GB2229020A - Security device to limit remote access to computers over a telecommunication network - Google Patents
Security device to limit remote access to computers over a telecommunication network Download PDFInfo
- Publication number
- GB2229020A GB2229020A GB8907987A GB8907987A GB2229020A GB 2229020 A GB2229020 A GB 2229020A GB 8907987 A GB8907987 A GB 8907987A GB 8907987 A GB8907987 A GB 8907987A GB 2229020 A GB2229020 A GB 2229020A
- Authority
- GB
- United Kingdom
- Prior art keywords
- computer
- unit
- security device
- signals
- computer security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/313—User authentication using a call-back technique via a telephone network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/66—Substation equipment, e.g. for use by subscribers with means for preventing unauthorised or fraudulent calling
- H04M1/663—Preventing unauthorised calls to a telephone set
- H04M1/665—Preventing unauthorised calls to a telephone set by checking the validity of a code
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
- Sub-Exchange Stations And Push- Button Telephones (AREA)
Abstract
The device is an independent unit with a timer, memory and random password generator, able to store, generate, recognise and transmit passwords; store and transmit telephone numbers and recognise and retransmit permitted signals. Telephone numbers, passwords and signals may only be programmed into the device when a key is inserted into the unit and a suitable input device used. As the unit is able to effect call back procedures and recognise certain signals and retransmit them independently of the computer it protects the potential hacker is never able to gain access to the protected computer. The call back and signal screening (indirect access) function may be used jointly or independently.
Description
SECURITY DEVICE TO LIMIT REMOTE ACCESS TO COMPUTERS OVER
A TELECOMMUNICATION NETWORK
This invention relates to the control of remote access to computers over a telecommunication network.
The practice of 'computer-hacking', the gaining of unauthorised access to a computer by persons typically using their own computer linked through a modem to a telephone network, has been of growing concern to businesses and governments over recent years. The conventional way of protecting computer systems from such access is by the use of one or more passwords. Hackers, however, have shown themselves expert in guessing, discovering or using computer programs to find the correct password. Once a hacker has gained access to a computer system the intruder is often able to view, alter or erase private data, disrupt the normal functioning of that system and put in place a 'back-door'. A 'back-door' is a set of instructions which tell the computer to admit the hacker when he or she uses a particular code, regardless of any changes to the normal passwords.
This invention seeks to exclude hackers from any access to the computer system, so that they are unable to attempt the computers password sequence or gain any other access, regardless of whether or not a 'back-door' has been installed into the system.
According to the present invention there is provided a unit with an independent memory and capable of receiving and recognising certain identification and communication signals over the telecommunication network used. The unit is capable of generating its own identification signal and random password; able to generate dialling sequences or initiating dialling sequences directly or indirectly to effect contact with other users of the telecommunications network. The unit which may or may not be free standing, will only allow access to or by the computer system it protects over the telecommunications network after it has effected certain security procedures such as or similar to those described under the specific embodiment of the invention below.The call back procedures are designed only to allow access to the computer by authorised users whose details have been pre-programed into the unit. The indirect access procedure is designed to limit the instructions that may be communicated to the computer once contact has been established. Although described together below, it is envisaged that for certain security applications either the call back procedures or the indirect access procedure would alone be appropriate. In these cases, to reduce costs, units may be supplied which are only able to perform the appropriate tasks.
A specific embodiment of the invention will now be described as if the telecommunications network is to be the British
Telecom telephone system. The unit has a memory containing a library of identification signals it recognises, together with the telephone numbers of the authorised users of those signals and the units own identification signal. When the indirect access procedure is to be used, the memory also contains a list of those commands the computer may accept from each user or group of users. Alterations to this library may only be made when the correct key is inserted into a lock in the unit, turned and remains within the unit.
Such alterations may be made by an input device, such as a keyboard, which may be integral or external to the unit. The unit also has a random password generator, a timing unit and memory to store certain details of calls made to or from other network users, such as the identification signal of the unit or other system contacted or contact received from and any random password transmitted or received which will be recorded for a limited time. In addition, the unit has a longer term memory to record details of calls made and received, their time, duration and the identification of those contacted or contact received from. When the unit's key is in place, this information may be output via an integral or external output device, such as a printer, and that part of the memory may be erased. This memory may also be used to report the current operational state of the unit.
The call back security procedure the unit is designed to effect is as follows:
Case One When the unit receives a call from a user of
the telecommunications network who is not
using a similar unit it will receive and
record the identification signal transmitted
by the calling network user, then it will cut
or otherwise cause to be cut the communication
line. Once the caller has disconnected, or
has been disconnected, the unit will call the
number in its library corresponding to the
identification signal received. When the
connection is made the unit will then allow
the computer it protects direct or indirect
access to the communication line. If, however,
the identification received is not recognised
the unit will not attempt to make any call and
will not allow connection to the computer it
protects.If the unit calls the number in the
library and it contacts a system giving an
identification other than that of the original
caller no connection will be made.
