GB2168831A - Password-protected data link - Google Patents

Password-protected data link Download PDF

Info

Publication number
GB2168831A
GB2168831A GB8428608A GB8428608A GB2168831A GB 2168831 A GB2168831 A GB 2168831A GB 8428608 A GB8428608 A GB 8428608A GB 8428608 A GB8428608 A GB 8428608A GB 2168831 A GB2168831 A GB 2168831A
Authority
GB
United Kingdom
Prior art keywords
password
user
host computer
host
modem
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB8428608A
Other versions
GB2168831B (en
Inventor
David Robert Llewellyn Jones
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
STEEBEK SYSTEMS Ltd
Original Assignee
STEEBEK SYSTEMS Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by STEEBEK SYSTEMS Ltd filed Critical STEEBEK SYSTEMS Ltd
Priority to GB8428608A priority Critical patent/GB2168831B/en
Publication of GB2168831A publication Critical patent/GB2168831A/en
Application granted granted Critical
Publication of GB2168831B publication Critical patent/GB2168831B/en
Expired legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/313User authentication using a call-back technique via a telephone network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A password-protected data communication system for transfer of data between remote user terminals and a host computer via public telephone lines and the like is further made secure by virtue of the fact that password transactions and/or interchanges are automatically effected between special modems provided at the user terminals and at the host computer without action or intervention (other than call initiating action) by the users who are denied access to or control over the passwords. A callback facility may also be provided and can be structured to enable users to communicate with the host from non-static locations.

