CA2254093A1 - Method for protecting a communications facility against unauthorized access - Google Patents
Method for protecting a communications facility against unauthorized access Download PDFInfo
- Publication number
- CA2254093A1 CA2254093A1 CA 2254093 CA2254093A CA2254093A1 CA 2254093 A1 CA2254093 A1 CA 2254093A1 CA 2254093 CA2254093 CA 2254093 CA 2254093 A CA2254093 A CA 2254093A CA 2254093 A1 CA2254093 A1 CA 2254093A1
- Authority
- CA
- Canada
- Prior art keywords
- password
- slmy
- system manager
- mux
- functional units
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/38—Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
- H04M3/382—Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections using authorisation codes or passwords
Abstract
The invention relates to a method for preventing unauthorized access to operating information stored in functional units (SLMY, MUX, EG) of a communications facility, which information can be transmitted to said units for configuration purposes from a system management unit (SM) via data links. To this end a password corresponding to the access authorization is entered into the system management unit (SM). Every time the facility is started an address characterizing the system management unit (SM) is transmitted to at least one of the functional units (SLMY) of the facility. Said functional unit (SLMY) establishes a link with the system management unit (SM) by means of said address, after which the system management unit transmits the password to the functional unit (SLMY), which in turn transmits the password to all functional units (MUX, EG) it is able to reach. Every time a data link is established with functional units (SLMY, MUX, EG) the password is added to the data link information and checked by the functional unit concerned (SLMY, MUX, EG) to ascertain whether the password matches the password stored in said functional unit.
Description
CA 022~4093 1998-11-10 FILF~ r ~ 1 " îS ~ r~J~
T~ L~TI~!
Pl 7056 Method for Protecting A Communications System from Unauthorized Access The present invention concerns a method per the introductory clause of patent claim 1.
In modern communications systems, great quantities of information (data and programs) are stored that are necessary for the operation and particularly for the user-specific configuration of the system. The information is distributed among various functional units of the system. Specifically, it involves data that is identical for all users (global data), personal data on the users, and device-specific data of functional units of the system. These data must be protected against unauthorized access The management of the information is preferably done in a central location whence it is transmitted when necessary to the concerned functional units of the system via data connections. From EP 0 735 785 Al is known a communications system with a central system manager that can be used as a dealer system. When the system is started up, the system manager ensures that all functional units up to and including the terminal devices are supplied with the necessary information. When the system manager, for example a commercial personal computer, can be connected to the system via a known interface, the possibility that unauthorized third parties can access the system cannot be excluded with absolute certainty.
Thus the task of the present invention is to preclude, under all circumstances, unauthorized access to information stored in a communications system.
This task is solved through the measures given in the characterizing section of patent claim 1. Advantageous embodiments of the invention are given in additional claims.
The comparison of the password stored in all functional units with a password that , . ~ . . . . . ..
CA 022~4093 1998-11-10 is compulsorily transmitted during establishment of a data connection ensures that no unauthorized access to stored information is possible. If a participating functional unit determines during establiihm~nt of a data connection that the transmitted password does not agree with the password stored in that unit, access to information stored in that unit is denied. Additional implementation forms and advantages of the method can be seen from the description below.
The invention is described in greater detail below with the aid of a drawing as an example. The drawing shows a digital communications system that is constructed in accordance with the principle known from EP 0 735 785 - Al with central and distributed functional units. The communications system consists essenti~lly of a switching section VT
and a great number of terminal devices EG connected to the switching section VT. Also connected to the switching section VT is a system manager SM. A computer with large memory capacity and with a video display can be provided as the system manager SM.
The switching section VT is comprised of a circuit switching network SWU, to which the circuit switching groups SLMY l . . . SLMY3 are connected. Each circuit switching group SLMY is connected on one side via an 8 Mbit line to a circuit switching network SWU and on the other side each via individual 8 Mbit lines to three multiplexers MUX. The circuit switching group SLMY has a coupler for switching the voice, data and signaling channels (time slots) coming from the circuit switching network SWU to the multiplexers. Ten terminal devices EG are each connected via their own 2 Mbit line to each multiplexer MUX. The multiplexers Ml JX have a coupler that switches the voice and sign~ling channels of the 8 Mbit line coming from the circuit switching groups SLMY to the appropriate terminal devices EG. The multiplexers MUX are controlled by the associated circuit switching groups SLMY. The circuit switching network SWU is adigital coupler with a control unit ST that serves to switch connections. This configuration .....
. ~.. .. . . . . . . ......
CA 022~4093 1998-11-10 makes it possible to connect any desired terminal devices EG with one another via the circuit switching groups SLMY and the circuit switching network SWU, and to exchange user information in the form of data or program code and also voice information through these connections. An exchange of data between terminal devices EG takes place for example when the current operating state of other terminal devices, such as the busy condition, is to be indicated in a terminal device. Moreover, external lines, such as analog or digital lines (trunks La, leased lines Lb and dedicated lines Ls) leading to the public telecommunications network OEN, are connected via an interface module SLB to thecircuit switching network SWU so that the terminal devices EG can also enter into connection via the switching section VT with partners that are not connected to this communications system. The number of circuit switching groups SLMY, multiplexersMUX and terminal devices EG shown in the drawing is to be considered an example for the purpose of the present explanation; of course another configuration of the communications system realized in accordance with this principle is also possible.
The terminal devices EG form the interface between the users and the communications system. They make available to the user a great number of convenient features depending on the application. For example, in an embodiment of the communications system used for foreign exchange dealings in banks, the terminal devices EG have for various inputs and outputs (such as destination selection) a keyboard with program-controlled LCD (Liquid Crystal Display) legends. Furthermore, a display screen with user guidance as well as handsfree and monitoring functions can also be provided in the terminal devices EG. In order to fulfill all these functions, each terminal device EG has its own processor that controls the relevant functions by means of software stored in an associated program memory or data memory, respectively. The software involved isswitching software and operator software. The switching software controls all functions connected with communication, such as the monitoring and switching of connections ~ . . ... ... ....... . ....... ..
CA 022~4093 1998-11-10 (voice channels) to the multiplexers MUX and the circuit switching groups SLMY. The operator software primarily assumes control of the user interface with the keyboard and the display screen.
S In the case of enhancements or user-specific modifications~ it can become necessary to update information stored in functional units SLMY, MUX EG of the system. Thus for example, information stored in the terminal devices EG (programs and/or data) must be updated because users desire a different configuration or additional features at their workplace. For this purpose, the appropriate information must be ll~ns.";lled to the appropriate terminal devices EG Another possible update in the terminal devices EG
is comprised of the relabeling of a destination key because the associated line has changed.
In the course of enhancements to the communications system, it can also become necessary to supply all terminal devices EG with new program versions. In this case, the terminal devices EG must be supplied with new program code and/or data A change to the data in a circuit switching unit SLMY relates, for example, to the activation of a particular call forwarding route in the "night service" operating state.
The management of the information necessary for operation of the system and user-appropriate configuration of functional units SLMY, MUX and EG are performed by the system manager SM. The system manager SM forms the interface between the operator and the system. It is connected to the circuit switching network SWU via a special interface (So-interface with 2 B channels at 64 kbit/s and one D channel at 16 kbit/s) and an interface module SSB. The system manager SM has a large database, which contains among other things the data and programs for the configuration of the circuit switching groups SLMY, the multiplexers MUX and the terminal devices EG.
For the tr~n~mis.~ion of information to a terminal device EG, for example terminal CA 022~4093 1998-11-10 device EGn, the operator (system a-lminislrator) initiates at the system manager SM a function "Supply terminal device with new information". A loading procedure activated by this establishes a connection via the circuit switching network SWU, the circuit switching unit SLMYl and the multiplexer MUXI from the system manager SM to the terminal device EGn, which is identified by a device number known to the system manager SM.
During this process, a free channel (time slot) is seized on the connection lines between the circuit switching unit SLMYl and the multiplexer MUX1 and between the multiplexer MUXI and the selected terminal device EGn, by which means the transmission between the system manager SM and the terminal device EGn can take place via a data (point-point) connection, for example with the HDLC protocol. As soon as the connection has been established, the terminal device EGn delivers a readiness message to the system manager SM, whereupon the transmission of the information to the terminal device EGn begins. As soon as all information has been transmitted to the terminal device EGn, the system manager SM receives an appropriate disconnect message from the terminal device EGn, whereupon it terminates the connection with the terminal device EGn. In like fashion, information can be transmitted from the system manager SM to selected circuit switching units SLMY or multiplexers MUX using analogous procedures.
The system manager SM can in its simplest form be a commercial personal computer that may be connected via a So-interface to the communications system. Access from the system manager SM to the communications system requires knowledge of the necessary procedures and protocols on the part of the human operator. Despite all conceivable security measures, the possibility that unauthorized third parties can acquire the necessary knowledge cannot be excluded with absolute certainty. Also for this reason, unauthorized access to the communications system and its functional units SLMY, MUX
and EG cannot be completely excluded. For this reason, it must be prevented at all events that unauthorized third parties can gain access to the system and extract any information . , . .. .. ..... , . . . ~ .. . . .. . , . ... . .. ~ . . ...
CA 022~4093 1998-11-10 or undertake manipulations that cause service interruptions.
In principle, not only accesses that take place from a system manager SM
belonging to the communications system are possible. Accesses that originate from a system manager SME connected to the public communications network OEN are also possible. In addition, accesses are also possible from a system manager SMF connected to a foreign communications system KA that can establish connections with the communications system in question via the public communications network OEN. If these are unauthorized accesses, they must be prevented under all circumstances.
The method in accordance with the invention satisfies this requirement. It provides that a certain password is entered at the system manager SM which governs access to the communications system that is managed by the system manager SM. At every startup -- at the initial installation startup and at later startups -- of the communications system or of parts ofthe system, at least one ofthe system's functional units affected by the startup has transmitted to it an address with which this functional unit can establish a data connection to the system manager SM. Preferably selected as address recipients are functional units that can directly reach as many peripheral functional units of the communications system as possible in a simple way. A centrally located functional unit is selected as the address sender. In the case at hand, the address is sent by the control unit ST of the circuit switching network SWU to the circuit switching groups SLMYI, ..., SLMY3. The address is entered into the control unit ST upon initial installation startup via a central control terminal BT that is used for configuration of the switching section. After receiving the address, the circuit switching groups SLMY1, ..., SLMY3 each establish a connection via the circuit switching network SWU to the system manager SM and prompt it to transmit the current password. Then the password is transmitted through the established connection by the system manager SM to the circuit switching groups SLMYI, .~
.,, i . .. .... ... . . . . ., .. , .. . ~, CA 022~4093 1998-11-10 SLMY3. Following termination of the connection between the circuit switching group SLMY and the system manager SM, each circuit switching group SLMY transmits the password to the associated multiplexer MUX via sign~ling channels and thence to the connected terminal devices EG. The password is stored in all functional units SLMY, MUX and EG of the communications system.
When a terminal unit EG is newly attached to a connection of the communications system, the terminal unit is logged on to the associated circuit switching group SLMY
through a procedure initiated in the terminal unit, whereupon it transmits to the terminal device the current password among other things.
Security can be additionally increased if the system manager SM checks, prior totransmitting the password to a requesting circuit switching group SLMY, using its source address, whether the circuit switching group SLMY is authorized at all to receive the password. Security can be further increased in that the system manager SM verifies an entered password on the basis of various criteria (syntax, etc.) before accepting it.
Every time a connection is set up by the system's own system manager SM or a foreign system manager SME or SMF for the purpose of exch~nging information withfunctional units of the communications system, the system manager must send the password along with the connection request. Each functional unit involved in theconnection (circuit switching group SLMY, multiplexer MUX and terminal device EG) verifies whether the password transmitted in the connection setup information agrees with its stored password. If this is not the case, the functional unit denies access to the inforrnation that is stored in it and is to be protected. Likewise, the password is verified when functional units, such as two terminal devices EG, wish to exchange data with one another.
CA 022~4093 1998-11-10 Pl 7056 The system administrator -- either a person authorized by the operator of the system or a person authorized by the m~nllf~cturer of the system -- can enter the password at the system manager SM and later change it either as needed or as prompted by the system manager SM. It is also conceivable that the system manager SM automatically, i.e.
S without the participation of the system administrator, changes the password periodically or at arbitrary times. In this case, the valid password is not known to anyone, which considerably increases security against un~llthorized access.
When the password is changed at the system manager SM, it transmits the new password with a change identifier as described to all circuit switching groups SLMY, which then pass on the new password to all functional units MUX and EG of the communications system that they can reach directly, where it replaces the old password.
To increase security, a further embodiment of the method provides for the old password to be transmitted simultaneously with the new password when the password is being changed, whereby the new password is only accepted in the affected functional unit when the old password received agrees with the already existing old password.
.
T~ L~TI~!
Pl 7056 Method for Protecting A Communications System from Unauthorized Access The present invention concerns a method per the introductory clause of patent claim 1.
In modern communications systems, great quantities of information (data and programs) are stored that are necessary for the operation and particularly for the user-specific configuration of the system. The information is distributed among various functional units of the system. Specifically, it involves data that is identical for all users (global data), personal data on the users, and device-specific data of functional units of the system. These data must be protected against unauthorized access The management of the information is preferably done in a central location whence it is transmitted when necessary to the concerned functional units of the system via data connections. From EP 0 735 785 Al is known a communications system with a central system manager that can be used as a dealer system. When the system is started up, the system manager ensures that all functional units up to and including the terminal devices are supplied with the necessary information. When the system manager, for example a commercial personal computer, can be connected to the system via a known interface, the possibility that unauthorized third parties can access the system cannot be excluded with absolute certainty.
Thus the task of the present invention is to preclude, under all circumstances, unauthorized access to information stored in a communications system.
This task is solved through the measures given in the characterizing section of patent claim 1. Advantageous embodiments of the invention are given in additional claims.
The comparison of the password stored in all functional units with a password that , . ~ . . . . . ..
CA 022~4093 1998-11-10 is compulsorily transmitted during establishment of a data connection ensures that no unauthorized access to stored information is possible. If a participating functional unit determines during establiihm~nt of a data connection that the transmitted password does not agree with the password stored in that unit, access to information stored in that unit is denied. Additional implementation forms and advantages of the method can be seen from the description below.
The invention is described in greater detail below with the aid of a drawing as an example. The drawing shows a digital communications system that is constructed in accordance with the principle known from EP 0 735 785 - Al with central and distributed functional units. The communications system consists essenti~lly of a switching section VT
and a great number of terminal devices EG connected to the switching section VT. Also connected to the switching section VT is a system manager SM. A computer with large memory capacity and with a video display can be provided as the system manager SM.
The switching section VT is comprised of a circuit switching network SWU, to which the circuit switching groups SLMY l . . . SLMY3 are connected. Each circuit switching group SLMY is connected on one side via an 8 Mbit line to a circuit switching network SWU and on the other side each via individual 8 Mbit lines to three multiplexers MUX. The circuit switching group SLMY has a coupler for switching the voice, data and signaling channels (time slots) coming from the circuit switching network SWU to the multiplexers. Ten terminal devices EG are each connected via their own 2 Mbit line to each multiplexer MUX. The multiplexers Ml JX have a coupler that switches the voice and sign~ling channels of the 8 Mbit line coming from the circuit switching groups SLMY to the appropriate terminal devices EG. The multiplexers MUX are controlled by the associated circuit switching groups SLMY. The circuit switching network SWU is adigital coupler with a control unit ST that serves to switch connections. This configuration .....
