JP2002027094A - Method and device for authenticating communicating opposite party - Google Patents

Abstract

PROBLEM TO BE SOLVED: To surely prevent illegal access and to enable access from terminal equipment on the line of an arbitrary number in the case of a right party in a remote access server 1 for authenticating a communicating opposite party accessing terminal equipment connected through an ISDN line connecting part 12 to a computer network connecting part 14. SOLUTION: Together with the user name and password of a party to permit access, a sub-address, which is added to a caller number, to be transmitted when establishing an ISDN line is stored in a storage part 11 as well and when these data received by a line connecting part 12 are matched with each other, a control part 12 decides a right party and enables communication through the line connecting part 12 and the network connecting part 14. Therefore, even when the user name and the password are acquired, illegal access cannot be performed and a user, who knows the sub-address, can perform access from an arbitrary terminal.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to an authentication device realized as a remote access server, and more particularly to an ISDN.
The present invention relates to an authentication device connected to a communication partner via a line.

[0002]

2. Description of the Related Art The remote access server authenticates a communication partner connected via a network as to whether or not it is a correct partner to be permitted to connect, and connects only the correct partner. is there. In the typical conventional technology of such a remote access server, the authentication of the correct destination is performed by registering the user name and password of the correct destination in advance, and receiving the received user name and password. This is done by collating with. Also,
In another conventional technique, a correct destination telephone number is registered in advance by using a caller ID notification function of ISDN, and is compared with a received telephone number.

[0003]

In the prior art using the user name and the password, if the user name and the password are leaked to a third party, the third party can gain unauthorized access and security. There is a problem of inferiority. In the prior art using the caller ID notification function, since the number assigned to the ISDN line is used, access can be performed only from a terminal device connected to the registered number of the ISDN line. Without
It is difficult for a third party to gain unauthorized access, and high security can be obtained, but it is impossible for a correct destination user to access from a terminal with an unregistered number, such as going out. However, there is a problem that the convenience is poor.

SUMMARY OF THE INVENTION An object of the present invention is to provide a method and apparatus for authenticating a communication partner which can surely prevent unauthorized access and allow a correct user to access from a terminal device of an arbitrary number line. It is to provide.

[0005]

According to the present invention, there is provided a method of authenticating a communication destination, comprising the steps of: authenticating a communication destination connected via an ISDN line; The number and the additional identification information added to the number, the additional identification information is predetermined as a code indicating reception permission, and the received communication destination is authenticated using the received additional identification information. I do.

[0006] According to the above configuration, in the ISDN line,
By utilizing the fact that additional identification information added to the caller number called a caller number and a sub-address is transmitted from the transmitter and a line is established, the sub-address is previously set between the transmitter and the receiver. Is determined as a code indicating reception permission, and it is determined whether to receive a call using the received sub-address. Thereafter, authentication using the user name and the password may be further performed as usual. The sub-address is used to specify any of a plurality of terminal devices connected to one ISDN line, and can be arbitrarily set by a user. Although used for identification, the sub-address of the sender is usually unused or redundant.

Accordingly, even if the user on the transmitting side accesses the user on the receiving side, even if the user name and password are leaked to a third party, the other user illegally replaces the user on the transmitting side. Cannot be accessed, and security can be improved. Further, if the transmitting side user stores the predetermined sub-address, the calling party number is different by setting the sub-address of any terminal device connected to the ISDN line to the sub-address. Is also authenticated as a correct communication partner, so that the terminal can be accessed from any of the terminal devices.
Even when accessing from the DN line, it is possible to determine whether each user is a correct user, and it is possible to improve convenience.

[0008] The communication partner authentication apparatus of the present invention includes:
A device for authenticating a communication destination connected via an ISDN line, a storage unit for storing in advance as a code representing reception permission, additional identification information added to a caller number transmitted upon establishment of the ISDN line; A line connection unit; and a control unit configured to authenticate the communication partner using the additional identification information received by the line connection unit, and to control whether to perform communication according to an authentication result. And

According to the above configuration, in the authentication device realized as a remote access server, additional identification information added to the caller number, which is called a caller number and a subaddress, is transmitted from the sender on the ISDN line. The sub-address which can be set arbitrarily by the user by utilizing the fact that the line is established is predetermined as a code indicating reception permission between the transmission side and the reception side, and stored in the storage unit. You. When the communication request is received by the line connection unit, the control unit compares the received additional identification information with the additional identification information stored in the storage unit, and determines whether to perform an incoming call. Thereafter, the control unit may further perform authentication using the user name and the password as usual.

Therefore, even when the user on the transmitting side accesses the user on the receiving side, even if the user name and the password are leaked to a third party, another user illegally substitutes for the user on the transmitting side. Cannot be accessed, and security can be improved. Further, if the transmitting side user stores the predetermined sub-address, the calling party number is different by setting the sub-address of any terminal device connected to the ISDN line to the sub-address. Is also authenticated as a correct communication partner, so that the terminal can be accessed from any of the terminal devices.
Even when accessing from the DN line, it is possible to determine whether each user is a correct user, and it is possible to improve convenience.

[0011]

DESCRIPTION OF THE PREFERRED EMBODIMENTS One embodiment of the present invention will be described.
The following is a description based on FIGS. 1 to 4.

FIG. 1 is a block diagram showing a functional configuration of a remote access server 1 which is an authentication device according to an embodiment of the present invention, and FIG. 2 is a diagram showing a local configuration of a user who uses the remote access server 1. FIG. 2 is a diagram for explaining a network 2. The local network 2
One or a plurality of terminal devices 3 and 4 realized by a personal computer and the like and peripheral devices 5 are connected to each other by a network 6. The local network 2 is connected to an ISDN line 7 via the remote access server 1, and is connected to a terminal device of a communication partner (not shown) via the ISDN line 7.

The remote access server 1 is generally
It comprises a storage unit 11, a line connection unit 12, a control unit 13, and a computer network connection unit 14. The storage unit 11 stores a user name and a password of a user who uses the remote access server 1, a communication protocol for the local network 2, and an ISDN.
A dial-up protocol for the line 7 and the like are stored, and a caller number of a user permitted to receive, a subaddress added to the caller number, a user name and a password are stored.

The control unit 13 is realized by a central processing unit or the like, and uses the data stored in the storage unit 11 to permit reception as described later, and to control reception of the ISDN line 7 to which reception is permitted. Communication is performed between the terminal device on the local side and the terminal device 3 or 4 specified on the local network 2 side by using the protocol stored in the storage unit 11.

It should be noted that in the present invention, the remote access server 1 uses at least a subaddress to determine whether or not the user is a correct user who should perform reception permission. The sub-address is used to specify any one of a plurality of terminal devices connected to one ISDN line 7, such as a telephone, a facsimile machine or a personal computer. Along with the number, it is transmitted as a series of data. Although the caller ID is automatically given by the exchange of the central office and is unique for each ISDN line 7 and cannot be changed,
The sub-address can be arbitrarily set by a user, and the sub-address on the receiving side is used for specifying the terminal device, but the sub-address on the transmitting side is usually unused or redundant.

FIG. 3 is a block diagram showing an example of I
FIG. 3 is a diagram for describing a protocol up to reception of a communication request from a terminal device on the SDN line 7 side. ISDN
Line 7 has a control channel D and two data channels B
1 and B2. The control channel D is
It establishes the line and controls communication of the data channels B1 and B2. The data channels B1 and B2 are controlled by the control channel D as described above, and transmit the data to be transmitted. The data channels B1 and B2 can be individually used at a transmission speed of 64 kbps, and can be collectively transmitted at a transmission speed of 128 kbps. It can be used.

First, the transmission side transmits the telephone number 123 and subaddress 456 of the reception side and the caller number 789 and subaddress 012 of the transmission side via the control channel D. In response to this, the receiving side compares the sub-address 012 of the transmitting side with the sub-address of the user who permits reception stored in the storage unit 11, and when the sub-address 012 matches, the line is connected, and thereafter, the data channel B1 or Move to the communication of B2. Then, the user name and password are transmitted on the data channel B1 or B2, and are compared with the user name and password of the user permitted to receive the data stored in the storage unit 11, and if they match, the communication of the data body to be transmitted is performed. Move on to

FIG. 4 is a flowchart for explaining the operation of FIG. In step S1, the line connection unit 12 detects that there has been a communication request from the terminal device on the ISDN line 7, and receives the caller number and the subaddress notified at that time. In step S2, the control unit 13 determines whether the received sub-address is in the sub-address of the user who permits reception and is stored in the storage unit 11, and when there is, proceeds to step S3.
Connect the line.

In step S4, the line connection unit 12 further receives the user name and password, and in step S5, the control unit 13 permits the reception of the received user name and password stored in the storage unit 11. It is determined whether or not it is included in the user name and password of the user. If there is, the process proceeds to step S6, where the terminal device 3 or 4 that has requested connection is connected to the ISDN line 7 via the computer network connection unit 14. Start communication.

In the step S2, when the received sub-address is not stored in the storage unit 11, and when the received user name and password are not stored in the storage unit 11 in step S4, the connection is refused. It returns to step S1 and waits.

As described above, the remote access server 1 according to the present invention authenticates the communication partner based on whether or not the sub-address transmitted when establishing the ISDN line 7 is registered in advance. Even if it leaks to three parties, other users cannot gain unauthorized access and security can be improved. Further, the data channel B1,
Compared with the user name and password transmitted via B2, the subaddress transmitted via the control channel D is more difficult to control in accordance with the call timing even if a third party tries to obtain illegally. This can also improve security.

Further, if the user on the transmitting side stores the predetermined sub-address, the ISD
By setting the subaddress of an arbitrary terminal device connected to the N line 7 to the subaddress, even if the caller number is different, it can be authenticated that the communication destination is the correct communication destination, and access is made from the arbitrary terminal device. be able to. Also, by assigning a pre-registered common or individual sub-address to a plurality of users, even if the plurality of users access from a common ISDN line 7, whether or not each user is a correct user is determined. Can be determined, and the convenience can be improved.

[0023]

According to the method for authenticating a communication partner of the present invention, as described above, a method for authenticating a communication partner connected via an ISDN line is described.
Utilizing the fact that the line is established by transmitting the caller ID and sub-address from the transmitting side, the sub-address that can be arbitrarily set by the user is expressed in advance between the transmitting side and the receiving side to permit reception. It is defined as a code,
Using the received sub-address, it is determined whether to perform an incoming call.

Therefore, even if the user on the transmitting side accesses the user on the receiving side, even if the user name and the password are leaked to a third party, another user illegally receives the information on behalf of the transmitting side user. The user on the side cannot be accessed, and security can be improved.
Further, if the transmitting side user stores the predetermined sub-address, the calling party number is different by setting the sub-address of any terminal device connected to the ISDN line to the sub-address. Is also authenticated as a correct communication partner, so that it can be accessed from any of the terminal devices.
Even when accessing from a line, it is possible to determine whether each user is a correct user, and it is possible to improve convenience.

Further, the authentication apparatus of the communication partner of the present invention comprises:
As described above, in an apparatus for authenticating a communication partner connected via an ISDN line, the ISDN line utilizes the fact that a caller number and a subaddress are transmitted from a transmission side to establish a line, The sub-address, which can be arbitrarily set, is determined in advance as a code indicating reception permission between the transmission side and the reception side and stored in the storage unit, and when a communication request is received at the line connection unit,
The control unit compares the received sub-address with the sub-address stored in the storage unit, and determines whether to perform an incoming call.

Therefore, even if the user on the transmitting side accesses the user on the receiving side, even if the user name and password are leaked to a third party, another user can illegally receive the information on behalf of the user on the transmitting side. The user on the side cannot be accessed, and security can be improved.
Further, if the transmitting side user stores the predetermined sub-address, the calling party number is different by setting the sub-address of any terminal device connected to the ISDN line to the sub-address. Is also authenticated as a correct communication partner, so that it can be accessed from any of the terminal devices.
Even when accessing from a line, it is possible to determine whether each user is a correct user, and it is possible to improve convenience.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a functional configuration of a remote access server which is an authentication device according to an embodiment of the present invention.

FIG. 2 is a diagram illustrating a local network of a user who uses the remote access server of FIG. 1;

FIG. 3 is a diagram for explaining a protocol up to reception of a communication request from a terminal device on the ISDN line side including determination of reception permission according to the present invention.

FIG. 4 is a flowchart for explaining the operation of FIG. 3;

[Explanation of symbols]

 REFERENCE SIGNS LIST 1 remote access server (authentication device) 2 local network 3, 4 terminal device 5 peripheral device 6 network 7 ISDN line 11 storage unit 12 line connection unit 13 control unit 14 computer network connection unit

Claims (2)

[Claims] 1. A method for authenticating a communication partner connected via an ISDN line, comprising: a caller ID transmitted upon establishment of the ISDN line and additional identification information added thereto. A method of authenticating a communication partner, wherein information is predetermined as a code indicating permission to receive, and the communication partner is authenticated using the received additional identification information. 2. An apparatus for authenticating a communication partner connected via an ISDN line, wherein additional identification information added to a caller number transmitted upon establishment of the ISDN line is stored in advance as a code indicating reception permission. A storage unit, a line connection unit, and a control unit that authenticates the communication partner using the additional identification information received by the line connection unit, and controls whether to perform communication according to the authentication result. A communication partner authentication device, comprising: