Connect public, paid and private patent data with Google Patents Public Datasets

Adjunct processor for providing computer facility access protection via call transfer

Info

Publication number
CA1287910C
CA1287910C CA 543405 CA543405A CA1287910C CA 1287910 C CA1287910 C CA 1287910C CA 543405 CA543405 CA 543405 CA 543405 A CA543405 A CA 543405A CA 1287910 C CA1287910 C CA 1287910C
Authority
CA
Grant status
Grant
Patent type
Prior art keywords
computer
processor
adjunct
call
calling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CA 543405
Other languages
French (fr)
Inventor
Salvador Barron
James Eugene Coffman
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
AT&T Corp
Original Assignee
AT&T Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/313User authentication using a call-back technique via a telephone network
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S379/00Telephonic communications
    • Y10S379/903Password

Abstract

ADJUNCT PROCESSOR FOR PROVIDING COMPUTER
FACILITY ACCESS PROTECTION VIA CALL TRANSFER

Abstract This adjunct processor arrangement performs a centralized call screening function to provide computer port access security. Every call origination in the telephone switching system from a calling party to a protected computer port is interdicted by the telephone switching system and routed to the adjunct processor. The calling party receives a series of prompts from the adjunct processor to provide identification information, such as login, password, and voiceprint information. The adjunct processor validates the identity of the calling party using this identification indicia and initiates a callback operation. The adjunct processor disconnects the calling party from the connection, calls the calling party back and then uses the data call transfer capability of the telephone switching system to connect the calling party to the computer.

Description

~ ~'79~

ADJUNCT PROCESSOR FOR PROVIDING COMPUTER
FACILITY ACCESS PROTECTION VIA CALL TRANSFER

Field of the Invention This invention relates to business communication systems and, in particular, to an adjunct processor which provides computer facility access protection by way of the call transfer feature bf the business communication system.
Problem It is a problem in dial-up type computer systems to prevent the unauthorized access of computer facilities.
A common method of providing relatively secure access protection for a computer system is to equip each computer port with a callback unit. A callback uni~ is a device connected between a telephone line and a computer port to `
limit access to the computer to only those users having the proper authorization. A calling party dials the access number of ths ~omputer port and is connected by the business communication system to the callback unit. The callback unit prompts the calling party to provide the proper password and user identification information which is usad by the callback unit to validate the identity of the calling party as an authoriæed user of the computer facility. The callback unit reviews a list of authorized users stored in the callback unit memory to determine whether the password 25` sequence entered by the calling party matches the list of authorized users. If a match occurs, the callback unit reads the telephone number associated with the calling party from the list. The callback unit then disconnects the calling party from the computer port and initiates an .

. `, ~:.

~.215179~V

outgoing call from the computer port to the calling party at the predesignated ~elephone number. The calling party responds to this call from the callback unit by going off hook on the telephone station se~ or computer terminal and is cut through by the callback unit to the computer port.
The callback unit remains connected in series between the calling party and the computer port for the duration of the call.
The problem with this arrangement is that every computer port must be equipped with a callback unit in order to obtain the required level of security. These callback units are relatively expensive and the co~t to the customer to protect a computer center which serves numerous computer ports is prohibitive. More sophisticated personnel identification equipment, such as voiceprint identifiers, would provide a significantly improved level of security for the computer system, but to eguip each callback unit with such equipment renders the cost of security beyond the reach of almost every computer system manager.
Solution This problem is overcome and a technical advance achieved by the subject adjunct processor that provides computer facility access protection via the data call transfQr capability of the business communication system.
25 This adjunct processor arrangement performs a centralized call screening function to provide compu~er facility access security. Every call origination in the business communication system from a user to a protected computer facility is interdicted by the business communication system and routed to the adjunct processor. The user receives a .

8~

series of prompts from the adjunct processor to provide identification information, such as login, password, and voiceprint information. The adjunct processor validates the identity of the user using this identification indicia and initiates a callback operation. The adjunct processor disconnects the user from the call connection, calls the user back and then uses the data call kransfer capability o~
the business communica~ion system to conneck the user to the computer facility. The adjunct processor releases from the call connection and is available to screen another calling party. In this fashion, extensive and expensive security facilities, such as voiceprint identification apparatus, can be provided in the centralized adjunct processor to give the users a very high level of security since the cost of these security facilities is distributed over all of telephone switching system users.
In a large business communication system, there can be numerous computer facilities served by the business communication system. These computer facilities can be mainframe computers, each of which is equipped with a plurality of access ports, or personal computers, each of which is connected to an individual user's telephone line in conjunction with the user's telephone station set. In the case o~ the personal computers, the cost of secuxity quickly becomes prohibitive due to the large number of computer facilities in contrast with large mainframe computers each served by only a small number of access ports.
The adjunct processor security arrangement of the present invention provides a centralized call screening function. The calling party dials either the adjunct ~2879~0 processor or the access number of a aomputer port. In the former case, the calling party is directly connected through the switching network to the adjunct processor. In the latter case, the switch processor of the business communication system recognizes, for example through the class of service associated with this dialed number, that the destination identified by the dialed number is a protected computer facility. The switch processor ignores the number dialed by the calling party and connects the calling party directly through the switching network to the adjunct processor. The switch processor transmits control messages to the adjunct processor identi~ying the calling party, tha dialed number as well as any other relevant information about the protected computer facility.
The adjunct processor provides a series of standardized prompts to the calling party to elicit password and calling party identification information. This in~ormation can be as simple as a multiple character password typed on a computer terminal keyboard or can be as sophisticated as a voiceprint obtained from the calling party over the communication connection. The calling party identification information is used by the adjunct processor to validate the identity of the calling party.
Once the calling party has been identi*ied, the adjunct processor scans a list of authorized users stored in an adjunct processor memory to retrieve from memory a predesignated telephone number assigned to this calling party. The adjunct processor disconnects the calling party from the call connection and initiates a new data call connection from the adjunct processor to the predesignated , .. .
.
,. :~..... ..
:' " ' "
.

~l2~379~

number associated with the calling party. The business communication system completes this data call connection to the calling party from the adjunct processor. The adjunct processor, in response to the completion of a data call connection, initiates a standard data call transfer operation. The adjunct processor signals the switch processor to indicate the identity of the protected computer facility to which the calling party is re~uesting access as well as the port on the adjunct processor to which the calling party is presently connected. The switch processor disconnects the calling party from the adjunct processor and establishes a new switching network connection from the calling party to one of the port circuits associated with the protected computer facility designated by the number originally dialed by the calling party.
If the calling party is not at a predesignated location, the callback operation can ba dispen~ed with and a simple data call transfer operation used to connect the calling party to the protected computer facility. This is useful in the case where the calling party accesses the protected computer facility from a remote location or from a location other than the predesignated location assigned to the calling party. The callback operation can also be dispensed with if the user identity validation is relatively foolproof, such as in the case of a voiceprint identification.
This centralized adjunct processor calling party screening apparatus provides a cosk effective method to achieve a high level o~ security for all of the computer ports served by the business communication system. The data ....
.... ; ..

1287g~0 call transfer capability of the business communication system enables the adjunct processor to be disconnected from the call connection upon completion of the call screening operation.
The adjunct processor can thereby serve a plurality of computer ports.
In accordance with one aspect of the invention there is provided in a business communication system ~hich serves a plurality of communication devices, each of which is connected by an associated port circuit to a switching network of said business communication system, and a plurality of computer facilities, each of which is connected to said switching network by one or more computer port circuits, said switching network having a plurality of ports, a method of providing computer port access security comprising the steps of:
interdicting all calls from any calling one of said communications devices to any of said plurality of computer facilities; in response to a call request from said calling communication device, said call request defining one of said plurality of computer facilities, establishing a digital call ~0 connection from said calling communication device through said switching network to an adjunct processor connected to a first one of said plurality of ports of said switching network;
confirming the identity of the user at said calling communication device in said adjunct processor by exchanging information between said user and said adjunct processor;
disconnecting said calling communication device from said adjunct processor; originating a new digital call connection from said adjunct processor to a preassigned telephone number associated with said user; determining, by said adjunct processor, the one of said plurality of computer facilities defined by said call request; and ef~ecting, by said adjunct processor, data call transfer of said new digital call connection from said first port of said switching network -~ connected to said adjunct processor, to a second one of said .
. ~ ~ ,; :... .
~.~

128~91~
6 a plurality of ports of said switching network, said second port being connected to one of said computer port circuits associated with said one of said plurality of computer facilities determined by said adjunct processor.
In accordance with another aspect of the invention there is provided in a business communication system which serves a plurality of communication devices, each of which is connected by an associated port circuit to a switching network of said business communication system, and a plurality of computer facilities, each of which is connected to said switching network by one or more computer port circuits, said switching network having a plurality of ports, a computer port access security arrangement comprising: adjunct processor means connected to a first one of said plurality of ports of said switching network and responsive to a user being connected through said switching network to said adjunct processor means for confirming the identity of said user and obtaining from said user an identification of one of said plurality of computer facilities; and means responsive to the ~0 confirmation of the identity of said user by said adjunct processor means and to the obtaining of said identification of said one of said plurality of computer facilities by said adjunct processor means for effecting data call transfer of said user to a second one of said plurality of ports of said ~5 switching network, said second port being connected to one of said computer port circuits associated with said identified one of said computer facilities.
Brief Description of the Drawin~s These and other advantages of the invention may be better understood from a reading of the following description of one possible exemplary embodiment taken in conjunction with the drawing in which:
FIG. 1 illustrates, in block diagram form, the structure of both the subject adjunct processor for providing computer facility access protection and the associated business communication system; and - : .
:, , :
:
.

-- ~2879~0 6b FIG. 2 illustrates, in flow diagram form, the method of operation of the subject adjunct processor for providing computer facility access protection.
Detailed Description FIG. 1 illustrates, in block diagram form, the adjunct processor for providing computer facility access protection as well as a business communication system in which it operates. The business communication system can be any one of a number of digital switching systems and, for the purpose of this description, is assumed to be an AT&T System 85 switch. FIG. 1 illustrates a plurality of terminal equipment T100-Tn each of which is associated with a respective one of the business communication system port circuits L100-Ln. This terminal equipment includes telephone station sets as well as digital terminal devices.
The business communication system is also equipped with a ;~ .

~: -' ~

: ' :.::
" ' - ' " ' plurality of trunk circuits 150-151 which interconnect the business communication system with the local telephone company central switching e~uipment. ~ number o~ computer facilities are also connected to the business communication 5 sy~tem. These computer facilities include one or more general purpose computers (computer A, computer B~ each of which is connected via a plurality of associated computer ports 130-13n, 140-14n to the business communication system.
The business communication system includes a switching 10 network 102, connected via communication leads C100-Cn to the port circuits L100-Ln, via communication leads C130-C13m, C140-C14m to computer ports 130-13m, 140-14m, and via communications leads C150-151 to trunk circuits 150-151.
Switch processor 101 is connected to all of the port 15 circuits by bus 105, which functions to carry control signs between switch processor 101 and the port circuits (120-151, L100-Ln). Switching network 102 functions under the control of switch processor 101 to establish communication connections among the communication devices comprising the 20 terminal equipment, trunk circuits and computers by interconnacting the associated port circuits. This business communication system is also equipped with modem devices (e.g., 161) associated with a trunk data module 160 which functions to convert the analog signal~ received from one of 25 trunk clrcuits 150-151 to digital signals for use by one of the computer facilities 113-114.
Adiunct Processor In addition to the above mentioned terminal e~uipment and computer facilities, the business 30 communication system illustrated in FIG. 1 is connected to "' ':`..,' :~
;` ' ' ' "

~287~

adjunct processor 104 to provide computer facility access protection. In this exemplary embodiment, adjunct processor 104 comprises security computer 112 connected to switching network 102 via a number of security devices 120-12m and their associated communication leads C120~C12m.
Adjunct processor 104 can comprise any of a number of device configurations as dictated by the need to provide a defined level of computer facility access security. For example, the desired level of security can require a simple login/password access. Alternativelyl the de~ired level of security can be more stringent and require user identification via validation of some im~utable physical characteristic of the uRer. Examples of such physical characteristic identification apparatus includes:
fingerprint reader devices such as that manufactured by Identix Corp.; voiceprint identifiaation algorithms; retina scan apparatus. The cost of such physical characteristic identification apparatus is high and, for the purpose of this description, it will be assumed that a combined login/password and voiceprint identification arrangement is provided in adjunct processor 104.
Assume for the purpose of this description that ad~unct procossor 104 is implemented by means of a security computer 112 connected via a plurality of security devices 120-12m and their associated communication lead~ C120-12m to switching network 102. Security computer 112 can be a pèrsonal computer such as the AT&T UNIXTM PC which is equipped with voicaprint matching software. In addition, security computer 112 is equipped with a number of security devices 120-12m such as the AT&T DCPI card which, in this ~L2~37~

case, provides a simple digital interface between security computer 112 and switching network 102 via communication leads C120-12m and between security computer 112 and switch processor 101 via bus 105. Security devices 120-12m appear to switch processor 101 as port circuits serving a digital telephone station set. Security computer 112 has stored in memory, for example, a list of authorized computer users, the user's login/passw~rd identifiers, a sample of the u~er's voiceprint and a predetermined telephone number associated with the user's terminal device.
Call Screening Adjunct processor 104 functions to scr2en incoming calls to all the computer facilities served by the business communication system. This is accomplished in one of two ways. A calling party can directly call adjunct processor 104 via switching network 102 and one of security devices 120-12m. Alternatively, switch processor 101 interdicts each call originated by a calling party at a communication deviae (e.g., T100) to a protected computer facility (e.g., computer ~). Switch processor 101 activates switching network 102 via signal path 103 to connect the calling party at communication device T100 to one of security devices 120-12m associated with adjunct proces~or 104.
Security computer 112, in conjunction with the security device (e.g., 120~ connected to the calling party at communication device T100, determines the identity of the calling party by means of an exchange of password/login and voiceprint information. Security computer 112 uses this information to determine, from a list of preassigned ., -, : . . . .
: . ' ': .
, - , .
~ . . . .. .
. ..
., ~ :, .

~Z~3'7910 telephone numbers, the location of the calling party at communication device T100. Security computer 112 through security device 120 disconnects communication device T100 from the call connection and initiates a return data call to the calling party using the preassigned telephone number from the list stored in security computer 112. Security computer 112 completes this call connection via associated security device 120 to communication device T100 associated with the calling party and then initiates a data call transfer operation to connect the calling party to the designated protected computer facility (computer A). The data call transfer operation is accomplished by security device 120 signaling switch processor 101 over bus 105 using standard telephone station set data call transfer button push signals. If the calling party is not at a preassigned telephone numbex, yet is permitted access to a protected computer facility, an alternative method of operation is to bypass the callback operation and simply transfer the call to the protected computer facility.
Call Connection Operation In order to more fully understand the operation of ad~unct processor 104 in providing computer facility access security, a simple call connection operation will be described. FIG. 2 illustratPs, in flow diagram form, the steps raquired to interconnect a calling party to a protected computer facility. Assume for the purpose of this discussion, that a calling party at telephone station set T100 goes off hook and dials the telephone number associated with computer A (step 201). The digits dialed by the calling paxty at telephone station set T100 are carried via . . .: .

~L~879~

port circuit L100 to switch processor 101 via bus 105.
Switch processor 101, in response to the dialed digits, identifies ~step 202) the called number as one of the protected computer ports 130-13n associated with computer A.
The identification operation can be as simple as recognizing a uniqua class of service assigned to a protected computer port. Switch processor 101 responds to a calling party attempt to access a protected computer port by activating switching network 102 to connect (step 203) the calling party (telephone station set T100) to one o~ security devices (e.g., 120) assooiated with security computer 112.
(Alternatively, the calling party can directly dial (step 200) the access number of adjunct processor 104). Security device 120 signals (step 204) security computer 112 that a calling party is connected via switching network 102 to security device 120. In addition, switch processor 101 transmits (step 204) control messages in the form of ISDN
messages or digital telephone station set display messages over bus 105 to securlty computer I12 to identify the calling party and the protected computer port, via security device 120 to which the calling party T100 is now connected.
Loqin~Password Prompts Security computer 112 now performs the calling party screening function. Security computer 112, via security device 120, transmits (step 205) a prerecorded prompt message to the calling party at ~elephone station set T100 connected via switching network 102 to security device 120. Security device 120, in well known ~ashion, cues the calling party at telephone station set T100 to enter ~step 206) preliminary login/pa~sword identification information .
.
. : ''. . : .. , ~L28'75~1~

to uniquely identify the calling party. In addition, security device may prompt the calling party to enter the telephone number o~ the computex to which the calling party is requesting access. This step is necessary in the case where the calling party directly dials adjunct processor 104. Sacurity device 120 forwards (step 207) this identification indicia to security computer 112 for further processing. Security computer 112 contains in its memory a list of all authorized calling parties, their associated logins/passwords, telephone numbers and voiceprints. These telephone numbers can either be on premise sxtension numbers such as telephone station set T100 or these telephone numbers can be off pramise direct dial numbers in the case where a calling party accesses a computer facility by way of one o~ trunk circuits 150 151. In either case, security computer 112 scans (step 208) the list of authorized users using the identification indicia obtained from the calling party by security device 120.
In the case where no match occurs between the retrieved identification information and the list stored on security computer 112, security computer 112 signals ~step 211) security device 120 to disconneck the calling party's telephone station set T100 ~rom the call connection and to terminate call processing. In the case where there is a match between the identification of the calling party and the list stored in the memory o~ security computer 112, security computer 112 returns to step 205.
VoicePrint Prompt Security computer activates (step 205) security device 120 to provide a prerecorded prompt message to the 9 ~879~1 - ~3 -calling party a~ telephone station se~ T100. The calling party provides (step 206~ a predefined voice response to match the stored voiceprint. Security device 120 transmits the received voice response to security computer 112 which compares the stored voiceprint with the response of the calling party to determine the quality of the measured match. Security computer 112 signals (step 211) security device 120 to terminate the call if no match occurs.
Callback and_Transfer If a match does occur, security computer 112 causes security device 120 to disconnect (step 209) the calling party's telephone station set T100 from the call connection and to immediately initiate an outgoing data call from security de~ice 120 to the predetermined telephone number associated with ths calling party as retrieved from the list stored in security computer 112. In the case presently under consideration, security device 120 dials the telephone number of the calling party at telephone station sat T100. Switch processor 101 responds to the dialing of security device 120 and establishes a data call connection throug~ switching network 102 from security device 120 via port circuit L100 to telephone station set T100. Upon completion of this call connection, security computer 112 initiates (step 210) a data call transfer operation to transfer the data call connection of calling party at telephone station set T100 from security device 120 to one of the protected computer ports 130-13m associated with computer A. Alternatively, if the calling party is not at a preassigned telephone number, security computer 112 can bypass the callback operation (step 209). This is .. ~ . , .

.. . ~ .
- , , ;. ', ~": , .
.

..... . .

9 ~879~0 accomplished by security computer 112 transmitting ISDN
control messages or data call transfer button push signals to switch processor 101 via security device 120 and scan bus 105 to indicate a request for a data call transfer operation. Switch processor 101 responds to these control messages by enabling switching network 102 to disconnect the calling party call connection from telephone station set T100 and port circuit ~100 to security device 120 and to establish a new data call connection through switching network 102 from port circuit L100 to one of the protected computer ports (e.g., 130) associated with computer A. In this fashion, the calling party at telephone station set T100 is now connected via port circuit L100 and switching network 102 to computer port 130 associated with computer A.
Trunk Call The above description illustrates the method of operation of adjunrt processor 104 in providing computer port access protection. The above description is illustrative of the philosophy of this invention and it is obvious that the calling party can access a protected computer port either from one of telephone station sets ~100-Tn or from a remote location over any one of trunk circuits 150-151. It is also obvious that although mainframe computers such as computer A and computer B each having a plurality of computer ports, were illustrated in FIG. 1, the operation of adjunck processor 104 also applies to the case where the computer port to be protected is a personal computer associated with the telephone station set and connected to switching network 102 via a poxt circuit.

.

~879~0 It is importan~ to note that in the case of user access via a trunk circuit, there can be the need for a modem interconnection. If the incoming trunk circuit (e.g., 150) is an analog trunk, switch processor 101 signals switching ne~work 102 to connec~ trunk circuit 150 to the communication leads C161 associated with modem 161 to convert the analog signals received from trunk circuit 150 to digital signals. T~unk Data Module (TDM) 160 is connected to modem 161 and serves to connect the digital signal output leads 162 of modPm 161 to switching network 102. TDM 160 also interconnects switch processor 101 (via ~u 105) and modem 161 to provide various control functions such as: speed setting, select originate/answer mode, hold trunk connection during data call transfer. TDM 160 is connected as a digital endpoint through switching network 102 to adjunct processor 104 and the computer facility as described above for the case of a user access from a port circuit.
While a specific embodiment of the invention has been disclosed, variations in structural detail, within the " scope of the appended claims, are possible and are contemplated. There is no intention of limitation to what is contained in the abstract or the exact disclosure as herein presented. The above-described arrangements are only illustrative of the application of the principles of the invention. Normally, other arrangements may be devised by those skiIled in the art without departing from the spirit and the scope of the invention.

, . . .
: .
.. . . .
'

Claims (14)

1. In a business communication system which serves a plurality of communication devices, each of which is connected by an associated port circuit to a switching network of said business communication system, and a plurality of computer facilities, each of which is connected to said switching network by one or more computer port circuits, said switching network having a plurality of ports, a method of providing computer port access security comprising the steps of:
interdicting all calls from any calling one of said communications devices to any of said plurality of computer facilities;
in response to a call request from said calling communication device, said call request defining one of said plurality of computer facilities, establishing a digital call connection from said calling communication device through said switching network to an adjunct processor connected to a first one of said plurality of ports of said switching network;
confirming the identity of the user at said calling communication device in said adjunct processor by exchanging information between said user and said adjunct processor;
disconnecting said calling communication device from said adjunct processor;
originating a new digital call connection from said adjunct processor to a preassigned telephone number associated with said user;
determining, by said adjunct processor, the one of said plurality of computer facilities defined by said call request; and effecting, by said adjunct processor, data call transfer of said new digital call connection from said first port of said switching network connected to said adjunct processor, to a second one of said plurality of ports of said switching network, said second port being connected to one of said computer port circuits associated with said one of said plurality of computer facilities determined by said adjunct processor.
2. In a business communication system which series a plurality of communication devices, each of which is connected by an associated port circuit to a switching network of said business communication system, and a plurality of computer facilities, each of which is connected to said switching network by one or more computer port circuits, said switching network having a plurality of ports, a method of providing computer port access security comprising the steps of:
interdicting all calls from any calling one of said communication devices to any of said plurality of computer facilities;
in response to a call request from said calling communication device, said call request defining one of said plurality of computer facilities, establishing a digital call connection from said calling communication device through said switching network to an adjunct processor connected to a first one of said plurality of ports of said switching network;
confirming the identity of the user at said calling communication device in said adjunct processor by exchanging information between said user and said adjunct processor;
determining, by said adjunct processor, the one of said plurality of computer facilities defined by said call request;
and effecting, by said adjunct processor, data call transfer of said digital call connection from said first port of said switching network connected to said adjunct processor, to a second one of said plurality of ports of said switching network, said second port being connected to one of said computer port circuits associated with said one of said plurality of computer facilities determined by said adjunct processor.
3. The method of claims 1 or 2 wherein the step of interdicting includes the steps of:
comparing the number dialed by said user with a list of computer port numbers; and substituting the number of said adjunct processor for said dialed number if said dialed number matches any number of said list of computer port numbers.
4. The method of claims 1 or 2 wherein the step of confirming includes the steps of:
providing said user with a prompt to supply identification information; and comparing the response of said user to said prompt with predetermined identification information to confirm the identity of said user.
5. The method of claims 1 or 2 wherein the step of confirming includes the steps of:
providing said user with a prompt to supply identification information;
comparing the user response to said prompt with predetermined identification information;
transmitting a second prompt to said user to supply a voice response; and measuring said user voice response with a prerecorded voiceprint from said user to verify the identity of said user.
6. In a business communication system which serves a plurality of communication devices, each of which is connected by an associated port circuit to a switching network of said business communication system, and a plurality of computer facilities, each of which is connected to said switching network by one or more computer port circuits, said switching network having a plurality of ports, a method of providing computer port access security comprising the steps of:

connecting a user originating a call from any one of said communication devices via a digital call connection through said switching network to an adjunct processor connected to a first one of said plurality of ports of said switching network in response to said user dialing the access code of said adjunct processor;
confirming the identity of said user at said calling communication device in said adjunct processor by exchanging information between said user and said adjunct processor;
obtaining from said user at said calling communication device an identification of one of said plurality of computer facilities;
disconnecting said calling communication device from said adjunct processor;
originating a new digital call connection from said adjunct processor to a preassigned telephone number associated with said user;
determining, by said adjunct processor, the one of said plurality of computer facilities identified by said identification obtained from user; and effecting, by said adjunct processor, data call transfer of said new digital call connection from said first port of said switching network connected to said adjunct processor, to a second one of said plurality of ports of said switching network, said second port being connected to one of said computer port circuits associated with said one of said plurality of computer facilities determined by said adjunct processor.
7. In a business communication system which serves a plurality of communication devices, each of which is connected by an associated port circuit to a switching network of said business communication system, and a plurality of computer facilities, each of which is connected to said switching network by one or more computer port circuits, said switching network having a plurality of ports, a method of providing computer port access security comprising the steps of:

connecting a user originating a call from any one of said communication devices via a digital call connection through said switching network to an adjunct processor connected to a first one of said plurality of ports of said switching network in response to said user dialing the access code of said adjunct processor;
confirming the identity of said user at said calling communication device in said adjunct processor by exchanging information between said user and said adjunct processor;
obtaining from said user at said calling communication device an identification of one of said plurality of computer facilities;
determining, by said adjunct processor, the one of said plurality of computer facilities identified by said identification obtained from said user; and effecting, by said adjunct processor, data call transfer of said digital call connection from said first port of said switching network connected to said adjunct processor, to a second one of said plurality of ports of said switching network, said second port being connected to one of said computer port circuits associated with said one of said plurality of computer facilities determined by said adjunct processor.
8. The method of claims 6 or 7 wherein the steps of confirming includes the steps of:
providing said user with a prompt to supply identification information; and comparing said user's response to said prompt with predetermined identification information.
9. The method of claims 6 or 7 wherein the step of confirming includes the steps of:
providing said user with a prompt to supply identification information;
comparing said user's response to said prompt with predetermined identification information;
transmitting a second prompt to said user to supply a voice response; and measuring said user's voice response with a prerecorded voiceprint from said user to verify the identity of said user.
10. In a business communication system which serves a plurality of communication devices, each of which is connected by an associated port circuit to a switching network of said business communication system, and a plurality of computer facilities, each of which is connected to said switching network by one or more computer port circuits, said switching network having a plurality of ports, a computer port access security arrangement comprising:
adjunct processor means connected to a first one of said plurality of ports of said switching network and responsive to a user being connected through said switching network to said adjunct processor means for confirming the identity of said user and obtaining from said user an identification of one of said plurality of computer facilities; and means responsive to the confirmation of the identity of said user by said adjunct processor means and to the obtaining of said identification of said one of said plurality of computer facilities by said adjunct processor means for effecting data call transfer of said user to a second one of said plurality of ports of said switching network, said second port being connected to one of said computer port circuits associated with said identified one of said computer facilities.
11. In a business communication system which serves a plurality of communication devices, each of which is connected by an associated port circuit to a switching network of said business communication system, and a plurality of computer facilities, each of which is connected to said switching network by one or more computer port circuits, said switching network having a plurality of ports, a computer port security arrangement comprising:

means, responsive to a user at any one of said communication devices originating a call to one of said plurality of computer facilities identified by a call request for said call, for interdicting said call;
means responsive to said interdicting means for establishing a digital call connection from said one communication device through said switching network to an adjunct processor connected to a first one of said plurality of ports of said switching network;
wherein said adjunct processor includes;
means responsive to information transmitted by said user to said adjunct processor over said connection to said adjunct processor for confirming the identity of said user;
means responsive to a positive identification of said user by said confirming means for disconnecting said one communication device from said adjunct processor;
means responsive to said disconnecting means for originating a new digital call connection through said switching network from said adjunct processor to a preassigned number associated with said user;
means responsive to said interdicting means for determining the one of said plurality of computer facilities identified by said call request; and means responsive to said new call connection and to said determining means for effecting data call transfer of said new digital call connection from said first port of said switching network connected to said adjunct processor, to a second one of said plurality of ports of said switching network, said second port being connected to one of said computer port circuits associated with said one of said plurality of computer facilities determined by said determining means.
12. In a business communication system which serves a plurality of communication devices, each of which is connected by an associated port circuit to a switching network of said switching system, and a plurality of computer facilities, each of which is connected to said switching network by one or more computer port circuits, said switching network having a plurality of ports, apparatus for providing computer port access security comprising:
means, responsive to a user at any one of said communication devices originating a call to one of said plurality of computer facilities identified by a call request for said call, for interdicting said call;
means responsive to said interdicting means for establishing a digital call connection from said one communication device through said switching network to an adjunct processor connected to a first one of said plurality of ports of said switching network;
wherein said adjunct processor includes;
means responsive to information transmitted by said user to said adjunct processor over said digital call connection to said adjunct processor for confirming the identity of said user;
means responsive to said interdicting means for determining the one of said plurality of computer facilities identified by said call request; and means responsive to a positive identification of said user by said confirming means and to said determining means for effecting data call transfer of said digital call connection to said one communication device, to a second one of said plurality of ports of said switching network, said second port being connected to one of said computer port circuits associated with said one of said plurality of computer facilities determined by said determining means.
13. The system of claims 11 or 12 wherein said confirming means includes:
means for preforming voiceprint identification of said user.
14. The system of claims 11 or 12 wherein said interdicting means includes;
means for transmitting the computer facility number dialed by said user to said adjunct processor.
CA 543405 1986-09-30 1987-07-30 Adjunct processor for providing computer facility access protection via call transfer Expired - Lifetime CA1287910C (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US91328886 true 1986-09-30 1986-09-30
US913,288 1986-09-30

Publications (1)

Publication Number Publication Date
CA1287910C true CA1287910C (en) 1991-08-20

Family

ID=25433131

Family Applications (1)

Application Number Title Priority Date Filing Date
CA 543405 Expired - Lifetime CA1287910C (en) 1986-09-30 1987-07-30 Adjunct processor for providing computer facility access protection via call transfer

Country Status (6)

Country Link
US (1) US4876717A (en)
JP (1) JP3007354B2 (en)
KR (1) KR950014189B1 (en)
CA (1) CA1287910C (en)
DE (1) DE3775154D1 (en)
EP (1) EP0262859B1 (en)

Families Citing this family (81)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5365575A (en) 1985-07-10 1994-11-15 First Data Resources Inc. Telephonic-interface lottery system
US5359645A (en) 1985-07-10 1994-10-25 First Data Corporation Inc. Voice-data telephonic interface control system
US5828734A (en) 1985-07-10 1998-10-27 Ronald A. Katz Technology Licensing, Lp Telephone interface call processing system with call selectivity
US5898762A (en) 1985-07-10 1999-04-27 Ronald A. Katz Technology Licensing, L.P. Telephonic-interface statistical analysis system
US20040071278A1 (en) 1985-07-10 2004-04-15 Ronald A. Katz Multiple format telephonic interface control system
US5835576A (en) 1985-07-10 1998-11-10 Ronald A. Katz Technology Licensing, L.P. Telephonic-interface lottery device
US4845739A (en) 1985-07-10 1989-07-04 Fdr Interactive Technologies Telephonic-interface statistical analysis system
US5793846A (en) 1985-07-10 1998-08-11 Ronald A. Katz Technology Licensing, Lp Telephonic-interface game control system
US6678360B1 (en) 1985-07-10 2004-01-13 Ronald A. Katz Technology Licensing, L.P. Telephonic-interface statistical analysis system
US6449346B1 (en) 1985-07-10 2002-09-10 Ronald A. Katz Technology Licensing, L.P. Telephone-television interface statistical analysis system
US5191323A (en) * 1988-12-13 1993-03-02 International Business Machines Corporation Remote power on control device
US4988209A (en) * 1988-12-29 1991-01-29 At&T Bell Laboratories Telephone agent management information system
US5023868A (en) * 1988-12-29 1991-06-11 At&T Bell Laboratories Automated call handling apparatus
US5181238A (en) * 1989-05-31 1993-01-19 At&T Bell Laboratories Authenticated communications access service
CA2060885C (en) * 1989-06-14 1999-03-30 Ian Ruddle Controller prohibiting data communication until user is verified
US5142565A (en) * 1989-06-14 1992-08-25 Ian Ruddle Controller for managing data communication with a host computer for the purpose of user verification by voice processing
US5003595A (en) * 1989-08-29 1991-03-26 At&T Bell Laboratories Secure dial access to computer systems
EP0420204A3 (en) * 1989-09-28 1993-01-27 Siemens Aktiengesellschaft Method for the transmission of subscriber data from one secret subscriber to another in communication exchanges
EP0444351A3 (en) * 1990-02-28 1992-05-27 American Telephone And Telegraph Company Voice password-controlled computer security system
CA2040724A1 (en) * 1990-04-25 1991-10-26 James L. Flanagan Voice password controlled computer security system
JP2766382B2 (en) * 1990-06-19 1998-06-18 株式会社東芝 Modem pooling system
JP2766380B2 (en) * 1990-06-19 1998-06-18 株式会社東芝 Modem pooling system
US5283828A (en) * 1991-03-01 1994-02-01 Hughes Training, Inc. Architecture for utilizing coprocessing systems to increase performance in security adapted computer systems
CA2078246C (en) * 1991-09-23 1998-02-03 Randolph J. Pilc Improved method for secure access control
US5276444A (en) * 1991-09-23 1994-01-04 At&T Bell Laboratories Centralized security control system
DE69232463D1 (en) * 1991-12-31 2002-04-11 Unisys Pulsepoint Communicatio Voice-activated messaging system and processing methods
US5280581A (en) * 1992-02-27 1994-01-18 Hughes Aircraft Company Enhanced call-back authentication method and apparatus for remotely accessing a host computer from a plurality of remote sites
US6185415B1 (en) * 1992-03-24 2001-02-06 Atcomm Corporation Call security system
US7747243B2 (en) 1992-03-24 2010-06-29 Boatwright John T Call security system
CA2090165C (en) * 1992-04-01 1997-06-17 Barbara I. Gaechter Network based outbound call management
GB9213479D0 (en) * 1992-06-25 1992-08-12 Mitac Ltd Improvements in and relating to data transfer
US5325294A (en) * 1992-06-29 1994-06-28 Keene Sharon A Medical privacy system
DE69332633D1 (en) * 1992-07-20 2003-02-20 Compaq Computer Corp to discover methods and Sytem order, based on certification, Alias
US5301246A (en) * 1992-07-29 1994-04-05 At&T Bell Laboratories Data communications equipment security device using calling party directory number
US5489896A (en) * 1992-10-18 1996-02-06 Lannet Data Communications Ltd. Network with a security capability
FR2697960B1 (en) * 1992-11-09 1994-12-09 Eurl Phonycom The recording process in legal value of facsimiles.
US5636282A (en) * 1994-06-20 1997-06-03 Paradyne Corporation Method for dial-in access security using a multimedia modem
KR100177098B1 (en) * 1995-06-12 1999-05-15 Samsung Electronics Co Ltd Alarm call using disa line in pbx
US5737399A (en) * 1995-07-13 1998-04-07 Mci Communications Corporation Network information architecture having centralizing storage and verification element
KR0169421B1 (en) * 1995-12-30 1999-02-01 김광호 Control method of power saving in temporary switching system
US5862220A (en) * 1996-06-03 1999-01-19 Webtv Networks, Inc. Method and apparatus for using network address information to improve the performance of network transactions
US7006605B1 (en) * 1996-06-28 2006-02-28 Ochopee Big Cypress Llc Authenticating a caller before providing the caller with access to one or more secured resources
US5901203A (en) 1996-06-28 1999-05-04 Distributed Software Development, Inc. Computer-based system and method for identifying an unidentified caller
US5940476A (en) 1996-06-28 1999-08-17 Distributed Software Development, Inc. System and method for identifying an unidentified caller
US6205204B1 (en) 1996-06-28 2001-03-20 Distributed Software Development, Inc. System and method for identifying an unidentified person using an ambiguity-resolution criterion
US6529881B2 (en) * 1996-06-28 2003-03-04 Distributed Software Development, Inc. System and method for identifying an unidentified customer at the point of sale
US5852653A (en) * 1996-08-23 1998-12-22 Reel; John Steven Communications line security device
DK116996A (en) 1996-10-23 1998-04-24 Dsc Communications As A method and system to ensure that modules to be connected to an electronic apparatus, is of a particular type, as well as m
US6739504B2 (en) 1999-06-23 2004-05-25 Tellabs Denmark A/S Method and system for ensuring connection of a module to an electronic apparatus
US5881226A (en) 1996-10-28 1999-03-09 Veneklase; Brian J. Computer security system
EP0938793A4 (en) * 1996-11-22 2003-03-19 T Netix Inc Voice recognition for information system access and transaction processing
US6192045B1 (en) * 1997-04-21 2001-02-20 C. Wyatt Williams Method and system for minimizing connect-time charges associated with dial-up data networks
US6119233A (en) * 1997-05-15 2000-09-12 Hawkins; Charles C. Secure data communication system
JP4006796B2 (en) 1997-11-17 2007-11-14 株式会社日立製作所 Personal information management method and apparatus
GB9801413D0 (en) * 1998-01-22 1998-03-18 Yelcom Limited Apparatus and method for allowing connection to a network
US6104913A (en) * 1998-03-11 2000-08-15 Bell Atlantic Network Services, Inc. Personal area network for personal telephone services
US6473422B2 (en) * 1998-04-27 2002-10-29 Telefonaktiebolaget Lm Ericsson Communications network and method for screening incoming circuit switched calls
US6163606A (en) * 1998-09-16 2000-12-19 Lucent Technologies Inc. System for providing virtual called party identification in a voice mail system
US6718024B1 (en) 1998-12-11 2004-04-06 Securelogix Corporation System and method to discriminate call content type
US6249575B1 (en) 1998-12-11 2001-06-19 Securelogix Corporation Telephony security system
US6226372B1 (en) 1998-12-11 2001-05-01 Securelogix Corporation Tightly integrated cooperative telecommunications firewall and scanner with distributed capabilities
US6760420B2 (en) 2000-06-14 2004-07-06 Securelogix Corporation Telephony security system
US7133511B2 (en) * 1998-12-11 2006-11-07 Securelogix Corporation Telephony security system
US8150013B2 (en) * 2000-11-10 2012-04-03 Securelogix Corporation Telephony security system
US6687353B1 (en) 1998-12-11 2004-02-03 Securelogix Corporation System and method for bringing an in-line device on-line and assuming control of calls
US7260187B1 (en) * 1999-05-11 2007-08-21 Verizon Services Corp. Voice response apparatus and method of providing automated voice responses with silent prompting
US20010032140A1 (en) * 1999-12-14 2001-10-18 Hoffman Roger P. Virtual sales agent
NL1015006C2 (en) * 2000-04-25 2001-10-26 Koninkl Kpn Nv Telecommunications.
DE10023868A1 (en) * 2000-05-16 2001-11-22 Siemens Ag Establishing connection between a local and a central communications device central control unit initiating new link establishment by accessing call-back module in central device
US6456701B1 (en) 2000-06-16 2002-09-24 Bell Canada Network-centric control of access to transceivers
US8938256B2 (en) 2000-08-29 2015-01-20 Intel Corporation Communication and control system using location aware devices for producing notification messages operating under rule-based control
US7769364B2 (en) * 2001-06-01 2010-08-03 Logan James D On demand voice mail recording system
US7870599B2 (en) * 2000-09-05 2011-01-11 Netlabs.Com, Inc. Multichannel device utilizing a centralized out-of-band authentication system (COBAS)
US7305550B2 (en) * 2000-12-29 2007-12-04 Intel Corporation System and method for providing authentication and verification services in an enhanced media gateway
WO2003010946A1 (en) * 2001-07-23 2003-02-06 Securelogix Corporation Encapsulation, compression and encryption of pcm data
US20040248552A1 (en) * 2003-05-20 2004-12-09 Mazurick Michael Le Remote automated voting and electoral system ("RAVES")
US7647628B2 (en) * 2004-03-09 2010-01-12 International Business Machines Corporation Authentication to a second application using credentials authenticated to a first application
JP3824274B2 (en) * 2004-07-09 2006-09-20 株式会社インテリジェントウェイブ Unauthorized connection detection system and unauthorized connection detection method
CN102906724A (en) * 2010-03-12 2013-01-30 艾米·席克松 Web-based method of personnel management
US9275638B2 (en) 2013-03-12 2016-03-01 Google Technology Holdings LLC Method and apparatus for training a voice recognition model database
US9691377B2 (en) 2013-07-23 2017-06-27 Google Technology Holdings LLC Method and device for voice recognition training

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4182933A (en) * 1969-02-14 1980-01-08 The United States Of America As Represented By The Secretary Of The Army Secure communication system with remote key setting
BE787377A (en) * 1971-08-09 1973-02-09 Waterbury Nelson J security cards and system of using such cards
GB1414126A (en) * 1971-11-22 1975-11-19 Key Tronic Ltd Secutity for computer systems
US3984637A (en) * 1974-11-29 1976-10-05 The Singer Company Computer terminal security system
US4096356A (en) * 1977-07-26 1978-06-20 Bell Telephone Laboratories, Incorporated Call restriction arrangement
CA1176335A (en) * 1981-06-05 1984-10-16 Exide Electronics Corporation Computer communications control
US4415767A (en) * 1981-10-19 1983-11-15 Votan Method and apparatus for speech recognition and reproduction
US4430728A (en) * 1981-12-29 1984-02-07 Marathon Oil Company Computer terminal security system
US4479122A (en) * 1982-03-05 1984-10-23 At&T Bell Laboratories Remotely controlled switched access to the console port of an electronic computer
US4520233A (en) * 1982-04-16 1985-05-28 Omnicom Engineering Telephone line security apparatus
US4531023A (en) * 1982-08-13 1985-07-23 Hlf Corporation Computer security system for a time shared computer accessed over telephone lines
US4532377A (en) * 1983-07-18 1985-07-30 At&T Information Systems Inc. Data call transfer
US4604499A (en) * 1984-02-24 1986-08-05 Raymond F. Hughes Computer telephone access security processor

Also Published As

Publication number Publication date Type
KR950014189B1 (en) 1995-11-22 grant
EP0262859A1 (en) 1988-04-06 application
DE3775154D1 (en) 1992-01-23 grant
JP3007354B2 (en) 2000-02-07 grant
EP0262859B1 (en) 1991-12-11 grant
US4876717A (en) 1989-10-24 grant
JPS6390291A (en) 1988-04-21 application

Similar Documents

Publication Publication Date Title
US5701340A (en) AD-HOC conferencing method
US6295346B1 (en) Automated emergency notification system
US5325424A (en) Method of automatically establishing a communication path between two devices
US6122357A (en) Providing enhanced services through double SIV and personal dial tone
US5301246A (en) Data communications equipment security device using calling party directory number
US5136648A (en) Message storage security system
US5511111A (en) Caller name and identification communication system with caller screening option
US5046183A (en) Semi-automated operator assistance telecommunication calls
US5033076A (en) Enhanced privacy feature for telephone systems
US5606604A (en) System and method for preventing fraud upon PBX through a remote maintenance or administration port
US6430407B1 (en) Method, apparatus, and arrangement for authenticating a user to an application in a first communications network by means of a mobile station communicating with the application through a second communications network
US5163086A (en) Telephone network credit card calling apparatus and method of operation to determine validation and fraudulent use of credit cards in placing telephone calls
US5901284A (en) Method and system for communication access restriction
US7162020B1 (en) Method and apparatus for selectively establishing communication with one of plural devices associated with a single telephone number
US5274695A (en) System for verifying the identity of a caller in a telecommunications network
US6002929A (en) Exchange which extends SIM based authentication and method therefor
US6553022B2 (en) Method and apparatus for providing a connection to a data network
US6459776B1 (en) System and method for personalized multimedia messaging
US4481384A (en) Voice recognizing telephone call denial system
US4959855A (en) Directory assistance call processing and calling customer remote signal monitoring arrangements
US5703942A (en) Portable telephone user profiles using central computer
US4979206A (en) Directory assistance systems
US5465295A (en) Caller directed routing of a telephone call based on a dialed suffix
US5812656A (en) System for providing prioritized connections in a public switched network
US5703943A (en) Completion of calls to a preferred agent in an automatic call distributor

Legal Events

Date Code Title Description
MKEX Expiry