EP0923836A1 - Procede pour proteger une installation de communication contre des acces non autorises - Google Patents

Procede pour proteger une installation de communication contre des acces non autorises

Info

Publication number
EP0923836A1
EP0923836A1 EP98905202A EP98905202A EP0923836A1 EP 0923836 A1 EP0923836 A1 EP 0923836A1 EP 98905202 A EP98905202 A EP 98905202A EP 98905202 A EP98905202 A EP 98905202A EP 0923836 A1 EP0923836 A1 EP 0923836A1
Authority
EP
European Patent Office
Prior art keywords
password
slmy
mux
system manager
functional unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP98905202A
Other languages
German (de)
English (en)
Inventor
Peter Lietha
René STIERLI
Erich Stirnimann
Karl Schmid
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens Schweiz AG
Original Assignee
Siemens Schweiz AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Schweiz AG filed Critical Siemens Schweiz AG
Publication of EP0923836A1 publication Critical patent/EP0923836A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/38Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
    • H04M3/382Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections using authorisation codes or passwords

Definitions

  • the present invention relates to a method according to the preamble of patent claim 1
  • the present invention is therefore based on the object of preventing the unauthorized access to information stored in a communication system under all circumstances
  • the invention is explained in more detail below with reference to a drawing, for example.
  • the drawing shows a digital communication system according to the one from EP 0 735 785-A1 known principle is constructed with central and decentralized functional units.
  • the communication system essentially consists of a switching center VT and a large number of terminals EG connected to the switching part VT. Furthermore, a system manager SM is connected to the switching part VT. storage capacity and with an on-screen display.
  • the switching center VT consists of a switching network SWU, to which switching groups SLMY1 SLMY3 are connected. Each switching group SLMY is connected on the one hand via an 8 Mbit line to a switching network SWU and on the other hand via an 8 Mbit line to three multiplexers MUX.
  • the switching group SLMY has a coupler for switching through the voice, data and signaling channels (time slots) coming from the switching network SWU to the multiplexers. 10 terminal devices EG are connected to each multiplexer MUX via a 2 Mbit line.
  • the multiplexers MUX have a coupler that the voice and signaling channels of the 8 Mbit line coming from the switching groups SLMY are switched through to the corresponding terminal devices EG.
  • the multiplexers MUX are controlled by the assigned switching group SLMY.
  • the switching network SWU is a digital coupler with a control system ST Di used for switching connections.
  • This configuration makes it possible to connect any terminal devices EG to one another via the switching groups SLMY and the switching network SWU and to exchange useful information in the form of data or program code and voice information via these connections.
  • An exchange of data between terminal devices EG takes place, for example, when in the terminal devices the The respective operating status, such as the busy status, of other terminal devices is to be displayed.
  • external lines such as analog or digital lines (trunk lines La, leased lines Lb and dedicated lines Ls) leading to the public telecommunications network OEN, are connected via an interface module SLB.
  • the end devices EG form the interface between the users and the communication system. Depending on the application, they provide the user with a large number of convenient features.
  • the end devices EG display various inputs and outputs (such as destination selection) a keyboard with program-controlled LCD (Liquid Cnstal Display) lettering on
  • a screen with user guidance as well as hands-free and listening functions can be provided in the terminal devices EG.
  • each terminal device EG has its own processor, the controls the relevant functions by means of software stored in an associated program or data memory.
  • the software is operator software and operator software.
  • the switching software controls all functions related to the communication, such as the monitoring and connection of connections (voice channels) to the multiplexers MUX and the connection groups SLMY.
  • the operator software essentially controls the user interface with the keyboard and the screen.
  • the System Manager SM manages the information required for the operation of the system and the user-friendly configuration of the SLMY, MUX and EG functional units.
  • the System Manager SM forms the interface between the operator and the system. It is connected to the SWU switching network via an So interface (with two B channels at 64 kbit / s and a D channel at 16 kbit / s) and an interface module SSB.
  • the system manager SM has a large database which contains, among other things, the data and programs for the configuration of the switching groups SLMY, the multiplexers MUX and the terminals EG.
  • the operator In order to transmit information to a terminal EG, for example to the terminal EGn, the operator (system administrator) triggers a function “supply terminal with new information” on the system manager SM.
  • a charging procedure activated in this way is built up via the switching network SWU, the switching unit SLMY1 and the Multiplexer MUX1 establishes a connection from the system manager SM to the terminal EGn, which is identified by a device number known to the system manager SM.
  • connection lines between the switching unit SLMY1 and the multiplexer MUX 1 or between the multiplexer MUX 1 and the selected terminal EGn occupies a free channel (time slot), as a result of which transmission between the system manager SM and the terminal EGn via a data (Point-to-point) connection eg with HDLC protocol can take place
  • the end device EGn issues a readiness message to the system manager SM, whereupon the transmission of the information to the end device EGn begins as soon as all information is transmitted to the end device EGn the system manager SM receives a corresponding final message from the end device EGn, whereupon he disconnects from the end device EGn.
  • the system manager SM can In its simplest form, it can be a commercially available personal computer that can be connected to the communication system via a known So interface. Access from the System Manager SM to the communication system requires knowledge of the necessary procedures and protocols by the operator, despite all conceivable Safety precautions can not It cannot be ruled out with absolute certainty that unauthorized third parties learn the necessary knowledge. Therefore, unauthorized access to the communication system and its functional units SLMY, MUX and EG cannot be completely ruled out. It must therefore be prevented in any case that unauthorized persons access the Access the system and extract any information or carry out manipulations that cause malfunctions
  • the method according to the invention meets this requirement. It is provided that a specific password is entered in the System Manager SM, which regulates the access to the communication system managed by the System Manager SM. With each start-up - during the initial start-up or with later restarting - The communication system or parts of the system receives at least one of the functional units of the system affected by the start-up, with which this functional unit can establish a data connection to the system manager SM. Functional units are preferably chosen as address receivers, the most possible in a simple manner penphere functional units of the communication system can be reached directly. A centrally arranged functional unit is selected as the address transmitter.
  • the address is sent from the control unit ST of the switching network SWU to the switching groups SLMY1, SLMY3 he control ST entered during the initial start-up via a central operating terminal BT, which is used to configure the switching part
  • the switching groups SLMY1,, SLMY3 each establish a connection to the system manager SM via the switching network SWU and request this to transmit the current password.
  • the switching groups SLMY1,, SLMY3 are then informed about the established connection by the system manager SM
  • the password is transmitted After the connection between the switching group SLMY and the system manager SM has been cleared, each switching group SLMY transmits the password via signaling channels to the assigned multiplexer MUX and from there to the connected end devices EG.
  • the password is used in all functional units SLMY, MUX and ground floor of the communication system
  • the terminal device If a terminal device EG is newly connected to a connection of the communication system, the terminal device is registered with the assigned switching group SLMY by means of a procedure which is triggered in it, whereupon the latter transmits the current password to the terminal device
  • Security can be additionally increased if the system manager SM checks, based on its origin address, whether the transfer group SLMY is authorized to receive the password before the transmission of the password to a requesting transfer group SLMY. Security can be further increased by the System manager SM checks an entered password with regard to various criteria (syntax, etc.) before accepting it
  • Each functional unit involved in the connection (switching group SLMY , Multiplexer MUX and terminal EG) checks whether the password transmitted in the connection setup information matches the password stored with it. If this is not the case, the functional unit refuses access to information stored and to be protected. The password is also checked, when functional units, e.g. two end devices EG, want to exchange data with each other
  • the system administrator - either an authorized person of the operator of the system or an authorized person of the manufacturer of the system - can enter the password on the System Manager SM and afterwards either as required or at the request of the System Manager SM. that the system manager SM changes the password automatically periodically or at any time, ie without the participation of the system administrator. In this case, the valid password is not known to anyone, which considerably increases security against unauthorized access
  • the password on the System Manager SM has been changed, it transmits the new password with a change identifier as described to all switching groups SLMY, which then pass the new password on to all functional units MUX and EG of the communication system that they can directly reach, where the old one is Password replaced.
  • a further embodiment of the method provides for the old password to be transmitted simultaneously with the new password when the password is changed, the new password then only being accepted in the functional unit in question if the old password obtained is the same as the existing one old password matches.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)
  • Communication Control (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un procédé pour empêcher l'accès non autorisé à des informations de fonctionnement qui sont mémorisées dans des unités fonctionnelles (SLMY, MUX, EG) d'une installation de communication et qui peuvent être acheminées à ces unités pour les configurer, à partir d'un module de gestion de système (SM) par l'intermédiaire de liaisons de données. A cet effet, un mot de passe correspondant à l'autorisation d'accès est entré dans le module de gestion de système (SM). A chaque mise en service de l'installation, une adresse caractérisant le module de gestion de système (SM) est transmise à au moins une des unités fonctionnelles (SLMY) de l'installation. Ensuite, l'unité fonctionnelle (SLMY) établit au moyen de cette adresse une liaison avec le module de gestion de système (SM) qui transmet alors le mot de passe à l'unité fonctionnelle (SLMY), cette dernière le transmettant ensuite à toutes les unités fonctionnelles (MUX, EG) qu'elle peut atteindre. A chaque fois qu'une liaison de données est établie avec des unités fonctionnelles (SLMY, MUX, EG), le mot de passe est ajouté à l'information d'établissement de liaison et une vérification est effectuée par l'unité fonctionnelle concernée (SLMY, MUX, EG) pour savoir si le mot de passe correspond au mot de passe mémorisé dans l'unité fonctionnelle.
EP98905202A 1997-03-12 1998-03-11 Procede pour proteger une installation de communication contre des acces non autorises Withdrawn EP0923836A1 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CH59297 1997-03-12
CH59297 1997-03-12
PCT/CH1998/000099 WO1998041003A1 (fr) 1997-03-12 1998-03-11 Procede pour proteger une installation de communication contre des acces non autorises

