IT202100027800A1 - A METHOD TO CREATE SAFE AND EASY ACCESS TO A CLOUD TELEPHONE SWITCHBOARD - Google Patents

Description

Divisional Patent Application of the previous Italian application 102020000001666 from which it derives

A METHOD TO CREATE SAFE AND EASY ACCESS TO

A CLOUD TELEPHONE SWITCHBOARD

Scope of the invention

The present invention concerns the technical sector relating to telephony, and in particular to telephone switchboards in the Cloud system, also called PBX in technical jargon.

In particular, the invention refers to an innovative method that allows easy access to the reserved web page of this Cloud telephone switchboard, while still being able to maintain a high level of security in the system.

Brief notes on the known art

The switchboard in ?Cloud? (also called ?virtual switchboard? or PBX) ? now quite widespread and? often used by companies as it is very versatile and as it has multiple functions? useful in the workplace.

Being a service in ?Cloud? it resides outside the company, through a specific server system, and is accessible via the internet.

The new Cloud telephone switchboards have advanced functions, many of which are only available through integration with the computer by accessing a web portal. By accessing this Web portal the user has many functions available, as well as having better usability. of the functions already? present in the telephone, such as the address book which is more? easy consultation on the computer.

Since the portal is accessible by everyone on the Internet (and must it be to work on the move?) and contains confidential information of the user and the company, it is essential to protect access to authorized persons only.

In the current state of the art, as for example shown schematically in figure 1, access to this web portal (in particular the user's reserved area) generally requires the insertion of a password, which is often very long and complex in such that it is certain but, for this reason, often difficult to remember.

More? in particular, according to figure 1 and figure 2, ? described is a simplified schematization of the functioning and structure of a "cloud" switchboard. in accordance with the known art.

The traditional system, as schematized in figure 1 and figure 2, includes a main management server system which integrates a switchboard and a web server equipped with a specific web application and communicating with each other to operate correctly.

The said Server System, as per the known art, processes and manages the operations? of the system and, as shown in figure 2, includes the said switchboard and the web server with a software application generally known in technical jargon as ?web application? and communicating with each other in such a way as to perform all operational functions.

The Server System? therefore a Server with a specific processor and programming and therefore made up of said switchboard (appropriately programmed processor) which operates and communicates with further software, i.e. the Web Application, for the execution of the functionality operations. necessary.

There? given, each telephone communicating with the said Server System (therefore an internal extension telephone) has a sort of ?Identifier? That ? in memory in the Server System. When the internal extension telephone makes a call to the server system, the Server System checks whether the identified number is present in memory, therefore check whether the identifier is authentic, and therefore allows you to make the call, that is? authorizes the call, if and only if this identifier is recognized (see figure 2). Are you? therefore a protocol, generally the SIP - RFC 3261, in itself already? known for some time, of recognition of the calling telephone which is part of the network managed by the specific Server System.

There? it implies that only the extension telephones associated with the specific Server System, i.e. associated with a code known to the server system, can make the call. Any other unrecognized phone cannot? make the call to the specific server system why? precisely unrecognized.

In use, therefore, according to the known art, a user has access to the cloud switchboard according to the following method.

Access the web server via PC or other system and an internet page opens that requires the entry of a security and access password.

AND? It is therefore necessary to complete a ?log-in? phase. which occurs through the typing of said password which, as introduced in the known art, is not always easy to remember (exactly like a password for accessing restricted areas in general, such as personal bank sites, etc.).

More? in particular, the user connects to the server system that manages the telephone switchboard and indicated in figure 1 as Server System and already explained above.

The connection takes place via a PC computer or with any device capable of connecting to the Internet and being able to process and/or receive information, such as for example mobile devices, in particular therefore not only portable PCs but also all mobile telephone devices .

Assuming, therefore, access to the Server System via the PC 10 schematized in figure 1, a specific field opens in a web page that appears on the PC in which to enter a Password, generally a username and a code, for example alpha numeric.

The server receives the password and checks whether ? corrected with dedicated software.

If the password ? correct activates the switchboard function allowing access from the PC to the directory and many other functions related to the use of the telephone 20.

If the password is not ? correct does not authorize access.

If not ? Allowed access to the Web you do not have access to the features? complete even if the internal telephone and the switchboard are ? in itself usable even if not exploited to the maximum.

The structure of the ?cloud? switchboard therefore includes the management Server System which, via the internet (or more generally an IP network), connects or? connectable to the PC and to the internal extension telephone of the switchboard (by way of example and not limitation, an IP telephone on the user's desk or a cordless phone rather than a smartphone with a specific App. to use it as an internal extension of the switchboard).

