WO1997037473A1 - Procede pour le controle de l'autorisation d'acces d'un operateur lors d'un acces via un reseau de donnees a transmission en mode connexion - Google Patents

Procede pour le controle de l'autorisation d'acces d'un operateur lors d'un acces via un reseau de donnees a transmission en mode connexion Download PDF

Info

Publication number
WO1997037473A1
WO1997037473A1 PCT/EP1997/001419 EP9701419W WO9737473A1 WO 1997037473 A1 WO1997037473 A1 WO 1997037473A1 EP 9701419 W EP9701419 W EP 9701419W WO 9737473 A1 WO9737473 A1 WO 9737473A1
Authority
WO
WIPO (PCT)
Prior art keywords
unit
access
channel
operator
connection
Prior art date
Application number
PCT/EP1997/001419
Other languages
German (de)
English (en)
Inventor
Ulrich Seng
Original Assignee
Ulrich Seng
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ulrich Seng filed Critical Ulrich Seng
Priority to AU22899/97A priority Critical patent/AU2289997A/en
Publication of WO1997037473A1 publication Critical patent/WO1997037473A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/04Selecting arrangements for multiplex systems for time-division multiplexing
    • H04Q11/0428Integrated services digital network, i.e. systems for transmission of different types of digitised signals, e.g. speech, data, telecentral, television signals
    • H04Q11/0435Details
    • H04Q11/0457Connection protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/38Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
    • H04M3/382Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections using authorisation codes or passwords

Definitions

  • the present invention relates to a method for checking the access authorization of an operator when accessing via a connection-oriented data network.
  • the present invention relates to a method for checking the access authorization of an operator of a first unit when the first unit accesses a second unit via the ISDN network.
  • the operator typically transmits information relating to the desired data record via a message channel of the digital data record to the decentralized unit after establishing a connection between the decentralized unit and the control center in which the data records are stored in the form of a database together with a secret number (PIN number) through which the access authorization di a ⁇ er operator on the ⁇ bank and was ⁇ ensures their subsequent billing to the, whereupon the center after reading out the betref ⁇ fenden record it over the already established after - straightening channel back to the decentralized unit.
  • PIN number secret number
  • a typical software, with which the establishment of such a connection is supported, is the widespread program, the essential program contents of which can be found in the manual "CompuServe Information Manager", CS-640 (11/89).
  • Such methods for supplying data via digital data networks require considerable transmission times in the case of extensive data sets, which are associated with correspondingly high fees for the operators of the digital data network.
  • media data such as digital sound and image information
  • media data also represent a considerable volume of data even in the compressed state.
  • Even with good compression of this data correspondingly high quality is obtained, for example, in the case of audio data (AES Stereo) still considerable transmission times since the compression must be carried out without loss.
  • a problem in connection with the known method for supplying data is that unauthorized third parties can access a specific database at the expense of an authorized person if they succeed in obtaining the secret number or the security code (PIN number) to find out authorized person. This problem is particularly relevant when the operator uses the digital network "Internet", for example, to query the database, since with this network the path of the data from the decentralized unit to the central office cannot be determined and the transmitted data therefore cannot be accessed Third parties are protected.
  • DE 3018945A1 is concerned with a method for the secure transmission of data from a first location to a second location via a conventional, non-connection-oriented data network.
  • a PIN number is logically linked to an identification number for the terminal, whereby two code numbers are generated, one of which remains in the terminal as a start key and the other as a code signal to the second Point, namely the central computer, is transmitted.
  • the non-connection-oriented data network which was obtained by combining the PIN number and the identification number. If the ⁇ o combined code falls into the hands of an unauthorized person when it is transmitted via the data network, they can then access the central computer.
  • the present invention is based on the object of developing a method for checking the access authorization of an operator when a first unit accesses a second unit via a data network in such a way that improper access is not authorized People is prevented even if the PIN number of an authorized operator becomes known to an unauthorized third person.
  • the invention provides a method for checking the access authorization of an operator of a first unit when the first unit accesses a second unit via a connection-oriented data network, which has a signaling channel and a message channel, with the following steps:
  • the invention is based on the finding that complete security against unauthorized access can be achieved within connection-oriented data networks if, in addition to the calling party number transferred in the signaling channel before the connection is established, the PIN number is also transmitted in the signaling channel and if, before access is made possible, it is checked whether both the call number and the PIN number are stored as known and belong together, since it is not possible to falsify the call number within digital connection-oriented data networks without bringing the connection to a standstill.
  • non-connection-oriented data networks which include, for example, the Internet
  • the callback runs after the transmission of a connection request or call from a first unit, starting from the second unit, back to the specified callback number (calling party number).
  • FIGS. 1 a and 1 b show a flow diagram of an exemplary embodiment of the data delivery method according to the invention.
  • a decentralized unit selects the desired data record, for example in the form of a personal computer.
  • the data record can be a desired piece of music, for example, which is stored in a database of a central office.
  • the operator has a list of the data records stored in the control center, for example a list of music pieces that can be called up by the control center, for selection of the desired data record.
  • the operator of the decentralized unit also selects the desired data delivery route.
  • the operator selects either data delivery over the ISDN network or data delivery over a broadband medium.
  • the broadband medium is, for example, a cable for the transmission of television signals and digital radio signals, a radio system with any transmitter and an associated receiver, or a broadcasting system based on satellite communication.
  • Typical of such a broadband medium is, on the one hand, the increased bandwidth compared to digital networks and, on the other hand, the fact that the data transmitted from the control center via the broadband medium are essentially accessible to a plurality of decentralized units at the same time be made.
  • the operator also transmits the desired delivery time, for example by specifying that the order is an immediate order or a non-immediate order, then information identifying the desired data record, information identifying the selected delivery time , a security code or a PIN number and the call number of the decentralized unit in the signaling channel or D channel of the ISDN network in the so-called UUS frame as a connection request (connect request in accordance with the international standard ITU Q.930 - Q. 940) to the head office.
  • a connection request connect request in accordance with the international standard ITU Q.930 - Q. 940
  • the UUS frame mentioned is a user-to-user signaling data packet with 131 bytes, which in step S2 also occurs in the case of an occupied data line or an occupied B channel of the center via the signaling channel or D Channel is transmitted or signaled to the control center. Since this signaling works independently of the busy or unoccupied status of the B channel, the number of ISDN lines required for the order can be kept low on the part of the head office. A single order line is typically sufficient.
  • step S3 the control center checks whether the call number transmitted to the decentralized unit via the signaling channel is known, that is to say is contained in a table of the call numbers of the stored customers in the control center.
  • step S4 a new customer registration is started if the data transmitted by the decentralized unit contains a new customer registration request. If such data has not been transmitted, this call is rejected while generating an error message.
  • a procedure for new customer registration will be in the UUS frame transmitted information about the name, address and payment method of the new customer is stored.
  • step S3 the security code or the PIN number is checked in step S5 to determine whether it matches one of the PIN numbers from a table that contains all the PIN numbers of all customers are, and whether, on the other hand, the transmitted number belongs to this PIN number, which is also checked by querying the table mentioned. If the PIN number is not found in the table or does not match the number, the call in question is rejected in step S6, recorded as a failed attempt and reported.
  • step S5 If the transmitted PIN number proves to be OK during the test in step S5, the program continues with step S7.
  • step S7 it is checked whether the message channel or B channel of the center is free or busy. If the message channel is free, a check is made in step S8 as to whether the present order is an immediate order. If this is the case, after establishing a connection via the B channel, the control center confirms the order via the B channel, stating a delivery telephone number under which the control center will make the subsequent delivery to the decentralized unit, whereupon ⁇ the connection via the B channel is disconnected.
  • the corresponding control of this procedure is carried out by an administration unit VE for the management of orders and ISDN channels, which immediately after step S9 establishes a connection to the decentralized unit in step S10 using the delivery telephone number mentioned and delivers the desired data
  • step S8 If the check in step S8 shows that there is no immediate order, the B channel is recognized as free If the connection of the B channel is established in a step S11, whereupon the central office confirms the receipt of the order, a delivery date, preferably at moonlight tariff, is transmitted to the decentralized unit, preferably the future delivery telephone number is communicated and the connection is then terminated, whereupon the method waits until the moonlight tariff occurs before a connection is established via step S10 with the decentralized unit for delivering the desired data in step S15.
  • a delivery date preferably at moonlight tariff
  • step S12 the order, together with the telephone numbers, PIN number and the information identifying the desired data record, is taken from the UUS frame of the D -Channel added by the headquarters.
  • step S13 the control center checks whether the order is immediate. If so, the method continues with step S9.
  • step S14 which is identical to the step S11.
  • the delivery date (a delivery time at the moonlight tariff) is transmitted to the decentralized unit via the B-channel to the decentralized unit, whereupon the connection is terminated.
  • the management unit VE effects the delivery of data to the decentralized unit via step S1O.
  • the delivery date communicated to the customer for the delivery of the desired data enables the customer to keep his decentralized unit ready to receive at this time, for example by leaving his personal computer connected to the ISDN network switched on at the time mentioned.
  • the decentralized unit it is also possible for the decentralized unit to be provided with a switch-on device, by means of which the central unit switches the decentralized unit on by signaling and sets it in readiness for receiving the delivery.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention a pour objet un procédé de contrôle de l'autorisation d'accès d'un opérateur d'une première unité, lors d'un accès de la première unité, via un réseau de données à transmission en mode connexion présentant un canal de signalisation et un canal d'information, à une deuxième unité, comportant les étapes suivantes: transfert du numéro d'appel (numéro du demandeur de la première unité) et d'un NIP (numéro d'identification personnel) associé à l'utilisateur de la première unité, via le canal de signalisation du réseau de données à transmission en mode connexion, vers la deuxième unité; contrôle en vue de savoir si le numéro d'appel de la première unité est un numéro d'une pluralité de numéros d'appel mémorisés, si le NIP de l'opérateur est un numéro d'une pluralité de NIP mémorisés, et si le numéro d'appel et le NIP sont mémorisés comme appartenant l'un à l'autre; refus de l'accès de la première unité à la deuxième unité, au cas où au moins l'un des contrôles fournit un résultat négatif, sinon autorisation de l'accès.
PCT/EP1997/001419 1996-03-29 1997-03-20 Procede pour le controle de l'autorisation d'acces d'un operateur lors d'un acces via un reseau de donnees a transmission en mode connexion WO1997037473A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU22899/97A AU2289997A (en) 1996-03-29 1997-03-20 Verfahren zum uberprufen der zugriffsberechtigung einer bedienungsperson bei einem zugriff uber ein verbindungsorientiertes datennetz

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE19612662A DE19612662A1 (de) 1996-03-29 1996-03-29 Verfahren zum Überprüfen der Zugriffsberechtigung einer Bedienungsperson bei einem Zugriff über ein verbindungsorientiertes Datennetz
DE19612662.2960329 1996-03-29

Publications (1)

Publication Number Publication Date
WO1997037473A1 true WO1997037473A1 (fr) 1997-10-09

Family

ID=7789932

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP1997/001419 WO1997037473A1 (fr) 1996-03-29 1997-03-20 Procede pour le controle de l'autorisation d'acces d'un operateur lors d'un acces via un reseau de donnees a transmission en mode connexion

Country Status (3)

Country Link
AU (1) AU2289997A (fr)
DE (1) DE19612662A1 (fr)
WO (1) WO1997037473A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001028207A1 (fr) * 1999-10-12 2001-04-19 Siemens Aktiengesellschaft Procede destine a eviter l'acces abusif a un reseau
FR2800541B1 (fr) * 1999-11-03 2002-01-18 Sagem Procede de paiement securise par l'intermediaire d'un telephone mobile
DE10302449A1 (de) * 2003-01-22 2004-08-12 Francotyp-Postalia Ag & Co. Kg Anordnung zum Erfassen und gesicherten Speichern von Erfassungswerten

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0347155A2 (fr) * 1988-06-13 1989-12-20 Canon Kabushiki Kaisha Appareil de communication
JPH03262251A (ja) * 1990-03-12 1991-11-21 Canon Inc Isdn接続の通信端末装置
JPH06261096A (ja) * 1993-03-09 1994-09-16 Ricoh Co Ltd Isdn通信装置
US5467388A (en) * 1994-01-31 1995-11-14 Bell Atlantic Network Services, Inc. Method and apparatus for selectively blocking incoming telephone calls
US5497414A (en) * 1994-05-04 1996-03-05 Bell Atlantic Network Services, Inc. Telephone system processing of designated caller ID private calls

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4288659A (en) * 1979-05-21 1981-09-08 Atalla Technovations Method and means for securing the distribution of encoding keys

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0347155A2 (fr) * 1988-06-13 1989-12-20 Canon Kabushiki Kaisha Appareil de communication
JPH03262251A (ja) * 1990-03-12 1991-11-21 Canon Inc Isdn接続の通信端末装置
JPH06261096A (ja) * 1993-03-09 1994-09-16 Ricoh Co Ltd Isdn通信装置
US5467388A (en) * 1994-01-31 1995-11-14 Bell Atlantic Network Services, Inc. Method and apparatus for selectively blocking incoming telephone calls
US5497414A (en) * 1994-05-04 1996-03-05 Bell Atlantic Network Services, Inc. Telephone system processing of designated caller ID private calls

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
BILL NEWMAN, CONNIE MCFARLAND: "Why ISDN?", TELECOMMUNICATIONS, February 1988 (1988-02-01), pages 34,36,38,40,41,43,45, XP000563574 *
PATENT ABSTRACTS OF JAPAN vol. 16, no. 67 (E - 1168) 19 February 1992 (1992-02-19) *
PATENT ABSTRACTS OF JAPAN vol. 18, no. 667 (E - 1645) 15 December 1994 (1994-12-15) *

Also Published As

Publication number Publication date
DE19612662A1 (de) 1997-10-02
AU2289997A (en) 1997-10-22

Similar Documents

Publication Publication Date Title
DE69117915T2 (de) Rufvorrichtung für Kreditkartenfernsprechgerät in einem Fernsprechnetz und Betriebsverfahren
DE68919121T2 (de) Anonymes Fernsprechsystem mit gegenseitiger Wechselwirkung und mit erweiterten äusseren Anrufmerkmalen.
DE69734933T2 (de) Verfahren und anordnung zum automatischen vergeben und abrechnung von kommunikationsdiensten
DE69736760T2 (de) Gerät und Verfahren für Telekommunikationsleitweglenkung
DE69906333T2 (de) System und verfahren zur durchführung einer auktion über ein kommunikationsnetzwerk
DE69117814T2 (de) Zugriffsverfahren für schnurlosen Telefondienst
DE69118115T2 (de) Vorrichtung und Verfahren zur Gültigkeitserklärung für Kreditkarten in einen ISDN-Netz
EP1306789A2 (fr) Serveur pour bloquer des cartes bancaires
DE19518930A1 (de) Verfahren zur Verbindungssteuerung für interaktive Dienste
DE19726292A1 (de) Verfahren zur geäuschlosen Überwachung von Telefongesprächen
EP0855069B1 (fr) Procédé de paiement sans espèces pour les services pouvant être commandés à travers un réseau réparti de transmission de données
DE4001755A1 (de) Faksimilegeraet
DE69729037T2 (de) Billiges, automatisches und transparentes Zugriffverfahren und Protokoll für Telekommunikationsdienste-Anbieter über ISDN
EP1203497B1 (fr) Procede d'actualisation de donnees concernant un abonne d'un reseau de telecommunications
WO1997037473A1 (fr) Procede pour le controle de l'autorisation d'acces d'un operateur lors d'un acces via un reseau de donnees a transmission en mode connexion
DE19532490A1 (de) Verfahren zur Bereitstellung von Ansagen für Dienste in einem Kommunikationsnetz sowie Dienststeuereinrichtung, Dienstunterstützungssystem, Dienstzugangseinrichtung, Dienstvermittlungsstelle und Dienstesystem
EP1014734B1 (fr) Procédé d'écoutes légales d'un abonné dans un réseau intelligent
EP1022888B1 (fr) Methode ou système pour la protection de l'accès au services de télécommunications
EP1260089B1 (fr) Extension de la fonction "recheminement d'appel"
WO1998002991A1 (fr) Procede de repartition d'une cle entre deux unites qui participent a une liaison par rnis/internet
EP0890245A1 (fr) Procede de fourniture de donnees via un reseau teleinformatique
EP0890246A1 (fr) Procede de remise de donnees via un moyen a large bande
DE4133147C2 (de) Fernsprechendgerät
DE60131506T2 (de) Verfahren zum Durchführen mehrerer Dienstleistungen während eines Telefonanrufes
WO2001061919A1 (fr) Procede et systeme permettant de controler le contenu de conversations telephoniques

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH HU IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK TJ TM TR TT UA UG US UZ VN YU AM AZ BY KG KZ MD RU TJ TM

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH KE LS MW SD SZ UG AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF

WA Withdrawal of international application
121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: CA

NENP Non-entry into the national phase

Ref country code: JP

Ref document number: 1997534873

Format of ref document f/p: F