GB2229020A - Security device to limit remote access to computers over a telecommunication network - Google Patents

Security device to limit remote access to computers over a telecommunication network Download PDF

Info

Publication number
GB2229020A
GB2229020A GB8907987A GB8907987A GB2229020A GB 2229020 A GB2229020 A GB 2229020A GB 8907987 A GB8907987 A GB 8907987A GB 8907987 A GB8907987 A GB 8907987A GB 2229020 A GB2229020 A GB 2229020A
Authority
GB
United Kingdom
Prior art keywords
computer
unit
security device
signals
computer security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB8907987A
Other versions
GB8907987D0 (en
Inventor
Chris Keiron Ellis
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of GB8907987D0 publication Critical patent/GB8907987D0/en
Publication of GB2229020A publication Critical patent/GB2229020A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/313User authentication using a call-back technique via a telephone network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/66Substation equipment, e.g. for use by subscribers with means for preventing unauthorised or fraudulent calling
    • H04M1/663Preventing unauthorised calls to a telephone set
    • H04M1/665Preventing unauthorised calls to a telephone set by checking the validity of a code

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Sub-Exchange Stations And Push- Button Telephones (AREA)

Abstract

The device is an independent unit with a timer, memory and random password generator, able to store, generate, recognise and transmit passwords; store and transmit telephone numbers and recognise and retransmit permitted signals. Telephone numbers, passwords and signals may only be programmed into the device when a key is inserted into the unit and a suitable input device used. As the unit is able to effect call back procedures and recognise certain signals and retransmit them independently of the computer it protects the potential hacker is never able to gain access to the protected computer. The call back and signal screening (indirect access) function may be used jointly or independently.

Description

SECURITY DEVICE TO LIMIT REMOTE ACCESS TO COMPUTERS OVER A TELECOMMUNICATION NETWORK This invention relates to the control of remote access to computers over a telecommunication network.
The practice of 'computer-hacking', the gaining of unauthorised access to a computer by persons typically using their own computer linked through a modem to a telephone network, has been of growing concern to businesses and governments over recent years. The conventional way of protecting computer systems from such access is by the use of one or more passwords. Hackers, however, have shown themselves expert in guessing, discovering or using computer programs to find the correct password. Once a hacker has gained access to a computer system the intruder is often able to view, alter or erase private data, disrupt the normal functioning of that system and put in place a 'back-door'. A 'back-door' is a set of instructions which tell the computer to admit the hacker when he or she uses a particular code, regardless of any changes to the normal passwords.
This invention seeks to exclude hackers from any access to the computer system, so that they are unable to attempt the computers password sequence or gain any other access, regardless of whether or not a 'back-door' has been installed into the system.
According to the present invention there is provided a unit with an independent memory and capable of receiving and recognising certain identification and communication signals over the telecommunication network used. The unit is capable of generating its own identification signal and random password; able to generate dialling sequences or initiating dialling sequences directly or indirectly to effect contact with other users of the telecommunications network. The unit which may or may not be free standing, will only allow access to or by the computer system it protects over the telecommunications network after it has effected certain security procedures such as or similar to those described under the specific embodiment of the invention below.The call back procedures are designed only to allow access to the computer by authorised users whose details have been pre-programed into the unit. The indirect access procedure is designed to limit the instructions that may be communicated to the computer once contact has been established. Although described together below, it is envisaged that for certain security applications either the call back procedures or the indirect access procedure would alone be appropriate. In these cases, to reduce costs, units may be supplied which are only able to perform the appropriate tasks.
A specific embodiment of the invention will now be described as if the telecommunications network is to be the British Telecom telephone system. The unit has a memory containing a library of identification signals it recognises, together with the telephone numbers of the authorised users of those signals and the units own identification signal. When the indirect access procedure is to be used, the memory also contains a list of those commands the computer may accept from each user or group of users. Alterations to this library may only be made when the correct key is inserted into a lock in the unit, turned and remains within the unit.
Such alterations may be made by an input device, such as a keyboard, which may be integral or external to the unit. The unit also has a random password generator, a timing unit and memory to store certain details of calls made to or from other network users, such as the identification signal of the unit or other system contacted or contact received from and any random password transmitted or received which will be recorded for a limited time. In addition, the unit has a longer term memory to record details of calls made and received, their time, duration and the identification of those contacted or contact received from. When the unit's key is in place, this information may be output via an integral or external output device, such as a printer, and that part of the memory may be erased. This memory may also be used to report the current operational state of the unit.
The call back security procedure the unit is designed to effect is as follows: Case One When the unit receives a call from a user of the telecommunications network who is not using a similar unit it will receive and record the identification signal transmitted by the calling network user, then it will cut or otherwise cause to be cut the communication line. Once the caller has disconnected, or has been disconnected, the unit will call the number in its library corresponding to the identification signal received. When the connection is made the unit will then allow the computer it protects direct or indirect access to the communication line. If, however, the identification received is not recognised the unit will not attempt to make any call and will not allow connection to the computer it protects.If the unit calls the number in the library and it contacts a system giving an identification other than that of the original caller no connection will be made.
Case Two When the unit receives a call from a user of the telecommunications network who is using a similar unit it will record both the identification signal and the random password transmitted. The calling unit will then cut the telephone line. The unit having received the call will then call the telephone number in its library corresponding to the identification signal received. It will transmit its own identification signal and the random password it recorded, which it will then erase from its memory. Assuming the unit so contacted had placed the original call within its pre-programed time limit, both units will connect their computers directly or indirectly over the telephone line. If, however, the identification received is not recognised the unit will not attempt to make any call and will not allow connection to the computer it protects.If the unit calls the number in the library and it contacts a system giving an identification other than that of the original caller no connection will be made.
If the unit whose identification was given did not place the call or did place the call but the call back was not achieved within a pre-set time limit, no connection of either computer to the telephone lines will be made.
Case Three The unit is instructed to call an authorised user who does not have a similar unit. The unit telephones the number in its library corresponding to the user it has been asked to contact. When it has exchanged identification signals with the computer it has contacted, having confirmed it is the correct machine, it will connect its computer directly or indirectly to the telephone line.
Case Four The unit is instructed to call an authorised user who does have a similar unit. The unit telephones the number in its library corresponding to the user it has been asked to contact. When it has exchanged identification signals with the unit it has contacted, having confirmed it is the correct machine, it will generate and transmit a random password. It will then cut the telephone line. For a limited time the unit will remember both the identification signal of the machine it called and the random password. If the machine called then calls back and gives its identification signal and the random password within a pre-set time limit the unit will allow access, either directly or indirectly to its computer. If the return call does not come within the time allowed the unit will erase its memory of the password.If the return call then comes the unit will treat it as if it were an instruction to call an authorised user who has a similar unit and repeat the steps of 'Case Four' from the beginning.
When the access the unit is programmed to allow to the computer is indirect the unit will only recognise and pass on those incoming instructions or pattern or sequence of instructions which it has been pre-programed to accept from that particular authorised user. The unit would not interfere with the transmissions made by the computer it protects.
The indirect access feature would be especially useful when the computer protected contains, for example, a large data-base. Different users could be allowed to access varying amounts or sections of information. Instructions which might, for instance, alter the computers programming or access restricted data would not be recognised by the unit and therefore not be passed onto the computer where they could be processed.
When the unit is used to enforce the indirect access procedure without the call back procedure in operation, the unit would be unable to differentiate between users. In this case it would apply a single library of acceptable pre-programed instructions or pattern or sequence of instructions to all telecommunication network users.

Claims (7)

1. A computer security device with its own memory independant of the computer it protects, connected between the computer and the telecommunications network.
2. A computer security device as claimed in Claim 1, able to store generate, recognise and transmit passwords, store and transmit telephone numbers (or other telecommunication identification signal) to effect a pre-set identification and call back procedure.
3. A computer security device as calimed in Claim 1 or Claim 2, able to store, receive and recognise certain signals signals, retransmitting only those which it is programed to permit.
4. A computer security device as claimed in any preceding claim, with an internal modem or similar device.
5. A computer security device as claimed in any preceding claim, mounted internally to the computer casing.
6. A computer security device as claimed in any preceding claim, sharing a power source with the computer or other hardware.
7. A computer security device as claimed in any preceding claim, with an input device secured by a llechanical or electronic loch device.
NB The word 'signals' in claim 3 was typed twice in error.
GB8907987A 1989-03-06 1989-04-10 Security device to limit remote access to computers over a telecommunication network Withdrawn GB2229020A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB8905044A GB8905044D0 (en) 1989-03-06 1989-03-06 Security device to limit remote access to computer over a telecommunication network

Publications (2)

Publication Number Publication Date
GB8907987D0 GB8907987D0 (en) 1989-05-24
GB2229020A true GB2229020A (en) 1990-09-12

Family

ID=10652802

Family Applications (2)

Application Number Title Priority Date Filing Date
GB8905044A Pending GB8905044D0 (en) 1989-03-06 1989-03-06 Security device to limit remote access to computer over a telecommunication network
GB8907987A Withdrawn GB2229020A (en) 1989-03-06 1989-04-10 Security device to limit remote access to computers over a telecommunication network

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GB8905044A Pending GB8905044D0 (en) 1989-03-06 1989-03-06 Security device to limit remote access to computer over a telecommunication network

Country Status (1)