The telephone therefore in use in a "cloud" switchboard system ? an internal extension telephone of the switchboard (fixed type, for example on a desk, mobile, for example mobile or portable or of any nature) which differs from a classic telephone in that the said extension is? connected to a private switchboard (PBX) reachable via an IP network (see figure 2), for example the internet, and ? from it, that is? from the switchboard, identifiable.

The authorization call therefore does not travel on the public telephone network and is also directed to a private server system (a PBX).

All this? given, often the user does not remember the password and is not therefore able to access the web page to fully exploit all the features? of the switchboard and therefore making do with limited use of it.

Furthermore, entering the password requires time that many users are not willing to spend on a daily basis for this activity.

Given these difficulties, the company often gives up communicating these accesses to individual users, or the users themselves do not use them even though they are aware of them, thus giving up the advanced functions of the switchboard and, in fact, under-exploiting it fully.

Statistically, therefore, the use of these web systems is ? marginal and the customer only uses basic functions such as ? accustomed to dealing with old traditional switchboards, despite paying and having a considerably more service available? powerful and versatile.

Summary of the invention

? therefore the aim of the present invention is to provide a method which at least partially resolves the aforementioned technical drawbacks.

In particular ? the purpose of the present invention is to provide a method that allows access to a switchboard service in the "Cloud" in a safe but easy way. in such a way as to overcome the above-mentioned drawbacks.

These and other purposes are therefore achieved with the present method of authorizing a user to perform web access to a virtual switchboard system, according to claim 1.

This method includes the following phases:

- Access to the management server system of the said virtual switchboard through an electronic device configured to be able to connect to server systems in general, for example a PC, a tablet or a mobile phone device such as an iPhone, Smart-Phone and similar; - Generation by the said Management Server System of an access code;

- Making a telephone call by dialing, from an internal telephone extension device associated with said virtual switchboard, the said generated access code.

In this way all the aforementioned technical problems are easily resolved.

In particular, the user is not more? forced to remember a login password.

AND? it is sufficient to make a call from a telephone device managed by the Server System to a number automatically generated by the Server System itself to be able to access correctly.

The system therefore works in a similar way to Token accesses in which, in this case, the Server System has a specific code generation algorithm and which code? preferably a number, a numerical sequence or in any case a sequence in general, as long as? dialable with the telephone keypad in order to make a call to the number represented by the generated code.

Interception of the call, when it corresponds to the generated code, allows the server to authorize the requested Log-In.

Further advantages can be deduced from the dependent claims.

Brief description of the drawings

Further characteristics and advantages of the present method, according to the invention, will be more clearly with the following description of some of its embodiments, made by way of example and not by way of limitation, with reference to the attached drawings, in which: ? Figure 1 and figure 2 both show a schematization of the operation of a switchboard in ?Cloud? in accordance with the known art;

? Figures 3 to 5 show operating flow diagrams of the present invention, according to a second possible preferred configuration of the invention;

? Figure 6? a general diagram showing the switchboard / server that manages the system in ?Cloud? connected or connectable to the telephone and PC via the Internet;

? Figure 7 and Figure 8 show a first preferred configuration of the invention.

Description of some preferred embodiments Two preferred configurations of the invention are described below, aimed at solving the aforementioned technical problems, and therefore capable of facilitating access to the complete services of a cloud switchboard without necessarily having to physically enter a password default access and in memory in the system.

According to a first possible configuration of the invention shown in figures 7 and 8, the technical problem is solved with a "cloud" switchboard access system. which works in the following way.

FIRST PREFERRED CONFIGURATION OF INVENTION:

With reference to figure 7? described a first preferred configuration of the invention.

In particular, the user makes an internet connection through their PC 10 or other electronic device to access the switchboard login page. Therefore the user, through a browser, connects to the login page by connecting to the Server system that manages the system in question.

Unlike the known art, the login operation now does not require the insertion of a pre-selected and set password (or Username and/or Password) and therefore the user is obliged to know.

Now, according to said first preferred configuration of the invention, the log in or access method, whatever you prefer, is simplified as directly following access to the Web page and automatically the server system itself immediately generates a login code access, which from time to time at each access to the said login Web page can? change according to a specific generation algorithm of the same.

The said access code can? be in the form of a certain numerical sequence (for example one, two, three or four digits or more digits) inviting the user to make a call from their internal telephone extension device to that generated number (for example with a specific message that appears on the screen such as: ?Please dial the following telephone number from your extension (e.g. dial 96)?.

Access to the web page can be made from any device and in any place but, obviously, the call to the generated number (for example the number 96) must be made from an internal extension telephone of the specific switchboard.

The user picks up the handset of his telephone (as well as a laptop or mobile phone if it is itself an internal extension of the switchboard service) and makes a call by dialing the generated code as the number to which he is calling (in the specific example the number 96 ). In this regard, see figure 7.

At this point, the server receives the call and verifies the extension from which the calling number comes.

More? in particular, as schematized in figure 8, the server system receives a call from a certain authorized extension extension and the authorization, as per known art, is verified by checking whether the identifier (any alphanumeric code/sequence, etc.) coming from the calling extension? correct and therefore present in the web server memory (see also prior art figure 2). The web server, therefore, physically authorizes the call if the identifier is ? correct.

The server, again as shown in figure 8, receives the call, as it is? has been verified and authorised, check at this point (through specific programming obviously) whether the number to which it is the call made coincides with the or a code that ? was generated when accessing the web relating to the server system in the initial log in attempt. If the answer? positive, the server system unlocks or authorizes the extension from which it? the call came.

So, in an example a little? more? practical, let's suppose that a user ?User_1? access the switchboard web page from a PC. When you log in, the Server System is automatically activated. programmed to generate an access code, generally in the form of a numerical sequence so that it can be entered with a telephone keypad, therefore for example a ?96? sequence, as in the previous case.

?User_1? is invited, for example through a message that appears on the video of your PC on the log-in page where ? accessed, to dial this numeric sequence 96 from your extension.

?User_1? takes your extension and dials the numerical sequence thus starting a call from your extension to a fictitious subject corresponding to sequence 96. In other words ?User_1? makes a call to number 96.

At the time of the call, the server system therefore receives a call request from an extension that it recognizes because it? verifies his identification as a real identifier and in memory (this procedure is known as already described) whereby the server system recognizes, identifies and authorizes the call because? actually coming from an extension that belongs to the management of the server in question.

Once this call has been authorised, the call actually starts and is obviously always intercepted by the Server System which extrapolates the recipient thus extrapolating the number 96.

At this point the Server System knows the extension from which ? the call has started (as it was authorized at the time through identification verification as per the known art described above (e.g. user-password)) and does he know the number to which he is connected? the call was made, i.e. 96. At this point, check whether the number to which the call is made (i.e. 96) corresponds to an access code among those generated.

If there?? correspondence, i.e. the number to which the call is made corresponds to or to a generated access code, automatically authorizes the log-in requested for the specific calling telephone.

The access code can? be generated randomly with any algorithm and, for example, the user can? be invited to make the call to that number within a certain time, for example 20 seconds. Once that time period has expired, the generated code is deleted from the Server System memory and therefore if the user makes the call to that number the call is authorized (because it actually comes from an authorized extension) but no positive consent is given to the log- why? the server does not find a correspondence between the number to which the call is made and the code generated (for example call made to 96 but no code generated in memory corresponds to the number 96).

In this case the user must repeat the procedure in order to obtain a new access code.

Otherwise, if the phone call is made within the expected time, the server will do? a comparison between the access codes generated (there can be more than one if multiple users log in at the same time) and the number to which the call is made. If it finds a correct match, it authorizes the log?in.

For example:

Extension A_1 connects to the log-in web page and receives the code 1234.

Extension A_1 calls number 1234 within 20 sec. expected.

Server system receives call request from Extension A_1 which recognizes and authorizes call.

The server system therefore receives a call from Extension A_1 to 1234 and checks whether among the generated codes (for example code_1 = 92, code_2 = 1456, code_3 = 43, code_4 = 25, code_5 = 1234) there is ? the number 1234.

Code_5 corresponds to the number 1234 made by Internal A_1 and therefore, at this point, the server system authorizes Internal A_1 to log? in.

This system easily facilitates access to the virtual switchboard in a simplified way while maintaining a good level of security.

SECOND INVENTION CONFIGURATION:

The second configuration? substantially identical to the first, except for the fact that the generation of the access code requires a preliminary operation.

More? in particular, with reference to figure 3, the user makes an internet connection through their PC 10 or other electronic device to access the switchboard log-in page, exactly as for the first configuration described. Therefore the user, via browser, connects to the log-in page by connecting to the Server System that manages the system in question.

Again with reference to figure 3 of the flow diagram, the web page that is displayed on the PC device (or other equivalent device as mentioned above, such as a mobile device, for example a mobile telephone device) now requires the insertion of the number of telephone of the extension for which you want to activate access to the switchboard or other identifying data thereof, preferably the extension number.

Therefore, while in the first preferred configuration of the invention the generation of the access code was automatic at each access to the switchboard web page, now, however, the web page generates a field where it requires the insertion of an extension identifier, for example the extension number.

Alternatively, you can? enter a username or any other association with the extension number.

The extension number, for example 276 just to give an example, is therefore inserted into the appropriate field that appears on the PC and is thus acquired by the management Server.

The central server having received this extension number, for example 276 as mentioned above, now generates the access code, exactly as for the first configuration described, with the usual invitation to the user to make the call to this generated number.

In an example, therefore, the server that initially receives the extension number:

- Extension 276;

Generate a code:

- Code 2744

Which code 2744? immediately associated with an interior.

The flow diagram in figure 4 therefore schematizes this phase just explained in which, in fact, the Code associated with the web session, or the login attempt, or the specific extension is generated.

At this point the functionality? remains identical to the first configuration already? explained. The user ? therefore invited, for example through a specific notice that appears on the PC screen or through instructions in general that appear on the screen, to make a call from your extension to the number that corresponds to the said ?Code within a certain time limit, for example 20 seconds ? generated.

At this point the server authorizes the call, as for the first configuration, and once the authorized call has been received, it directly checks whether the calling extension is ? correctly associated with the generated code.

While, therefore, in the first configuration the server checks whether the number to which the call is made? corresponding to a generated code, if so, unlocking the log-in of the relevant calling extension, in this case it initially associates a specific extension with a code immediately and then checks whether the number to which the extension is called corresponds to the said generated code and if such generated code? called with the correct extension.

Ex:

Once logged in to the web page, the user enters their extension number ?123?.

The Server System generates a passcode ?96? already? therefore associated with the inserted extension 123, or extension ?123? associated with access code ?96?.

The user calls the number 96 with his extension 123 and makes the call to 96.

The Server System receives the call towards 96 and extrapolates that extension 123 called towards 96.

The Server System, therefore, initially checks whether ? an association 123 with 96 has been generated and, if so, it authorizes the log in of extension 123.

This procedure? a bit? more? complex for the user compared to the first configuration but has a higher level of security.

In all configurations, the switchboard is generally a VoIP switchboard with SIP protocol which, therefore, detects which extension dialed that number according to the standard authentication mechanisms based on a password configured in the SIP client of the telephone as defined in RFC3261 IETF in paragraph 22 and logs in for the user associated with that extension.

In this way, if the server/switchboard does not detect anomalies, such as for example exceeding the time limits beyond the aforementioned twenty seconds or other time limits, the user is logged into the web page having access to it and thus being able to access it. use all the features? possible.

The user, in fact, according to this method is not called to have to remember no password but, on the contrary,? only called to dial a short code.

This system? different from other modes? authentication in which the user with any telephone, for example a mobile phone, is invited to make a call on the public network, which is then received by a switchboard which verifies the calling number associated with the user; differs primarily because? this mode? ? easily attackable with the technique called ?caller id spoofing?, furthermore? much more? easy to use why? it does not require entering a public network number, normally made up of at least 8 digits, but a few digits are enough, even just 2 (Ex. 92).

The system object of the invention therefore represents a solution for having facilitated but at the same time secure access to your switchboard.

The system facilitates access as it is not more? You need to remember any password.

The system determines a good level of security because? access occurs only if the call actually comes from the authenticated extension and not from any other calling number.

The system ? sure why? it doesn't travel on the public network but ? communicating with a dedicated private switchboard via the internet.

This solution lends itself well to integrating with further additional security systems, such as the insertion of an access password as per known art.

Claims (9)

1. A method for authorizing a user to log in to the web interface of a switchboard, the method comprising the following steps: - Access to the management server system of said switchboard through an electronic device; - Generation by the said Management Server System of an access code; - Making a telephone call by dialing, from an internal telephone device associated with said switchboard, the said generated access code; - Where is the generation of said access code? preceded by the insertion phase, in a specific field on the web page, of an identification code of the internal telephone device, for example the telephone number of the extension; - And in which the Server System associates the identification code entered by the user with the access code generated subsequently and, following receipt of a call made from an internal telephone device, checks whether said association is ? correct and, if so, authorizes access. 2. The method, according to claim 1, wherein said verification comprises: - a) Checking whether the number to which the extension is called corresponds to the said access code generated; - b) Checking whether this access code is generated? called with the correct extension. 3. The method, according to claim 1 or 2, wherein said access code is automatically generated following access to said management Server System. 4. The method, according to one or more? of the previous claims, wherein said access to the Web interface includes access to a dedicated web page, said dedicated web page showing said access code once generated. 5. The method, according to one or more? of the previous claims, in which ? a time limit is set within which to make the said call. 6. The method, according to one or more? of the previous claims, in which the said access code is? a numerical sequence composed of one or more? numbers in succession, so that it can be dialed with an internal telephone. 7. The method, according to one or more? of the previous claims, in which the said access codes are generated according to a specific algorithm and are deleted from the memory of the Server System once a predetermined interval of time has elapsed. 8. The method, according to claim 1, in which the said electronic device is optionally a PC, a Tablet or a mobile phone device such as an I-Phone, Smart-Phone and similar. 9. The method, according to one or more? of the previous claims, in which the internal telephone device is? an internal telephone extension device.