. ~.. .. . . . . . . ......
CA 022~4093 1998-11-10 makes it possible to connect any desired terminal devices EG with one another via the circuit switching groups SLMY and the circuit switching network SWU, and to exchange user information in the form of data or program code and also voice information through these connections. An exchange of data between terminal devices EG takes place for example when the current operating state of other terminal devices, such as the busy condition, is to be indicated in a terminal device. Moreover, external lines, such as analog or digital lines (trunks La, leased lines Lb and dedicated lines Ls) leading to the public telecommunications network OEN, are connected via an interface module SLB to thecircuit switching network SWU so that the terminal devices EG can also enter into connection via the switching section VT with partners that are not connected to this communications system. The number of circuit switching groups SLMY, multiplexersMUX and terminal devices EG shown in the drawing is to be considered an example for the purpose of the present explanation; of course another configuration of the communications system realized in accordance with this principle is also possible.
The terminal devices EG form the interface between the users and the communications system. They make available to the user a great number of convenient features depending on the application. For example, in an embodiment of the communications system used for foreign exchange dealings in banks, the terminal devices EG have for various inputs and outputs (such as destination selection) a keyboard with program-controlled LCD (Liquid Crystal Display) legends. Furthermore, a display screen with user guidance as well as handsfree and monitoring functions can also be provided in the terminal devices EG. In order to fulfill all these functions, each terminal device EG has its own processor that controls the relevant functions by means of software stored in an associated program memory or data memory, respectively. The software involved isswitching software and operator software. The switching software controls all functions connected with communication, such as the monitoring and switching of connections ~ . . ... ... ....... . ....... ..
CA 022~4093 1998-11-10 (voice channels) to the multiplexers MUX and the circuit switching groups SLMY. The operator software primarily assumes control of the user interface with the keyboard and the display screen.
S In the case of enhancements or user-specific modifications~ it can become necessary to update information stored in functional units SLMY, MUX EG of the system. Thus for example, information stored in the terminal devices EG (programs and/or data) must be updated because users desire a different configuration or additional features at their workplace. For this purpose, the appropriate information must be ll~ns.";lled to the appropriate terminal devices EG Another possible update in the terminal devices EG
is comprised of the relabeling of a destination key because the associated line has changed.
In the course of enhancements to the communications system, it can also become necessary to supply all terminal devices EG with new program versions. In this case, the terminal devices EG must be supplied with new program code and/or data A change to the data in a circuit switching unit SLMY relates, for example, to the activation of a particular call forwarding route in the "night service" operating state.
The management of the information necessary for operation of the system and user-appropriate configuration of functional units SLMY, MUX and EG are performed by the system manager SM. The system manager SM forms the interface between the operator and the system. It is connected to the circuit switching network SWU via a special interface (So-interface with 2 B channels at 64 kbit/s and one D channel at 16 kbit/s) and an interface module SSB. The system manager SM has a large database, which contains among other things the data and programs for the configuration of the circuit switching groups SLMY, the multiplexers MUX and the terminal devices EG.
For the tr~n~mis.~ion of information to a terminal device EG, for example terminal CA 022~4093 1998-11-10 device EGn, the operator (system a-lminislrator) initiates at the system manager SM a function "Supply terminal device with new information". A loading procedure activated by this establishes a connection via the circuit switching network SWU, the circuit switching unit SLMYl and the multiplexer MUXI from the system manager SM to the terminal device EGn, which is identified by a device number known to the system manager SM.
During this process, a free channel (time slot) is seized on the connection lines between the circuit switching unit SLMYl and the multiplexer MUX1 and between the multiplexer MUXI and the selected terminal device EGn, by which means the transmission between the system manager SM and the terminal device EGn can take place via a data (point-point) connection, for example with the HDLC protocol. As soon as the connection has been established, the terminal device EGn delivers a readiness message to the system manager SM, whereupon the transmission of the information to the terminal device EGn begins. As soon as all information has been transmitted to the terminal device EGn, the system manager SM receives an appropriate disconnect message from the terminal device EGn, whereupon it terminates the connection with the terminal device EGn. In like fashion, information can be transmitted from the system manager SM to selected circuit switching units SLMY or multiplexers MUX using analogous procedures.
The system manager SM can in its simplest form be a commercial personal computer that may be connected via a So-interface to the communications system. Access from the system manager SM to the communications system requires knowledge of the necessary procedures and protocols on the part of the human operator. Despite all conceivable security measures, the possibility that unauthorized third parties can acquire the necessary knowledge cannot be excluded with absolute certainty. Also for this reason, unauthorized access to the communications system and its functional units SLMY, MUX
and EG cannot be completely excluded. For this reason, it must be prevented at all events that unauthorized third parties can gain access to the system and extract any information . , . .. .. ..... , . . . ~ .. . . .. . , . ... . .. ~ . . ...
CA 022~4093 1998-11-10 or undertake manipulations that cause service interruptions.
In principle, not only accesses that take place from a system manager SM
belonging to the communications system are possible. Accesses that originate from a system manager SME connected to the public communications network OEN are also possible. In addition, accesses are also possible from a system manager SMF connected to a foreign communications system KA that can establish connections with the communications system in question via the public communications network OEN. If these are unauthorized accesses, they must be prevented under all circumstances.
The method in accordance with the invention satisfies this requirement. It provides that a certain password is entered at the system manager SM which governs access to the communications system that is managed by the system manager SM. At every startup -- at the initial installation startup and at later startups -- of the communications system or of parts ofthe system, at least one ofthe system's functional units affected by the startup has transmitted to it an address with which this functional unit can establish a data connection to the system manager SM. Preferably selected as address recipients are functional units that can directly reach as many peripheral functional units of the communications system as possible in a simple way. A centrally located functional unit is selected as the address sender. In the case at hand, the address is sent by the control unit ST of the circuit switching network SWU to the circuit switching groups SLMYI, ..., SLMY3. The address is entered into the control unit ST upon initial installation startup via a central control terminal BT that is used for configuration of the switching section. After receiving the address, the circuit switching groups SLMY1, ..., SLMY3 each establish a connection via the circuit switching network SWU to the system manager SM and prompt it to transmit the current password. Then the password is transmitted through the established connection by the system manager SM to the circuit switching groups SLMYI, .~
.,, i . .. .... ... . . . . ., .. , .. . ~, CA 022~4093 1998-11-10 SLMY3. Following termination of the connection between the circuit switching group SLMY and the system manager SM, each circuit switching group SLMY transmits the password to the associated multiplexer MUX via sign~ling channels and thence to the connected terminal devices EG. The password is stored in all functional units SLMY, MUX and EG of the communications system.
When a terminal unit EG is newly attached to a connection of the communications system, the terminal unit is logged on to the associated circuit switching group SLMY
through a procedure initiated in the terminal unit, whereupon it transmits to the terminal device the current password among other things.
Security can be additionally increased if the system manager SM checks, prior totransmitting the password to a requesting circuit switching group SLMY, using its source address, whether the circuit switching group SLMY is authorized at all to receive the password. Security can be further increased in that the system manager SM verifies an entered password on the basis of various criteria (syntax, etc.) before accepting it.
Every time a connection is set up by the system's own system manager SM or a foreign system manager SME or SMF for the purpose of exch~nging information withfunctional units of the communications system, the system manager must send the password along with the connection request. Each functional unit involved in theconnection (circuit switching group SLMY, multiplexer MUX and terminal device EG) verifies whether the password transmitted in the connection setup information agrees with its stored password. If this is not the case, the functional unit denies access to the inforrnation that is stored in it and is to be protected. Likewise, the password is verified when functional units, such as two terminal devices EG, wish to exchange data with one another.
CA 022~4093 1998-11-10 Pl 7056 The system administrator -- either a person authorized by the operator of the system or a person authorized by the m~nllf~cturer of the system -- can enter the password at the system manager SM and later change it either as needed or as prompted by the system manager SM. It is also conceivable that the system manager SM automatically, i.e.
S without the participation of the system administrator, changes the password periodically or at arbitrary times. In this case, the valid password is not known to anyone, which considerably increases security against un~llthorized access.
When the password is changed at the system manager SM, it transmits the new password with a change identifier as described to all circuit switching groups SLMY, which then pass on the new password to all functional units MUX and EG of the communications system that they can reach directly, where it replaces the old password.
To increase security, a further embodiment of the method provides for the old password to be transmitted simultaneously with the new password when the password is being changed, whereby the new password is only accepted in the affected functional unit when the old password received agrees with the already existing old password.
.
Claims (8)
1. Method for protecting a communications system from unauthorized access to information that is stored in the functional units (SLMY, MUX, EG) of the system and that can be supplied thereto for configuration by a system manager (SM; SME; SMF) via data connections, characterized in that a password corresponding to the access authorization is entered in the system manager (SM), in that at every startup of the system or of parts of the system, an address identifying the system manager (SM) is transmitted to at least one of the functional units (SLMY) of the communications system affected by the startup whereupon the functional unit (SLMY) sets up with this address a connection to the system manager (SM), in that the system manager (SM) then transmits the password to the functional unit (SLMY), in that the functional unit (SLMY) then transmits the password to all functional units (MUX, EG) reachable by it, and in that at every subsequent establishment of a data connection from a system manager (SM; SME; SMF) to functional units (SLMY, MUX, EG), this password is appended tothe connection setup information and verified by each of the addressed functional units (SLMY, MUX, EG) for agreement with the password it has stored
2 Method in accordance with claim 1, characterized in that also during establishment of data connections between functional units (SLMY, MUX, EG) the password is appended to the connection setup information and verified by each of the addressed functional units (SLMY, MUX, EG) for agreement with the password it has stored.
3 Method in accordance with claim 1 or 2, characterized in that the system manager (SM), prior to transmitting the password to a functional unit (SLMY) requesting the password, verifies the authorization of that functional unit (SLMY).
4. Method in accordance with claim 1, characterized in that when the password isbeing changed, the new password is transmitted along with a change message to at least one functional unit (SLMY), that then transmits the new password to all functional units (SLMY, MUX, EG) reachable by it.
5. Method in accordance with claim 4, characterized in that both the old password and the new password are transmitted to the functional unit (SLMY) along with the change message.
6. Method in accordance with claim 4 or 5, characterized in that the password can be changed by a system administrator at the system manager (SM) at any time, or upon prompting by the system manager (SM).
7. Method in accordance with claim 4 or 5, characterized in that the password can be changed automatically by the system manager (SM) either periodically or at arbitrary times.
8. Method in accordance with one of the preceding claims, characterized in that a password entered at the system manager (SM) is verified upon entry on the basis of predetermined criteria.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CH592/97 | 1997-03-12 | ||
| CH59297 | 1997-03-12 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2254093A1 true CA2254093A1 (en) | 1998-09-17 |
Family
ID=4190573
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA 2254093 Abandoned CA2254093A1 (en) | 1997-03-12 | 1998-03-11 | Method for protecting a communications facility against unauthorized access |
Country Status (7)
| Country | Link |
|---|---|
| EP (1) | EP0923836A1 (en) |
| JP (1) | JP2000511384A (en) |
| CN (1) | CN1227025A (en) |
| AU (1) | AU733558B2 (en) |
| CA (1) | CA2254093A1 (en) |
| NO (1) | NO985166L (en) |
| WO (1) | WO1998041003A1 (en) |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0557566B1 (en) * | 1992-02-28 | 1996-04-17 | Siemens Aktiengesellschaft | Method for hierarchical managed password oriented access control to user access indications in a database of an SPS exchange |
| US5497411A (en) * | 1994-03-14 | 1996-03-05 | Pellerin; Joseph C. E. | Telecommunications card-access system |
| DE4439068C2 (en) * | 1994-11-02 | 1999-12-09 | Deutsche Telekom Ag | Method and device for protection against unauthorized use of communication connections |
| DE19504078A1 (en) * | 1995-02-08 | 1996-08-14 | Telefonbau & Normalzeit Gmbh | Method for initiating remote maintenance of a private branch exchange |
| ATE220280T1 (en) * | 1995-03-27 | 2002-07-15 | Siemens Schweiz Ag | COMMUNICATION SYSTEM WITH SWITCHING SERVERS |
| US5721780A (en) * | 1995-05-31 | 1998-02-24 | Lucent Technologies, Inc. | User-transparent security method and apparatus for authenticating user terminal access to a network |
-
1998
- 1998-03-11 CA CA 2254093 patent/CA2254093A1/en not_active Abandoned
- 1998-03-11 EP EP98905202A patent/EP0923836A1/en not_active Withdrawn
- 1998-03-11 CN CN 98800614 patent/CN1227025A/en active Pending
- 1998-03-11 AU AU60876/98A patent/AU733558B2/en not_active Ceased
- 1998-03-11 JP JP10539025A patent/JP2000511384A/en active Pending
- 1998-03-11 WO PCT/CH1998/000099 patent/WO1998041003A1/en not_active Application Discontinuation
- 1998-11-05 NO NO985166A patent/NO985166L/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| AU6087698A (en) | 1998-09-29 |
| EP0923836A1 (en) | 1999-06-23 |
| NO985166D0 (en) | 1998-11-05 |
| NO985166L (en) | 1999-01-12 |
| CN1227025A (en) | 1999-08-25 |
| AU733558B2 (en) | 2001-05-17 |
| JP2000511384A (en) | 2000-08-29 |
| WO1998041003A1 (en) | 1998-09-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5812656A (en) | System for providing prioritized connections in a public switched network | |
| CA2062751C (en) | Key allocation in public communications systems taking account of security gradations | |
| JPH03210847A (en) | Communication circuit netz | |
| US6353745B1 (en) | Method for providing performance features for mobile subscribers via a communications network | |
| US6169797B1 (en) | Method for setting up telecommunication connections | |
| US5574870A (en) | Method for the commissioning of an interface to be allocated to different transmission paths in a program-controlled communication system | |
| WO1997049231A1 (en) | Procedure and system for ensuring emergency communication | |
| US5802155A (en) | Method and apparatus for controlling regular and supressed ringing connections in a telecommunications network | |
| CA2240915A1 (en) | Method of preventing fraudulent toll calls by key system users | |
| AU733558B2 (en) | Method for protecting a communications system from unauthorized access | |
| US7177411B1 (en) | System for implementing telephone services, control unit for an automatic switch and telephone and computer integration server | |
| US6115459A (en) | Telephone switching system for easily implementing modification of connection information and medium storing telephone system control program | |
| US5999607A (en) | Method and apparatus for restricting dialing authorization in communication devices | |
| JPH06205004A (en) | Process of quick data exchange and device | |
| CA2182243C (en) | System for providing prioritized connections in a public switched network | |
| US20020049850A1 (en) | Data communications method and system | |
| US6289091B1 (en) | Method of making changes in a directory number administration, and directory number administration facility | |
| CN101151881B (en) | Administration of computer telephony applications that are connected to a private branch exchange via a local network | |
| US6621898B1 (en) | Method of communication between an automatic branch exchange and a messaging system providing at least one voice service, automatic branch exchange and messaging system implementing a method of this kind | |
| WO2003101145A1 (en) | Isdn interface apparatus | |
| KR100237480B1 (en) | Method of deactivating the night service of the information desk in the digital switching system | |
| JPS60144055A (en) | Telephone set | |
| US8320413B2 (en) | Communication method using one access | |
| SK106797A3 (en) | Method of remote maintenance | |
| US6667970B1 (en) | Trading call system and method of remote-controlling the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| FZDE | Dead |