Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2000-04-27
2004-01-27
Yiuk, David (Department: 2134)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S150000, C713S151000, C713S168000
Reexamination Certificate
active
06684336
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to a communications arrangement and method in which an end system verifies in cooperation with a service system that a proposed data transfer operation from another end system is acceptable.
BACKGROUND OF THE INVENTION
Public networks with many connected subscribers generally provide little protection against unwanted communications which has led to such phenomena as nuisance telephone calls, and unsolicited fax and e-mail advertising. The end user (subscriber) may be able to set up a list of permitted or prohibited callers (as identified by, for example, calling ID) but this is only practical where there are only a few callers on the list. Larger groups of permitted callers generally require the network itself to perform a filtering function—one general example of this is the virtual private network where the network operator provides an enterprise with what is effectively a private network by filtering and directing relevant traffic on the public network. The involvement of the network in providing an access filtering service to an end user is relatively easy to implement in the telephone world since the network operator is responsible for establishing the connection to the end user; however, in the internet world there is far less scope for access filtering by network operator due to the decentralised nature of the internet.
Of course, for end users connecting to the internet via a dial-up service provided by an ISP (Internet Service Provider), the problem of unsolicited direct communications (that is, not involving a mail box) is not as severe since the user will generally only be assigned a network address dynamically at each connection making it more difficult for anyone to target a particular end user. However, the possibility of an end user receiving unsolicited direct communications still exists because not only is it possible to ascertain even the dynamically-assigned address of a particular end user, but untargeted communications can be sent to all currently-connected users of a particular ISP by simply determining the range of network addresses that the ISP is using for its end users (a relatively simple task) and sending to all those addresses. In contrast, it would be very difficult for the ISP to provide a filtering service to its customers precisely because of the fact that an unwanted caller is likely also to be connecting with a dynamically assigned network address.
In the internet world it is known to have service systems which serve as a contact point for users of the service. Whenever a user connects to the internet, their current network address is sent to the service system and other users of the same service can then contact that user. By making this service available only to subscribers to the service, some control is attained on who can contact the end users. However, this arrangement does not, in fact, prevent the types of unsolicited direct communications noted above—it only makes it easier for service users to contact each other.
It is an object of the present invention to provide an improved way of controlling data transfer operations to a target end user that uses a service system to assist in a verification process concerning the originator of the data transfer operation.
SUMMARY OF THE INVENTION
According to one aspect of the present invention, there is provided a communications arrangement comprising a communications infrastructure, a plurality of end systems connected to the communications infrastructure, and a service system connected to the communications infrastructure for participating in the initiation of a data transfer operation between a first end system and a second end system; the first end system comprising connectivity means for informing the service system of an intended data transfer operation with the second system, and for contacting the second end system over the communications infrastructure for the purpose of effecting the intended data transfer operation, the connectivity means of the first end system being operative to initially pass the second end system a transfer-operation characteristic known also to the service system in respect of the intended data transfer operation; the second end system comprising connectivity means for cooperating with the connectivity means of the first end system to effect the intended data transfer operation, the connectivity means of the second end system including verify means responsive to an end system contacting the second end system and passing it a said transfer-operation characteristic, to communicate with the service system to check that the transfer-operation characteristic received by the second end system corresponds to that known to the service system in respect of the intended data transfer operation with the second end system, the verify means only permitting data transfer to proceed where the transfer-operation characteristic checks out; and the service system including complementary verify means for cooperating with the verify means of the second end system to check said transfer-operation characteristic.
With this arrangement, the originating end system must be one known and accepted by the service system for the data transfer operation to proceed whereby the target end system can avoid unwanted data transfer operations.
According to another aspect of the present invention, there is provided a method of initiating communication over a communications infrastructure between a first end system and a second end system using the services of a service system connected to the communications infrastructure; the method comprising the steps of:
(a)—passing from the first end system, over the communications infrastructure, to the service system, an indication of an intended data transfer operation with the second end system,
(b)—establishing for the intended data transfer operation a transfer-operation characteristic known to both the first end system and the service system,
(c)—contacting the second end system from the first end system over the communications infrastructure and passing from the first end system to the second end system said transfer-operation characteristic,
(d)—contacting the service system from the second end system and checking that the transfer-operation characteristic received by the second end system in step (c) corresponds to one associated with an intended data transfer operation between the first and second end systems, and
(e)—only proceeding with the data transfer operation between the first and second end systems if the checking carried out in step (d) indicates that the transfer-operation characteristic received by the second end system from the first end system corresponds to one known to the service system for an intended data transfer operation between the first and second end systems.
According to a further aspect of the present invention, there is provided a service system for participating in the set up of a data transfer operation across a communications infrastructure between end systems connected to the latter, the service system comprising interface means for connecting the service system to the communications infrastructure; means for receiving, through the interface means, an indication from a first end system that it wishes to effect a data transfer operation with another end system specified in said indication; logging means for storing, in respect of each data transfer operation for which a said indication has been received by the service system, a corresponding transfer-operation characteristic known to both the first end system and the service system; and verification means for receiving, through the interface means, a verification request from a second end system that includes a transfer-operation characteristic which that end system wishes to confirm relates to a data transfer operation involving it that is known to the service system, the verification means being operative to check the transfer characteristic received by it from the second end system against transfer characteristics
Banks David
Fedrigo Enrico
LandOfFree
Verification by target end system of intended data transfer... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Verification by target end system of intended data transfer..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Verification by target end system of intended data transfer... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3239038