Security services in an open service environment

Emerging telecommunication services use, store or transmit sensitive personal data to form individual network services. We suggest an add-on approach to realize secure telecommunication services which saves the huge investments in the existing ISDN network infrastructure. This is done by adding trusted runtime environments that contain security functions to the existing service infrastructure. This approach aims at separating sensitive service functions from highly complex functions of public telecommunication networks. We propose an enhancement of existing network service interfaces by standardized security service interfaces to enable the provision of open security services. Separated security control functions of independent service providers, however, might not be trusted by network operators. Therefore, this contribution particularly considers gateway functions implementing access control and ancillary conditions concerning network integrity