[go: up one dir, main page]

WO2010100602A2 - A secure communication network system and cost efficient method of communication thereon - Google Patents

A secure communication network system and cost efficient method of communication thereon Download PDF

Info

Publication number
WO2010100602A2
WO2010100602A2 PCT/IB2010/050889 IB2010050889W WO2010100602A2 WO 2010100602 A2 WO2010100602 A2 WO 2010100602A2 IB 2010050889 W IB2010050889 W IB 2010050889W WO 2010100602 A2 WO2010100602 A2 WO 2010100602A2
Authority
WO
WIPO (PCT)
Prior art keywords
communication
router
central hub
network system
wireless device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IB2010/050889
Other languages
French (fr)
Other versions
WO2010100602A3 (en
Inventor
Aasis Vinayak P.G.
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2010100602A2 publication Critical patent/WO2010100602A2/en
Anticipated expiration legal-status Critical
Publication of WO2010100602A3 publication Critical patent/WO2010100602A3/en
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • H04L67/63Routing a service request depending on the request content or context
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys

Definitions

  • VoIP Voice over Internet Protocol
  • IP internet-protocol
  • VoIP systems employ session control protocols to control the set-up and tear-down of calls as well as audio coders-decoders (codecs) which encode speech allowing transmission over an IP network as digital audio via an audio stream.
  • codecs audio coders-decoders
  • VoIP has been implemented in various ways using both proprietary as well as open source protocols and standards.
  • a major development starting in 2004 has been the introduction of mass-market VoIP services over broadband internet access services, in which subscribers make and receive calls as they would over the PSTN.
  • Full phone service VoIP phone companies provide inbound and outbound calling with Direct Inbound Dialing.
  • ATA analog telephone adapter
  • Another method of connecting VoIP service providers is by way of using dedicated
  • VoIP phones that allow VoIP calls without the use of a computer. Instead they connect directly to the IP network using technologies such as Wi-Fi or Ethernet. In order to connect to the PSTN they usually require service from a VoIP service provider; most people therefore will use them in conjunction with a paid service plan.
  • the third method consists of installing a software called a soft phone on a computer that allows VoIP calling without dedicated hardware.
  • This sotware is also referred to as Internet phone or Digital phone.
  • IMS IP Multimedia Subsystem
  • “Dual mode" telephone sets which allow for the seamless handover between a cellular network and a Wi-Fi network, are expected to help VoIP become more popular.
  • These have sessions-initiation-protocol (SIP) clients built into the firmware which are configured to operate independently of the mobile phone network.
  • SIP sessions-initiation-protocol
  • Some operators choose to remove the client from subsidized handsets. In fact, some operators have actively tried to block VoIP traffic from their networks while others have refused to interconnect with VoIP-enabled networks.
  • This invention seeks to overcome the drawbacks of the existing prior art namely: a. Necessity to have an Internet connection b. No support for custom end-to-end secure communication (as we can do using emails) c. The requirement of necessarily having a computing means along with a shared or dedicated internet connection for a stationary user wanting to use VoIP; d. The requirement of having a high-end VoIP enabled cellular handphone and an exclusive subscription plan which is relatively expensive; and e. The industry created incompatibility issues regarding the seamless integration of PSTN, VoIP and cellular technology to provide the user with a comprehensive communication platform. f . Restricted mobility even if you are using a hand-held device like a Skype phone.
  • the instant invention provides for a secure highly cost efficient communication system resembling the service delivery platform of implementing VoIP enabled communication.
  • This system enables the subscriber to be independent of the VoIP compliant computer which is essential in the state-of-art. It also makes the mobile subscriber independent of high end VoIP compatible mobile phone and an internet connection either shared or dedicated for their last mile connectivity when they wish to communicate using VoIP platform (which is implemented in a custom VPN, as a logical network, by superposing it on the top on internet topology).
  • mobile subscriber means a user who is not stationary and is using VoIP on the g°- b.
  • high end refers to integration of sophisticated technology into a normal cellular handset which renders it expensive for making it compatible with relatively cheap platform for diverse communication needs.
  • the instant invention provides for a secure communication network system comprising a central hub (CH), a plurality of router nodes (RN) and a plurality of wireless devices (WD) wherein said central hub (CH) comprises of plurality of databases of identifiers of all wireless devices (WD) and corresponding public key (PK), plurality of dynamically updated look-up tables, plurality of dynamically updated look-ahead tables and recent activity logs, said router nodes (RN) comprises of compatible router transceiver blocks (RTB) and device identifier (HID) with subscription identifier arranged in tables for logging in wireless devices (WD) for local authentication of said WD, said wireless devices (WD) comprises of compatible wireless transceiver blocks (WTB) and its unique identifier embedded in the said WD' s logic, a mirror image of which is maintained in the said database of identifiers of the said central hub (CH) and which is delivered to said router nodes (RN) when so requested wherein said compatible wireless transceiver block establishes communication sessions with the
  • a secure communication network system wherein the said communication sessions are established over data channel which may be a licensed or unlicensed frequency spectrum.
  • a secure communication network system wherein the said data channel is selected from either a free channel like Industrial Scientific Medical Bandwith (ISM) or licensed proprietary bandwidth like 3G.
  • ISM Industrial Scientific Medical Bandwith
  • 3G licensed proprietary bandwidth
  • a secure communication network system wherein said identifiers constituting said plurality of database maintained at the Central Hub (CH) are mapped to corresponding temporary public key.
  • CH Central Hub
  • a secure VoIP communication network system wherein location of a wireless device with respt to the installed router nodes (RN) are updated dynamically in real time in the said plurality of databases resident on said central hub (CH).
  • a secure VoIP communication network system wherein said look-up table comprises of computing means to determine the shortest communication path needed to establish the desired communication session.
  • a secure VoIP communication network system wherein said dynamically updated look tables comprises of information pertaining to the current location of the wireless device (WD)
  • Figure 1 illustrates the network components used in the invention
  • Figure 2 illustrates a logical block diagram for an inexpensive portable wireless handset of this invention
  • Figure 3 illustrates the implementation of the said invention through a novel wireless communication network
  • Figure 4 illustrates the logical procedure undertaken by a subscriber of the instant invention to communicate with an entity in the proposed network of the said communication system and vice versa
  • Figure 5 illustrates the implementation of the instant invention in the legacy infrastructure like Plain Old Telephone System (POTS) BRIEF DESCRIPTION OF THE INVENTION:
  • POTS Plain Old Telephone System
  • the communication system of the instant invention resembling service delivery platform for VoIP is a peer-to-peer (P2P) topology based network where all kinds of communications requests by its subscribers are serviced by plurality of routing nodes interconnected dynamically using the said P2P topology.
  • the said routing nodes in turn communicate with a logical central hub implemented as a data centre which manages and defines the routing path undertaken by the said nodes while servicing the said end user's communication request.
  • the instant invention provides a fast local network link between its said subscribers and their said corresponding nodes with which the said subscriber is logged on in realtime. This in turn facilitates dynamic synchronization of the mobile subscriber with the corresponding router node using novel compatible communication interface standards loosely based on session setup and teardown concept of VoIP stack.
  • Plurality of such said nodes are also connected to the said hub using the same said interface standards and the said nodes are interconnected among themselves using any packet-switching- network.
  • the said hubs comprise of dynamically updated look up and look ahead routing tables for the said proposed network and thereby instruct the said nodes to forward the actual voice encapsulated data packets to comply with the said end user's communication request.
  • the said hub can be treated as logical proxy for the said end user which basically controls the routing of the said subscriber's communication request but the actual routing is done by the said server nodes.
  • the subscriber's request for a communication service to an entity which is part of this proposed invention implementation is totally free of cost after the one-time payment of the intial subscripton charges.
  • the usage charges are very minimal. All these economic advantages are obtained as the said routing undertaken at the backend of the said system by the said dynamic routing nodes is done by forwarding the said data packets from one router to another to manage the data traffic generated without any form of centralized server client architecture.
  • centralized server client architecture is where the subscribers requests are escalated to some predefined master backbone mainframe servers using vertical hierarchy routing topology.
  • the security concern for the voice encapsulated data traffic to be transmitted over the proposed communication network is taken care of by the instant invention by facilitating the integration of the client's proprietiary encryption algorithm over the default encryption implemented by the service provider in the state of the art VoIP services.
  • every session security is achieved by dual encryption, one part of which is done at the subscriber's end through a private encryption key embedded in the said subscriber's device while the second part is achieved by the said router node generating a device specific temporary public key valid for that session only.
  • This temporary public key is tagged with a time stamp and is transmitted to the said corresponding device over the said local high speed network.
  • the implementation of this dual private and public on-the-fly-encryption assures the subscriber of fool-proof security while communicating within or outside the said local network.
  • the instant invention also provides for the said implementation to be incorporated into the legacy infrastructure like the POTS (Plain Old Telephone System) by attaching a routing device to a fixed landline connection.
  • the said routing device has a mini server embedded in it.
  • the said routing device acts as an interface between the data center (hub) and the fixed landline connection. This eliminates the need for computing means to access the VoIP communication which is a major drawback in the existing state-of- art.
  • the instant invention can also be incorporated into existing cellular handsets with minor improvisations to the motherboard of said cellular handset, for e.g. addition of an adapter. This negates the need of an expensive dual VoIP compatible cellular handset to enable mobile VoIP communication of the existing state of the art.
  • the instant invention also provides for a cellular like architecture enabling the mobile subscriber to move freely since the subscriber's link with the corresponding server node can be dynamically passed on from one node to another without losing the said subscriber's communication facilities. This is possible because of the look up and look ahead databases resident on the said hub which is being dynamically updated enabling real time handshake between said server nodes in case of the said subscriber is moving around. This helps to overcome the coverage area restriction problem in the existing state of the art Mobile VoIP networks.
  • the embodiment details the best mode implementation of the proposed invention but does not restrict its scope in any way and thus the proposed invention can be applied to other applications.
  • the preferred embodiment is illustrated for a wireless cellular implementation but it can be easily adapted for existing fixed line telecommunication technologies like the normal PSTN (Public Switched Telecom Network) with little modification or addition of components on such legacy networks.
  • PSTN Public Switched Telecom Network
  • Figure 1 illustrates the block diagram for a novel wireless communication network system of the instant invention.
  • the said network is implemented as a cellular intranet employing novel session control protocols similar to the protocols used for realizing VoIP services, thus delivering a cost efficient and highly secure communication environment to its subscribers.
  • the said wireless device (WD) is in communication with a plurality of router nodes (RN) in such a manner that each said wireless device (WD) is dynamically synchronized or logged on in real time with at least one such said router node (RN) at any point in time.
  • the synchronization of the wireless device with the router nodes corresponds to the geographic location of the said wireless devices (WD) with respect to the said installed router nodes (RN) location.
  • the said plurality of router nodes (RN) also communicate among themselves based on the partial P2P routing logic through a packet switching network like the internet.
  • the said P2P routing logic is obtained by the said router nodes (RN) from a central hub (CH) which is in communication with the said router nodes (RN).
  • the said central hub (CH) manages and oversees the execution of communication requests by the said subscribers of the said cellular wireless intranet and thus facilitates a high speed wireless local network link for the said subscribers.
  • the wireless devices (WD) as illustrated in figure 2 can be inexpensive portable handsets which can be allotted on a very minimal subscription service by the service provider of the proposed communication network.
  • the said subscription can be implemented by using the Handset Identification Number (HID) of the said portable handset.
  • the said HID is unique for each wireless device and is embedded in the same. This identifies the said subscriber on the high speed local wireless network.
  • the said wireless device (WD) too has an embedded handset identification number (HID) which is unique for each said wireless device
  • the said HID is basically the end product of random number generator again embedded in the said wireless device's (WD) firmware and can be treated as the private encryption key unique for each subscriber's wireless device (WD).
  • This said device's firmware is also configured to enable the said wireless device (WD) into entering a secure mode where a password protection is attached to the packets to be sent over the said local fast wireless network, but before they are transmitted over the said local link the said packets are encrypted with the said private encryption key.
  • router nodes which comprises of compatible transceivers along with primary authentication means resident on base station towers normally used for cellular telephony.
  • the said compatible transceivers are further in sync with dynamically updated look up and look ahead databases and account logs of the said subscribers resident on the said central hub (CH).
  • This is implemented using cloud computing as a data center (DC) which in turn comprises of a virtual web server (WS).
  • DC data center
  • WS virtual web server
  • the said virtual web server (WS) also maintains a list of public encryption keys, each key unique and tagged with the said unique "HID" of each wireless device (WD) present in its area of coverage at that instant to authenticate, register, manage and serve the said subscriber's communication requests.
  • the said web server (WS) functions as a virtual extended EPABX.
  • the said wireless device logic comprising of said firmware is implemented on an existing cellular handset of a subscriber by incorporating an adapter circuit on the motherboard of the said cellular handset.
  • This incorporation makes the said cellular handset compatible with the novel interface standard of the proposed network.
  • the compatible transceivers along with the corresponding local authentication means are installed on existing base station towers used for cellular telephony.
  • the said wireless device (WD) logic incorporated in the said cellular handset is a logical client in this setup and remains in sleep mode until awakened either by the said web server (WS) or when the subscriber initiates communication which pertains to the novel interface of the instant invention.
  • This process of initiating is applicable only for said cellular handset (WD) which are dynamically registered with the corresponding router node resident on the said cell tower.
  • This wakeup call constitutes the said unique HID of the requesting said wireless device (WD) superimposed on the application layer of the said novel session setup protocol to be sent over the said local wireless link to the transceiver block of the said cell tower.
  • the said router node (RN) authenticates the said received HID and initiates the said central hub (CH) to look up for the said wireless device's (WD) unique HID from its real time updated databases. It further generates a session exclusive temporary public key unique for each wireless device (WD). This is finally transmitted to the said corresponding cellular handset (WD).
  • This whole dual encryption is carried out in real time processing mode and is therefore foolproof against pattern based key cracking attacks making the whole system more secure.
  • the packets that are sent over the said local high speed network contain the said temporary public key allocated by the said web server (WS) to the said wireless device (WD) which has initiated this session and is valid for that session only plus his unique subscription number along with the number of the said destination he wishes to communicate with and finally the said message content for which the encryption process has been described above.
  • the said called wireless device (WD2) If the said called wireless device (WD2) is not in the logical active state, its said corresponding tower again undertakes the above described sequence of initiating the said called wireless device (WD2) into a logical active state and allocating a temporary public key which is unique to the said called wireless device (WD2). Moreover, the said temporary unique public key is valid for that session only.
  • the router node resident on the said corresponding tower then encrypts the said received contents and the said unique subscription number of the said calling device (WDl) with the said generated temporary public key of the called device and finally transmits this to the said called wireless device (WD2).
  • the said called wireless device (WD2) upon reception of the said content replies to its said corresponding server with its encrypted content generated by undergoing similar process undertaken by the said calling wireless device (WDl) took while initiating this communication session over the said similar local wireless link.
  • the said web server(WS) from figure acts as a server gateway (SG) as shown in figure 4.
  • the said server gateway (SG) receives the encrypted communication content and the number of the called party, the said encryption done using allotted said temporary session public key unique for the said wireless device (WD).
  • the said server gateway (SG) further decrypts the said encrypted content with the corresponding unique decryption key from its said dynamic database of said keys.
  • a reserved number from the said server gateway maintained database is allocated to the said decrypted content after matching of its internal unique subscriber number with the available external identification numbers.
  • the said server gateway acts as a proxy destination for the called wireless device (WD) and thus receives the message contents intended for the said called wireless device (WD).
  • the server gateway then verifies the account details of the said called wireless device (WD). It further determines the current location and consequently the unique
  • the said central hub (CH) then enables the routing of the said content to the desired tower on the corresponding said router node (RN).
  • the said routing node (RN) resident on the said tower sets up a session with the said called wireless device (WD) and after receiving the said unique private encryption key (HID) from the same generates a corresponding temporary public encryption key (PK) unique for the said called wireless device (WD) and valid for that session only.
  • the said intended message contents and the number of the calling party are encrypted with the said unique public key (HID) and sent over the said local wireless link to complete a communication link between the said calling party and the said called party.
  • the above described invention can be extended to the legacy infrastructure like the POTS (Plain Old Telephone System) as shown in Figure 5 by attaching a router (R) to an analog landline handset (HS) and linking the said handset (HS) with a web server means (WS) using the existing PSTN to create a virtual intranet.
  • the said router comprises of routing device (RD) with a mini server embedded in it.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides for a secure communication network system that enables the subscriber to be independent of the VoIP compliant computer and shared or dedicated internet connection to achieve alternate cost efficient communication needs. It also makes the mobile subscriber independent of high end VoIP compatible mobile phone and an expensive subscription charge thus overcoming the limitation of covered range. This is achieved by using virtual intranet resembling service delivery of VoIP but with end-to-end security. The invention uses cloud computing in tandem with P2P routing.

Description

TITLE
A secure communication network system and cost efficient method of communication thereon
BACKGROUND OF THE INVENTION:
Voice over Internet Protocol (VoIP) or internet telephony is a general term for a family of transmission technologies encompassing communications services including voice, facsimile and voice-messaging applications that are transported via packet-switched networks over the internet rather than the public switched telephone network (PSTN). The basic steps involved in originating an internet telephone call are conversion of the analog voice signal to digital format followed by compression of the digital signal into compatible internet-protocol (IP) packets for transmission over the internet and this process is reversed at the receiving end.
VoIP systems employ session control protocols to control the set-up and tear-down of calls as well as audio coders-decoders (codecs) which encode speech allowing transmission over an IP network as digital audio via an audio stream.
VoIP has been implemented in various ways using both proprietary as well as open source protocols and standards. A major development starting in 2004 has been the introduction of mass-market VoIP services over broadband internet access services, in which subscribers make and receive calls as they would over the PSTN. Full phone service VoIP phone companies provide inbound and outbound calling with Direct Inbound Dialing.
There are three common methods of connecting to VoIP service providers. One of the methods commonly followed is that of a typical analog telephone adapter (ATA) for connecting an analog phone using an existing telephone jack to an IP network in order to provide service nearly indistinguishable from PSTN providers This type of service, which is fixed to one location, is generally offered by broadband internet providers as a cheaper option to flat-rate traditional phone service.
Another method of connecting VoIP service providers is by way of using dedicated
VoIP phones that allow VoIP calls without the use of a computer. Instead they connect directly to the IP network using technologies such as Wi-Fi or Ethernet. In order to connect to the PSTN they usually require service from a VoIP service provider; most people therefore will use them in conjunction with a paid service plan.
The third method consists of installing a software called a soft phone on a computer that allows VoIP calling without dedicated hardware. This sotware is also referred to as Internet phone or Digital phone.
It is becoming increasingly common for telecommunications providers to use VoIP telephony over dedicated and public IP networks to connect switching stations and to interconnect with other telephony network providers.
Many telecommunications companies are looking at the IP Multimedia Subsystem (IMS) which will merge internet technologies with the mobile world. It will enable them to upgrade their existing systems while embracing internet technologies such as the Web, email, instant messaging, presence, and video conferencing.
"Dual mode" telephone sets, which allow for the seamless handover between a cellular network and a Wi-Fi network, are expected to help VoIP become more popular. These have sessions-initiation-protocol (SIP) clients built into the firmware which are configured to operate independently of the mobile phone network. However some operators choose to remove the client from subsidized handsets. In fact, some operators have actively tried to block VoIP traffic from their networks while others have refused to interconnect with VoIP-enabled networks.
OBTECT OF THE INVENTION:
This invention seeks to overcome the drawbacks of the existing prior art namely: a. Necessity to have an Internet connection b. No support for custom end-to-end secure communication (as we can do using emails) c. The requirement of necessarily having a computing means along with a shared or dedicated internet connection for a stationary user wanting to use VoIP; d. The requirement of having a high-end VoIP enabled cellular handphone and an exclusive subscription plan which is relatively expensive; and e. The industry created incompatibility issues regarding the seamless integration of PSTN, VoIP and cellular technology to provide the user with a comprehensive communication platform. f . Restricted mobility even if you are using a hand-held device like a Skype phone.
SUMMARY OF THE INVENTION: In order to obviate the drawbacks in the existing state-of-art, the instant invention provides for a secure highly cost efficient communication system resembling the service delivery platform of implementing VoIP enabled communication. This system enables the subscriber to be independent of the VoIP compliant computer which is essential in the state-of-art. It also makes the mobile subscriber independent of high end VoIP compatible mobile phone and an internet connection either shared or dedicated for their last mile connectivity when they wish to communicate using VoIP platform (which is implemented in a custom VPN, as a logical network, by superposing it on the top on internet topology).
For the purposes of this invention, the following terms are defined as follows: a. "mobile subscriber" means a user who is not stationary and is using VoIP on the g°- b. "high end" refers to integration of sophisticated technology into a normal cellular handset which renders it expensive for making it compatible with relatively cheap platform for diverse communication needs.
Accordingly, the instant invention provides for a secure communication network system comprising a central hub (CH), a plurality of router nodes (RN) and a plurality of wireless devices (WD) wherein said central hub (CH) comprises of plurality of databases of identifiers of all wireless devices (WD) and corresponding public key (PK), plurality of dynamically updated look-up tables, plurality of dynamically updated look-ahead tables and recent activity logs, said router nodes (RN) comprises of compatible router transceiver blocks (RTB) and device identifier (HID) with subscription identifier arranged in tables for logging in wireless devices (WD) for local authentication of said WD, said wireless devices (WD) comprises of compatible wireless transceiver blocks (WTB) and its unique identifier embedded in the said WD' s logic, a mirror image of which is maintained in the said database of identifiers of the said central hub (CH) and which is delivered to said router nodes (RN) when so requested wherein said compatible wireless transceiver block establishes communication sessions with the said compatible router transceiver block (RTN); said compatible router transceiver block (RTN) also facilitates communication sessions with each other; said compatible router transceiver block (RTN) also establishes communication sessions with the central hub (CH).
A secure communication network system wherein the said communication sessions are established over data channel which may be a licensed or unlicensed frequency spectrum.
A secure communication network system wherein the said data channel is selected from either a free channel like Industrial Scientific Medical Bandwith (ISM) or licensed proprietary bandwidth like 3G.
A secure communication network system wherein said identifiers constituting said plurality of database maintained at the Central Hub (CH) are mapped to corresponding temporary public key.
A secure VoIP communication network system wherein location of a wireless device with respt to the installed router nodes (RN) are updated dynamically in real time in the said plurality of databases resident on said central hub (CH).
A secure VoIP communication network system wherein said look-up table comprises of computing means to determine the shortest communication path needed to establish the desired communication session.
A secure VoIP communication network system wherein said dynamically updated look tables comprises of information pertaining to the current location of the wireless device (WD)
A method of communicating using secure VoIP communication network system as claimed in claim 1, said method comprising the steps of - Initiation of a communication request by the subscriber through his compatible wireless device (WD), said unique identifier of the said WD being authenticated with time stamping of session exclusive public keythe said tables in the router node (RN), said tables being retrieved by the said router node from the said central hub (CH) to complete the said authentication - Establishment of a session by the said router node establishes a session with the said central hub (CH) and communicates the HID of the said WD, whereby the computing means of the CH generates session exclusive corresponding temp public key using the said database of identifier, said generated public key is communicated back to the said WD through said corresponding router node; - Encryption of communication content of the WD with the said obtained public key along with the embedded HID
Clubbing of said encrypted content with the dialed number and the said SIM number of the said calling party and sending the same to the central hub (CH) via the said transceiver of the said corresponding router node (RN) - Using the said look up and look ahead tables at the Central Hub (CH) to determine the location of the dialed device along with the location of the corresponding router node and the optimized routing path; said communicating said information to said router node which completes the routing according to the said optimized routing path; - Establishment of a communication by the said router node with the desired router node and transmitting said encrypted communication contents along with the number of the calling wireless device (WD)
Establishment of a session by the destination router node with the said called wireless device which in turn transmits its unique HID back to the said router node
On reception of this unique HID the encrypted communication content along with the said number of the calling party is further encrypted with the received said HID of the called device which is communicated back to the called wireless device.
BRIEF DESCRIPTION OF THE ACCOMPANYING FIGURES: Figure 1 illustrates the the network components used in the invention Figure 2 illustrates a logical block diagram for an inexpensive portable wireless handset of this invention Figure 3 illustrates the implementation of the said invention through a novel wireless communication network
Figure 4 illustrates the logical procedure undertaken by a subscriber of the instant invention to communicate with an entity in the proposed network of the said communication system and vice versa Figure 5 illustrates the implementation of the instant invention in the legacy infrastructure like Plain Old Telephone System (POTS) BRIEF DESCRIPTION OF THE INVENTION:
The communication system of the instant invention resembling service delivery platform for VoIP is a peer-to-peer (P2P) topology based network where all kinds of communications requests by its subscribers are serviced by plurality of routing nodes interconnected dynamically using the said P2P topology. The said routing nodes, in turn communicate with a logical central hub implemented as a data centre which manages and defines the routing path undertaken by the said nodes while servicing the said end user's communication request.
The instant invention provides a fast local network link between its said subscribers and their said corresponding nodes with which the said subscriber is logged on in realtime. This in turn facilitates dynamic synchronization of the mobile subscriber with the corresponding router node using novel compatible communication interface standards loosely based on session setup and teardown concept of VoIP stack. Plurality of such said nodes are also connected to the said hub using the same said interface standards and the said nodes are interconnected among themselves using any packet-switching- network.
The said hubs comprise of dynamically updated look up and look ahead routing tables for the said proposed network and thereby instruct the said nodes to forward the actual voice encapsulated data packets to comply with the said end user's communication request. The said hub can be treated as logical proxy for the said end user which basically controls the routing of the said subscriber's communication request but the actual routing is done by the said server nodes.
Therefore the subscriber's request for a communication service to an entity which is part of this proposed invention implementation is totally free of cost after the one-time payment of the intial subscripton charges. In case the said subscriber wants to communicate with entities residing outside of this said network, the usage charges are very minimal. All these economic advantages are obtained as the said routing undertaken at the backend of the said system by the said dynamic routing nodes is done by forwarding the said data packets from one router to another to manage the data traffic generated without any form of centralized server client architecture. In the existing state of art, centralized server client architecture is where the subscribers requests are escalated to some predefined master backbone mainframe servers using vertical hierarchy routing topology.
The security concern for the voice encapsulated data traffic to be transmitted over the proposed communication network is taken care of by the instant invention by facilitating the integration of the client's proprietiary encryption algorithm over the default encryption implemented by the service provider in the state of the art VoIP services. In every session security is achieved by dual encryption, one part of which is done at the subscriber's end through a private encryption key embedded in the said subscriber's device while the second part is achieved by the said router node generating a device specific temporary public key valid for that session only. This temporary public key is tagged with a time stamp and is transmitted to the said corresponding device over the said local high speed network. The implementation of this dual private and public on-the-fly-encryption assures the subscriber of fool-proof security while communicating within or outside the said local network.
The instant invention also provides for the said implementation to be incorporated into the legacy infrastructure like the POTS (Plain Old Telephone System) by attaching a routing device to a fixed landline connection. The said routing device has a mini server embedded in it. The said routing device acts as an interface between the data center (hub) and the fixed landline connection. This eliminates the need for computing means to access the VoIP communication which is a major drawback in the existing state-of- art.
The instant invention can also be incorporated into existing cellular handsets with minor improvisations to the motherboard of said cellular handset, for e.g. addition of an adapter. This negates the need of an expensive dual VoIP compatible cellular handset to enable mobile VoIP communication of the existing state of the art.
The instant invention also provides for a cellular like architecture enabling the mobile subscriber to move freely since the subscriber's link with the corresponding server node can be dynamically passed on from one node to another without losing the said subscriber's communication facilities. This is possible because of the look up and look ahead databases resident on the said hub which is being dynamically updated enabling real time handshake between said server nodes in case of the said subscriber is moving around. This helps to overcome the coverage area restriction problem in the existing state of the art Mobile VoIP networks.
DETAILED DESCRIPTION OF THE INVENTION WITH RESPECT TO THE ACCOMPANYING FIGURES:
The embodiment details the best mode implementation of the proposed invention but does not restrict its scope in any way and thus the proposed invention can be applied to other applications. The preferred embodiment is illustrated for a wireless cellular implementation but it can be easily adapted for existing fixed line telecommunication technologies like the normal PSTN (Public Switched Telecom Network) with little modification or addition of components on such legacy networks.
Figure 1 illustrates the block diagram for a novel wireless communication network system of the instant invention. The said network is implemented as a cellular intranet employing novel session control protocols similar to the protocols used for realizing VoIP services, thus delivering a cost efficient and highly secure communication environment to its subscribers.
The said cellular intranet as shown in Figure 1 comprises of plurality of compatible wireless devices (WD where WD = WDl, WD2 .... WDn) allocated to the subscribers of the said network. The said wireless device (WD) is in communication with a plurality of router nodes (RN) in such a manner that each said wireless device (WD) is dynamically synchronized or logged on in real time with at least one such said router node (RN) at any point in time. The synchronization of the wireless device with the router nodes corresponds to the geographic location of the said wireless devices (WD) with respect to the said installed router nodes (RN) location.
The said plurality of router nodes (RN) also communicate among themselves based on the partial P2P routing logic through a packet switching network like the internet. The said P2P routing logic is obtained by the said router nodes (RN) from a central hub (CH) which is in communication with the said router nodes (RN). The said central hub (CH) manages and oversees the execution of communication requests by the said subscribers of the said cellular wireless intranet and thus facilitates a high speed wireless local network link for the said subscribers. The wireless devices (WD) as illustrated in figure 2 can be inexpensive portable handsets which can be allotted on a very minimal subscription service by the service provider of the proposed communication network. The said subscription can be implemented by using the Handset Identification Number (HID) of the said portable handset. The said HID is unique for each wireless device and is embedded in the same. This identifies the said subscriber on the high speed local wireless network. The said wireless device (WD) too has an embedded handset identification number (HID) which is unique for each said wireless device (WD).
The said HID is basically the end product of random number generator again embedded in the said wireless device's (WD) firmware and can be treated as the private encryption key unique for each subscriber's wireless device (WD). This said device's firmware is also configured to enable the said wireless device (WD) into entering a secure mode where a password protection is attached to the packets to be sent over the said local fast wireless network, but before they are transmitted over the said local link the said packets are encrypted with the said private encryption key.
The preferred embodiment as shown in Figure 3 illustrates router nodes (RN) which comprises of compatible transceivers along with primary authentication means resident on base station towers normally used for cellular telephony. The said compatible transceivers are further in sync with dynamically updated look up and look ahead databases and account logs of the said subscribers resident on the said central hub (CH). This is implemented using cloud computing as a data center (DC) which in turn comprises of a virtual web server (WS).
The said virtual web server (WS) also maintains a list of public encryption keys, each key unique and tagged with the said unique "HID" of each wireless device (WD) present in its area of coverage at that instant to authenticate, register, manage and serve the said subscriber's communication requests. The said web server (WS) functions as a virtual extended EPABX.
The said wireless device logic comprising of said firmware is implemented on an existing cellular handset of a subscriber by incorporating an adapter circuit on the motherboard of the said cellular handset. This incorporation makes the said cellular handset compatible with the novel interface standard of the proposed network. The compatible transceivers along with the corresponding local authentication means are installed on existing base station towers used for cellular telephony.
The said wireless device (WD) logic incorporated in the said cellular handset is a logical client in this setup and remains in sleep mode until awakened either by the said web server (WS) or when the subscriber initiates communication which pertains to the novel interface of the instant invention. This process of initiating is applicable only for said cellular handset (WD) which are dynamically registered with the corresponding router node resident on the said cell tower.
This wakeup call constitutes the said unique HID of the requesting said wireless device (WD) superimposed on the application layer of the said novel session setup protocol to be sent over the said local wireless link to the transceiver block of the said cell tower. The said router node (RN) authenticates the said received HID and initiates the said central hub (CH) to look up for the said wireless device's (WD) unique HID from its real time updated databases. It further generates a session exclusive temporary public key unique for each wireless device (WD). This is finally transmitted to the said corresponding cellular handset (WD). This whole dual encryption is carried out in real time processing mode and is therefore foolproof against pattern based key cracking attacks making the whole system more secure.
As shown in Figure 4 when a subscriber dials a number on his wireless device (WD) for a destination within the said local network that he wishes to communicate with, the packets that are sent over the said local high speed network contain the said temporary public key allocated by the said web server (WS) to the said wireless device (WD) which has initiated this session and is valid for that session only plus his unique subscription number along with the number of the said destination he wishes to communicate with and finally the said message content for which the encryption process has been described above.
Upon reception at the said corresponding tower resident at the said router node (RN), this is forwarded to the said central hub (CH) where the account of the said subscriber's wireless device is being updated in real time dynamically and hence the subscriber's logs in to his existing account stored in the said web server (WS). The said dialed number is looked up from the said dynamically updated logs of locations of all said valid subscribers and the said routing path and the address of the desired tower is sent back to the said corresponding tower. The said tower then establishes a session with the said tower on which the called party is logged on at that instant. Thereafter the said encrypted message along with the said dialed number and the unique subscription number of the calling party is forwarded to the said corresponding tower with which the called wireless device is registered at that instant. Thus this is the said P2P routing.
If the said called wireless device (WD2) is not in the logical active state, its said corresponding tower again undertakes the above described sequence of initiating the said called wireless device (WD2) into a logical active state and allocating a temporary public key which is unique to the said called wireless device (WD2). Moreover, the said temporary unique public key is valid for that session only. The router node resident on the said corresponding tower then encrypts the said received contents and the said unique subscription number of the said calling device (WDl) with the said generated temporary public key of the called device and finally transmits this to the said called wireless device (WD2). The said called wireless device (WD2) upon reception of the said content replies to its said corresponding server with its encrypted content generated by undergoing similar process undertaken by the said calling wireless device (WDl) took while initiating this communication session over the said similar local wireless link.
In a scenario when said wireless devices (WD) wishes to communicate with a destination that lies outside the said proposed network and can be on a different network or technology platform for example GSM, CDMA or even PSTN, the said web server(WS) from figure acts as a server gateway (SG) as shown in figure 4. The said server gateway (SG) receives the encrypted communication content and the number of the called party, the said encryption done using allotted said temporary session public key unique for the said wireless device (WD). The said server gateway (SG) further decrypts the said encrypted content with the corresponding unique decryption key from its said dynamic database of said keys.
A reserved number from the said server gateway maintained database is allocated to the said decrypted content after matching of its internal unique subscriber number with the available external identification numbers. Now in order to maintain security a new temporary session specific public key unique for the said wireless device and different from the said first temporary key is generated by the computing means in the said server gateway means and the said content along with the called number is encrypted with the newly generated key and this is finally passed to the transmitting means of the said tower of the said router node to transmit it to the said called party.
If an entity outside of the said local network wishes to communicate with a subscriber of the said local network it initiates a communication request which is relayed from the nearest tower of the said router node (RN) to the said server gateway (SG). The said server gateway (SG) acts as a proxy destination for the called wireless device (WD) and thus receives the message contents intended for the said called wireless device (WD).
The server gateway (SG) then verifies the account details of the said called wireless device (WD). It further determines the current location and consequently the unique
HID of the said called wireless device (WD) and the corresponding tower with which the said wireless device (WD) is currently logged on.
This is carried out by scanning through dynamically updated register logs comprising of the said unique HIDs and the said corresponding tower information resident on the computing means of the said central hub (CH). The said central hub (CH) then enables the routing of the said content to the desired tower on the corresponding said router node (RN). The said routing node (RN) resident on the said tower then sets up a session with the said called wireless device (WD) and after receiving the said unique private encryption key (HID) from the same generates a corresponding temporary public encryption key (PK) unique for the said called wireless device (WD) and valid for that session only. The said intended message contents and the number of the calling party are encrypted with the said unique public key (HID) and sent over the said local wireless link to complete a communication link between the said calling party and the said called party.
The above described invention can be extended to the legacy infrastructure like the POTS (Plain Old Telephone System) as shown in Figure 5 by attaching a router (R) to an analog landline handset (HS) and linking the said handset (HS) with a web server means (WS) using the existing PSTN to create a virtual intranet. The said router comprises of routing device (RD) with a mini server embedded in it.

Claims

I Claim :
1. A secure communication network system comprising a central hub (CH), a plurality of router nodes (RN) and a plurality of wireless devices (WD) wherein said central hub (CH) comprises of
- plurality of databases of identifiers of all wireless devices (WD) and corresponding public key (PK)
- plurality of dynamically updated look-up tables plurality of dynamically updated look-ahead tables and recent activity logs said router nodes (RN) comprises of
- compatible router transceiver blocks (RTB) and
- device identifier (HID) with subscription identifier arranged in tables for logging in wireless devices (WD) for local authentication of said WD said wireless devices (WD) comprises of compatible wireless transceiver blocks (WTB) and
- a its unique identifier embedded in the said WD's logic, a mirror image of which is maintained in the said database of identifiers of the said central hub (CH) and which is delivered to said router nodes (RN) when so requested wherein said compatible wireless transceiver block establishes communication sessions with the said compatible router transceiver block (RTN) said compatible router transceiver block (RTN) also facilitates communication sessions with each other said compatible router transceiver block (RTN) also establishes communication sessions with the central hub (CH)
2. A secure communication network system as claimed in claim 1 wherein the said communication sessions are established over data channel which may be a licensed or unlicensed frequency spectrum.
3. A secure communication network system as claimed in claim 2 wherein the said data channel is selected from either a free channel like Industrial Scientific Medical Band with (ISM) or licensed proprietary bandwidth like 3G.
4. A secure communication network system as claimed in claim 1 wherein said identifiers constituting said plurality of database maintained at the Central Hub (CH) are mapped to corresponding temporary public key.
5. A secure VoIP communication network system as claimed in claim 1 wherein location of a wireless device with respt to the installed router nodes (RN) are updated dynamically in real time in the said plurality of databases resident on said central hub (CH).
6. A secure VoIP communication network system as claimed in claim 1 wherein said look-up table comprises of computing means to determine the shortest communication path needed to establish the desired communication session.
7. A secure VoIP communication network system as claimed in claim 1 wherein said dynamically updated look tables comprises of information pertaining to the current location of the wireless device (WD)
8. A method of communicating using secure VoIP communication network system as claimed in claim 1, said method comprising the steps of
Initiation of a communication request by the subscriber through his compatible wireless device (WD), said unique identifier of the said WD being authenticated with time stamping of session exclusive public keythe said tables in the router node (RN), said tables being retrieved by the said router node from the said central hub (CH) to complete the said authentication
Establishment of a session by the said router node establishes a session with the said central hub (CH) and communicates the HID of the said WD, whereby the computing means of the CH generates session exclusive corresponding temp public key using the said database of identifier, said generated public key is communicated back to the said WD through said corresponding router node;
Encryption of communication content of the WD with the said obtained public key along with the embedded HID
Clubbing of said encrypted content with the dialed number and the said SIM number of the said calling party and sending the same to the central hub
(CH) via the said transceiver of the said corresponding router node (RN) Using the said look up and look ahead tables at the Central Hub (CH) to determine the location of the dialed device along with the location of the corresponding router node and the optimized routing path; said communicating said information to said router node which completes the routing according to the said optimized routing path;
Establishment of a communication by the said router node with the desired router node and transmitting said encrypted communication contents along with the number of the calling wireless device (WD)
Establishment of a session by the destination router node with the said called wireless device which in turn transmits its unique HID back to the said router node
On reception of this unique HID the encrypted communication content along with the said number of the calling party is further encrypted with the received said HID of the called device which is communicated back to the called wireless device.
PCT/IB2010/050889 2009-03-02 2010-03-02 A secure communication network system and cost efficient method of communication thereon Ceased WO2010100602A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN448CH2009 2009-03-02
IN448/CHE/2009 2009-03-02

Publications (2)

Publication Number Publication Date
WO2010100602A2 true WO2010100602A2 (en) 2010-09-10
WO2010100602A3 WO2010100602A3 (en) 2012-09-07

Family

ID=42710063

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2010/050889 Ceased WO2010100602A2 (en) 2009-03-02 2010-03-02 A secure communication network system and cost efficient method of communication thereon

Country Status (1)

Country Link
WO (1) WO2010100602A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013097457A1 (en) * 2011-12-29 2013-07-04 华为技术有限公司 Method, device, and system for realizing voip call in cloud computing environment
TWI513269B (en) * 2012-09-06 2015-12-11 Nen Fu Huang Communication method and system thereof

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100747756B1 (en) * 2003-07-16 2007-08-09 스카이프 리미티드 P2P Phone System
US20070286100A1 (en) * 2006-06-09 2007-12-13 Mika Juhani Saaranen Local discovery of mobile network services
US7912448B2 (en) * 2006-08-31 2011-03-22 Skype Limited Wireless device for voice communication

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013097457A1 (en) * 2011-12-29 2013-07-04 华为技术有限公司 Method, device, and system for realizing voip call in cloud computing environment
US9602553B2 (en) 2011-12-29 2017-03-21 Huawei Technologies Co., Ltd. Method, apparatus, and system for implementing VOIP call in cloud computing environment
TWI513269B (en) * 2012-09-06 2015-12-11 Nen Fu Huang Communication method and system thereof

Also Published As

Publication number Publication date
WO2010100602A3 (en) 2012-09-07

Similar Documents

Publication Publication Date Title
CA2453069C (en) Methods, apparatus, and systems for accessing mobile and voice over ip telephone networks with a mobile handset
US6757823B1 (en) System and method for enabling secure connections for H.323 VoIP calls
US8204044B2 (en) Method and network element for voice-over-IP (VoIP) communications in a mobile IP network
US11546384B2 (en) Obtaining services through a local network
US7519075B2 (en) Method and system for serverless VoIP service in personal communication network
US7542455B2 (en) Unlicensed mobile access (UMA) communications using decentralized security gateway
US7652984B1 (en) Geographic redundancy and resource optimization for security gateways in wireless networks
US20030095569A1 (en) Distributed integration of legacy PBX system with SIP networks
JP2004530333A (en) Method and system for providing intelligent network control services in IP telephony
CN1625879B (en) Address Hopping for Packet-Based Communications
EP2097829B1 (en) Method and system for managing communication devices
KR100735357B1 (en) Method and system for providing a private voice call service for a subscriber in a mobile communication system and a wireless soft switch apparatus thereof
EP1536621B1 (en) Terminal number portability in a VoIP network
CN101060571B (en) Telephone system
WO2007010541A8 (en) Method and system for secure redirection of incoming and outgoing multimedia sessions over a data network
WO2010100602A2 (en) A secure communication network system and cost efficient method of communication thereon
US20080137644A1 (en) METHODS AND APPARATUS TO PROVIDE VOICE OVER INTERNET PROTOCOL (VoIP) SERVICES
CN101326793B (en) Method for secured transmission of payload data
CN100448254C (en) System and method for mobile direct dial network telephone
CN100588213C (en) System and method for fixed direct dial network telephone
KR100398658B1 (en) An apparatus and method for providing a video telephone service between personal computer and mobile terminal over the packet data network
JP2004032505A (en) Communication system
KR100493100B1 (en) Method and apparatus for supporting voice over ip in a mobile communication system
CN119814435A (en) System, method, device and equipment for calls between fixed telephone and mobile terminal
JP2006013638A (en) IP phone connection system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10748405

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10748405

Country of ref document: EP

Kind code of ref document: A2