The invention concerns the security of the data connections of a telephone
user. The basic idea of the invention is to forward the authentication of
a telephone system to the leg between two private data networks connected
via an arbitrating network. When establishing the connection, the private
network connected to the telephone system forwards the authenticated
subscriber identity to the other private network. To provide the identity
forwarded with authenticity, the message containing the identity is
signed. To provide encryption of the subscriber identity, the message is
encrypted using a public key method. In response the second private
network generates a session key to be used in the connection. This key is
signed and encrypted using a public key method and sent to the first
private network. During the connection, a symmetrical encryption method
with the session key is used.