Telephonic communications – Telephone line or system combined with diverse electrical... – Having transmission of a digital message signal over a...
Reexamination Certificate
2000-06-16
2002-09-24
Ramakrishnaiah, Melur (Department: 2643)
Telephonic communications
Telephone line or system combined with diverse electrical...
Having transmission of a digital message signal over a...
C379S142010, C379S142050, C379S196000
Reexamination Certificate
active
06456701
ABSTRACT:
TECHNICAL FIELD
This invention relates to enforcement of central control over access in a switched telephone network and, in particular, to methods and apparatus for providing authorized and, optionally, audited access to a selected destination point in a switched telephone network.
BACKGROUND OF THE INVENTION
Telecommunications networks such as the Public Switched Telephone Network (PSTN), Local Area Networks (LANs), Wide Area Networks (WAN), etc. are made up primarily of network elements that are geographically distributed. Maintenance and servicing of these network elements is commonly performed employing unattended “Back Door Modems” (BDMs) accessed by dial-up connections through the PSTN. The BDMs operate in accordance with well understood standards. An important issue related to the provision of telephone connections over the PSTN, and the provision of data transport services over data networks such as LANs and WANs, is that of providing authorized access to the equipment which supports these services. The equipment and services that can be controlled once access is gained through a BDM, are subject to attack by unauthorized persons who accidentally or covertly obtain an access number. Consequently, it is important to ensure that only authorized access to BDMs is permitted.
The issue of authorized access is also of interest in the provision of telephone based services such as telephone banking, telephone voting, etc. The goal in providing access to these services is to discriminate customers/users from impostors.
Authorized access to equipment can also be used to inhibit the misuse of the equipment and associated resources, such as for example, the use of company equipment for personal use or gain.
It is estimated that in up to 80% of telecommunications fraud cases, an employee of the telecommunications company providing the telecommunications service is involved. A high incidence of fraud is enabled because BDMs have no capacity to discriminate between authorized and unauthorized users seeking access to equipment. It is also estimated that upwards of 60% of corporate communications are spent in non-work related activity, and upwards of 40% of corporate communications budgets are spent in casual usage of telecommunications equipment and services.
A distinction is made in the presentation of this application between an authenticated user to access selected destination points and an authorized user to access a selected destination point: An authenticated user to access a selected destination point is a user who has been preregistered with an authentication agency granting access to selected destination points for requesting access to selected destination points and in particular a user who has overcome a predetermined subgroup of predetermined authentication challenges. An authorized user to access a selected destination point is an authenticated user to access a selected destination point designated to access a selected destination point. In what follows the “authenticated” and the “authorized” terms will be used when referring to the distinction presented above.
It is known in the art to provide apparatus and methods for secure access to BDMS. User/service profile matching is provided for users of telephone based services accessed through Interactive Voice Response (IVR) units as described in United States Patent No. 5,276,444 which issued to McNair on January 4, 1994. McNair focuses on providing multiple levels of authentication to limit loss and liability in providing the services. An authentication system removes itself from the session once the session is established.
United States Patent No. 5,181,238 which issued to Medamana et al. on January 19, 1993, also describes a user/service profile matching method for authenticating users. This method focuses on providing a single authentication method for users subscribing to multiple telephone services available on a telephone network.
A call transfer and call-back upon authentication method is described in United States Patent No. 4,876,717 which issued to Barron et al. on October 24, 1989. This function is provided by an adjunct processor which disconnects itself from the call path once the connection is established.
A personal identification number-based authentication prior to establishing a connection using a call-back procedure is described in United States Patent No. 4,922,521 to Krikke et al. which issued on May 1, 1990. This method enforces access from specific origination points associated with pin numbers but does not describe how to discriminate between authorized and unauthorized access to a destination point.
All of these inventions have merit in providing different levels of protection. However, these solutions do not provide end-to-end call completion monitoring after authentication. Furthermore, none of these inventions provides real-time monitoring of telephone connections.
Considering that telephone switches, network routers, network bridges, network gateways, data switches, backup power equipment, Tele-banking IVR units, key systems and company PBX systems are generally accessible through transceivers, there is a need to provide authorized access control to this equipment which cannot be readily compromised.
OBJECTS OF THE INVENTION
It is an object of the invention to provide a method of authenticating users seeking access to equipment or service accessed through a dial-up transceiver in a switched telephone network.
It is another object of the invention to provide a method of authorizing users seeking access to a selected destination point accessed through a dial-up connection in a switched telephone network.
It is further object of the invention to provide a centralized real-time authorization of users seeking access to command controllable equipment accessed through a dial-up connection in a switched telephone network.
It is a further object of the invention to centrally authenticate and authorize users on the switched telephone network before establishing a telephone connection to a selected destination point.
It is a further object of the invention to authenticate a user seeking access to a selected destination point accessed through the PSTN, using a first communications connection before a connection is established between the user and the selected destination point.
It is a further object of the invention to monitor the authentication process and the call completion process to ensure that an authorized session progresses in accordance with an established protocol between an origination point and a selected destination point in the switched telephone network.
It is a further object of the invention to provide a full audit of both the signaling and the payload paths of a communications connection between an origination point and a selected destination point in a switched telephone network.
It is a further object of the invention to provide a facility for releasing, from a control point the switched telephone network, a telephone connection representing a communications connection between an originating point and a selected destination point.
It is a further object of the invention to provide control over access to a plurality of selected destination points in the switched telephone network accessed using a common directory number.
SUMMARY OF THE INVENTION
The invention provides a method of enforcing network-centric control over access to a selected destination point in a switched telephone network. Processing of call completion requests to establish a communications session to the selected destination point is made dependent on a calling line identification present in the call completion request.
The method comprises a first step of receiving a call completion request from an originating point. The call completion request bears an origination calling line identification. The user associated with the origination point is authenticated on receipt of the call completion request. In a further step of the method, an authorized calling line identification is generated and is associated with the origin
O'Brien William G.
Williams L. Lloyd
Bell Canada
Ramakrishnaiah Melur
Van Dyke Gardner, Linn & Burkhart, LLP
LandOfFree
Network-centric control of access to transceivers does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Network-centric control of access to transceivers, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Network-centric control of access to transceivers will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2879835