„Imagination creates reality” (Richard Wagner)
    HU        EN    

Network Devices

This category contains devices developed for special applications in PCM, or IP based telecommunications networks.

Network devices are the equipments for communications encryption and bridge functions to convert different protocols. Encryption technologies play a very important role nowadays to hinder eavesdropping. Typical application is to encrypt E1 trunks on microwave links, because without encryption those are easily eavesdropped.

Traffic monitoring and filtering according to different parameters in PSTN and PLMN networks is the task of the equipment belonging to this category (anti-fraud devices).

Central receiver station for burglar/fire alarms belongs to this category too, enabling high capacity bulk reception and processing of signals originating from different telecommunications networks. The receiver station can be connected both to ISDN and IP based communications networks.

PcmEncrypt

„PcmEncrypt”
one and two channel E1 line timeslot encrypter unit
(Product code:
CYP-200-PCMENCRYPT,
CYP-201-PCMENCRYPT)

Hungarocom’s CYPCOM equipment family general description

The Hungarocom’s CYPCOM equipment family can offer different functions on, or between E1 and IP lines like bridge, media converter, E1 over IP, IP over E1, with encryption and different monitoring recording functions. These functions are based on two types of application specific core hardware units:

  • CYPCOM-200 hardware has eight Ethernet interfaces and two E1 PCM interfaces (RJ-45)
  • CYPCOM-201 hardware has two Ethernet interfaces and four E1 PCM interfaces (RJ-45)

The common parameters of both versions are:

230V or 48V (12V optional) operation, 1 unit high standard rack construction, high protected equipment box with key (no screws outside), high speed low power consumption core module, upgradable firmware, physical alarm contacts. There are 75/120 ohm or high impedance E1 connections. Central remote management is available for all applications.

Based on these flexible core hardware modules Hungarocom provides FoD (Function on Demand) service. That means, in case of customer’s special function or feature requirements Hungarocom can develop the unique features within short time (e.g. customer defined encryption method).

„The PcmEncrypter” key features

The „PcmEncrypter” equipment is designed to give high secure encryption for E1 lines where traffic is highly confidential or there is a risk of illegal monitoring (i.e. when other service provider’s or PSTN E1 lines are used for private communication).

There are two equipment types available: CYP-200-PCMENCRYPT provides encryption for one E1 PCM line and CYP-201-PCMENCRYPT provides encryption for two E1 PCM lines. Encrypter unit must be implemented on both endpoints of the encrypted lines. So, E1 encryption always requires at least a pair of E1 encrypter. The equipment is shown below (CYP-201-PCMENCRYPT):

CYPCOM-201 frontCYPCOM-201 back


Front panel connectors (small enclosure):

front panel connectors (small enclosure)


Front panel connectors (standard rack enclosure):

front panel connectors (standard rack enclosure)


Basic functions

  • Number of full duplex E1 lines can be encrypted: 1 with CYP-200-PCMENRCRYPT, 2 with CYP-201-PCMENCRYPT
  • E1-E1 encryption in framed mode (PCM30/PCM31) using internal 3DES algorithm. The DES block synchronisation is based on the E1 frames
  • Configurable AMI or HDB3 line coding
  • Configurable CRC4 generation and verification
  • Configurable clock synchronisation mode for both E1 port (master/slave)
  • Local or remote management and key setup through IP, with the dedicated management client software (windows application). The communication between the PcmEncrypter and the management software is also encrypted
  • Static key setup. It means that the encryption keys are loaded manually from the management terminal or notebook with the client software
  • The management client application provides an control maximum 250 PcmEncrypter equipment
  • Different encryption key can be set up for receive and transmit direction

Optional features

  • E1-E1 encryption in framed mode (PCM30/PCM31) using internal AES-256 algorithm for encryption. Only available in CYP-200-PCMENCRYPT equipment
  • Encryption with the customer’s algorithm in the daughter board’s FPGA
  • Dynamic key handling. It means that the encrypters on the two endpoints change the key automatically in a time interval (i.e. in every hour). This feature can be applied only when there are some free timeslots, or the national/international bits are transparent between the two endpoints, because the automatic key handling needs internal message transfer between the two encrypters. For application of this feature the real network environment have to be discussed
  • Unframed encryption. If this feature is required we need to know what kind of transparency protocol is transmitted through the encrypter (i.e. PPP or HDLC). We need it, because in this case the cyper-block is synchronised to the start of the data packages

Other common technical parameters

  • Physical connection: 75/120 ohm RJ-45, 10/100Mbit RJ-45 ethernet for remote management
  • Two alarm contacts for minor or major alarms
  • Power: 230V AC with external adapter or 48V (optionally 12V) DC without adapter
  • For security reasons the enclosure is closed by a key. The removal of the cover of the equipment is detected and the communications keys are erased at the moment of opening
  • Size: 1 unit high standard rack width. For CYP-201-PCMENCRYPTER smaller enclosure is also available. Standard rack enclosure: 483x185x44 mm; small enclosure: 266x189x29,5mm
  • Package content: CYP-20x-PCMENCRYPTER equipment, power adapter, software, documentation

Anti-fraud device (ISG)

The task of the device is the control and filtering of telecommunications traffic. The device can be connected to international exchanges or media gateways by means of signalling system CCS7 or SIP for appropriate monitoring of calls for security reasons and for data collecting. The principle of the device is that the number group to be monitored is arranged by the operator of the switching exchange and the traffic is routed to the ISG. ISG handles the calls according to the conditions set. The call terminations can be as follows according to this conditions:
  • Routing to operator
  • Routing to announcer
  • Routing back to the switching element
  • Blocking of call
  • Breaking the call
  • Limitation of the call holdig time

The routing to the ISG device can happen according to the following parameters:
  • Call without A-number
  • Call with target A-number
  • Coin box telephone set
  • Targeted A-, and B-numbers simultaneously in a given call attempt
  • Targeted B-number
  • Coin box telephone set and targeted A- and B numbers simultaneously

Bridge and encrypter family

Certain members of the family perform routing functions also beside encryption when the encrypted and unencrypted side are connected at different interface types. The IP based encrypters are able to provide traffic routing and bandwidth limitation functions and firewall modul upon request can also be built in respectively. A great advantage of the applied firewall solution is that the built-in filtering functions cannot be switched off in an unauthorized way.

It is characteristic for the whole family that the internal software contains vendor-specific, highly reliable real-time operating system which provides a high level sabotage protection. Beside the types enumerated below customer specified interface types can also be ordered on request.
  • Asynchronous (RS232/RS422) bitstream encrypter. 300 bps-115200 bps (e.g. for encryption of data transfer with analog modems
  • The same with X.21 interface. In this case the data content of the asynchronous communication is transferred on a X.21 synchronous transmission section with an encrypted way. Two independent RS communications can be transferred on a X.21 bitstream
  • The same with two E1 interfaces. The asynchronous data communication is inserted in a time slot(s) in an encrypted way. It can operate as an E1 termination and the encrypted data stream can be inserted in the free time slot of a link respectively. Four independent RS communications can be inserted into free time slots as a maximum
  • X.21/X.21 encrypter. The incoming bitstream is encrypted and transmitted on a similar interface. This type can practically be used to encrypt between terminals of an X.25 network. The maximum speed of the stream can be 2 Mbps full duplex
  • X.21/E1 encrypter. It encrypts a X.21 bitstream and transmits it on an E1 interface. Insertion into a time slot of an E1 link is also possible
  • Point-to-point E1/E1 link encrypter. This equipment encrypts the full E1 PCM bitstream (e.g. encryption of a microwave link as introduced in Figure 1.). An unit can encrypt two E1 links on a full duplex mode with different keys per direction as a maximum. There is a possibility to form 1+1 configuration adapted to the microwave link configuration
  • E1/E1 timeslot encrypter. This equipment can be used when time slots of a transmission link are distributed and the individual time slots are not terminated at the same transmission equipment. (Figure 2.). In this case the encrypter at the originating side can communicate with more encrypter unit at the remote end. The individual timeslot-groups can be configured in harmony with the structure of the network
  • IP encrypter (Figure 3.). It contains 4 Ethernet ports as a maximum, and provides router and firewall functions according to the customer’s request. The number of the Ethernet ports can be increased upon request. In case of point-to-point connections the full Ethernet package is encrypted (including IP header). In this case the source and destination IP addresses are hidden on the encrypted section. In case of communication in an IP network there is a payload encryption only because source and destination IP addresses are necessary for routing in the network. In case of request encryption functions in sub-networks can also be provided. In this case the IP addresses of sub-networks are also encrypted (VPN)
  • Ethernet/E1 encrypter + bridge. This equipment encrypts an IP stream and transfers it on an E1 transmission section


Central Receiver Station for Alarm Units (STU)

STU device is an up-to-date dynamic receiver platform for signals arriving from burglar, intruder alarm units and fire protection units as well.

The STU device requires originating number (ANI) dialled number and caller ID for the perfect identification of an incoming call before the call is answered.

STU can be connected to the PSTN by means of E1 line on Primary Rate Access (PRA) for devices with larger capacity and via Basic Rate Access (BRA) in case of lower capacity units. The new version of the device can be connected via IP interface also for new generation networks.

STU is connected to a server containing the databases and the client application software for the reliable handling management and administration of the different alarm signals.

As far as STU is connected to the telephony network it proved to be an economic solution to use the lines not only for incoming calls arriving from alarm units but to use them to handle outgoing calls of the operator personals of the central receiving station. STU/R device in this case as shown in the next Figure can be provided by communication recording function as well.

stu