WO2000058808A1 - Password protection - Google Patents

Password protection Download PDF

Info

Publication number
WO2000058808A1
WO2000058808A1 PCT/GB2000/001010 GB0001010W WO0058808A1 WO 2000058808 A1 WO2000058808 A1 WO 2000058808A1 GB 0001010 W GB0001010 W GB 0001010W WO 0058808 A1 WO0058808 A1 WO 0058808A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
user
network terminal
identity
call
Prior art date
Application number
PCT/GB2000/001010
Other languages
French (fr)
Inventor
Robert Grenville Brockbank
Derek John Emerson
Original Assignee
British Telecommunications Public Limited Company
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GBGB9907430.4A external-priority patent/GB9907430D0/en
Priority claimed from EP99305272A external-priority patent/EP1065581A1/en
Application filed by British Telecommunications Public Limited Company filed Critical British Telecommunications Public Limited Company
Priority to EP00911074A priority Critical patent/EP1171809A1/en
Priority to AU33070/00A priority patent/AU3307000A/en
Priority to CA002367831A priority patent/CA2367831A1/en
Publication of WO2000058808A1 publication Critical patent/WO2000058808A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Definitions

  • This invention relates to password protection and particularly, but not exclusively, to a method of updating a password by direct user input from a telephone.
  • a method of managing password update for a password protected access system having a password store in which each entry comprises a respective network terminal identity store and an associated respective password store comprising the steps of: making a call to a password change service from a network terminal, retrieving by the password change service from signalling information of the call received thereat the identity of the network terminal from which that call was made; receiving a new password entered at that network terminal; accessing the password store in accordance with the retrieved network terminal identity to find an entry whose stored network terminal identity matches that retrieved network terminal identity; and writing the received new password into the associated respective password store of an entry so found.
  • a password protected access system comprising means for receiving a call from a network terminal and for retrieving from signalling information of the call the identity of the network terminal from which that call was made, means for receiving from that network terminal information representative of a password, and means for updating the content of a respective password store associated with that network terminal identity by writing said information representative of a password into that associated respective password store.
  • Figure 1 shows component parts of a password change service of the present invention.
  • a remote database holding a user's personal information
  • user providing a user identity, also called a username or a userlD, to identify the particular stored information which the user is requesting access to, and a password.
  • the user identity is commonly a set of letters, often the initials of the user's names, e.g. dje or rgb.
  • the provided password is compared with a password previously provided by the user and stored in association with the user identity, and, if there is a match, the user is granted access.
  • the user identity is not in the form of the user's initials, but is a nominated network terminal identity, which in this embodiment is a telephone number, and this will usually be the number of the user's home or work telephone.
  • nominated telephone number and nominated telephone are used synonymously and interchangeably.
  • the user calls the password protection system from any telephone, and when prompted for a user identity he enters the nominated telephone number via the keypad, or speaks it if there is an interactive voice response unit (IVR) at the password protection system. The user will then be prompted in the usual manner for entry of his password, which, likewise, he enters via the keypad or the IVR. If the user has forgotten his password, he makes a call from the telephone corresponding to the nominated number, i.e. the nominated telephone, to a password change service of the password protection system.
  • IVR interactive voice response unit
  • the signalling information On receipt at the password protection system of the incoming call from the user, the signalling information is examined and the content of the calling line identity field (CLI) is retrieved, and the user is prompted to enter a new password, via keypad or the IVR. This new password is then stored in place of the previously stored password in association with the user identity in the form of the retrieved CLI, i.e. the nominated telephone number.
  • CLI calling line identity field
  • the password protected information is a electronic personal telephone or email address book remotely stored on a database 10, accessed via a data network 1 2, such as the Internet or a corporate intranet, and a server 14.
  • the user activates a computer 1 6 at any suitable site, and launches a browser in known manner to access the server 14. He receives from the server 14 an access page having text boxes for the entry of a user identity and a password. Using the keyboard, the user enters the nominated telephone number for the user identity, and the current password. The server 14 performs a comparison of the entered password with the stored password associated with that user identity, and upon a match permits the user access to his address book.
