US20050183136A1 - Method and system for selecting a password en-crypted with a correct software version - Google Patents

Method and system for selecting a password en-crypted with a correct software version Download PDF

Info

Publication number
US20050183136A1
US20050183136A1 US11/103,430 US10343005A US2005183136A1 US 20050183136 A1 US20050183136 A1 US 20050183136A1 US 10343005 A US10343005 A US 10343005A US 2005183136 A1 US2005183136 A1 US 2005183136A1
Authority
US
United States
Prior art keywords
password
source
target
encryption software
telecommunication system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/103,430
Inventor
Sami Kilkkila
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Solutions and Networks Oy
Original Assignee
Nokia Oyj
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Oyj filed Critical Nokia Oyj
Priority to US11/103,430 priority Critical patent/US20050183136A1/en
Publication of US20050183136A1 publication Critical patent/US20050183136A1/en
Assigned to NOKIA SIEMENS NETWORKS OY reassignment NOKIA SIEMENS NETWORKS OY ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: NOKIA CORPORATION
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/22Arrangements for supervision, monitoring or testing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/60Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
    • H04M2203/609Secret communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/38Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
    • H04M3/382Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections using authorisation codes or passwords

Definitions

  • the present invention relates to telecommunication systems.
  • the invention relates to a new type of method and system for selecting a password encrypted with the right software version in a telephone exchange system.
  • a telephone network generally consists of a plurality of separate telephone exchanges connected to each other via transmission lines.
  • the telephone network is managed and maintained via an operation and maintenance network (O&M-network), which can be implemented e.g. on the basis of the services of an X.25 packet network.
  • the operation and maintenance network is created by connecting to it the telephone exchanges and other network components to be controlled.
  • the other network components to be controlled include e.g. the transcoder (TC), base transceiver station (BTS) and base station controller (BSC).
  • TC transcoder
  • BTS base transceiver station
  • BSC base station controller
  • the functions for operating the telephone network are mainly concentrated in control rooms and in network elements centralizing operation and maintenance functions.
  • An example of centralizing network elements like this is the DX 200 OMC manufactured by Nokia.
  • the source system i.e. e.g. a centralizing network element
  • the target system is e.g. a telephone switching system.
  • the user's authority and rights are determined on the basis of the user identification (user ID).
  • the MMI system is a certain aggregate of peripherals and software which can be used to execute operation and maintenance functions.
  • an individual password has been defined for the verification of authenticity of the user. To minimize the data security risks, it is necessary to change the password frequently enough to ensure that a person not authorized to use a user ID will not be able to utilize a user ID not belonging to him/her.
  • the problem is that different network elements may have different versions of password encryption software.
  • user identification on a remote connection is so implemented that, if the software versions in the source system and in the remote system differ from each other, the user must enter the required password again when the remote session is started.
  • the object of the present invention is to eliminate the drawbacks referred to above or at least to significantly alleviate them.
  • a specific object of the invention is to disclose a new type of method and system which will obviate the need for re-input of a password, thus improving the convenience of use from the user's point of view.
  • the method of the invention concerns the selection of the manner of transmission of a password in a telecommunication network.
  • the telecommunication system of the invention preferably comprises a source system, a target system, an operation and maintenance network established between the source and target systems and an operation and maintenance center connected to the operation and maintenance network.
  • the source and target systems are e.g. telephone switching systems.
  • log-on in the source system is accomplished by giving a user identification and a valid password corresponding to it.
  • a remote session connection is set up via the operation and maintenance center to the target system.
  • a check is carried out to establish whether the target system is using a different version of password encryption software than the source system. This check can be performed by both the source system and the target system.
  • passwords associated with different versions of password encryption software have been stored. If the password encryption software version in the target system is an earlier version than that of the source system, then the password associated with the password encryption software version used in the target system is sent to the target system. Correspondingly, if the password encryption software version of the target system is newer, then the password associated with the password encryption software version in the source system is sent to it.
  • the system of the invention comprises means for comparing the password encryption software versions of the source and target systems with each other and means for sending to the target system a password consistent with an earlier software version, associated with the user ID in question.
  • the system comprises means for storing in a certain predetermined space the passwords belonging to user identification codes, associated with different versions of password encryption software of the source and/or target system.
  • the present invention provides the advantage of making it unnecessary for the user to input the password again when establishing a remote connection to a target system.
  • the password encryption software versions in the target and source systems are compared with each other and, based on this, the right password is selected.
  • FIG. 1 presents a preferred system according to the invention
  • FIG. 2 presents an example of a flow diagram representing the establishment of a remote connection.
  • the system presented in FIG. 1 comprises a source system LE 1 , a target system LE 2 , an operation and maintenance network OM established between the source and target systems (LE 1 , LE 2 ) and an operation and maintenance center OMC connected to the operation and maintenance network OM.
  • the source and target systems are preferably telephone switching systems.
  • the telephone switching system is e.g. a DX 200 switching center manufactured by the applicant, and the operation and maintenance center OMC is e.g. a DX 200 OMC.
  • the system comprises means 1 for comparing the password encryption software versions in the target system LE 2 with each other and means 2 for sending to the target system LE 2 the password consistent with an earlier software version, associated with the user identification in question.
  • the system comprises means 3 for storing the passwords belonging to user identification codes and associated with different versions of password encryption software of the source and/or target system (LE 1 , LE 2 ) into a certain predetermined space.
  • FIG. 2 is a flow diagram representing an example of the establishment of a remote connection according to the invention.
  • the user of the system wants to establish a remote connection to a target system he has selected, block 20 .
  • the user is e.g. an operator who is observing the operation of the system.
  • the user logs on in the source system by supplying his user identification and the password corresponding to it, block 21 .
  • Each user identification is associated with closely defined rights assigned in advance. In other words, the user can only access functions agreed beforehand.
  • a remote session connection to the desired target system is set up via the operation and maintenance center, block 22 .
  • the password encryption software versions in the source and target systems are compared with each other, block 23 . This may result in one of three different situations, on the basis of which the right password to be sent to the target system is selected, block 24 .
  • the software version in the target system is the same, or later, or earlier.
  • the password is sent in the normal manner to the target system.
  • the target system before the comparison of the passwords, the target system must be informed that the source system has an older software version, because otherwise the target system would consider the password incorrect and close the connection setup procedure.
  • the target system is aware of the variations in passwords associated with different software versions. Thus, the target system is able to compare the received password with the right password.
  • the password encryption software version in the target system is older than that in the source system.
  • the source system before sending the password, the source system must find out which software version is in use in the target system. Having received this information, the source system can send the right password to the target system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Telephonic Communication Services (AREA)
  • Stored Programmes (AREA)
  • Monitoring And Testing Of Exchanges (AREA)
  • Exchange Systems With Centralized Control (AREA)
  • Telephone Function (AREA)

Abstract

Method and system for selecting a password encrypted with a correct software version in a telecommunication system. The system of the invention comprises a source system (LE1), a target system (LE2), an operation and maintenance network (OM) established between the source and the target systems, and an operation and maintenance center (OMC) connected to the operation and maintenance network (OM). In the method, log-on in the source system (LE1) is accomplished by supplying a user identification and a password corresponding to it. Further, a remote session connection is set up via the operation and maintenance center (OMC) to the target system (LE2). According to the invention, the password encryption software versions in the target system (LE2) and in the source system (LE1) are compared with each other; and, if the password encryption software versions in the source and target systems differ from each other, the password belonging to the user identification in question which is associated with an earlier password encryption software version is sent to the target system (LE2).

Description

    CROSS REFERENCE TO RELATED APPLICATIONS
  • This is a Continuation of application Ser. No. 09/976,352 filed Oct. 11, 2001, which in turn is a Continuation Application of International Application No. PCT/FI00/00252, filed Mar. 27, 2000, and claims priority from Finland Application No. 990805 filed Apr. 13, 1999. The disclosure of the prior application(s) is hereby incorporated by reference herein in its entirety.
  • FIELD OF THE INVENTION
  • The present invention relates to telecommunication systems. In particular, the invention relates to a new type of method and system for selecting a password encrypted with the right software version in a telephone exchange system.
  • BACKGROUND OF THE INVENTION
  • A telephone network generally consists of a plurality of separate telephone exchanges connected to each other via transmission lines. The telephone network is managed and maintained via an operation and maintenance network (O&M-network), which can be implemented e.g. on the basis of the services of an X.25 packet network. The operation and maintenance network is created by connecting to it the telephone exchanges and other network components to be controlled. The other network components to be controlled include e.g. the transcoder (TC), base transceiver station (BTS) and base station controller (BSC). The functions for operating the telephone network are mainly concentrated in control rooms and in network elements centralizing operation and maintenance functions. An example of centralizing network elements like this is the DX 200 OMC manufactured by Nokia.
  • From centralizing telephone network elements, it is possible to set up remote session connections to other telephone exchanges or telephone switching systems. When a remote session is established, the source system, i.e. e.g. a centralizing network element, sends user identification data, a user identification code and a password, to the target system. The target system is e.g. a telephone switching system.
  • In the DX 200 telephone switching system and in the user interface (Man Machine Interface, MMI) of the operation and maintenance network, the user's authority and rights are determined on the basis of the user identification (user ID). The MMI system is a certain aggregate of peripherals and software which can be used to execute operation and maintenance functions. For each user ID, an individual password has been defined for the verification of authenticity of the user. To minimize the data security risks, it is necessary to change the password frequently enough to ensure that a person not authorized to use a user ID will not be able to utilize a user ID not belonging to him/her.
  • In the above-mentioned system, the problem is that different network elements may have different versions of password encryption software. At present, user identification on a remote connection is so implemented that, if the software versions in the source system and in the remote system differ from each other, the user must enter the required password again when the remote session is started.
  • The object of the present invention is to eliminate the drawbacks referred to above or at least to significantly alleviate them.
  • A specific object of the invention is to disclose a new type of method and system which will obviate the need for re-input of a password, thus improving the convenience of use from the user's point of view.
  • As for the features characteristic of the present invention, reference is made to the claims.
  • SUBJECT OF THE INVENTION
  • The method of the invention concerns the selection of the manner of transmission of a password in a telecommunication network. The telecommunication system of the invention preferably comprises a source system, a target system, an operation and maintenance network established between the source and target systems and an operation and maintenance center connected to the operation and maintenance network. The source and target systems are e.g. telephone switching systems. In the method, log-on in the source system is accomplished by giving a user identification and a valid password corresponding to it. After the user ID has been entered, a remote session connection is set up via the operation and maintenance center to the target system. According to the invention, a check is carried out to establish whether the target system is using a different version of password encryption software than the source system. This check can be performed by both the source system and the target system.
  • In the source and/or target system, passwords associated with different versions of password encryption software have been stored. If the password encryption software version in the target system is an earlier version than that of the source system, then the password associated with the password encryption software version used in the target system is sent to the target system. Correspondingly, if the password encryption software version of the target system is newer, then the password associated with the password encryption software version in the source system is sent to it.
  • The system of the invention comprises means for comparing the password encryption software versions of the source and target systems with each other and means for sending to the target system a password consistent with an earlier software version, associated with the user ID in question.
  • In an embodiment of the invention, the system comprises means for storing in a certain predetermined space the passwords belonging to user identification codes, associated with different versions of password encryption software of the source and/or target system.
  • As compared with prior art, the present invention provides the advantage of making it unnecessary for the user to input the password again when establishing a remote connection to a target system. The password encryption software versions in the target and source systems are compared with each other and, based on this, the right password is selected.
  • LIST OF ILLUSTRATIONS
  • In the following, the invention will be described in detail by the aid of some of its embodiments with reference to the drawings, wherein
  • FIG. 1 presents a preferred system according to the invention, and
  • FIG. 2 presents an example of a flow diagram representing the establishment of a remote connection.
  • DETAILED DESCRIPTION OF THE INVENTION
  • The system presented in FIG. 1 comprises a source system LE1, a target system LE2, an operation and maintenance network OM established between the source and target systems (LE1, LE2) and an operation and maintenance center OMC connected to the operation and maintenance network OM. The source and target systems are preferably telephone switching systems. The telephone switching system is e.g. a DX 200 switching center manufactured by the applicant, and the operation and maintenance center OMC is e.g. a DX 200 OMC. In addition, the system comprises means 1 for comparing the password encryption software versions in the target system LE2 with each other and means 2 for sending to the target system LE2 the password consistent with an earlier software version, associated with the user identification in question. Moreover, the system comprises means 3 for storing the passwords belonging to user identification codes and associated with different versions of password encryption software of the source and/or target system (LE1, LE2) into a certain predetermined space.
  • FIG. 2 is a flow diagram representing an example of the establishment of a remote connection according to the invention. The user of the system wants to establish a remote connection to a target system he has selected, block 20. The user is e.g. an operator who is observing the operation of the system. The user logs on in the source system by supplying his user identification and the password corresponding to it, block 21. Each user identification is associated with closely defined rights assigned in advance. In other words, the user can only access functions agreed beforehand.
  • Further, a remote session connection to the desired target system is set up via the operation and maintenance center, block 22. Nontransparently to the user, the password encryption software versions in the source and target systems are compared with each other, block 23. This may result in one of three different situations, on the basis of which the right password to be sent to the target system is selected, block 24. In relation to the password encryption software version in the source system, the software version in the target system is the same, or later, or earlier.
  • In the first case, the password is sent in the normal manner to the target system.
  • In the second case, before the comparison of the passwords, the target system must be informed that the source system has an older software version, because otherwise the target system would consider the password incorrect and close the connection setup procedure. In the present case, the target system is aware of the variations in passwords associated with different software versions. Thus, the target system is able to compare the received password with the right password.
  • In the third case, the password encryption software version in the target system is older than that in the source system. In this case, before sending the password, the source system must find out which software version is in use in the target system. Having received this information, the source system can send the right password to the target system.
  • The invention is not restricted to the examples of its embodiments described above, but many variations are possible within the scope of the inventive idea defined in the claims.

Claims (2)

1. An operation and maintenance center connected to a source telecommunication system and to a target telecommunication system via an operation and maintenance network, wherein the operation and maintenance center is configured to receive a remote session connection request to the target telecommunication system from the source telecommunication system, the operation and maintenance center comprising:
means (1) for comparing password encryption software versions in the target telecommunication system and in the source telecommunication system with each other; and
means (2) for sending a password associated with the user identification in question and consistent with an earlier password encryption software version to the target telecommunication system when the password encryption software versions in the source and target telecommunication systems differ from each other.
2. Operation and maintenance center as defined in claim 1, further comprising means (3) for storing in a certain predetermined space the passwords associated with different versions of password encryption software of the source and/or target telecommunication system and belonging to user identification codes.
US11/103,430 1999-04-13 2005-04-12 Method and system for selecting a password en-crypted with a correct software version Abandoned US20050183136A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/103,430 US20050183136A1 (en) 1999-04-13 2005-04-12 Method and system for selecting a password en-crypted with a correct software version

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
FI990805 1999-04-13
FI990805A FI111495B (en) 1999-04-13 1999-04-13 Procedure and information transfer system in a telephone exchange system
PCT/FI2000/000252 WO2000062513A2 (en) 1999-04-13 2000-03-27 Method and system for selecting a password encrypted with a correct software version
US09/976,352 US6895505B2 (en) 1999-04-13 2001-10-11 Method and system for selecting a password encrypted with a correct software version
US11/103,430 US20050183136A1 (en) 1999-04-13 2005-04-12 Method and system for selecting a password en-crypted with a correct software version

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US09/976,352 Continuation US6895505B2 (en) 1999-04-13 2001-10-11 Method and system for selecting a password encrypted with a correct software version

Publications (1)

Publication Number Publication Date
US20050183136A1 true US20050183136A1 (en) 2005-08-18

Family

ID=8554400

Family Applications (2)

Application Number Title Priority Date Filing Date
US09/976,352 Expired - Fee Related US6895505B2 (en) 1999-04-13 2001-10-11 Method and system for selecting a password encrypted with a correct software version
US11/103,430 Abandoned US20050183136A1 (en) 1999-04-13 2005-04-12 Method and system for selecting a password en-crypted with a correct software version

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US09/976,352 Expired - Fee Related US6895505B2 (en) 1999-04-13 2001-10-11 Method and system for selecting a password encrypted with a correct software version

Country Status (8)