Publications (1)

Publication Number Publication Date
EP0923836A1 true EP0923836A1 (fr) 1999-06-23

Family

ID=4190573

Family Applications (1)

Application Number Title Priority Date Filing Date
EP98905202A Withdrawn EP0923836A1 (fr) 1997-03-12 1998-03-11 Procede pour proteger une installation de communication contre des acces non autorises

Country Status (7)

Country Link
EP (1) EP0923836A1 (fr)
JP (1) JP2000511384A (fr)
CN (1) CN1227025A (fr)
AU (1) AU733558B2 (fr)
CA (1) CA2254093A1 (fr)
NO (1) NO985166L (fr)
WO (1) WO1998041003A1 (fr)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0557566B1 (fr) * 1992-02-28 1996-04-17 Siemens Aktiengesellschaft Méthode d'accès par mot de passe administré hiérarchiquement aux indications d'accès d'utilisateur dans une base de données d'un central à commande programmée
US5497411A (en) * 1994-03-14 1996-03-05 Pellerin; Joseph C. E. Telecommunications card-access system
DE4439068C2 (de) * 1994-11-02 1999-12-09 Deutsche Telekom Ag Verfahren und Vorrichtung zum Schutz vor unautorisierter Benutzung von Kommunikationsanschlüssen
DE19504078A1 (de) * 1995-02-08 1996-08-14 Telefonbau & Normalzeit Gmbh Verfahren zur Einleitung der Fernwartung einer Fernsprechnebenstellenanlage
ATE220280T1 (de) * 1995-03-27 2002-07-15 Siemens Schweiz Ag Kommunikationssystem mit vermittlungstechnischen servern
US5721780A (en) * 1995-05-31 1998-02-24 Lucent Technologies, Inc. User-transparent security method and apparatus for authenticating user terminal access to a network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO9841003A1 *

Also Published As

Publication number Publication date
CA2254093A1 (fr) 1998-09-17
NO985166L (no) 1999-01-12
JP2000511384A (ja) 2000-08-29
AU6087698A (en) 1998-09-29
CN1227025A (zh) 1999-08-25
AU733558B2 (en) 2001-05-17
NO985166D0 (no) 1998-11-05
WO1998041003A1 (fr) 1998-09-17

Similar Documents

Publication Publication Date Title
DE19508081A1 (de) Verfahren zum Steuern eines Zugangsnetzes sowie Vermittlungsstelle und Zugangsnetz damit
EP0392141B1 (fr) Central numérique de télécommunication
DE69733056T2 (de) Verfahren und system zur sicherung einer kommunikation im notfall
DE3039981A1 (de) Waehleinrichtung mit rufnummern- bzw. kennungsspeicher
EP0303093A2 (fr) Système de communication pourvu d'un réseau de raccordement en forme de boucle au niveau du rattachement des abonnés d'un central téléphonique digital
DE102004027160A1 (de) Verfahren und Vorrichtung zur Konfigurierung eines Routers sowie Computerprogrammprodukt
EP0623267B1 (fr) Dispositif modulaire telephonique d'abonne
EP1203497B1 (fr) Procede d'actualisation de donnees concernant un abonne d'un reseau de telecommunications
EP0813330A2 (fr) Procédé d'établissement de connexion, central de commutation, processeur de service et réseau de communication
DE10223979B4 (de) Verfahren zur Unterstützung einer kommunikationssystemweiten Mobilität eines Teilnehmers
WO1998041003A1 (fr) Procede pour proteger une installation de communication contre des acces non autorises
EP0847656B1 (fr) Systeme de transmission avec des unites sans fil reliees a un reseau de transmission
EP1584176B1 (fr) Procede et dispositif pour commander et/ou surveiller un terminal raccorde a un systeme de communication
EP0332977B1 (fr) Méthode pour la réalisation des liaisons de transfert de données dans un central de télécommunication
EP0973344B1 (fr) Procédé pour la mise à disposition automatique d'informations sur des indicateurs de service d'un terminal de communication
EP0888696B1 (fr) Procede pour la transmission d'informations entre une source d'informations et des recepteurs d'informations
DE3212237C2 (de) Schaltungsanordnung für zentralgesteuerte Fernmeldeanlagen, insbesondere Fernsprechnebenstellenanlagen, mit über Datenübertragungsleitungsbündel steuerbaren zentralen und dezentralen Einrichtungen (dezentrale Rückstelleinheiten)
EP0673142B1 (fr) Terminal de télécommunication
EP0833527B1 (fr) Procédé pour l'établissement de connexions, central de commutation et dispositif de commande de service
DE19523184C2 (de) Verfahren zum Betrieb einer Einrichtung zur räumlichen Erweiterung einer zu einer digitalen Fernmelde-Vermittlungsstelle gehörenden Teilnehmerleitungseinheit
DE19717365C1 (de) ISDN-Netz mit DECT-Zwischensystem
EP1371237B1 (fr) Procede de gestion de donnees de controle
DE19756548C2 (de) Verfahren zur Behandlung einer in einem Kommunikationssystem vorliegenden Wahlinformation
DE19638823A1 (de) Verfahren zur Durchführung von Änderungen in einer Nummernverwaltung, Verfahren zur Erbringung eines Nummernverwaltungsdienstes sowie Nummernverwaltungseinrichtung
DE10159665A1 (de) System zum Zugriff auf unterschiedliche Ressourcen mit gleichem Kennzeichen

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 19990317

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

17Q First examination report despatched

Effective date: 20030922

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20031001