-
1.发明授权Method and apparatus for in context mediating common channel signaling messages between networks 有权用于在上下文中介导网络之间的公共信道信令消息的方法和装置公开(公告)号:US07218613B1
公开(公告)日:2007-05-15
申请号:US09781922
申请日:2001-02-05
CPC分类号: H04Q3/0025 , H04L43/00 , H04L63/1416 , H04L63/1425 , H04M7/126
摘要: A communication network includes a SS7 Security Gatekeeper that authenticates and validates network control messages within, transiting, entering and leaving an overlying control fabric such as an SS7 network. The SS7 Security Gatekeeper incorporates several levels of checks to ensure that messages are properly authenticated, valid, and consistent with call progress and system status. In addition to message format, message content is checked to ensure that the originating node has the proper authority to send the message and to invoke the related functions. predefined sets of templates may be used to check the messages, each set of templates being associated with respective originating point codes and/or calling party addresses. The templates may also be associated with various system states such that messages corresponding to a particular template cause a state transition along a particular edge to a next state node at which another set of templates are defined. Thus, system and call state is maintained. The monitor also includes signaling point authentication using digital signatures and timestamps. Timestamps are also used to initiate appropriate timeouts and so that old or improperly sequenced message may be ignored, corrected or otherwise processed appropriately. The SS7 Security Gatekeeper may be located at the edge of a network to be protected so that all messaging to and from the protected network most egress by way of the Gatekeeper. Alternatively, the SS7 Security Gatekeeper may be internal to the protected network and configured as a “pseudo switch” so that ISUP messaging is routed through the Gatekeeper while actual traffic is trunked directly between the associated SSPs, bypassing the Gatekeeper.
摘要翻译: 通信网络包括SS7安全网守,用于验证和验证网络控制消息,过渡,进入和离开诸如SS7网络的上层控制结构。 SS 7安全网守包含几个级别的检查,以确保消息被正确认证,有效,并与呼叫进度和系统状态一致。 除了消息格式之外,检查消息内容以确保始发节点具有发送消息的适当权限并调用相关功能。 可以使用预定义的模板集合来检查消息,每组模板与相应的起始点代码和/或主叫方地址相关联。 模板还可以与各种系统状态相关联,使得对应于特定模板的消息导致沿着特定边缘的状态转换到另一组模板被定义的下一状态节点。 因此,维持系统和呼叫状态。 监视器还包括使用数字签名和时间戳的信令点认证。 时间戳也用于启动适当的超时,从而可能会忽略,纠正或以其他方式适当地处理旧的或不正确排序的消息。 SS 7安全网守可能位于要保护的网络的边缘,以便所有传送到和受保护网络的消息通过网守出口。 或者,SS7安全网守可能在受保护网络内部,并被配置为“伪交换机”,以便ISUP消息传递通过网守路由,而实际流量直接在关联的SSP之间中继,而不需要网守。
-
公开(公告)号:US07184538B1
公开(公告)日:2007-02-27
申请号:US09767902
申请日:2001-01-24
IPC分类号: H04M7/00
CPC分类号: H04M7/126 , H04L63/0227 , H04Q3/0025
摘要: A communication network includes a Security Gatekeeper that authenticates and validates network control messages within, transiting, entering and leaving an overlying control fabric such as an SS7 network. The Security Gatekeeper incorporates several levels of checks to ensure that messages are properly authenticated, valid, and consistent with call progress and system status. In addition to message format, message content is checked to ensure that the originating node has the proper authority to send the message and to invoke the related functions and that the message, itself, is appropriately coded. Predefined sets of templates may be used to check the messages, each set of templates being associated with respective originating point codes and/or calling party addresses. The templates may also be associated with various system states such that messages corresponding to a particular template cause a state transition along a particular edge to a next state node for which another set of templates is defined. Thus, system, call and/or transaction state are maintained. The monitor also includes signaling point authentication using digital signatures and timestamps. Timestamps are also used to initiate appropriate timeouts and so that old or improperly sequenced message may be ignored, corrected or otherwise processed appropriately. The Security Gatekeeper may be located at the edge of a network to be protected so that all messaging to and from the protected network must enter and egress by way of the Gatekeeper. Alternatively, the Security Gatekeeper may be internal to the protected network. In this configuration, ISUP traffic can be monitored by configuring the Security Gatekeeper as a “pseudo switch” so that ISUP messaging is routed through the Gatekeeper on its way between interconnected SSPs, while actual bearer traffic is trunked directly between the associated SSPs, bypassing the Gatekeeper.
-
3.发明授权Method of and apparatus for authenticating control messages in a signaling network 失效用于在信令网络中认证控制消息的方法和装置公开(公告)号:US07360090B1
公开(公告)日:2008-04-15
申请号:US09767292
申请日:2001-01-18
IPC分类号: H04L9/00
CPC分类号: H04L63/08 , H04M7/1205 , H04Q3/0025 , H04Q2213/13176 , H04Q2213/13339
摘要: A communication network includes an SS7 Security Gatekeeper that authenticates and validates network control messages within, transiting, entering and leaving an overlying control fabric such as an SS7 network. The SS7 Security Gatekeeper incorporates several levels of checks to ensure that messages are properly authenticated, valid, and consistent with call progress and system status. In addition to message format, message content is checked to ensure that the originating node has the proper authority to send the message and to invoke the related functions. Predefined sets of templates may be used to check the messages, each set of templates being associated with respective originating point codes and/or calling party addresses. The templates may also be associated with various system states such that messages corresponding to a particular template cause a state transition along a particular edge to a next state node at which another set of templates are defined. Thus, system and call state is maintained. The monitor also includes signaling point authentication using digital signatures and timestamps. Timestamps are also used to initiate appropriate timeouts and so that old or improperly sequenced message may be ignored, corrected or otherwise processed appropriately. The SS7 Security Gatekeeper may be located at the edge of a network to be protected so that all messaging to and from the protected network most egress by way of the Gatekeeper. Alternatively, the SS7 Security Gatekeeper may be internal to the protected network and configured as a “pseudo switch” so that ISUP messaging is routed through the Gatekeeper while actual traffic is trunked directly between the associated SSPs, bypassing the Gatekeeper.
摘要翻译: 通信网络包括SS7安全网守,用于对网络控制消息进行身份验证和验证,例如SS7网络,覆盖,进入和离开上层控制架构。 SS7安全网闸包含几个级别的检查,以确保消息被正确认证,有效,并与呼叫进度和系统状态一致。 除了消息格式之外,检查消息内容以确保始发节点具有发送消息的适当权限并调用相关功能。 可以使用预定义的模板集来检查消息,每组模板与相应的起始点代码和/或主叫方地址相关联。 模板还可以与各种系统状态相关联,使得对应于特定模板的消息导致沿着特定边缘的状态转换到另一组模板被定义的下一个状态节点。 因此,维持系统和呼叫状态。 监视器还包括使用数字签名和时间戳的信令点认证。 时间戳也用于启动适当的超时,从而可能会忽略,纠正或以其他方式适当地处理旧的或不正确排序的消息。 SS7安全网守可能位于要保护的网络的边缘,以便所有来自受保护网络的消息通过网守大部分出口。 或者,SS7安全网守可能在受保护网络内部,并被配置为“伪交换机”,以便通过网闸路由ISUP消息传递,而实际流量在关联的SSP之间直接中继,而不需要网守。
-
4.发明授权Method of and apparatus for mediating common channel signaling messages between networks using a pseudo-switch 有权用于在使用伪交换机的网络之间中介公共信道信令消息的方法和装置公开(公告)号:US07224686B1
公开(公告)日:2007-05-29
申请号:US09982179
申请日:2001-01-18
CPC分类号: H04Q3/0025
摘要: A communication network includes an SS7 Security Gatekeeper that authenticates and validates network control messages within, transiting, entering and leaving an overlying control fabric such as an SS7 network. The SS7 Security Gatekeeper incorporates several levels of checks to ensure that messages are properly authenticated, valid, and consistent with call progress and system status. In addition to message format, message content is checked to ensure that the originating node has the proper authority to send the message and to invoke the related functions. Predefined sets of templates may be used to check the messages, each set of templates being associated with respective originating point codes and/or calling party addresses. The templates may also be associated with various system states such that messages corresponding to a particular template cause a state transition along a particular edge to a next state node at which another set of templates are defined. Thus, system and call state is maintained. The monitor also includes signaling point authentication using digital signatures and timestamps. Timestamps are also used to initiate appropriate timeouts and so that old or improperly sequenced message may be ignored, corrected or otherwise processed appropriately. The SS7 Security Gatekeeper may be located at the edge of a network to be protected so that all messaging to and from the protected network most egress by way of the Gatekeeper. Alternatively, the SS7 Security Gatekeeper may be internal to the protected network and configured as a “pseudo switch” so that ISUP messaging is routed through the Gatekeeper while actual traffic is trunked directly between the associated SSPs, bypassing the Gatekeeper.
摘要翻译: 通信网络包括SS7安全网守,用于对网络控制消息进行身份验证和验证,例如SS7网络,覆盖,进入和离开上层控制架构。 SS7安全网闸包含几个级别的检查,以确保消息被正确认证,有效,并与呼叫进度和系统状态一致。 除了消息格式之外,检查消息内容以确保始发节点具有发送消息的适当权限并调用相关功能。 可以使用预定义的模板集来检查消息,每组模板与相应的起始点代码和/或主叫方地址相关联。 模板还可以与各种系统状态相关联,使得对应于特定模板的消息导致沿着特定边缘的状态转换到另一组模板被定义的下一状态节点。 因此,维持系统和呼叫状态。 监视器还包括使用数字签名和时间戳的信令点认证。 时间戳也用于启动适当的超时,从而可能会忽略,纠正或以其他方式适当地处理旧的或不正确排序的消息。 SS7安全网守可能位于要保护的网络的边缘,以便所有来自受保护网络的消息通过网守大部分出口。 或者,SS7安全网守可能在受保护网络内部,并被配置为“伪交换机”,以便通过网闸路由ISUP消息传递,而实际流量在关联的SSP之间直接中继,而不需要网守。
-
5.发明授权Offloading data traffic from facilities designed to handle voice call traffic 有权从设计用于处理语音通话流量的设施中卸载数据流量公开(公告)号:US07352850B1
公开(公告)日:2008-04-01
申请号:US10180398
申请日:2002-06-26
申请人: Ellen R. Cericola , Nick T. Davis , Bradley J. Frison , Harry A. Hetz , Kathleen F. Jarosinski , David George Morris
发明人: Ellen R. Cericola , Nick T. Davis , Bradley J. Frison , Harry A. Hetz , Kathleen F. Jarosinski , David George Morris
CPC分类号: H04M15/00 , H04J3/1605
摘要: An (e.g., primary rate interface) offload device used relieve switches designed and engineered to carry short duration voice telephone calls, from servicing other types of calls (such as modem-based Internet calls), such as calls to a remote access server. Security is enhanced by isolating signaling and data communications. Such isolation may be provided by the use of separate networks, or a network with appropriate firewalls.
摘要翻译: 使用(例如,主速率接口)卸载设备来解决设计和设计的承载短时间语音电话呼叫的交换机,从服务其他类型的呼叫(例如基于调制解调器的因特网呼叫),诸如对远程接入服务器的呼叫。 通过隔离信令和数据通信来增强安全性。 这种隔离可以通过使用单独的网络或具有适当防火墙的网络来提供。
-
-
-
-
搜索结果
5 条记录 (耗时 0.019 秒)