Country Link
US (2) US6895505B2 (en)
EP (1) EP1047242B1 (en)
JP (1) JP3742301B2 (en)
AU (1) AU3562400A (en)
CA (1) CA2368110C (en)
DE (1) DE60011341T2 (en)
FI (1) FI111495B (en)
WO (1) WO2000062513A2 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006237656A (en) * 2003-02-28 2006-09-07 Secom Co Ltd Coded signal separating/merging device, generator and extracting device for difference coded signal, and method and program for separating/merging coded signal
US10171465B2 (en) 2016-09-29 2019-01-01 Helene E. Schmidt Network authorization system and method using rapidly changing network keys
CN113760306B (en) * 2020-10-26 2024-06-18 北京京东乾石科技有限公司 Method and device for installing software, electronic equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5241594A (en) * 1992-06-02 1993-08-31 Hughes Aircraft Company One-time logon means and methods for distributed computing systems
US6421781B1 (en) * 1998-04-30 2002-07-16 Openwave Systems Inc. Method and apparatus for maintaining security in a push server

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS63205747A (en) 1987-02-13 1988-08-25 インターナシヨナル・ビジネス・マシーンズ・コーポレーシヨン Communication system
US5654901A (en) * 1995-01-30 1997-08-05 Telefonaktiebolaget Lm Ericsson Loading software into field test equipment
CN1166240C (en) * 1997-07-02 2004-09-08 西门子公司 Operation and maintenance system for a mobile telecommunications network
EP0994616A2 (en) * 1998-10-16 2000-04-19 Siemens Information and Communication Networks Inc. Apparatus and method for providing enhanced supplementary services in telephony-over-lan-systems

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5241594A (en) * 1992-06-02 1993-08-31 Hughes Aircraft Company One-time logon means and methods for distributed computing systems
US6421781B1 (en) * 1998-04-30 2002-07-16 Openwave Systems Inc. Method and apparatus for maintaining security in a push server

Also Published As

Publication number Publication date
CA2368110C (en) 2005-08-09
CA2368110A1 (en) 2000-10-19
FI990805A0 (en) 1999-04-13
FI990805A (en) 2000-10-14
JP3742301B2 (en) 2006-02-01
EP1047242A2 (en) 2000-10-25
WO2000062513A2 (en) 2000-10-19
US20020061106A1 (en) 2002-05-23
FI111495B (en) 2003-07-31
WO2000062513A3 (en) 2001-02-22
AU3562400A (en) 2000-11-14
DE60011341D1 (en) 2004-07-15
JP2002542674A (en) 2002-12-10
DE60011341T2 (en) 2005-06-09
EP1047242A3 (en) 2003-07-02
EP1047242B1 (en) 2004-06-09
US6895505B2 (en) 2005-05-17

Similar Documents

Publication Publication Date Title
US6259909B1 (en) Method for securing access to a remote system
KR100591495B1 (en) Service verification system, authorization requesting terminal, service using terminal and service providing method
US6490687B1 (en) Login permission with improved security
US6356753B1 (en) Management of authentication and encryption user information in digital user terminals
US20020076053A1 (en) Communication system, its control method, program and medium
WO2003058880A1 (en) Method at access right control within mobile communication
JPH1066158A (en) Security with respect to access control system
CN101366234A (en) System, device and method for terminal user identity verification
US7734279B2 (en) Method and system for controlling resources via a mobile terminal, related network and computer program product therefor
ZA200401571B (en) A method for authenticating a user in a terminal, an authentication system, a terminal and an authorization device.
KR20050002613A (en) Communication system, communication method, base station, controller, device and control program
GB2408129A (en) User authentication via short range communication from a portable device (eg a mobile phone)
US20020124191A1 (en) Method and system for updating a password in a telecommunication network
US20050183136A1 (en) Method and system for selecting a password en-crypted with a correct software version
US20030139200A1 (en) Communication system, system information download method, main apparatus, and server apparatus
EP0645688A1 (en) Method for the identification of users of telematics servers
EP1045567B1 (en) Method and system in a telephone exchange system
US20030018901A1 (en) Method and apparatus for providing communications security using a remote server
US6854060B2 (en) Method and system in a telephone switching system
US20020069357A1 (en) Method and system for identification in a telecommunication system
US6976091B2 (en) Gateway system
KR20010000260A (en) System and Method of authentication
JP4041448B2 (en) Service verification system, authentication requesting terminal, service using terminal, and service providing method
CA2336935C (en) A method for securing access to a remote system
KR100542112B1 (en) Enhanced secret number telephone service method and system

Legal Events

Date Code Title Description
AS Assignment

Owner name: NOKIA SIEMENS NETWORKS OY, FINLAND

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:NOKIA CORPORATION;REEL/FRAME:020837/0781

Effective date: 20070913

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION