EP3847564A1 - A security system for a computer network - Google Patents
A security system for a computer networkInfo
- Publication number
- EP3847564A1 EP3847564A1 EP19849049.2A EP19849049A EP3847564A1 EP 3847564 A1 EP3847564 A1 EP 3847564A1 EP 19849049 A EP19849049 A EP 19849049A EP 3847564 A1 EP3847564 A1 EP 3847564A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- mobile device
- electronic message
- computer network
- service
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2131—Lost password, e.g. recovery of lost or forgotten passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
- H04W4/14—Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
Definitions
- the present invention relates to a security system for a computer network with a directory service, particularly authentication systems processing user credentials.
- Computer networks operate directory services to store password information and authenticate users to access any password protected services over the computer network.
- a system administrator manually reset the password on the directory service and inform user manually.
- the computer network provide a web based password reset system, user is obliged to fill out a web form and submit to the web server to submit a password reset request to the computer network.
- a one time verification code is generated by the password reset system and user asked to use a graphical user interface to provide verification code in correct manner. This procedure is time consuming and for the most of the time very complex for an ordinary computer user.
- EP3407536 discloses a server device in communication with a control panel device in a region can include a database of authorized users and phone numbers of mobile devices associated with the authorized users.
- the control panel device can generate a onetime password or security token, and when the control panel device generates the onetime password or security token, the control panel device can use GSM capability to transmit the onetime password or security token to the server device, and the server device can identify from the database one of the authorized users associated with the region in which the control panel device is located, identify from the database the phone number of a mobile device associated with the one of the authorized users, and transmit the onetime password or security token to the mobile device associated with the one of the authorized users for use in programming and updating software or firmware of the control panel device.
- the object of the invention is to facilitate providing a new permanent password upon request to a user allowing access to a password protected computer network.
- invention relates to a security system for a computer network comprising an operation server accessible to a directory service of the computer network and a mobile device connected with the operation server by means of an electronic message service adapted to transmit electronic messages between the operation server and the mobile device.
- an access control server in communication with a processor of the computer network is configured such that receive and parse a first electronic message from the mobile device into an identification data of the mobile device and a predetermined command, validate predetermined command with a stored pattern thereon; establish a data connection with the directory service via a network connection module and pair the device identification information with a registered user on a user database of the directory service, generate a permanent new password data for authorization of the registered user to the computer network by a security protocol and overwrite on a stored password data on the directory service with the new password data and send a second electronic message including new password data directly to the mobile device via electronic message service.
- Security system provide easy access to the computer network by a user of the mobile device when the mobile device is known to the directory service of the computer network.
- Directory service can be provided on the multiple operation servers for various services, e.g. active directory, SAP directory etc. distributed over the computer network communicating with the access control server using TCP/IP protocol.
- a single first message to the access control server will suffice to retrieve the new password data without any need for a further security steps to be followed by the user of the mobile device.
- additional security measures can be taken.
- the permanent password means a password that is not changing during each cycle of the described operation.
- the password in the second electronic message can be a temporary password for the operation server and user can be forced to change the password after using the permanent password provided in the second electronic message.
- the operation server can be a single server or can be a group of servers providing single or integrated directory service of various services.
- the processor under the computer network belong to the operation server.
- the processor can be a CPU provided at the access control server.
- the electronic message service is an SMS service over a GSM network provided by a GSM operator. SMS prioritization is provided by the GSM operator so that resources of security system is not allocated by such a task. This allow installation of a scalable security system in an affordable cost.
- the identification data is GSM subscription number assigned by the GSM network. Simply registration of the GSM subscription number to the directory service of the computer network will allow easy authentication by the access control server to provide a sensitive information, i.e. new password data to user of the mobile device.
- the access control server is equipped with a SIM shield in a persistent connection with the GSM network.
- the access control server on various computer networks provide with persistent connection with the GSM network over the electronic messaging service and will allow any user to access new password data to access the computer network at any time.
- the access control server further comprises a memory module in which a pattern for predetermined command is stored such that access control server is enabled to terminate the remaining process when predetermined command does not match with the stored pattern.
- Memory module can be RAM or any SSD or hard drive storing the pattern for a predetermined command to compare with the first message.
- Integrated memory module provide box type server device running as access control server to be installed in a computer network.
- Predetermined command can be any alphanumerical character or a gesture data captured by the mobile device. In some instances, predetermined command can be blank.
- the network connection module is configured to access local area network to establish a data connection with the directory service on the computer network. Therefore, instant access to the operation server by the access control server is possible.
- data connection can be encrypted over an SSL protocol.
- an operating method for a mobile device comprising the steps of sending a first electronic message having an identification data of the mobile device and a predetermined command for password renewal request from the mobile device to an access control server under a computer network by means of a first electronic message; interpretation of the first electronic message by an operation server at the computer network via LAN connection to the access control server to parse into an identification data and a predetermined command; validate the predetermined command with a stored pattern thereon; connect to a directory service; pair a registered user on a user database of the directory service using the identification data; generate a new password data for the registered user and overwrite on a stored password data.
- the electronic messaging service connecting the mobile device and the access control server is SMS over a GSM network.
- Figure 1 shows a schematic view of a security system for a computer network according to an exemplary application of the present invention.
- FIG. 1 a security system for a computer network (1 ) is schematically shown.
- An operation server (10) namely a group of servers providing various services in the same network area, e.g. operating system, ERP, CRM, etc. is actively connected or separately providing a directory service (12) to the computer network (1 ) under a known protocol, e.g. Active Directory, LDAP, from an assigned port and handle requests from the computer network (1 ).
- a directory service store user information such as, username, password, mobile phone number, e-mail address, role of the user, etc. in an encrypted manner.
- Mobile device (20) which is equipped with a SIM Card (22) having an assigned mobile phone number as identification data (261 ) to change a stored password data (A) on the directory service (12).
- Mobile device (20) is a cell phone with graphical user interface or SIM interface to send an electronic message through electronic messaging service (32) of a GSM network (30).
- An access control server (40) in the computer network (1 ) is arranged such that post data to the directory service (12) of the operation server (10) using a middleware (50) running on the operation server (10).
- Access control server (40) has a processor (42), a memory module (43) and a network connection module (44) which are connected to each other in an electronic signal transmitting manner.
- a SIM shield (48) is adapted into the access control server (40) providing access to the GSM network (30) by means of a SIM card inserted inside the SIM shield (48).
- a GSM operator has assigned a unique subscription number to the SIM card inside the SIM shield (48) and configured such that allowing access to the electronic messaging service (32), namely SMS service.
- the middleware (50) run on the operation control server (10) interprets the electronic messages received by the SIM shield (46).
- the middleware (50) is a piece of software run by a processor and has full access rights on the directory service (12) and in connection with the access control server (40) by means of the network connection module (44) and can send electronic messages to the access control server (40).
- the access control server (40) forward the electronic messages by means of the SIM shield (48) to the GSM network.
- GSM operator of the GSM network (30) has means to prioritize the messages to the SIM shield (48) and provide a number of electronic messages, namely SMS to the access control server (40) by means of the SIM shield (48).
- Access control server (40) persistently connected to the GSM network (30) by SIM shield (48).
- GSM network (30) provide a list of electronic messages
- access control server (40) initiate a read and validation procedure by running software commands for each one of the electronic messages independently. If the first electronic message (26) is unreadable, access control server (40) break the interpretation operation and terminate the first electronic message (26). Otherwise, forward the first electronic message (26) to the middleware (50) over the network connection module (44).
- Middleware (50) running on the operation server (10) initiate a parse procedure and split the first electronic message into several pieces including an identification data (261 ) and a predetermined command (262).
- Identification data (261 ) is the assigned subscriber number of the SIM card (22) in the mobile device (20).
