 |
|
|
|
|
|
 Title: |
US4922521:
System for providing secure telecommunication access to a computer
[ Derwent Title ]
|
| Country: |
US United States of America
|
| |
| Inventor: |
Krikke, Germen K.; Hilversum, Netherlands
Teule, Hendrik; Hilversum, Netherlands
|
| Assignee: |
U.S. Philips Corporation, New York, NY
other patents from U.S. PHILIPS CORPORATION (601715) (approx. 17,133)
News, Profiles, Stocks and More about this company
|
| Published / Filed: |
1990-05-01
/ 1989-03-08
|
| Application Number: |
US1989000320728
|
| IPC Code: |
Advanced:
G06F 21/00;
H04L 9/32;
H04L 12/22;
Core:
more...
IPC-7:
H04M 1/66;
H04M 11/00;
|
| U.S. Class: |
Current:
379/093.02;
379/189;
379/207.13;
379/211.02;
Original:
379/095;
379/094;
379/189;
379/211;
|
| Field of Search: |
379/095,94,196,197,198,188,211,93,189
|
| Priority Number: |
| 1986-09-05 |
NL1986000002245 |
|
| Abstract: |
A telecommunication exchange which provides secure access by only authorized terminals to a computer connected to the exchange. The control processor in the central control unit of the exchange is programmed to provide a "call-back" procedure in respone to a request from a terminal for access to the computer. The calling terminal enters by tone or pulse dialing, the address (such as a telephone number) of the computer together with an identification code. The control processor compares such identification code with a list stored therein of authorized identification codes and authorized terminals addresses corresponding thereto. If the identification code is authorized, the control processor causes a confirm signal to be transmitted from the exchange to the requesting terminal signifying to the user of such terminal to release its line, after which a ringing signal is transmitted to the authorized terminal address corresponding to the authorized code. When such authorized terminal then engages its line, the control processor causes the switching network to establish connection of such terminal to the computer. Since the security procedure is provided by the control processor, there is no need for an external security unit and secure access to the computer can be maintained even if call-forwarding facilities are provided by the exchange.
|
| Attorney, Agent or Firm: |
Tamoshunas, Algy ;
Eason, Leroy ;
|
| Primary / Asst. Examiners: |
Brown, Thomas W.;
|
| Maintenance Status: |
E2 Expired Check current status
|
| INPADOC Legal Status: |
Show legal status actions
Family Legal Status Report
|
|
|
|
|
|
|
| Parent Case: |
BACKGROUND OF THE INVENTION
1. Related Applications
This application is a continuation-in-part of Applicants' pending application Ser. No. 091,677 filed Aug. 31, 1987, now abandoned.
2. Field of the Invention
The invention relates to a system for providing secure telecommunication access to a computer connected thereto, the system comprising a telecommunication exchange, terminals connected to the exchange, and a switching network and central control unit in the exchange. The central control unit includes a control processor programmed to follow a security procedure for safeguarding access to the computer by a terminal requesting such access. The control processor includes a receive memory for receiving from a requesting terminal an identification code assigned to such terminal, and an authorization memory for storing the identification codes and corresponding addresses (such as telephone numbers) of terminals which are authorized to establish connection with the computer. The control processor is programmed to match a received identification code stored in the receive memory against the contents of authorized codes stored in the authorization memory, and actuates the switching network to transmit a ringing signal to the terminal address corresponding to such identification code if there is such a match. The control processor subsequently further actuates the switching network to establish a telecommunication line connection between the terminal 50 and the computer after such terminal engages the line in response responds to the ringing signal.
3. Description of the Related Art
A telecommunication system for providing secure access to a computer is described in the article entitled "Call Back Schemes Ward Off Unwanted Access By Telephone", Electronics, Mar. 8, 1984, pp. 131-135. Such system comprises a telecommunication exchange and a separate security unit connected to the telecommunication line just before the access ports of the computer.
It is possible for a data terminal to be connected to a computer, even though the distance between the computer and the terminal may be large. This connection can be achieved via a telecommunication network (public or private), and a plurality of terminals can be connected to the computer via a telecommunication exchange comprised in such telecommunication network.
A problem which may arise, however, is that unauthorized users may try to gain access to the computer. A known security system is known under the name of "call-back system". When implementing this system a person who wants to start using the computer dials a telephone number to an access port of the computer. Subsequently, this person provides the access port with an identification code, which the computer compares with the identification codes stored in its memory. If it appears that the provided identification code matches a stored identification code, the computer will select a telephone number which inside the computer memory is linked with the stored identification code. This will generally be the telephone number of the person who wants to start using the computer, thus of the requesting terminal, and the computer calls back such telephone number to establish connection to such terminal.
From the aforesaid publication it is known to insert between the exchange and the computer a separate security unit for performing the access port function by means of the call-back scheme. When implementing this scheme the user dials the telephone number of the subscriber line connected to the security unit, upon which a normal telephone connection between the user and the security unit is established. Then the identification code is transferred via the thus formed communication channel to the security unit which establishes through-connection to the computer.
Such known system has two disadvantages. A first disadvantage is that signaling information available in the exchange is not readily available in the security unit; consequently, this signaling information cannot be used to advantage for controlling access to the computer. A second disadvantage is that the known system requires a separate security unit, the complexity and price of which increases with an increasing number of users and computer ports.
SUMMARY OF THE INVENTION
The object of the invention is to provide a telecommunication system providing secure access to a computer, and wherein besides the usual network elements such as the exchange, terminals, and a computer, no additional equipment is required; security access control being achieved by utilizing the signaling information already available in the exchange.
To this end, a system in accordance with the invention is characterized in that the function of the security unit is performed by the control processor in the central control unit comprised in the exchange, such processor being programmed so that the security procedure must be completed before connection is established between a terminal and a telephone line giving such terminal access to the computer.
As the security function is performed within the exchange, safeguarding access to the computer can be provided in a modern electronic telecommunication exchange as a software program in the control processor. Thereby the control processor and the memory capacity already available in the exchange can be used to advantage, which is far less expensive than separate security equipment. The aforesaid security procedure prevents unauthorized callers who happen to learn of the subscriber number of one of the subscriber lines to the computer from dodging the access control by simply dialing the number of such line.
A further advantage of the system in accordance with the invention is that signaling information already available in the exchange is used for access control therein. Consequently, terminals connected to the exchange can employ either pulse dialing or tone dialing. In either case, access to the computer can be achieved by means of a code to be entered by the user. This is in contrast with the known system wherein the separate security unit can only receive tone dialing signals.
Modern electronic exchanges can offer the associated users rerouting facilities known as "follow-me", "call-forwarding" or "chief-secretary facilities". The user of a terminal (the original destination terminal) can then make known to the exchange that calls meant for him should be transferred to another terminal (the divert terminal). The exchange control processor reroutes a call intended for an original destination terminal to a divert terminal connected to the exchange.
To avoid calls processed by the exchange from being diverted to a non-authorized terminal, an exchange in accordance with the invention is characterized in that the control processor controls the switching network in the exchange to switch through the connection between the computer and the original destination terminal under the control of the security procedure irrespective of the selective rerouting.
With these measures and by combining signaling information indicating rerouting with the security information, it is avoided that a non-authorized terminal can gain access to the computer by the "call-back" method. This ability is not possible when a separate security unit is used for controlling connection to the computer.
An advantageous embodiment of the invention is characterized in that the identification code of a terminal forms part of the telephone number for requesting connection to the computer, and must be dialed by the user of the requesting terminal.
The aforesaid measures simplify requesting a connection to the computer. If such a facility with a separate security unit were to be inserted between the exchange and the computer, as many subscriber lines would be required between the exchange and the security unit as the number of authorized identification codes.
Besides the aforedescribed rerouting and inserting the identification code in the computer request number, the use of the information already available in the exchange offers still further possibilities. A first possibility is identification of the terminal by means of which an unauthorized person tries to gain access to the computer. This is particularly important in private exchanges if the terminal is connected to that exchange. A second possibility is using the so called "repeated call-back" facility, enabling repeated calling-back of the authorized terminal if it appears to be busy at a first calling-back.
|
| Designated Country: |
DE FR GB IT NL SE
|
| Family: |
Show 9 known family members
|
First Claim:
Show all 5 claims |
What is claimed is:
1. A telecommunication exchange for controlling the interconnection of an external computer connected thereto to any of a plurality of terminals also connected thereto over telephone lines, interconnection of the computer with a terminal requesting access thereto only being established if such terminals transmits an authorized identification code and has an address in accordance with a predetermined list of authorized identification codes and authorized terminal addresses corresponding thereto; such exchange comprising:
- a control processor which includes a receive memory for storing the identification code transmitted by a requesting terminal and an authorization memory for storing said list of authorized identification codes and authorized terminal addresses corresponding thereto;
- said control processor being programmed to compare whether the identification code received from a requesting terminal and stored in the receive memory matches an authorized identification code stored in the authorization memory, and if there is such a match to identify the authorized terminal address corresponding to such authorized identification code;
- a switching network controlled by said control processor to selectively interconnect any of the terminals connected to said exchange with said computer and to selectively transmit confirm signals and ringing signals to any of such terminals, a confirm signal signifying to a user of a terminal to release its line and a ringing signal signifying to a user of a terminal to engage its line;
- said control processor being further programmed to carry out a security procedure such that upon determining that a requesting terminal has an authorized identification code said control processor causes said switching network to
- (i) transmit a conform signal to the requesting terminal,
- (ii) after the calling terminal line has been released, transmit a ringing signal to the authorized terminal address corresponding to said authorized identification code, and
- (iii) after the terminal at the authorized address has engaged its line, interconnect such terminal with said computer.
|
| Background / Summary: |
Show background / summary
|
| Drawing Descriptions: |
Show drawing descriptions
|
| Description: |
Show description
|
| Forward References: |
Show 35 U.S. patent(s) that reference this one
|
|
|
|
|
|
|
| Foreign References: |
|
| Other Abstract Info: |
DERABS G88-065765
|
| Other References: |
"Securing Dial-Up Networks", J. Holmes, Telecommunications, Mar. 1984, pp. 84 and 124.
"The AT&T Multi-Mode Voice Systems . . . ", S. D. Hester et al., Proc. of the 1985 AVIOS Conf., Sep. 1985, 12 pages.
"New Customer-Defined Network Service", M. Berger et al., Telephony, Mar. 10, 1986, pp. 50, 52, 54, 58 and 60.
|
|
 Nominate this for the Gallery...
|
|