Description

SPECIFICATION Improvements relating to computer systems This invention concerns improvements relating to computer systems and more particularly concerns the protection of host computers from unauthorised access via remote terminals coupled with the host computer over public communications networks including the public telephone system.
As is well known, it is customary to provide a user wishing to access a host computer, for example a database to be interrogated or searched by the user, with a unique user identification or password and to provide at the host computer a table of user identifications for which access to the computer database is permitted. The user's terminal is customarily connected via a modem to the public telephone network, for example, which in turn connects via a corresponding modem with the host computer. The user, when wishing to access the host computer, calls the telephone number of the host computer, receives an answering tone when the telephone line connection is established, and then enters his user identification via his terminal keyboard; the user identification must be received and verified at the host computer in order for access to be provided.
Whilst the provision of user identification passwords to be verified at the host computer before access is permitted does provide a baseline level of security- against unauthorised access, nonetheless it does not in many situations provide for sufficient security. Computer systems which can be reached through the public telephone system are potentially vulnerable to unauthorised acces by anyone who has by whatever means improperly come into possession of an authorised user identification password and further sophisticated computer based techniques exist whereby unauthroised entry can be obtained once the dialup te!ephone number of a computer facility has been obtained.
To further protect against such fraudulent access, efforts have been made to implement less readily determinable user passwords, and also automatic disconnection of the incoming terminal line has been utilised following a small number of invalid attempts to enter an acceptable password.
A more recent proposal has been to provide a socalled port protection device external to the host computer's dial-up access ports, the port protection device having on-board microprocessor intelligence which is used to provide a level of external password protection to any communication line.
The port protection device requires a potential dialup terminal user to manually enter a password as a first step towards connecting with the host computer, and the device then compares this password with a table of valid user passwords stored in its own memory. Only if the user-entered password matches a previously stored password in the port protection device memory is the user enabled to proceed with the routine logging-on procedure at the host computer involving entry of a further password etc.
As yet a further proposal, it has also been suggested to introduce a callback facility into a port protection device; since most legitimate users of a host computer system can be presumed to have a routine work station at a fixed location, the rationale behind the callback proposal is that the port protection device would instruct a user to hang-up once his password had been verified and then would call up a telephone number called from its own memory and associated in the memory with the password entered by the user; by this means only a user in possession of a proper password and located at the work station customarily associated with that password would be able to access the host computer.
According to the principal aspect of the present invention, it is proposed that the modems provided at each end of the data communication line, that is at the user's terminal end and at the host computer end, automatically carry out the password transaction(s) or interchange(s) without action or intervention by the user who, in accordance with the invention, is denied access to or control over the password(s). By this means, a very long and potentially indeterminable password comprising virtually an infinite number of possible character combinations (that is to say a virtually infinite "keyspace" size) can be utilised; by automatic use of such a comprehensive password, which has many many more digits than could possibly be remembered and manually entered at a terminal, and by not revealing the password to the terminal end user much greater security of access is insured.
In a practical situation therefore, the conventional modems which would customarily be provided at each end of the communication line would be replaced by special modems configured, in accordance with the invention, to include means for exchanging the necessary password(s), and means to enable password(s) to be entered during manufacture of the modem and, if desired, to the customer's specification, such means including, for example, provision in the modem of appropriately programmed memory media. Autodial facilities would also be associated with each of the modems or at least with the user end modem.
In operation of a system in accordance with the invention, the user will by appropriate operation of his terminal cause his modem to initiate a call to the host's modem, which requires the user's modem to transmit its preprogrammed password. On receipt of a valid password verified by comparison with a password store at the host modem, the host's modem authorises direct connection of the user to the host system. Should the host's modem fail to receive a valid password, connection to the host system will be prohibited. The rationale underlying the invention is thus that the terminal user need have no knowledge of the password(s), nor even of the host computer's telephone number if, for example, the terminal/host is a dedicated system, and thus a principal source for fraudulent access is eliminated.
The user's end modem may also be used in a conventinal data communications link, i.e. to a non-protected system.
The system according to the invention can also incorporate a callback facility as aforesaid so as to further enhance the level of security provided by the system. With hitherto disclosed port protection devices incorporating a callback facility, entry of the passwords is (to our knowledge) by manual means; the present invention provides the facility for automatic transmission of the password by the user end modem. Further features which can be provided in a system in accordance with the present invention comprise the association of a status code and/or a time-of-access zone with each valid password.The status code can provide for immediate access of a special status authorised caller to the host computer thus bypassing the need for callback to be effected, and the time-of-access zone may be used to prevent an authorised user's access to the host computer at times other than those defined by his allocated time-of-access zone.
In accordance with yet a further aspect of the present invention, in order to enable a callback system to be utilised from any workstation location and to be utilied by users, such as travelling salespersons for example, having mobile workstations with no fixed location and a variable telephone number, it is proposed that the host modem or port protection device, in response to verification of a received password transmitted by a user together with the user's current telephone number location, generates a one-time short-term password and transmits it back to the user's location.
The user then has to re-dial the host computer and can obtain access only by use of the one-time short-term password within a predetermined short time period of the original password entry. The redialling of the host computer could be effected by means of autodial equipment provided in the modem at the user's terminal end, the user's end modem receiving and temporarily holding the onetime password transmitted by the host's modem; by this means the need for user knowledge or control of passwords is completely removed thereby enhancing security.
In the systems according to the invention, the passwords, the user status codes and time-of-access zones, and the callback telephone numbers, or any of them, are not made accessible for modification by the standard user; that is to say, such data can be modified only at the command of an appropriately authorised key person at the host computer location with such key person's access to the host computer itself being password controlled.
Having thus described the concepts upon which the present invention is based and recognising the capability of the skilled technician in the data communications art readily to put the herein-disclosed inventive concepts into practical realisation without need for further explanation, it is considered that no further description of the present invention is required herein. Various features, alterations and modifications will occur to those possessed of appropriate skills without departure from the spirit and scope of the invention. Basically the invention provides for security procedures to be completely hidden from the user and involves no user intervention.
As yet a further feature, the invention could make use of encryption techniques for yet higher levels of security.

Claims (5)

1. A password-protected data communication system for transfer of data between remote user terminals and a host computer via public telephone networks or the like and wherein password transaction(s) and/or interchange(s) are automatically effected between special modems provided at the user terminal and at the host computer without action or intervention (other than call initiating action) by the user who is denied access to or control over the password(s).
2. A system in accordance with claim 1 including a callback facility whereby, in response to re- ception at the host modem of an acceptable password, the host modem automatically seeks to connect the host computer with a predetermined user workstation location associated with the received password.
3. A system in accordance with claim 2 wherein the host modem, in response to verification of a received password transmitted by a user together with the user's current telephone number, generates a one-off short-term password and transmits it back to the user's location, the user being enabled to access the host computer only by utilisation of such one-off short-term password within à predetermined limited time period.
4. A system in accordance with claim 3 wherein the modem at the user's location is adapted and arranged to automatically access the host computer by utilisation of said one-off short-term password without intervention from the user.
5. A system in accordance with any of the preceding claims wherein the passwords utilised by the system incorporate user status and/or time-ofaccess zone codes.
GB8428608A 1984-11-13 1984-11-13 Password-protected data link Expired GB2168831B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB8428608A GB2168831B (en) 1984-11-13 1984-11-13 Password-protected data link

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB8428608A GB2168831B (en) 1984-11-13 1984-11-13 Password-protected data link

Publications (2)

Publication Number Publication Date
GB2168831A true GB2168831A (en) 1986-06-25
GB2168831B GB2168831B (en) 1988-04-27

Family

ID=10569636

Family Applications (1)

Application Number Title Priority Date Filing Date
GB8428608A Expired GB2168831B (en) 1984-11-13 1984-11-13 Password-protected data link

Country Status (1)

Country Link
GB (1) GB2168831B (en)

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2188758A (en) * 1986-04-04 1987-10-07 Philip Hall Bertenshaw Secure data transmission system
EP0242808A1 (en) * 1986-04-17 1987-10-28 Kabushiki Kaisha Myukomu Method and system for confirming user in modem communications
WO1988007240A1 (en) * 1987-03-12 1988-09-22 Siemens Ltd. Controlling security access
EP0292248A2 (en) * 1987-05-19 1988-11-23 THE GENERAL ELECTRIC COMPANY, p.l.c. Data processing system
GB2229020A (en) * 1989-03-06 1990-09-12 Chris Keiron Ellis Security device to limit remote access to computers over a telecommunication network
EP0532102A2 (en) * 1991-09-11 1993-03-17 Philips Patentverwaltung GmbH System for controlling data access to a data apparatus
GB2268602A (en) * 1992-06-25 1994-01-12 Mitac Ltd Enhancing security of data transfer
EP0588519A2 (en) * 1992-08-31 1994-03-23 AT&T Corp. Continuous authentication using an in-band or out-of-band side channel
GB2281991A (en) * 1993-09-10 1995-03-22 Icl Systems Ab Authentication
EP0686905A1 (en) * 1994-06-03 1995-12-13 Sun Microsystems, Inc. Method and apparatus for secure remote authentication in a public network
US5771291A (en) * 1995-12-11 1998-06-23 Newton; Farrell User identification and authentication system using ultra long identification keys and ultra large databases of identification keys for secure remote terminal access to a host computer
US5923842A (en) * 1997-03-06 1999-07-13 Citrix Systems, Inc. Method and apparatus for simultaneously providing anonymous user login for multiple users
GB2337908A (en) * 1998-03-13 1999-12-01 Nec Corp Accessing a network host computer from outside the network with improved security
EP1071004A1 (en) * 1999-07-19 2001-01-24 Aiwa Co., Ltd. Communication control method and communication terminal unit capable of limiting connection destination of dial up-connection
WO2003053025A1 (en) * 2001-12-18 2003-06-26 Siemens Energy & Automation, Inc. Security features for an integral plc modem
US6986040B1 (en) 2000-11-03 2006-01-10 Citrix Systems, Inc. System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel
US7020773B1 (en) 2000-07-17 2006-03-28 Citrix Systems, Inc. Strong mutual authentication of devices
US7100200B2 (en) 2001-06-13 2006-08-29 Citrix Systems, Inc. Method and apparatus for transmitting authentication credentials of a user across communication sessions
US7227939B2 (en) 2001-12-18 2007-06-05 Siemens Energy & Automation, Inc. Security features for an integral PLC modem
US7661129B2 (en) 2002-02-26 2010-02-09 Citrix Systems, Inc. Secure traversal of network components
US7984157B2 (en) 2002-02-26 2011-07-19 Citrix Systems, Inc. Persistent and reliable session securely traversing network components using an encapsulating protocol
US8090874B2 (en) 2001-06-13 2012-01-03 Citrix Systems, Inc. Systems and methods for maintaining a client's network connection thru a change in network identifier
US8321499B2 (en) 1994-05-31 2012-11-27 Intellectual Ventures I Llc Method for distributing content to a user station

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB1588147A (en) * 1977-01-25 1981-04-15 Ibm Information exchange system
EP0067611A1 (en) * 1981-06-05 1982-12-22 Exide Electronics International Corp. Apparatus for controlling access to computers
WO1983002343A1 (en) * 1981-12-29 1983-07-07 Marathon Oil Co Computer terminal security system
EP0100260A1 (en) * 1982-07-08 1984-02-08 Bull S.A. Method to establish the origin of at least one bit of information stored in a memory of a first electronical device and transmitted to a second electronical device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB1588147A (en) * 1977-01-25 1981-04-15 Ibm Information exchange system
EP0067611A1 (en) * 1981-06-05 1982-12-22 Exide Electronics International Corp. Apparatus for controlling access to computers
WO1983002343A1 (en) * 1981-12-29 1983-07-07 Marathon Oil Co Computer terminal security system
EP0100260A1 (en) * 1982-07-08 1984-02-08 Bull S.A. Method to establish the origin of at least one bit of information stored in a memory of a first electronical device and transmitted to a second electronical device

Cited By (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2188758A (en) * 1986-04-04 1987-10-07 Philip Hall Bertenshaw Secure data transmission system
EP0242808A1 (en) * 1986-04-17 1987-10-28 Kabushiki Kaisha Myukomu Method and system for confirming user in modem communications
WO1988007240A1 (en) * 1987-03-12 1988-09-22 Siemens Ltd. Controlling security access
EP0292248A3 (en) * 1987-05-19 1990-10-31 The General Electric Company, P.L.C. Data processing system
GB2204973A (en) * 1987-05-19 1988-11-23 Gen Electric Co Plc Data processing system
EP0292248A2 (en) * 1987-05-19 1988-11-23 THE GENERAL ELECTRIC COMPANY, p.l.c. Data processing system
GB2229020A (en) * 1989-03-06 1990-09-12 Chris Keiron Ellis Security device to limit remote access to computers over a telecommunication network
EP0532102A2 (en) * 1991-09-11 1993-03-17 Philips Patentverwaltung GmbH System for controlling data access to a data apparatus
EP0532102A3 (en) * 1991-09-11 1995-12-13 Philips Patentverwaltung System for controlling data access to a data apparatus
GB2268602A (en) * 1992-06-25 1994-01-12 Mitac Ltd Enhancing security of data transfer
EP0588519A2 (en) * 1992-08-31 1994-03-23 AT&T Corp. Continuous authentication using an in-band or out-of-band side channel
EP0588519A3 (en) * 1992-08-31 1994-05-25 American Telephone & Telegraph Continuous authentication using an in-band or out-of-band side channel
GB2281991A (en) * 1993-09-10 1995-03-22 Icl Systems Ab Authentication
US8321499B2 (en) 1994-05-31 2012-11-27 Intellectual Ventures I Llc Method for distributing content to a user station
US8812620B2 (en) 1994-05-31 2014-08-19 Intellectual Property I LLC Software and method that enables selection of one of a plurality of online service providers
US8635272B2 (en) 1994-05-31 2014-01-21 Intellectual Ventures I Llc Method for distributing a list of updated content to a user station from a distribution server wherein the user station may defer installing the update
US8499030B1 (en) 1994-05-31 2013-07-30 Intellectual Ventures I Llc Software and method that enables selection of one of a plurality of network communications service providers
US8407682B2 (en) 1994-05-31 2013-03-26 Intellectual Ventures I Llc Software and method that enables selection of one of a plurality of online service providers
US8719339B2 (en) 1994-05-31 2014-05-06 Intellectual Ventures I Llc Software and method that enables selection of one of a plurality of online service providers
US9111604B2 (en) 1994-05-31 2015-08-18 Intellectual Ventures I Llc Software and method that enables selection of on-line content from one of a plurality of network content service providers in a single action
US9484077B2 (en) * 1994-05-31 2016-11-01 Intellectual Ventures I Llc Providing services from a remote computer system to a user station over a communications network
US9484078B2 (en) 1994-05-31 2016-11-01 Intellectual Ventures I Llc Providing services from a remote computer system to a user station over a communications network
US8825872B2 (en) 1994-05-31 2014-09-02 Intellectual Ventures I Llc Software and method for monitoring a data stream and for capturing desired data within the data stream
US5604803A (en) * 1994-06-03 1997-02-18 Sun Microsystems, Inc. Method and apparatus for secure remote authentication in a public network
EP0686905A1 (en) * 1994-06-03 1995-12-13 Sun Microsystems, Inc. Method and apparatus for secure remote authentication in a public network
US5771291A (en) * 1995-12-11 1998-06-23 Newton; Farrell User identification and authentication system using ultra long identification keys and ultra large databases of identification keys for secure remote terminal access to a host computer
US5923842A (en) * 1997-03-06 1999-07-13 Citrix Systems, Inc. Method and apparatus for simultaneously providing anonymous user login for multiple users
US6490687B1 (en) 1998-03-13 2002-12-03 Nec Corporation Login permission with improved security
GB2337908B (en) * 1998-03-13 2000-10-25 Nec Corp Login permission method and system
GB2337908A (en) * 1998-03-13 1999-12-01 Nec Corp Accessing a network host computer from outside the network with improved security
EP1071004A1 (en) * 1999-07-19 2001-01-24 Aiwa Co., Ltd. Communication control method and communication terminal unit capable of limiting connection destination of dial up-connection
US7020773B1 (en) 2000-07-17 2006-03-28 Citrix Systems, Inc. Strong mutual authentication of devices
US7293176B2 (en) 2000-07-17 2007-11-06 Citrix Systems, Inc. Strong mutual authentication of devices
US6986040B1 (en) 2000-11-03 2006-01-10 Citrix Systems, Inc. System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel
US7100200B2 (en) 2001-06-13 2006-08-29 Citrix Systems, Inc. Method and apparatus for transmitting authentication credentials of a user across communication sessions
US8874791B2 (en) 2001-06-13 2014-10-28 Citrix Systems, Inc. Automatically reconnecting a client across reliable and persistent communication sessions
US8090874B2 (en) 2001-06-13 2012-01-03 Citrix Systems, Inc. Systems and methods for maintaining a client's network connection thru a change in network identifier
WO2003053025A1 (en) * 2001-12-18 2003-06-26 Siemens Energy & Automation, Inc. Security features for an integral plc modem
CN103546460A (en) * 2001-12-18 2014-01-29 西门子工业公司 Security features for an integral plc modem
US7227939B2 (en) 2001-12-18 2007-06-05 Siemens Energy & Automation, Inc. Security features for an integral PLC modem
US7984157B2 (en) 2002-02-26 2011-07-19 Citrix Systems, Inc. Persistent and reliable session securely traversing network components using an encapsulating protocol
US7661129B2 (en) 2002-02-26 2010-02-09 Citrix Systems, Inc. Secure traversal of network components

Also Published As

Publication number Publication date
GB2168831B (en) 1988-04-27

Similar Documents

Publication Publication Date Title
GB2168831A (en) Password-protected data link
EP0262859B1 (en) Adjunct processor for providing computer facility access protection via call transfer
US5280581A (en) Enhanced call-back authentication method and apparatus for remotely accessing a host computer from a plurality of remote sites
US4779224A (en) Identity verification method and apparatus
US4815031A (en) Method for granting a request to authorized data terminal users accessing from any locations
US4310720A (en) Computer accessing system
US5872917A (en) Authentication using random challenges
US6075861A (en) Security access system
EP0205584A1 (en) Electronic linkage interface control security system and method
US5448764A (en) Cordless telephone set with secure communication protocol
US4831648A (en) Method of confirming user in modem communications and its system
US6934531B1 (en) Method for improving the security of authentication procedures in digital mobile radio telephone systems
EP1119147A1 (en) Provision of secure access for telecommunications system
WO1998000956A2 (en) System and method for preventing cellular fraud
JP2996184B2 (en) Unauthorized access prevention callback method
GB2229020A (en) Security device to limit remote access to computers over a telecommunication network
JPS60171559A (en) Preventing system for foul use of system
JPS6399664A (en) Connecting system for data line
KR200211327Y1 (en) The user-authentication system through second connecting path
JPS62213338A (en) Illegal access prevention system
JPH0653956A (en) Digital commuication equipment
TR202017023A2 (en) AN ENCRYPTED SEARCH SYSTEM
JPS6243628B2 (en)
JPH0624360B2 (en) Method for authenticating a data processing device
KR20020017515A (en) The user-authentication system through second connecting path

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 19931113