  • the user If the user has forgotten his password, or if someone has managed to obtain access to the user's nominated telephone, say his work telephone, and change the password, then the user makes a call from his work telephone 20, via a telephone network, for example a private telephone network 22, to a predetermined destination terminal number at a CTI system 24 operating a change password service.
  • a telephone network for example a private telephone network 22
  • the change password service is operated by a CTI system 24 which is at a geographically separate location from the server 14.
  • the CTI system 24 operating a change password service can be local to the server 1 4, or that function can even be made integral with the server 14.
  • the CTI system 24 will send the user's identity
  • the CTI system 24 constitutes means for receiving a call from a network terminal and for retrieving from signalling information of the call the identity of the network terminal from which that call was made, means for receiving from that network terminal information representative of a password, and means for updating a current password stored in association with that network terminal identity by replacing it with said information representative of a password.
  • the CTI system 24 sends the user's identity (CLI) and new password to the database 1 0 via the server 14.
  • the change password service is also responsible for establishing a new user area in the database.
  • a new user makes a call to the change password service, and upon prompting for a telephone number enters a telephone number, and upon prompting for a password the user either enters a password or, if the user chooses not to provide a password at this initial area set up stage, terminates the user area set up procedure in some appropriate manner, e.g. by going on hook or entering "#" on the keypad.
  • This entering of a telephone number by the user constitutes direct provision of a network terminal identity by the user.
  • the change password service now communicates with the database 10 and requests the allocation of a new user area, i.e. a telephone number store and an associated password store, and provides that entered telephone number to the database 10, together with the entered password, if provided by the user at this stage.
  • the database 10 sets a Password Set flag associated with that newly established user area. If the user did not enter a password at the password prompt, the content of the password store in that user area remains filled with null characters, and the Password Set flag remains reset.
  • the establishing of a new user area can alternatively be performed by system administration personnel upon receipt of the required information from a new user via, for example, the postal service.
  • the user updates the latest recorded password in his area using the method of the present invention by making a call to the change password service from the nominated telephone. It will be understood that the latest recorded password can be any of: null characters when the user has set up a new area but has not provided a password; or an initially provided password; or the password entered at the latest use of the change password service.
  • the new user area can be set up via the user's computer 1 6 by downloading a set up page from the server 14, entering the nominated telephone number and, if required at this stage, a password, in respective text entry boxes, and clicking on a submit button in known manner.
  • This entering of a telephone number by the user constitutes direct provision of a network terminal identity by the user.
  • the change password service retrieves a CLI from an incoming call
  • the user can indicate to the change password service, by entering # on the telephone keypad, that he wishes that CLI to be used as the nominated telephone number.
  • This utilising by the change password service of the CLI in response to a command ("#" ) from the user constitutes indirect provision of a network terminal identity by the user.
  • the change password service will respond by requesting the user to enter a password. If the user is merely setting up a new user area and intending to defer providing a password, he need not supply a password at this time, and can indicate this by again entering #.
  • the nominated telephone number may be the telephone where the user is most likely to be located when he needs to call the change password service, it need not be so.
  • a user may nominate the telephone number of a trusted person, e.g. his father, living in a completely different area to where he works, possibly even a different country.
  • the present invention will still work, provided that the calling line identity is delivered.
  • the user now calls his trusted person, gives him a new password and asks him to call the change password service and enter the new password when prompted.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)

Abstract

In password protection access, a nominated telephone number is used as the user identity associated with the protected information. If the user needs to change his password, he makes a call from the nominated telephone to a change password service, which automatically retrieves the calling line identity from the signalling information of the incoming call, prompts for a new password, receives the new password from the user, and records the new password in place of the previous password. There is no involvement of system administration personnel, and no consequent delay while a manual reset of the user's password is effected.

Description

PASSWORD PROTECTION
This invention relates to password protection and particularly, but not exclusively, to a method of updating a password by direct user input from a telephone.
In accordance with one aspect of the present invention, there is provided a method of managing password update for a password protected access system having a password store in which each entry comprises a respective network terminal identity store and an associated respective password store, the method comprising the steps of: making a call to a password change service from a network terminal, retrieving by the password change service from signalling information of the call received thereat the identity of the network terminal from which that call was made; receiving a new password entered at that network terminal; accessing the password store in accordance with the retrieved network terminal identity to find an entry whose stored network terminal identity matches that retrieved network terminal identity; and writing the received new password into the associated respective password store of an entry so found. An advantage of a method of the present invention is the avoidance, and consequent delay, of password resetting procedures performed by system administration personnel.
In accordance with another aspect of the present invention, there is provided a password protected access system comprising means for receiving a call from a network terminal and for retrieving from signalling information of the call the identity of the network terminal from which that call was made, means for receiving from that network terminal information representative of a password, and means for updating the content of a respective password store associated with that network terminal identity by writing said information representative of a password into that associated respective password store.
Specific embodiments of the present invention will now be described by way of example with reference to the drawing in which Figure 1 shows component parts of a password change service of the present invention. By way of background to the present invention, it is known for password protected access to, for example, a remote database holding a user's personal information, to be performed by user providing a user identity, also called a username or a userlD, to identify the particular stored information which the user is requesting access to, and a password. The user identity is commonly a set of letters, often the initials of the user's names, e.g. dje or rgb. The provided password is compared with a password previously provided by the user and stored in association with the user identity, and, if there is a match, the user is granted access.
In this known arrangement, if the user forgets his password, he has to contact the system administrator responsible for the database, provide sufficient proof of his identity, and request a reset of his password. The system administrator has to effect a change of the recorded password to a nominal password, for example "password" , and notify the user of that nominal password. The user can thereafter access his information using that nominal password, but for security reasons usually performs a change password procedure to change that nominal password to one which is more secure. In this change password procedure, the user is asked to enter the existing password, then his newly chosen password, and, for confirmation, to enter the new password again.
In the present invention, the user identity is not in the form of the user's initials, but is a nominated network terminal identity, which in this embodiment is a telephone number, and this will usually be the number of the user's home or work telephone. Herein the terms nominated telephone number and nominated telephone are used synonymously and interchangeably.
For normal access, the user calls the password protection system from any telephone, and when prompted for a user identity he enters the nominated telephone number via the keypad, or speaks it if there is an interactive voice response unit (IVR) at the password protection system. The user will then be prompted in the usual manner for entry of his password, which, likewise, he enters via the keypad or the IVR. If the user has forgotten his password, he makes a call from the telephone corresponding to the nominated number, i.e. the nominated telephone, to a password change service of the password protection system. On receipt at the password protection system of the incoming call from the user, the signalling information is examined and the content of the calling line identity field (CLI) is retrieved, and the user is prompted to enter a new password, via keypad or the IVR. This new password is then stored in place of the previously stored password in association with the user identity in the form of the retrieved CLI, i.e. the nominated telephone number.
This password change procedure avoids the inefficient use of system administration personnel, the delay to the user when such system administration personnel perform a manual change, and the risk that the user fails to change from the nominal password, which is inherently insecure, to a more secure password. In a specific embodiment shown in Figure 1 , the password protected information is a electronic personal telephone or email address book remotely stored on a database 10, accessed via a data network 1 2, such as the Internet or a corporate intranet, and a server 14.
The user activates a computer 1 6 at any suitable site, and launches a browser in known manner to access the server 14. He receives from the server 14 an access page having text boxes for the entry of a user identity and a password. Using the keyboard, the user enters the nominated telephone number for the user identity, and the current password. The server 14 performs a comparison of the entered password with the stored password associated with that user identity, and upon a match permits the user access to his address book.
If the user has forgotten his password, or if someone has managed to obtain access to the user's nominated telephone, say his work telephone, and change the password, then the user makes a call from his work telephone 20, via a telephone network, for example a private telephone network 22, to a predetermined destination terminal number at a CTI system 24 operating a change password service.
As shown in the Figure, the change password service is operated by a CTI system 24 which is at a geographically separate location from the server 14. In variants, the CTI system 24 operating a change password service can be local to the server 1 4, or that function can even be made integral with the server 14. In the present embodiment, the CTI system 24 will send the user's identity
(CLI) and new password to the database 10. Thus in this specific embodiment, the CTI system 24 constitutes means for receiving a call from a network terminal and for retrieving from signalling information of the call the identity of the network terminal from which that call was made, means for receiving from that network terminal information representative of a password, and means for updating a current password stored in association with that network terminal identity by replacing it with said information representative of a password. In a variant, the CTI system 24 sends the user's identity (CLI) and new password to the database 1 0 via the server 14.
The change password service is also responsible for establishing a new user area in the database. A new user makes a call to the change password service, and upon prompting for a telephone number enters a telephone number, and upon prompting for a password the user either enters a password or, if the user chooses not to provide a password at this initial area set up stage, terminates the user area set up procedure in some appropriate manner, e.g. by going on hook or entering "#" on the keypad. This entering of a telephone number by the user constitutes direct provision of a network terminal identity by the user. The change password service now communicates with the database 10 and requests the allocation of a new user area, i.e. a telephone number store and an associated password store, and provides that entered telephone number to the database 10, together with the entered password, if provided by the user at this stage.
If the user enters a password at the password prompt, the database 10 sets a Password Set flag associated with that newly established user area. If the user did not enter a password at the password prompt, the content of the password store in that user area remains filled with null characters, and the Password Set flag remains reset. The establishing of a new user area can alternatively be performed by system administration personnel upon receipt of the required information from a new user via, for example, the postal service. Once a new user area has been established, the user then updates the latest recorded password in his area using the method of the present invention by making a call to the change password service from the nominated telephone. It will be understood that the latest recorded password can be any of: null characters when the user has set up a new area but has not provided a password; or an initially provided password; or the password entered at the latest use of the change password service.
In a variant, the new user area can be set up via the user's computer 1 6 by downloading a set up page from the server 14, entering the nominated telephone number and, if required at this stage, a password, in respective text entry boxes, and clicking on a submit button in known manner. This entering of a telephone number by the user constitutes direct provision of a network terminal identity by the user.
In a further variant, since the change password service retrieves a CLI from an incoming call, the user can indicate to the change password service, by entering # on the telephone keypad, that he wishes that CLI to be used as the nominated telephone number. This utilising by the change password service of the CLI in response to a command ("#" ) from the user constitutes indirect provision of a network terminal identity by the user. The change password service will respond by requesting the user to enter a password. If the user is merely setting up a new user area and intending to defer providing a password, he need not supply a password at this time, and can indicate this by again entering #.
Whereas it is most convenient for the nominated telephone number to be the telephone where the user is most likely to be located when he needs to call the change password service, it need not be so. As an example of a different procedure, a user may nominate the telephone number of a trusted person, e.g. his father, living in a completely different area to where he works, possibly even a different country. The present invention will still work, provided that the calling line identity is delivered. The user now calls his trusted person, gives him a new password and asks him to call the change password service and enter the new password when prompted.
Unless the context clearly requires otherwise, throughout the description and the claims, the words "comprise", "comprising" and the like are to be construed in an inclusive as opposed to an exclusive or exhaustive sense; that is to say, in the sense of "including, but not limited to" .

Claims

1 . A method of managing password update for a password protected access system having a password store in which each entry comprises a respective network terminal identity store and an associated respective password store, the method comprising the steps of: making a call to a password change service from a network terminal, retrieving by the password change service from signalling information of the call received thereat the identity of the network terminal from which that call was made; receiving a new password entered at that network terminal; accessing the password store in accordance with the retrieved network terminal identity to find an entry whose stored network terminal identity matches that retrieved network terminal identity; and writing the received new password into the associated respective password store of an entry so found.
2. A password protected access system comprising means for receiving a call from a network terminal and for retrieving from signalling information of the call the identity of the network terminal from which that call was made, means for receiving from that network terminal information representative of a password, and means for updating the content of a respective password store associated with that network terminal identity by writing said information representative of a password into that associated respective password store.
3. A method of managing password update for password protected access, the method being substantially as hereinbefore described with reference to the drawing.
4. A password protected access system substantially as hereinbefore described with reference to the drawing.
PCT/GB2000/001010 1999-03-31 2000-03-17 Password protection WO2000058808A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP00911074A EP1171809A1 (en) 1999-03-31 2000-03-17 Password protection
AU33070/00A AU3307000A (en) 1999-03-31 2000-03-17 Password protection
CA002367831A CA2367831A1 (en) 1999-03-31 2000-03-17 Password protection

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
GBGB9907430.4A GB9907430D0 (en) 1999-03-31 1999-03-31 Password protection
GB9907430.4 1999-03-31
EP99305272.0 1999-07-02
EP99305272A EP1065581A1 (en) 1999-07-02 1999-07-02 Password protection

Publications (1)

Publication Number Publication Date
WO2000058808A1 true WO2000058808A1 (en) 2000-10-05

Family

ID=26153517

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2000/001010 WO2000058808A1 (en) 1999-03-31 2000-03-17 Password protection

Country Status (4)

Country Link
EP (1) EP1171809A1 (en)
AU (1) AU3307000A (en)
CA (1) CA2367831A1 (en)
WO (1) WO2000058808A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0541435A1 (en) * 1991-11-07 1993-05-12 Fujitsu Limited System and method of detecting unauthorized use of identifiers for computer access
JPH07129511A (en) * 1993-11-05 1995-05-19 Nippon Telegr & Teleph Corp <Ntt> Automatic changing device for password number
EP0745924A2 (en) * 1995-05-31 1996-12-04 AT&T Corp. User-transparent security method and apparatus for authenticating user terminal access to a network
EP0862104A2 (en) * 1997-02-28 1998-09-02 Casio Computer Co., Ltd. Authentication system using network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0541435A1 (en) * 1991-11-07 1993-05-12 Fujitsu Limited System and method of detecting unauthorized use of identifiers for computer access
JPH07129511A (en) * 1993-11-05 1995-05-19 Nippon Telegr & Teleph Corp <Ntt> Automatic changing device for password number
EP0745924A2 (en) * 1995-05-31 1996-12-04 AT&T Corp. User-transparent security method and apparatus for authenticating user terminal access to a network
EP0862104A2 (en) * 1997-02-28 1998-09-02 Casio Computer Co., Ltd. Authentication system using network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PATENT ABSTRACTS OF JAPAN vol. 1995, no. 08 29 September 1995 (1995-09-29) *

Also Published As

Publication number Publication date
EP1171809A1 (en) 2002-01-16
CA2367831A1 (en) 2000-10-05
AU3307000A (en) 2000-10-16

Similar Documents

Publication Publication Date Title
US20170171385A1 (en) Methods, Systems, and Products for Processing Communications
US20080037720A1 (en) Voice Activated Communication Using Automatically Updated Address Books
US7027569B2 (en) Telephone call screening system and method and caller registration system and method for use therewith
US20070016804A1 (en) Password management system
JP2001188699A (en) Data processing system with access control mechanism
US20090074176A1 (en) Telephone system
US20070147348A1 (en) Methods, systems, and computer program products for providing location information for VoIP emergency calling
JPH10117212A (en) Privacy protection method for storage and retrieval message system
EP1228623B1 (en) Establishing data connections
JP2006339907A (en) Server device
US20060212489A1 (en) Technique for effectively synchronizing data through an information service
JP2007142621A (en) Ip phone system compatible with free address
US20130028252A1 (en) Computer telephony
WO2000058808A1 (en) Password protection
EP1065581A1 (en) Password protection
Cisco Chapter 10 - Digital Networking
Cisco SMTP Networking
Cisco SMTP Networking
JP2005107984A (en) User authentication system
JP3792022B2 (en) Sender display system, exchange for the same, telephone line management center, and program storage medium
Cisco SMTP Networking
WO2001077874A3 (en) System for receiving, storing and updating data over a network upon request
Cisco Personal Assistant Administration Page Reference
KR200176473Y1 (en) E-mail system for issuing phone number as e-mail id
Cisco Subscriber Settings

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 09936228

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 2000911074

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 33070/00

Country of ref document: AU

ENP Entry into the national phase

Ref document number: 2367831

Country of ref document: CA

Ref country code: CA

Ref document number: 2367831

Kind code of ref document: A

Format of ref document f/p: F

WWP Wipo information: published in national office

Ref document number: 2000911074

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWW Wipo information: withdrawn in national office

Ref document number: 2000911074

Country of ref document: EP

DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)