Country Link
GB (2) GB8905044D0 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2268602A (en) * 1992-06-25 1994-01-12 Mitac Ltd Enhancing security of data transfer
EP0844551A2 (en) * 1996-10-28 1998-05-27 Brian J. Veneklase Computer security system
GB2322035A (en) * 1997-02-05 1998-08-12 Stuart Justin Nash Computer connected to telecommunication network modem via buffer computer
WO2003053025A1 (en) * 2001-12-18 2003-06-26 Siemens Energy & Automation, Inc. Security features for an integral plc modem
EP1338940A1 (en) * 2002-02-25 2003-08-27 Chrysalis- ITS Inc. Universal password generator
US6971027B1 (en) 1999-04-01 2005-11-29 Veneklase Brian J Computer security system
US7227939B2 (en) 2001-12-18 2007-06-05 Siemens Energy & Automation, Inc. Security features for an integral PLC modem

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0067611A1 (en) * 1981-06-05 1982-12-22 Exide Electronics International Corp. Apparatus for controlling access to computers
WO1983002343A1 (en) * 1981-12-29 1983-07-07 Marathon Oil Co Computer terminal security system
EP0165789A2 (en) * 1984-06-20 1985-12-27 Effective Security Systems, Inc. Device for protecting computer software
GB2168831A (en) * 1984-11-13 1986-06-25 Steebek Systems Ltd Password-protected data link
EP0242808A1 (en) * 1986-04-17 1987-10-28 Kabushiki Kaisha Myukomu Method and system for confirming user in modem communications

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0067611A1 (en) * 1981-06-05 1982-12-22 Exide Electronics International Corp. Apparatus for controlling access to computers
WO1983002343A1 (en) * 1981-12-29 1983-07-07 Marathon Oil Co Computer terminal security system
EP0165789A2 (en) * 1984-06-20 1985-12-27 Effective Security Systems, Inc. Device for protecting computer software
GB2168831A (en) * 1984-11-13 1986-06-25 Steebek Systems Ltd Password-protected data link
EP0242808A1 (en) * 1986-04-17 1987-10-28 Kabushiki Kaisha Myukomu Method and system for confirming user in modem communications

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2268602A (en) * 1992-06-25 1994-01-12 Mitac Ltd Enhancing security of data transfer
EP0844551A2 (en) * 1996-10-28 1998-05-27 Brian J. Veneklase Computer security system
EP0844551A3 (en) * 1996-10-28 1998-07-01 Brian J. Veneklase Computer security system
US5881226A (en) * 1996-10-28 1999-03-09 Veneklase; Brian J. Computer security system
US6609206B1 (en) 1996-10-28 2003-08-19 Brian J. Veneklase Computer security system
US9053316B2 (en) 1996-10-28 2015-06-09 C.H.I. Development Mgmt. Ltd. Iii, Llc Secure access computer system
GB2322035A (en) * 1997-02-05 1998-08-12 Stuart Justin Nash Computer connected to telecommunication network modem via buffer computer
GB2322035B (en) * 1997-02-05 2001-09-19 Stuart Justin Nash Improvements in and relating to computers
US6971027B1 (en) 1999-04-01 2005-11-29 Veneklase Brian J Computer security system
WO2003053025A1 (en) * 2001-12-18 2003-06-26 Siemens Energy & Automation, Inc. Security features for an integral plc modem
US7227939B2 (en) 2001-12-18 2007-06-05 Siemens Energy & Automation, Inc. Security features for an integral PLC modem
EP1338940A1 (en) * 2002-02-25 2003-08-27 Chrysalis- ITS Inc. Universal password generator

Also Published As

Publication number Publication date
GB8907987D0 (en) 1989-05-24
GB8905044D0 (en) 1989-04-19

Similar Documents

Publication Publication Date Title
EP0558326B1 (en) Enhanced call-back authentication method and apparatus
US4679226A (en) Computer security guard circuit
JP3007354B2 (en) Quasi-processor for providing computer equipment access protection via call forwarding
CA1102453A (en) Computer accessing system
CA2257992C (en) A method and system for communication access restriction
US4962449A (en) Computer security system having remote location recognition and remote location lock-out
US4922521A (en) System for providing secure telecommunication access to a computer
US5872917A (en) Authentication using random challenges
US4905281A (en) Security apparatus and method for computers connected to telephone circuits
US4640989A (en) Communications unit for executive work station
US5136648A (en) Message storage security system
US5131025A (en) Intelligent modem system which determines proper access thereto
US4626623A (en) Method and apparatus for telephone access security
IE823085L (en) Computer terminal security system
EP0944992A2 (en) Method and device for the remote operation and remote control of systems and apparatus via a telephone network
US4546213A (en) Modem security device
GB2168831A (en) Password-protected data link
JPH03133243A (en) Device for blocking access of non- admitted modem on pbx circuit
US4763351A (en) Computer security system
GB2229020A (en) Security device to limit remote access to computers over a telecommunication network
EP0018129A1 (en) Method of providing security of data on a communication path
KR0183037B1 (en) Method of controlling access to restricted access data and communication system therefor
GB2227906A (en) Telephone call barring system
JPH06253022A (en) Public line call control system outside id management
JPH10190876A (en) Callback device with illegal access protection system

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)