GB2168831A - Password-protected data link - Google Patents
Password-protected data link Download PDFInfo
- Publication number
- GB2168831A GB2168831A GB8428608A GB8428608A GB2168831A GB 2168831 A GB2168831 A GB 2168831A GB 8428608 A GB8428608 A GB 8428608A GB 8428608 A GB8428608 A GB 8428608A GB 2168831 A GB2168831 A GB 2168831A
- Authority
- GB
- United Kingdom
- Prior art keywords
- password
- user
- host computer
- host
- modem
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/313—User authentication using a call-back technique via a telephone network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/22—Arrangements for preventing the taking of data from a data transmission channel without authorisation
Abstract
A password-protected data communication system for transfer of data between remote user terminals and a host computer via public telephone lines and the like is further made secure by virtue of the fact that password transactions and/or interchanges are automatically effected between special modems provided at the user terminals and at the host computer without action or intervention (other than call initiating action) by the users who are denied access to or control over the passwords. A callback facility may also be provided and can be structured to enable users to communicate with the host from non-static locations.
Description
SPECIFICATION
Improvements relating to computer systems
This invention concerns improvements relating to computer systems and more particularly concerns the protection of host computers from unauthorised access via remote terminals coupled with the host computer over public communications networks including the public telephone system.
As is well known, it is customary to provide a user wishing to access a host computer, for example a database to be interrogated or searched by the user, with a unique user identification or password and to provide at the host computer a table of user identifications for which access to the computer database is permitted. The user's terminal is customarily connected via a modem to the public telephone network, for example, which in turn connects via a corresponding modem with the host computer. The user, when wishing to access the host computer, calls the telephone number of the host computer, receives an answering tone when the telephone line connection is established, and then enters his user identification via his terminal keyboard; the user identification must be received and verified at the host computer in order for access to be provided.
Whilst the provision of user identification passwords to be verified at the host computer before access is permitted does provide a baseline level of security- against unauthorised access, nonetheless it does not in many situations provide for sufficient security. Computer systems which can be reached through the public telephone system are potentially vulnerable to unauthorised acces by anyone who has by whatever means improperly come into possession of an authorised user identification password and further sophisticated computer based techniques exist whereby unauthroised entry can be obtained once the dialup te!ephone number of a computer facility has been obtained.
To further protect against such fraudulent access, efforts have been made to implement less readily determinable user passwords, and also automatic disconnection of the incoming terminal line has been utilised following a small number of invalid attempts to enter an acceptable password.
A more recent proposal has been to provide a socalled port protection device external to the host computer's dial-up access ports, the port protection device having on-board microprocessor intelligence which is used to provide a level of external password protection to any communication line.
The port protection device requires a potential dialup terminal user to manually enter a password as a first step towards connecting with the host computer, and the device then compares this password with a table of valid user passwords stored in its own memory. Only if the user-entered password matches a previously stored password in the port protection device memory is the user enabled to proceed with the routine logging-on procedure at the host computer involving entry of a further password etc.
As yet a further proposal, it has also been suggested to introduce a callback facility into a port protection device; since most legitimate users of a host computer system can be presumed to have a routine work station at a fixed location, the rationale behind the callback proposal is that the port protection device would instruct a user to hang-up once his password had been verified and then would call up a telephone number called from its own memory and associated in the memory with the password entered by the user; by this means only a user in possession of a proper password and located at the work station customarily associated with that password would be able to access the host computer.
According to the principal aspect of the present invention, it is proposed that the modems provided at each end of the data communication line, that is at the user's terminal end and at the host computer end, automatically carry out the password transaction(s) or interchange(s) without action or intervention by the user who, in accordance with the invention, is denied access to or control over the password(s). By this means, a very long and potentially indeterminable password comprising virtually an infinite number of possible character combinations (that is to say a virtually infinite "keyspace" size) can be utilised; by automatic use of such a comprehensive password, which has many many more digits than could possibly be remembered and manually entered at a terminal, and by not revealing the password to the terminal end user much greater security of access is insured.
In a practical situation therefore, the conventional modems which would customarily be provided at each end of the communication line would be replaced by special modems configured, in accordance with the invention, to include means for exchanging the necessary password(s), and means to enable password(s) to be entered during manufacture of the modem and, if desired, to the customer's specification, such means including, for example, provision in the modem of appropriately programmed memory media. Autodial facilities would also be associated with each of the modems or at least with the user end modem.
In operation of a system in accordance with the invention, the user will by appropriate operation of his terminal cause his modem to initiate a call to the host's modem, which requires the user's modem to transmit its preprogrammed password. On receipt of a valid password verified by comparison with a password store at the host modem, the host's modem authorises direct connection of the user to the host system. Should the host's modem fail to receive a valid password, connection to the host system will be prohibited. The rationale underlying the invention is thus that the terminal user need have no knowledge of the password(s), nor even of the host computer's telephone number if, for example, the terminal/host is a dedicated system, and thus a principal source for fraudulent access is eliminated.
The user's end modem may also be used in a conventinal data communications link, i.e. to a non-protected system.
The system according to the invention can also incorporate a callback facility as aforesaid so as to further enhance the level of security provided by the system. With hitherto disclosed port protection devices incorporating a callback facility, entry of the passwords is (to our knowledge) by manual means; the present invention provides the facility for automatic transmission of the password by the user end modem. Further features which can be provided in a system in accordance with the present invention comprise the association of a status code and/or a time-of-access zone with each valid password.The status code can provide for immediate access of a special status authorised caller to the host computer thus bypassing the need for callback to be effected, and the time-of-access zone may be used to prevent an authorised user's access to the host computer at times other than those defined by his allocated time-of-access zone.
In accordance with yet a further aspect of the present invention, in order to enable a callback system to be utilised from any workstation location and to be utilied by users, such as travelling salespersons for example, having mobile workstations with no fixed location and a variable telephone number, it is proposed that the host modem or port protection device, in response to verification of a received password transmitted by a user together with the user's current telephone number location, generates a one-time short-term password and transmits it back to the user's location.
The user then has to re-dial the host computer and can obtain access only by use of the one-time short-term password within a predetermined short time period of the original password entry. The redialling of the host computer could be effected by means of autodial equipment provided in the modem at the user's terminal end, the user's end modem receiving and temporarily holding the onetime password transmitted by the host's modem; by this means the need for user knowledge or control of passwords is completely removed thereby enhancing security.
In the systems according to the invention, the passwords, the user status codes and time-of-access zones, and the callback telephone numbers, or any of them, are not made accessible for modification by the standard user; that is to say, such data can be modified only at the command of an appropriately authorised key person at the host computer location with such key person's access to the host computer itself being password controlled.
Having thus described the concepts upon which the present invention is based and recognising the capability of the skilled technician in the data communications art readily to put the herein-disclosed inventive concepts into practical realisation without need for further explanation, it is considered that no further description of the present invention is required herein. Various features, alterations and modifications will occur to those possessed of appropriate skills without departure from the spirit and scope of the invention. Basically the invention provides for security procedures to be completely hidden from the user and involves no user intervention.
As yet a further feature, the invention could make use of encryption techniques for yet higher levels of security.
Claims (5)
1. A password-protected data communication system for transfer of data between remote user terminals and a host computer via public telephone networks or the like and wherein password transaction(s) and/or interchange(s) are automatically effected between special modems provided at the user terminal and at the host computer without action or intervention (other than call initiating action) by the user who is denied access to or control over the password(s).
2. A system in accordance with claim 1 including a callback facility whereby, in response to re- ception at the host modem of an acceptable password, the host modem automatically seeks to connect the host computer with a predetermined user workstation location associated with the received password.
3. A system in accordance with claim 2 wherein the host modem, in response to verification of a received password transmitted by a user together with the user's current telephone number, generates a one-off short-term password and transmits it back to the user's location, the user being enabled to access the host computer only by utilisation of such one-off short-term password within à predetermined limited time period.
4. A system in accordance with claim 3 wherein the modem at the user's location is adapted and arranged to automatically access the host computer by utilisation of said one-off short-term password without intervention from the user.
5. A system in accordance with any of the preceding claims wherein the passwords utilised by the system incorporate user status and/or time-ofaccess zone codes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB8428608A GB2168831B (en) | 1984-11-13 | 1984-11-13 | Password-protected data link |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB8428608A GB2168831B (en) | 1984-11-13 | 1984-11-13 | Password-protected data link |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| GB2168831A true GB2168831A (en) | 1986-06-25 |
| GB2168831B GB2168831B (en) | 1988-04-27 |
Family
ID=10569636
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB8428608A Expired GB2168831B (en) | 1984-11-13 | 1984-11-13 | Password-protected data link |
Country Status (1)
| Country | Link |
|---|---|
| GB (1) | GB2168831B (en) |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2188758A (en) * | 1986-04-04 | 1987-10-07 | Philip Hall Bertenshaw | Secure data transmission system |
| EP0242808A1 (en) * | 1986-04-17 | 1987-10-28 | Kabushiki Kaisha Myukomu | Method and system for confirming user in modem communications |
| WO1988007240A1 (en) * | 1987-03-12 | 1988-09-22 | Siemens Ltd. | Controlling security access |
| EP0292248A2 (en) * | 1987-05-19 | 1988-11-23 | THE GENERAL ELECTRIC COMPANY, p.l.c. | Data processing system |
| GB2229020A (en) * | 1989-03-06 | 1990-09-12 | Chris Keiron Ellis | Security device to limit remote access to computers over a telecommunication network |
| EP0532102A2 (en) * | 1991-09-11 | 1993-03-17 | Philips Patentverwaltung GmbH | System for controlling data access to a data apparatus |
| GB2268602A (en) * | 1992-06-25 | 1994-01-12 | Mitac Ltd | Enhancing security of data transfer |
| EP0588519A2 (en) * | 1992-08-31 | 1994-03-23 | AT&T Corp. | Continuous authentication using an in-band or out-of-band side channel |
| GB2281991A (en) * | 1993-09-10 | 1995-03-22 | Icl Systems Ab | Authentication |
| EP0686905A1 (en) * | 1994-06-03 | 1995-12-13 | Sun Microsystems, Inc. | Method and apparatus for secure remote authentication in a public network |
| US5771291A (en) * | 1995-12-11 | 1998-06-23 | Newton; Farrell | User identification and authentication system using ultra long identification keys and ultra large databases of identification keys for secure remote terminal access to a host computer |
| US5923842A (en) * | 1997-03-06 | 1999-07-13 | Citrix Systems, Inc. | Method and apparatus for simultaneously providing anonymous user login for multiple users |
| GB2337908A (en) * | 1998-03-13 | 1999-12-01 | Nec Corp | Accessing a network host computer from outside the network with improved security |
| EP1071004A1 (en) * | 1999-07-19 | 2001-01-24 | Aiwa Co., Ltd. | Communication control method and communication terminal unit capable of limiting connection destination of dial up-connection |
| WO2003053025A1 (en) * | 2001-12-18 | 2003-06-26 | Siemens Energy & Automation, Inc. | Security features for an integral plc modem |
| US6986040B1 (en) | 2000-11-03 | 2006-01-10 | Citrix Systems, Inc. | System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel |
| US7020773B1 (en) | 2000-07-17 | 2006-03-28 | Citrix Systems, Inc. | Strong mutual authentication of devices |
| US7100200B2 (en) | 2001-06-13 | 2006-08-29 | Citrix Systems, Inc. | Method and apparatus for transmitting authentication credentials of a user across communication sessions |
| US7227939B2 (en) | 2001-12-18 | 2007-06-05 | Siemens Energy & Automation, Inc. | Security features for an integral PLC modem |
| US7661129B2 (en) | 2002-02-26 | 2010-02-09 | Citrix Systems, Inc. | Secure traversal of network components |
| US7984157B2 (en) | 2002-02-26 | 2011-07-19 | Citrix Systems, Inc. | Persistent and reliable session securely traversing network components using an encapsulating protocol |
| US8090874B2 (en) | 2001-06-13 | 2012-01-03 | Citrix Systems, Inc. | Systems and methods for maintaining a client's network connection thru a change in network identifier |
| US8321499B2 (en) | 1994-05-31 | 2012-11-27 | Intellectual Ventures I Llc | Method for distributing content to a user station |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB1588147A (en) * | 1977-01-25 | 1981-04-15 | Ibm | Information exchange system |
| EP0067611A1 (en) * | 1981-06-05 | 1982-12-22 | Exide Electronics International Corp. | Apparatus for controlling access to computers |
| WO1983002343A1 (en) * | 1981-12-29 | 1983-07-07 | Marathon Oil Co | Computer terminal security system |
| EP0100260A1 (en) * | 1982-07-08 | 1984-02-08 | Bull S.A. | Method to establish the origin of at least one bit of information stored in a memory of a first electronical device and transmitted to a second electronical device |
-
1984
- 1984-11-13 GB GB8428608A patent/GB2168831B/en not_active Expired
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB1588147A (en) * | 1977-01-25 | 1981-04-15 | Ibm | Information exchange system |
| EP0067611A1 (en) * | 1981-06-05 | 1982-12-22 | Exide Electronics International Corp. | Apparatus for controlling access to computers |
| WO1983002343A1 (en) * | 1981-12-29 | 1983-07-07 | Marathon Oil Co | Computer terminal security system |
| EP0100260A1 (en) * | 1982-07-08 | 1984-02-08 | Bull S.A. | Method to establish the origin of at least one bit of information stored in a memory of a first electronical device and transmitted to a second electronical device |
Cited By (42)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2188758A (en) * | 1986-04-04 | 1987-10-07 | Philip Hall Bertenshaw | Secure data transmission system |
| EP0242808A1 (en) * | 1986-04-17 | 1987-10-28 | Kabushiki Kaisha Myukomu | Method and system for confirming user in modem communications |
| WO1988007240A1 (en) * | 1987-03-12 | 1988-09-22 | Siemens Ltd. | Controlling security access |
| EP0292248A3 (en) * | 1987-05-19 | 1990-10-31 | The General Electric Company, P.L.C. | Data processing system |
| GB2204973A (en) * | 1987-05-19 | 1988-11-23 | Gen Electric Co Plc | Data processing system |
| EP0292248A2 (en) * | 1987-05-19 | 1988-11-23 | THE GENERAL ELECTRIC COMPANY, p.l.c. | Data processing system |
| GB2229020A (en) * | 1989-03-06 | 1990-09-12 | Chris Keiron Ellis | Security device to limit remote access to computers over a telecommunication network |
| EP0532102A3 (en) * | 1991-09-11 | 1995-12-13 | Philips Patentverwaltung | System for controlling data access to a data apparatus |
| EP0532102A2 (en) * | 1991-09-11 | 1993-03-17 | Philips Patentverwaltung GmbH | System for controlling data access to a data apparatus |
| GB2268602A (en) * | 1992-06-25 | 1994-01-12 | Mitac Ltd | Enhancing security of data transfer |
| EP0588519A2 (en) * | 1992-08-31 | 1994-03-23 | AT&T Corp. | Continuous authentication using an in-band or out-of-band side channel |
| EP0588519A3 (en) * | 1992-08-31 | 1994-05-25 | American Telephone & Telegraph | Continuous authentication using an in-band or out-of-band side channel |
| GB2281991A (en) * | 1993-09-10 | 1995-03-22 | Icl Systems Ab | Authentication |
| US8321499B2 (en) | 1994-05-31 | 2012-11-27 | Intellectual Ventures I Llc | Method for distributing content to a user station |
| US8812620B2 (en) | 1994-05-31 | 2014-08-19 | Intellectual Property I LLC | Software and method that enables selection of one of a plurality of online service providers |
| US8635272B2 (en) | 1994-05-31 | 2014-01-21 | Intellectual Ventures I Llc | Method for distributing a list of updated content to a user station from a distribution server wherein the user station may defer installing the update |
| US8499030B1 (en) | 1994-05-31 | 2013-07-30 | Intellectual Ventures I Llc | Software and method that enables selection of one of a plurality of network communications service providers |
| US8407682B2 (en) | 1994-05-31 | 2013-03-26 | Intellectual Ventures I Llc | Software and method that enables selection of one of a plurality of online service providers |
| US8719339B2 (en) | 1994-05-31 | 2014-05-06 | Intellectual Ventures I Llc | Software and method that enables selection of one of a plurality of online service providers |
| US9111604B2 (en) | 1994-05-31 | 2015-08-18 | Intellectual Ventures I Llc | Software and method that enables selection of on-line content from one of a plurality of network content service providers in a single action |
| US9484078B2 (en) | 1994-05-31 | 2016-11-01 | Intellectual Ventures I Llc | Providing services from a remote computer system to a user station over a communications network |
| US9484077B2 (en) * | 1994-05-31 | 2016-11-01 | Intellectual Ventures I Llc | Providing services from a remote computer system to a user station over a communications network |
| US8825872B2 (en) | 1994-05-31 | 2014-09-02 | Intellectual Ventures I Llc | Software and method for monitoring a data stream and for capturing desired data within the data stream |
| US5604803A (en) * | 1994-06-03 | 1997-02-18 | Sun Microsystems, Inc. | Method and apparatus for secure remote authentication in a public network |
| EP0686905A1 (en) * | 1994-06-03 | 1995-12-13 | Sun Microsystems, Inc. | Method and apparatus for secure remote authentication in a public network |
| US5771291A (en) * | 1995-12-11 | 1998-06-23 | Newton; Farrell | User identification and authentication system using ultra long identification keys and ultra large databases of identification keys for secure remote terminal access to a host computer |
| US5923842A (en) * | 1997-03-06 | 1999-07-13 | Citrix Systems, Inc. | Method and apparatus for simultaneously providing anonymous user login for multiple users |
| US6490687B1 (en) | 1998-03-13 | 2002-12-03 | Nec Corporation | Login permission with improved security |
| GB2337908B (en) * | 1998-03-13 | 2000-10-25 | Nec Corp | Login permission method and system |
| GB2337908A (en) * | 1998-03-13 | 1999-12-01 | Nec Corp | Accessing a network host computer from outside the network with improved security |
| EP1071004A1 (en) * | 1999-07-19 | 2001-01-24 | Aiwa Co., Ltd. | Communication control method and communication terminal unit capable of limiting connection destination of dial up-connection |
| US7020773B1 (en) | 2000-07-17 | 2006-03-28 | Citrix Systems, Inc. | Strong mutual authentication of devices |
| US7293176B2 (en) | 2000-07-17 | 2007-11-06 | Citrix Systems, Inc. | Strong mutual authentication of devices |
| US6986040B1 (en) | 2000-11-03 | 2006-01-10 | Citrix Systems, Inc. | System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel |
| US7100200B2 (en) | 2001-06-13 | 2006-08-29 | Citrix Systems, Inc. | Method and apparatus for transmitting authentication credentials of a user across communication sessions |
| US8874791B2 (en) | 2001-06-13 | 2014-10-28 | Citrix Systems, Inc. | Automatically reconnecting a client across reliable and persistent communication sessions |
| US8090874B2 (en) | 2001-06-13 | 2012-01-03 | Citrix Systems, Inc. | Systems and methods for maintaining a client's network connection thru a change in network identifier |
| WO2003053025A1 (en) * | 2001-12-18 | 2003-06-26 | Siemens Energy & Automation, Inc. | Security features for an integral plc modem |
| CN103546460A (en) * | 2001-12-18 | 2014-01-29 | 西门子工业公司 | Security features for an integral plc modem |
| US7227939B2 (en) | 2001-12-18 | 2007-06-05 | Siemens Energy & Automation, Inc. | Security features for an integral PLC modem |
| US7984157B2 (en) | 2002-02-26 | 2011-07-19 | Citrix Systems, Inc. | Persistent and reliable session securely traversing network components using an encapsulating protocol |
| US7661129B2 (en) | 2002-02-26 | 2010-02-09 | Citrix Systems, Inc. | Secure traversal of network components |
Also Published As
| Publication number | Publication date |
|---|---|
| GB2168831B (en) | 1988-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| GB2168831A (en) | Password-protected data link | |
| EP0262859B1 (en) | Adjunct processor for providing computer facility access protection via call transfer | |
| US5280581A (en) | Enhanced call-back authentication method and apparatus for remotely accessing a host computer from a plurality of remote sites | |
| US4779224A (en) | Identity verification method and apparatus | |
| US4815031A (en) | Method for granting a request to authorized data terminal users accessing from any locations | |
| US4891838A (en) | Computer accessing system | |
| US4310720A (en) | Computer accessing system | |
| US6075861A (en) | Security access system | |
| EP0205584A1 (en) | Electronic linkage interface control security system and method | |
| US5448764A (en) | Cordless telephone set with secure communication protocol | |
| US4831648A (en) | Method of confirming user in modem communications and its system | |
| US6934531B1 (en) | Method for improving the security of authentication procedures in digital mobile radio telephone systems | |
| EP0018129A1 (en) | Method of providing security of data on a communication path | |
| EP1119147A1 (en) | Provision of secure access for telecommunications system | |
| WO1998000956A2 (en) | System and method for preventing cellular fraud | |
| JP2996184B2 (en) | Unauthorized access prevention callback method | |
| GB2229020A (en) | Security device to limit remote access to computers over a telecommunication network | |
| JPS60171559A (en) | Preventing system for foul use of system | |
| JPS6399664A (en) | Connecting system for data line | |
| KR200211327Y1 (en) | The user-authentication system through second connecting path | |
| JPS62213338A (en) | Illegal access prevention system | |
| JPH0653956A (en) | Digital commuication equipment | |
| TR202017023A2 (en) | AN ENCRYPTED SEARCH SYSTEM | |
| JPS6243628B2 (en) | ||
| JPH0624360B2 (en) | Method for authenticating a data processing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 19931113 |