- Middleware (50) establish a connection with the directory service (12) to check phone number information of the users registered to the directory service (12). If the identification data pairs with a user with the identification data (261 ) generate a new password data (B) according to the internal password policy of the computer network and send a command to the directory service (12) to overwrite a stored password data (A) accordingly. If the password change at the directory service (12) is successful, middleware (50) prepare a plain text password information from the new password data (B) and forward the access control server (40) to create an electronic message as the second electronic message (46) and send back to the mobile device (20) over the GSM network (30) using SIM shield (48). The user receive the new password data (B) from the mobile device (20). User can be able to access operation server (10) using the new password data (B) over the secure internet connection (14) using the computer (60).
- Operation server 32 Electronic messaging service
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TR201911013 | 2019-07-23 | ||
PCT/TR2019/050711 WO2021015686A1 (en) | 2019-07-23 | 2019-08-28 | A security system for a computer network |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3847564A1 true EP3847564A1 (en) | 2021-07-14 |
Family
ID=69528930
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19849049.2A Pending EP3847564A1 (en) | 2019-07-23 | 2019-08-28 | A security system for a computer network |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP3847564A1 (en) |
WO (1) | WO2021015686A1 (en) |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2367451A (en) * | 2000-05-22 | 2002-04-03 | Fonepark Ltd | Communication of location information |
US20100004980A1 (en) * | 2006-01-20 | 2010-01-07 | Berkley Bowen | Systems and methods for managing product and consumer information |
US20070190995A1 (en) * | 2006-02-13 | 2007-08-16 | Nokia Corporation | Remote control of a mobile device |
WO2009029296A1 (en) * | 2007-08-31 | 2009-03-05 | At & T Mobility Ii Llc | Enhanced messaging with language translation feature |
US10455416B2 (en) | 2017-05-26 | 2019-10-22 | Honeywell International Inc. | Systems and methods for providing a secured password and authentication mechanism for programming and updating software or firmware |
-
2019
- 2019-08-28 EP EP19849049.2A patent/EP3847564A1/en active Pending
- 2019-08-28 WO PCT/TR2019/050711 patent/WO2021015686A1/en unknown
Also Published As
Publication number | Publication date |
---|---|
WO2021015686A1 (en) | 2021-01-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8589675B2 (en) | WLAN authentication method by a subscriber identifier sent by a WLAN terminal | |
CN110855621B (en) | Method for controlling access to an in-vehicle wireless network | |
JP5926441B2 (en) | Secure authentication in multi-party systems | |
EP2368339B1 (en) | Secure transaction authentication | |
CN100438421C (en) | Method and system for conducting user verification to sub position of network position | |
KR101451359B1 (en) | User account recovery | |
CN112260995A (en) | Access authentication method, device and server | |
EP2924944B1 (en) | Network authentication | |
CN101986598B (en) | Authentication method, server and system | |
US20200382500A1 (en) | Methods, systems, and computer readable mediums for securely establishing credential data for a computing device | |
US9787678B2 (en) | Multifactor authentication for mail server access | |
CN113341798A (en) | Method, system, device, equipment and storage medium for remotely accessing application | |
US11768930B2 (en) | Application authenticity verification in digital distribution systems | |
CN114157438A (en) | Network equipment management method and device and computer readable storage medium | |
EP1530343B1 (en) | Method and system for creating authentication stacks in communication networks | |
KR101473719B1 (en) | Intelligent login authentication system and method thereof | |
EP3847564A1 (en) | A security system for a computer network | |
JP2016143397A (en) | Terminal detection system and method | |
CN114531303B (en) | Server port hiding method and system | |
EP2529329B1 (en) | Secure procedure for accessing a network and network thus protected | |
US20210144139A1 (en) | Method for configuring access to an internet service | |
CN106100889A (en) | The Enhancement Method of a kind of snmp protocol safety and device | |
KR101484972B1 (en) | Service for smart phone embezzlement protection and system thereof | |
CN114513348A (en) | Terminal authentication method, cloud platform and cloud AP | |
KR20130124448A (en) | Legitimacy checking login authentication system and method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20210406 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20230315 |