the present invention; specifically an in-line device installed on a DS-1 circuit in a telephone network and including means for controlling inbound and outbound calls by determining attributes of the call and performing actions on the call, including allowing, denying, and conducting select calls in secure mode, all pursuant to the security policy and based on at least one attribute of the call.        
Communications and computer systems move massive amounts of information quickly and routinely. Enterprises are communicating using voice, fax, data, and video across the untrusted Public Switched Telephone Network (PSTN). Unfortunately, whereas a data VPN uses encryption and tunneling to protect information traveling over the Internet, a data VPN is not designed to protect voice, fax, modem, and video calls over the untrusted PSTN.
Although IP-based VPN technology is automated and widely available, solutions for creating safe tunnels through the PSTN are primarily manual, requiring user participation at both ends to make a call secure. This is the case with the use of secure voice/data terminals, such as Secure Telephone Units (STU-IIIs), Secure Telephone Equipment (STE), and hand-held telephony encryption devices.
Secure voice/data terminals effectively protect sensitive voice and data calls. However, their design and typical deployment can be self-defeating. For example, to enter a secure mode on a STU-III or STE device, both call parties must retrieve a physical encryption key from a safe storage location and insert the key into their individual STU-III or STE device each time a call is placed or received. Also, STU-III and STE devices are expensive, so they are typically located at a special or central location within a department or work center, but not at each work station.
The inconvenience, frustration, and poor voice quality of using manually activated secure voice/data terminals can motivate individuals to “talk around” the sensitive material on non-secure phones. Use of secure voice/data terminals for the communication of sensitive information can be mandated by policy, but there is currently no way to properly enforce such a requirement.
Additionally, secure voice/data terminals secure only one end-user station per device. Since they are point-to-point devices, secure voice/data terminals cannot protect the vast majority of calls occurring between users who do not have access to the equipment. And although there may be policies that specifically prohibit it, sensitive material can be inadvertently discussed on non-secure phones and thereby distributed across the untrusted PSTN.
Secure voice/data terminals cannot implement an enterprise-wide, multi-tiered policy-based enforcement of a corporate security policy, establishing a basic security structure across an enterprise, dictated from the top of the tier downward. Neither can secure voice/data terminals implement an enterprise-wide, multi-tiered policy-based enforcement of selective event logging and consolidated reporting to be relayed up the tier.
Lastly, secure voice/data terminals cannot provide call event logs detailing information about secure calls. Therefore, a consolidated detailed or summary report of a plurality of call event logs can not be produced for use by security personnel and management in assessing the organization's security posture.
Clearly, there is a need for a system and method to provide secure access across the untrusted PSTN through telephony resources that can be initiated by a security policy defining actions to be performed based upon at least one attribute of the call, providing multi-tiered policy-based enforcement capabilities and visibility into security events.