Case Two When the unit receives a call from a user of
the telecommunications network who is using a
similar unit it will record both the
identification signal and the random password
transmitted. The calling unit will then cut
the telephone line. The unit having received
the call will then call the telephone number
in its library corresponding to the
identification signal received. It will
transmit its own identification signal and the
random password it recorded, which it will then erase from its memory. Assuming the unit so contacted had placed the original call within its pre-programed time limit, both units will connect their computers directly or indirectly over the telephone line. If, however, the identification received is not recognised the unit will not attempt to make any call and will not allow connection to the computer it protects.If the unit calls the number in the library and it contacts a system giving an identification other than that of the original caller no connection will be made.
If the unit whose identification was given did not place the call or did place the call but the call back was not achieved within a pre-set time limit, no connection of either computer to the telephone lines will be made.
Case Three The unit is instructed to call an authorised
user who does not have a similar unit. The
unit telephones the number in its library
corresponding to the user it has been asked to
contact. When it has exchanged identification
signals with the computer it has contacted,
having confirmed it is the correct machine, it
will connect its computer directly or
indirectly to the telephone line.
Case Four The unit is instructed to call an authorised
user who does have a similar unit. The unit
telephones the number in its library
corresponding to the user it has been asked
to contact. When it has exchanged
identification signals with the unit it has
contacted, having confirmed it is the correct
machine, it will generate and transmit a
random password. It will then cut the
telephone line. For a limited time the unit
will remember both the identification signal
of the machine it called and the random
password. If the machine called then calls
back and gives its identification signal and
the random password within a pre-set time
limit the unit will allow access, either
directly or indirectly to its computer. If
the return call does not come within the time
allowed the unit will erase its memory of the
password.If the return call then comes the
unit will treat it as if it were an
instruction to call an authorised user who has
a similar unit and repeat the steps of 'Case
Four' from the beginning.
When the access the unit is programmed to allow to the computer is indirect the unit will only recognise and pass on those incoming instructions or pattern or sequence of instructions which it has been pre-programed to accept from that particular authorised user. The unit would not interfere with the transmissions made by the computer it protects.
The indirect access feature would be especially useful when the computer protected contains, for example, a large data-base. Different users could be allowed to access varying amounts or sections of information. Instructions which might, for instance, alter the computers programming or access restricted data would not be recognised by the unit and therefore not be passed onto the computer where they could be processed.
When the unit is used to enforce the indirect access procedure without the call back procedure in operation, the unit would be unable to differentiate between users. In this case it would apply a single library of acceptable pre-programed instructions or pattern or sequence of instructions to all telecommunication network users.
Claims (7)
1. A computer security device with its own memory independant of the computer it protects, connected between the computer and the telecommunications network.
2. A computer security device as claimed in Claim 1, able to store generate, recognise and transmit passwords, store and transmit telephone numbers (or other telecommunication identification signal) to effect a pre-set identification and call back procedure.
3. A computer security device as calimed in Claim 1 or Claim 2, able to store, receive and recognise certain signals signals, retransmitting only those which it is programed to permit.
4. A computer security device as claimed in any preceding claim, with an internal modem or similar device.
5. A computer security device as claimed in any preceding claim, mounted internally to the computer casing.
6. A computer security device as claimed in any preceding claim, sharing a power source with the computer or other hardware.
7. A computer security device as claimed in any preceding claim, with an input device secured by a llechanical or electronic loch device.
NB The word 'signals' in claim 3 was typed twice in error.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB8905044A GB8905044D0 (en) | 1989-03-06 | 1989-03-06 | Security device to limit remote access to computer over a telecommunication network |
Publications (2)
Publication Number | Publication Date |
---|---|
GB8907987D0 GB8907987D0 (en) | 1989-05-24 |
GB2229020A true GB2229020A (en) | 1990-09-12 |
Family
ID=10652802
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB8905044A Pending GB8905044D0 (en) | 1989-03-06 | 1989-03-06 | Security device to limit remote access to computer over a telecommunication network |
GB8907987A Withdrawn GB2229020A (en) | 1989-03-06 | 1989-04-10 | Security device to limit remote access to computers over a telecommunication network |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB8905044A Pending GB8905044D0 (en) | 1989-03-06 | 1989-03-06 | Security device to limit remote access to computer over a telecommunication network |
Country Status (1)
Country | Link |
---|---|
GB (2) | GB8905044D0 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2268602A (en) * | 1992-06-25 | 1994-01-12 | Mitac Ltd | Enhancing security of data transfer |
EP0844551A2 (en) * | 1996-10-28 | 1998-05-27 | Brian J. Veneklase | Computer security system |
GB2322035A (en) * | 1997-02-05 | 1998-08-12 | Stuart Justin Nash | Computer connected to telecommunication network modem via buffer computer |
WO2003053025A1 (en) * | 2001-12-18 | 2003-06-26 | Siemens Energy & Automation, Inc. | Security features for an integral plc modem |
EP1338940A1 (en) * | 2002-02-25 | 2003-08-27 | Chrysalis- ITS Inc. | Universal password generator |
US6971027B1 (en) | 1999-04-01 | 2005-11-29 | Veneklase Brian J | Computer security system |
US7227939B2 (en) | 2001-12-18 | 2007-06-05 | Siemens Energy & Automation, Inc. | Security features for an integral PLC modem |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0067611A1 (en) * | 1981-06-05 | 1982-12-22 | Exide Electronics International Corp. | Apparatus for controlling access to computers |
WO1983002343A1 (en) * | 1981-12-29 | 1983-07-07 | Marathon Oil Co | Computer terminal security system |
EP0165789A2 (en) * | 1984-06-20 | 1985-12-27 | Effective Security Systems, Inc. | Device for protecting computer software |
GB2168831A (en) * | 1984-11-13 | 1986-06-25 | Steebek Systems Ltd | Password-protected data link |
EP0242808A1 (en) * | 1986-04-17 | 1987-10-28 | Kabushiki Kaisha Myukomu | Method and system for confirming user in modem communications |
-
1989
- 1989-03-06 GB GB8905044A patent/GB8905044D0/en active Pending
- 1989-04-10 GB GB8907987A patent/GB2229020A/en not_active Withdrawn
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0067611A1 (en) * | 1981-06-05 | 1982-12-22 | Exide Electronics International Corp. | Apparatus for controlling access to computers |
WO1983002343A1 (en) * | 1981-12-29 | 1983-07-07 | Marathon Oil Co | Computer terminal security system |
EP0165789A2 (en) * | 1984-06-20 | 1985-12-27 | Effective Security Systems, Inc. | Device for protecting computer software |
GB2168831A (en) * | 1984-11-13 | 1986-06-25 | Steebek Systems Ltd | Password-protected data link |
EP0242808A1 (en) * | 1986-04-17 | 1987-10-28 | Kabushiki Kaisha Myukomu | Method and system for confirming user in modem communications |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2268602A (en) * | 1992-06-25 | 1994-01-12 | Mitac Ltd | Enhancing security of data transfer |
EP0844551A2 (en) * | 1996-10-28 | 1998-05-27 | Brian J. Veneklase | Computer security system |
EP0844551A3 (en) * | 1996-10-28 | 1998-07-01 | Brian J. Veneklase | Computer security system |
US5881226A (en) * | 1996-10-28 | 1999-03-09 | Veneklase; Brian J. | Computer security system |
US6609206B1 (en) | 1996-10-28 | 2003-08-19 | Brian J. Veneklase | Computer security system |
US9053316B2 (en) | 1996-10-28 | 2015-06-09 | C.H.I. Development Mgmt. Ltd. Iii, Llc | Secure access computer system |
GB2322035A (en) * | 1997-02-05 | 1998-08-12 | Stuart Justin Nash | Computer connected to telecommunication network modem via buffer computer |
GB2322035B (en) * | 1997-02-05 | 2001-09-19 | Stuart Justin Nash | Improvements in and relating to computers |
US6971027B1 (en) | 1999-04-01 | 2005-11-29 | Veneklase Brian J | Computer security system |
WO2003053025A1 (en) * | 2001-12-18 | 2003-06-26 | Siemens Energy & Automation, Inc. | Security features for an integral plc modem |
US7227939B2 (en) | 2001-12-18 | 2007-06-05 | Siemens Energy & Automation, Inc. | Security features for an integral PLC modem |
EP1338940A1 (en) * | 2002-02-25 | 2003-08-27 | Chrysalis- ITS Inc. | Universal password generator |
Also Published As
Publication number | Publication date |
---|---|
GB8907987D0 (en) | 1989-05-24 |
GB8905044D0 (en) | 1989-04-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0558326B1 (en) | Enhanced call-back authentication method and apparatus | |
US4679226A (en) | Computer security guard circuit | |
JP3007354B2 (en) | Quasi-processor for providing computer equipment access protection via call forwarding | |
CA1102453A (en) | Computer accessing system | |
CA2257992C (en) | A method and system for communication access restriction | |
US4962449A (en) | Computer security system having remote location recognition and remote location lock-out | |
US4922521A (en) | System for providing secure telecommunication access to a computer | |
US5872917A (en) | Authentication using random challenges | |
US4905281A (en) | Security apparatus and method for computers connected to telephone circuits | |
US4640989A (en) | Communications unit for executive work station | |
US5136648A (en) | Message storage security system | |
US5131025A (en) | Intelligent modem system which determines proper access thereto | |
US4626623A (en) | Method and apparatus for telephone access security | |
IE823085L (en) | Computer terminal security system | |
EP0944992A2 (en) | Method and device for the remote operation and remote control of systems and apparatus via a telephone network | |
US4546213A (en) | Modem security device | |
GB2168831A (en) | Password-protected data link | |
JPH03133243A (en) | Device for blocking access of non- admitted modem on pbx circuit | |
US4763351A (en) | Computer security system | |
GB2229020A (en) | Security device to limit remote access to computers over a telecommunication network | |
EP0018129A1 (en) | Method of providing security of data on a communication path | |
KR0183037B1 (en) | Method of controlling access to restricted access data and communication system therefor | |
GB2227906A (en) | Telephone call barring system | |
JPH06253022A (en) | Public line call control system outside id management | |
JPH10190876A (en) | Callback device with illegal access protection system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |