JP2006313975A - IP telephone equipment - Google Patents

Abstract

The present invention makes it easy to change settings such as validity / invalidity of an encryption function in an IP phone.
An encryption information database in which a dial code serving as a cue for starting communication encryption of a call by an IP telephone is registered as an encryption identification code, and a dial code operated by a user is the encryption identification code. An identification code determination unit 13 is provided that encrypts a call made by an IP phone that starts following the detection when a match is detected.
[Selection] Figure 1

Description

  The present invention relates to an IP telephone apparatus, and more particularly, to perform communication encryption of a voice call by an IP telephone.

In recent years, IP telephones that transmit voice using an IP network such as the Internet have attracted attention as a new telephone form to replace conventional subscriber telephones, and have already been put into practical use (Japanese Patent Laid-Open No. 2005-45382). Issue gazette).
A general IP telephone system will be described with reference to FIG. 7. The IP telephone adapter performs necessary processing on dial signals and voice signals from the telephone, packetizes them, and transmits them to the IP network. Control of outgoing and incoming calls (call control) in the IP network is performed by a call control server, and voice packets of an IP telephone during a call are directly exchanged without going through the call control server.

Next, a general connection sequence of an IP phone will be briefly described with reference to FIG. First, as an initial setting, the user sets the IP telephone number assigned by the IP telephone service provider in the IP telephone adapter, and then connects the IP telephone adapter to the IP network. Thereafter, the IP telephone adapter automatically acquires an IP address and registers the IP address and IP telephone number in the call control server.
When user A raises the handset of telephone A, IP telephone adapter A sends a dial tone to telephone A. Thereafter, when the destination telephone number is dialed, IP telephone adapter A transmits the destination telephone number to the call control server in a call request protocol connection request message. The call control server manages a correspondence table of IP telephone numbers and IP addresses as shown in FIG. The call control server checks the IP address corresponding to the destination telephone number and transmits a connection request message to the IP address.

  The IP telephone adapter B that has received the connection request message sends a ring tone to the telephone B to notify the incoming call, and transmits a message indicating that the call is being made to the IP telephone adapter A via the call control server. To do. In response, IP telephone adapter A sends a ringing tone to telephone A. When user B picks up the handset of telephone B, IP telephone adapter B transmits a connection response message to IP telephone adapter A via the call control server. The IP telephone adapter A that has received the continuous response message notifies the telephone A of the response, and the call is started.

  Next, the configuration of a general IP telephone adapter 1 is shown in FIG. The signal detector 2 detects the signal from the telephone 6 and determines the content of the signal. The call control unit 3 controls connection and disconnection with the party with whom the call is made. In addition, most commercially available IP telephone adapters 1 have a function of using a public telephone network for destinations that cannot make IP telephone calls. The audio processing unit 4 performs analog / digital signal conversion and audio encoding / decoding. The packet processing unit 5 packetizes / depackets the call control signal and the voice signal.

The main features of the IP phone described above are: (1) A user of an IP phone service provided by the same provider can make a call for free or at a low charge regardless of time or distance. (2) By using 050 number, there is no need to change the phone number even if you move or move, etc. (3) There is great potential for new services that merge IP phone and other applications. There are some points.
However, since IP phones use Internet technology, there is a problem that they are easily wiretapped. Therefore, IETF (Internet Engineering Task Force), which is a standard organization for Internet performances, has SRTP (Secure
Real-time Transport Protocol is standardized (RFC3711). SRTP is a technology that mainly encrypts real-time communications such as voice and video, and is expected as an encryption method for IP phones.

  Therefore, FIG. 10 shows a configuration of a general IP telephone adapter equipped with an encryption function. The encryption processing unit 7 encrypts / decrypts the audio signal according to the user setting value. The encrypted information database 8 generally has the configuration shown in FIG. 11 and can be set by the database management unit 9 from a personal computer PC connected by the I / O unit 10. Examples of encryption parameters include the validity / invalidity of the encryption function, the algorithm used for encryption, the update lifetime of the encryption key, and the like. The default setting value means a setting value at the time of factory shipment, and the user setting value means a value that the user has independently changed the setting. FIG. 11 shows an example in which the user independently changes the encryption enable / disable setting, which is an encryption parameter, from “invalid” to “valid”, and the encryption algorithm is changed from “DES” (Data Encryption Standard) to “3DES”. ing.

  When encrypting an IP phone, negotiate encryption information with the other party. As one of the negotiation methods, the transmission side IP telephone adapter adds the encryption information to the connection request message and transmits it. The encryption information at this time is an encryption parameter group reflecting the user setting value. The incoming IP telephone adapter sends the connection response message with the encrypted information if the encrypted information is acceptable, and returns an error message if it is not accepted or has no encryption function. To finish.

By the way, various encryption parameters for the IP telephone adapter are generally set by connecting a personal computer to the IP telephone adapter, then accessing the IP telephone adapter from the personal computer, and setting a parameter setting WEB interface displayed on the personal computer. Usually, the setting is performed via
However, there is a problem that it takes a lot of time and trouble if the personal computer is purposely activated when the encryption function is enabled / disabled or other encryption parameter settings are changed. In particular, since it takes time until the personal computer is started up, the user is stressed, and the user who is unfamiliar with the personal computer operation cannot perform the encryption setting itself.

JP-A-2005-45382 SIP textbook (supervised by Yasufumi Chimura, Toshifumi Murata, IDG Japan, May 2003)

  The present invention has been made in view of the above problems, and it is an object of the present invention to make it easy to change settings such as the validity / invalidity of an encryption function in an IP phone.

In order to solve the above-mentioned problems, the present invention firstly provides an encrypted information database in which a dial code serving as a cue for performing communication encryption of an IP telephone call is registered as an encrypted identification code;
An identification code determination unit that encrypts a call made by an IP telephone starting following the detection when it is detected that a dial code operated by a user matches the encrypted identification code;
An IP telephone device characterized by comprising:

With the above configuration, it is not necessary for the user to bother accessing from a personal computer or the like to set encryption start, and the encryption of IP phone calls can be easily set by dialing as needed on the spot. The setting work can be greatly simplified. Further, since encryption can be set only by telephone operation, even a user unfamiliar with a personal computer or the like can operate without resistance, and the operability and versatility of the user are greatly improved.
The IP telephone apparatus of the present invention may be an IP telephone adapter separate from the telephone body, or may be integrated with the telephone body. Also, the dial code is preferably one using numbers 0 to 9 and symbols * and #. Needless to say, the present invention can be applied to both a push phone and a dial phone.

Secondly, according to the present invention, a plurality of setting values are registered for each encryption parameter as the encryption setting of the IP phone, and a dial code for identifying the type of the encryption parameter is used as the encryption parameter identification code. And an encrypted information database in which a dial code for identifying the type of each setting value is assigned as a setting value identification code,
When it is detected that the dial code operated by the user is the encryption parameter identification code and the set value identification code, the encryption parameter corresponding to the encryption parameter identification code corresponds to the set value identification code An identification code determination unit that reflects the set value to be encrypted in the IP telephone call;
An IP telephone device characterized by comprising:

  With the above configuration, the user does not need to access and change the setting values of various encryption parameters from a personal computer or the like, and can be performed only by dialing, which greatly simplifies the encryption setting work. User operability is dramatically improved. Examples of encryption parameters include the validity / invalidity of the encryption function, the type of encryption algorithm, the update lifetime of the encryption key, the type of authentication algorithm for the encrypted data, and the like. Similarly to the first invention, the IP telephone apparatus may be an IP telephone adapter that is separate from the telephone body, or may be integrated with the telephone body. The dial code may be, for example, a number from 0 to 9 or a symbol of * or #. Further, it can be applied to both a push phone and a dial phone.

The identification code determination unit corresponds to the setting identification code with respect to a plurality of encryption parameters by discriminating a plurality of dial codes with the encryption parameter identification code and the set value identification code as one set. It is preferable that the setting value be reflected in the encryption of the IP telephone call.
With the above configuration, it is possible to collectively change the setting of a plurality of encryption parameters by a series of dial operations, and the operability for the user is further improved.

  It is preferable that the encryption parameter identification code and / or the set value identification code stored in the encryption information database can be changed by a user operation from an external input device.

  In other words, it is preferable that the encryption parameter identification code and setting value identification code for performing the encryption setting by dial operation are not known to others, so that the above configuration connects an external input device such as a personal computer to the IP telephone device. Thus, it is possible to make changes and security is improved. In addition, since the user can customize the code so that it can be easily remembered, there is an advantage that it is difficult to forget.

  As described above, according to the present invention, there is no need for the user to bother accessing from a personal computer or the like to perform encryption setting, and the encryption of IP telephone calls can be easily set by dial operation. The work can be very simple.

Embodiments of the present invention will be described with reference to the drawings.
1 to 3 show a first embodiment.
The IP telephone adapter 11 (IP telephone apparatus) according to the embodiment is applied to the IP telephone system shown in FIG. 7, and the overall configuration of the system is the same as that in FIG.

As shown in FIG. 1, the IP telephone adapter 11 includes a signal detection unit 2, a call control unit 3, a voice processing unit 4, a packet processing unit 5, an encryption processing unit 7, and an encryption information database 12. The database management unit 9, the I / O unit 10, and the identification code determination unit 13 are provided.
The signal detection unit 2 has a function of detecting a dial signal and a voice signal transmitted from the telephone set 6. The call control unit 3 has functions of digitizing dial signals other than voice and creating a connection request message including a destination telephone number to be transmitted to the call control server when a call is started. The voice processing unit 4 has a function of converting voice data transmitted from the telephone 6 from analog to digital. The packet processing unit 5 has a function of packetizing data transmitted from the call control unit 3 and the voice processing unit 4 and transmitting the packet to the IP network, or depacketizing data received from the IP network. The encryption processing unit 7 has a function of encrypting / decrypting audio data based on the setting contents registered in the encryption information database 12.

  As shown in FIG. 2, the encryption information database 12 includes a type of encryption parameter, a default setting value that is a setting content at the time of shipment of each encryption parameter, and a user-customized setting content for each encryption parameter. The user setting value is registered. Specifically, encryption parameters include encryption enable / disable settings, encryption key update lifetime (time to update an encryption key generated by a random number), encryption algorithm, encryption identification code, etc. is there. Here, the encryption identification code means a dial code serving as a cue to start encryption of a call based on the setting contents of other encryption parameters. The default setting value of each parameter is that encryption is valid, the encryption key update lifetime is one day, the encryption algorithm is DES (Data Encryption Standard), and the encryption identification code is 777. The user setting value of each parameter is that encryption is valid, the lifetime of the encryption key is one day, the encryption algorithm is 3DES, and the encryption identification code is 234. The user setting value is set by the database management unit 9 by operating a personal computer PC (external input device) connected to the I / O unit 10.

When the identification code determination unit 13 detects that the dial code transmitted from the telephone 6 by the user operation matches the encryption identification code registered in the encryption information database 12, the encryption of the call by the IP phone is started. To the signal detection unit 2.
The database management unit 9 has a function of performing arithmetic processing related to changing the setting contents of the encrypted database 12. The I / O unit 10 has an interface function for connecting a personal computer PC to the database management unit 9 of the IP telephone adapter 11 via an Ethernet (registered trademark) cable or the like.

Next, the operation of the IP telephone adapter 11 will be described.
As shown in FIG. 3, when the calling side user encrypts a telephone call by IP phone, he raises the handset from the telephone 6 (step S 1), first dials the encrypted identification code “234”, and then calls the other party. Dial the telephone number (step S2). On the other hand, if not encrypted, only the destination telephone number is dialed. The IP telephone adapter 11 sends the dial signal detected by the signal detection unit 2 to the identification code determination unit 13. The identification code determination unit 13 refers to the encryption identification code (234) registered in the encryption information database 12 to determine whether or not the first code of the dialed code is the encryption identification code. Is returned to the signal detector 2 (step S3). If it is determined as an encryption identification code, the signal detection unit 2 creates a connection request message to which the encryption information reflecting the contents of each encryption parameter in the encryption information database 12 is added to the call control unit 3. (Step S4). If the identification code determination unit 13 does not detect the encrypted identification code, a normal connection request message that is not encrypted is created (step S5). Finally, the connection request message is transmitted to the call control server to start connection processing (step S6).

With the configuration described above, the user does not need to access the personal computer PC to set encryption start, and “234”, which is the encryption identification code, is added to the head of the destination telephone number as needed. You can easily set the start of call encryption just by dialing.
Therefore, the setting operation can be greatly simplified and the user operability is greatly improved. In the present embodiment, the encryption identification code is only “234” and a number, but a symbol such as * or # may be used. The IP telephone adapter 11 may be integrated with the telephone 6.

4 to 5 show a second embodiment.
The difference from the first embodiment is that a plurality of encryption parameter setting values are prepared in advance, and the parameter setting can be changed by a dial operation.

  The configuration of the IP telephone adapter 11 is the same as that in FIG. 1, and the contents of the encrypted information database 12 and the identification code determination unit 13 are different. In the encryption information database 12 of this embodiment, as shown in FIG. 4, a plurality of setting values corresponding to each encryption parameter are registered in advance. For example, two types of valid / invalid setting values are prepared for the validity / invalidity of encryption, and the update lifetime of the encryption key is set as 1H (1 hour), 5H (5 hours), 1 day, 3 Four types of days are prepared, and two types of encryption algorithms, DES and 3DES, are prepared.

  In the encryption information database 12, a dial code for identifying the type of each encryption parameter is assigned as an encryption parameter identification code for each encryption parameter. For example, the encryption parameter identification code is “301” for encryption validity / invalidity, “302” for the update lifetime of the encryption key, and “303” for the encryption algorithm.

  Further, a dial code that is a branch number for identifying the type of each setting value corresponding to the encryption parameter is assigned as a setting value identification code for each setting value. For example, the setting value identification code is “1” for validity / invalidity for encryption, and “2” for invalidity, and 1H is “1”, 5H is “2” for the update lifetime of the encryption key, The first day is “3”, the third is “4”, and the encryption algorithm is “1” for DES and “2” for 3DES. The encryption parameter identification code and the set value identification code may be changed in the number of digits and the code by an operation from the personal computer PC as necessary.

  When the identification code determination unit 13 detects that the dial code transmitted from the telephone 6 by the user operation is the encryption parameter identification code and the set value identification code registered in the encryption information database 12, the identification code determination unit 13 A function for instructing the signal detection unit 2 to reflect the set value corresponding to the set value identification code in the connection request value with respect to the activation parameter. Here, the connection request setting value is a setting value added to the connection request message, and is temporarily stored in the memory. Since other configurations are the same as those of the first embodiment, description thereof is omitted.

Next, the operation of the IP telephone adapter according to the second embodiment will be described.
As shown in FIG. 5, when encrypting an IP telephone call, the calling user lifts the handset from the telephone 6 (step S10) and first dials the encrypted identification code “234” (step S11). On the other hand, if not encrypted, only the destination telephone number is dialed. Furthermore, when it is desired to change a specific encryption parameter, the encryption parameter identification code to be changed is dialed after the encryption identification code, and the setting value identification code corresponding to the setting value to be applied is dialed. As shown in FIG. 5, it is possible to change a plurality of encryption parameters. Then, after the dialing of the encryption parameter identification code and the set value identification code of the encryption parameter to be changed is completed, the destination telephone number is dialed.

  After detecting the dial signal, the signal detection unit 2 of the IP telephone adapter sends the dial signal to the identification code determination unit 13. The identification code determination unit 13 refers to the encryption identification code registered in the encryption information database 12 and determines whether or not the first code of the dialed code is the encryption identification code (step S12). If the first code does not match the encrypted identification code, the result is returned to the signal detection unit 2 and a command is sent from the signal detection unit 2 to the call control unit 3 so that a normal connection request message that is not encrypted is sent. Is created (step S13), and the connection request message is transmitted to the call control server (step S14).

  On the other hand, when the first code matches the encrypted identification code, the identification number determination unit 13 uses the encrypted parameter identification code in which the dial code following the encrypted identification code is registered in the encrypted information database 12. Whether or not (step S15). If it is not the encryption parameter identification code, the result is returned to the signal detection unit 2, and the user of the encryption parameter registered in the encryption information database 12 is instructed from the signal detection unit 2 to the call control unit 3. A connection request message with encryption information reflecting the set value is created (step S20), and the connection request message is transmitted to the call control server (step S14).

  On the other hand, when the dial code following the encryption identification code matches the encryption parameter identification code, the dial code following the encryption parameter identification code is set as the set value identification code registered in the encryption information database 12. If it is determined to be valid (step S16), the connection request setting value of the encryption parameter corresponding to the encryption parameter identification code is changed to the setting value specified by the setting value identification code and stored in the memory (step S16). S17). If the dialed code is not valid as the set value identification code, for example, if the set value identification code for the encryption parameter for valid / invalid encryption is not 1 or 2, the process is disconnected as error processing (step S19).

  Further, it is determined whether or not the dial code following the set value identification code that is detected effectively is the encryption parameter identification code registered in the encryption information database 12 (step S18). If it is not the encryption parameter identification code, the result is returned to the signal detection unit 2 and the signal detection unit 2 instructs the call control unit 3 to request a change request other than the encryption parameter changed in step S17. For the encryption parameter that does not exist, a copy of the user setting value registered in the encryption information database 12 is reflected in the connection request setting value, and a connection request message with the encryption information of the connection request setting value is created (step S20), a connection request message is transmitted to the call control server (step S14).

  On the other hand, when the dial code following the encryption identification code matches the encryption parameter identification code, the connection request setting stored in the memory by the call control unit 3 after repeating Steps S16 and S17 as described above. A connection request message is created using the value (step S20), and the connection request message is transmitted to the call control server (step S14).

Next, as a more specific example, a description will be given of a method of performing encryption by changing the encryption parameter when the destination telephone number is 050-1234-6789 and the encryption information database 12 is shown in FIG. To do.
For example, assume that the encryption key update lifetime is temporarily changed from 1 day to 3 days, and the encryption algorithm is changed from DES to 3DES and encryption is desired. At this time, the user may dial as follows.
234-302-4-303-2-050-1234-6789

  That is, after dialing the encryption identification code “234”, the encryption parameter identification code “302” representing the update lifetime of the encryption key of the encryption parameter is dialed, and the set value identification code representing the set value 3 days Dial “4”. Subsequently, “303” representing the encryption algorithm of the encryption parameter is dialed, and “2” of the set value identification code representing 3DES of the set value is dialed. Thereafter, 050-1234-6789, which is the destination telephone number, is dialed. As a result, the connection request setting value of the encrypted information database 12 is stored in the memory in a changed state as shown in FIG. 6, and a connection request message is created using this connection request setting value.

  With the above configuration, the user does not have to bother to change the setting values of the various encryption parameters from the personal computer PC, and can be performed only by dialing the telephone 6, so that the encryption setting work is greatly simplified. Can be achieved. Further, it becomes possible to collectively change the setting of a plurality of encryption parameters by a series of dial operations, and the operability for the user is improved.

It is a block diagram which shows the IP telephone adapter of 1st Embodiment of this invention. It is drawing which shows an encryption information database. It is a flowchart explaining operation | movement of an IP telephone adapter. It is drawing which shows the encryption information database of 2nd Embodiment. It is a flowchart explaining operation | movement of an IP telephone adapter. It is drawing which shows the connection request | requirement setting value after change operation. 1 is a schematic diagram of an IP telephone system. It is drawing which shows the sequence in the case of calling from the telephone A to the telephone B. It is a block diagram which shows the IP telephone adapter of a prior art example. It is a block diagram which shows the IP telephone adapter of another prior art example. It is drawing which shows the conventional encryption information database.

Explanation of symbols

2 Signal detection unit 3 Call control unit 4 Voice processing unit 5 Packet processing unit 6 Telephone 7 Encryption processing unit 11 IP telephone adapter (IP telephone apparatus)
12 Encrypted information database 13 Identification code determination unit

Claims (4)

An encryption information database in which a dial code serving as a cue for performing communication encryption of a call by an IP phone is registered as an encryption identification code;
An identification code determination unit that encrypts a call made by an IP telephone starting following the detection when it is detected that a dial code operated by a user matches the encrypted identification code;
An IP telephone apparatus comprising: A plurality of setting values are registered for each encryption parameter as the encryption setting of the IP phone, and a dial code for identifying the type of the encryption parameter is assigned as an encryption parameter identification code. An encryption information database in which a dial code for identifying a value type is assigned as a set value identification code;
When it is detected that the dial code operated by the user is the encryption parameter identification code and the set value identification code, the encryption parameter corresponding to the encryption parameter identification code corresponds to the set value identification code An identification code determination unit that reflects the set value to be encrypted in the IP telephone call;
An IP telephone apparatus comprising:   The identification code determination unit corresponds to the setting identification code with respect to a plurality of encryption parameters by discriminating a plurality of dial codes with the encryption parameter identification code and the set value identification code as one set. The IP telephone apparatus according to claim 2, wherein the set value is reflected in encryption of the IP telephone call.   The IP telephone apparatus according to claim 2 or 3, wherein the encryption parameter identification code and / or the set value identification code stored in the encryption information database can be changed by a user operation from an external input device. .

Images