WO1997037473A1 - Procede pour le controle de l'autorisation d'acces d'un operateur lors d'un acces via un reseau de donnees a transmission en mode connexion - Google Patents
Procede pour le controle de l'autorisation d'acces d'un operateur lors d'un acces via un reseau de donnees a transmission en mode connexion Download PDFInfo
- Publication number
- WO1997037473A1 WO1997037473A1 PCT/EP1997/001419 EP9701419W WO9737473A1 WO 1997037473 A1 WO1997037473 A1 WO 1997037473A1 EP 9701419 W EP9701419 W EP 9701419W WO 9737473 A1 WO9737473 A1 WO 9737473A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- unit
- access
- channel
- operator
- connection
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q11/00—Selecting arrangements for multiplex systems
- H04Q11/04—Selecting arrangements for multiplex systems for time-division multiplexing
- H04Q11/0428—Integrated services digital network, i.e. systems for transmission of different types of digitised signals, e.g. speech, data, telecentral, television signals
- H04Q11/0435—Details
- H04Q11/0457—Connection protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/38—Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
- H04M3/382—Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections using authorisation codes or passwords
Definitions
- the present invention relates to a method for checking the access authorization of an operator when accessing via a connection-oriented data network.
- the present invention relates to a method for checking the access authorization of an operator of a first unit when the first unit accesses a second unit via the ISDN network.
- the operator typically transmits information relating to the desired data record via a message channel of the digital data record to the decentralized unit after establishing a connection between the decentralized unit and the control center in which the data records are stored in the form of a database together with a secret number (PIN number) through which the access authorization di a ⁇ er operator on the ⁇ bank and was ⁇ ensures their subsequent billing to the, whereupon the center after reading out the betref ⁇ fenden record it over the already established after - straightening channel back to the decentralized unit.
- PIN number secret number
- a typical software, with which the establishment of such a connection is supported, is the widespread program, the essential program contents of which can be found in the manual "CompuServe Information Manager", CS-640 (11/89).
- Such methods for supplying data via digital data networks require considerable transmission times in the case of extensive data sets, which are associated with correspondingly high fees for the operators of the digital data network.
- media data such as digital sound and image information
- media data also represent a considerable volume of data even in the compressed state.
- Even with good compression of this data correspondingly high quality is obtained, for example, in the case of audio data (AES Stereo) still considerable transmission times since the compression must be carried out without loss.
- a problem in connection with the known method for supplying data is that unauthorized third parties can access a specific database at the expense of an authorized person if they succeed in obtaining the secret number or the security code (PIN number) to find out authorized person. This problem is particularly relevant when the operator uses the digital network "Internet", for example, to query the database, since with this network the path of the data from the decentralized unit to the central office cannot be determined and the transmitted data therefore cannot be accessed Third parties are protected.
- DE 3018945A1 is concerned with a method for the secure transmission of data from a first location to a second location via a conventional, non-connection-oriented data network.
- a PIN number is logically linked to an identification number for the terminal, whereby two code numbers are generated, one of which remains in the terminal as a start key and the other as a code signal to the second Point, namely the central computer, is transmitted.
- the non-connection-oriented data network which was obtained by combining the PIN number and the identification number. If the ⁇ o combined code falls into the hands of an unauthorized person when it is transmitted via the data network, they can then access the central computer.
- the present invention is based on the object of developing a method for checking the access authorization of an operator when a first unit accesses a second unit via a data network in such a way that improper access is not authorized People is prevented even if the PIN number of an authorized operator becomes known to an unauthorized third person.
- the invention provides a method for checking the access authorization of an operator of a first unit when the first unit accesses a second unit via a connection-oriented data network, which has a signaling channel and a message channel, with the following steps:
- the invention is based on the finding that complete security against unauthorized access can be achieved within connection-oriented data networks if, in addition to the calling party number transferred in the signaling channel before the connection is established, the PIN number is also transmitted in the signaling channel and if, before access is made possible, it is checked whether both the call number and the PIN number are stored as known and belong together, since it is not possible to falsify the call number within digital connection-oriented data networks without bringing the connection to a standstill.
- non-connection-oriented data networks which include, for example, the Internet
- the callback runs after the transmission of a connection request or call from a first unit, starting from the second unit, back to the specified callback number (calling party number).
- FIGS. 1 a and 1 b show a flow diagram of an exemplary embodiment of the data delivery method according to the invention.
- a decentralized unit selects the desired data record, for example in the form of a personal computer.
- the data record can be a desired piece of music, for example, which is stored in a database of a central office.
- the operator has a list of the data records stored in the control center, for example a list of music pieces that can be called up by the control center, for selection of the desired data record.
- the operator of the decentralized unit also selects the desired data delivery route.
- the operator selects either data delivery over the ISDN network or data delivery over a broadband medium.
- the broadband medium is, for example, a cable for the transmission of television signals and digital radio signals, a radio system with any transmitter and an associated receiver, or a broadcasting system based on satellite communication.
- Typical of such a broadband medium is, on the one hand, the increased bandwidth compared to digital networks and, on the other hand, the fact that the data transmitted from the control center via the broadband medium are essentially accessible to a plurality of decentralized units at the same time be made.
- the operator also transmits the desired delivery time, for example by specifying that the order is an immediate order or a non-immediate order, then information identifying the desired data record, information identifying the selected delivery time , a security code or a PIN number and the call number of the decentralized unit in the signaling channel or D channel of the ISDN network in the so-called UUS frame as a connection request (connect request in accordance with the international standard ITU Q.930 - Q. 940) to the head office.
- a connection request connect request in accordance with the international standard ITU Q.930 - Q. 940
- the UUS frame mentioned is a user-to-user signaling data packet with 131 bytes, which in step S2 also occurs in the case of an occupied data line or an occupied B channel of the center via the signaling channel or D Channel is transmitted or signaled to the control center. Since this signaling works independently of the busy or unoccupied status of the B channel, the number of ISDN lines required for the order can be kept low on the part of the head office. A single order line is typically sufficient.
- step S3 the control center checks whether the call number transmitted to the decentralized unit via the signaling channel is known, that is to say is contained in a table of the call numbers of the stored customers in the control center.
- step S4 a new customer registration is started if the data transmitted by the decentralized unit contains a new customer registration request. If such data has not been transmitted, this call is rejected while generating an error message.
- a procedure for new customer registration will be in the UUS frame transmitted information about the name, address and payment method of the new customer is stored.
- step S3 the security code or the PIN number is checked in step S5 to determine whether it matches one of the PIN numbers from a table that contains all the PIN numbers of all customers are, and whether, on the other hand, the transmitted number belongs to this PIN number, which is also checked by querying the table mentioned. If the PIN number is not found in the table or does not match the number, the call in question is rejected in step S6, recorded as a failed attempt and reported.
- step S5 If the transmitted PIN number proves to be OK during the test in step S5, the program continues with step S7.
- step S7 it is checked whether the message channel or B channel of the center is free or busy. If the message channel is free, a check is made in step S8 as to whether the present order is an immediate order. If this is the case, after establishing a connection via the B channel, the control center confirms the order via the B channel, stating a delivery telephone number under which the control center will make the subsequent delivery to the decentralized unit, whereupon ⁇ the connection via the B channel is disconnected.
- the corresponding control of this procedure is carried out by an administration unit VE for the management of orders and ISDN channels, which immediately after step S9 establishes a connection to the decentralized unit in step S10 using the delivery telephone number mentioned and delivers the desired data
- step S8 If the check in step S8 shows that there is no immediate order, the B channel is recognized as free If the connection of the B channel is established in a step S11, whereupon the central office confirms the receipt of the order, a delivery date, preferably at moonlight tariff, is transmitted to the decentralized unit, preferably the future delivery telephone number is communicated and the connection is then terminated, whereupon the method waits until the moonlight tariff occurs before a connection is established via step S10 with the decentralized unit for delivering the desired data in step S15.
- a delivery date preferably at moonlight tariff
- step S12 the order, together with the telephone numbers, PIN number and the information identifying the desired data record, is taken from the UUS frame of the D -Channel added by the headquarters.
- step S13 the control center checks whether the order is immediate. If so, the method continues with step S9.
- step S14 which is identical to the step S11.
- the delivery date (a delivery time at the moonlight tariff) is transmitted to the decentralized unit via the B-channel to the decentralized unit, whereupon the connection is terminated.
- the management unit VE effects the delivery of data to the decentralized unit via step S1O.
- the delivery date communicated to the customer for the delivery of the desired data enables the customer to keep his decentralized unit ready to receive at this time, for example by leaving his personal computer connected to the ISDN network switched on at the time mentioned.
- the decentralized unit it is also possible for the decentralized unit to be provided with a switch-on device, by means of which the central unit switches the decentralized unit on by signaling and sets it in readiness for receiving the delivery.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
Abstract
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU22899/97A AU2289997A (en) | 1996-03-29 | 1997-03-20 | Verfahren zum uberprufen der zugriffsberechtigung einer bedienungsperson bei einem zugriff uber ein verbindungsorientiertes datennetz |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE19612662A DE19612662A1 (de) | 1996-03-29 | 1996-03-29 | Verfahren zum Überprüfen der Zugriffsberechtigung einer Bedienungsperson bei einem Zugriff über ein verbindungsorientiertes Datennetz |
DE19612662.2960329 | 1996-03-29 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1997037473A1 true WO1997037473A1 (fr) | 1997-10-09 |
Family
ID=7789932
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP1997/001419 WO1997037473A1 (fr) | 1996-03-29 | 1997-03-20 | Procede pour le controle de l'autorisation d'acces d'un operateur lors d'un acces via un reseau de donnees a transmission en mode connexion |
Country Status (3)
Country | Link |
---|---|
AU (1) | AU2289997A (fr) |
DE (1) | DE19612662A1 (fr) |
WO (1) | WO1997037473A1 (fr) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001028207A1 (fr) * | 1999-10-12 | 2001-04-19 | Siemens Aktiengesellschaft | Procede destine a eviter l'acces abusif a un reseau |
FR2800541B1 (fr) * | 1999-11-03 | 2002-01-18 | Sagem | Procede de paiement securise par l'intermediaire d'un telephone mobile |
DE10302449A1 (de) * | 2003-01-22 | 2004-08-12 | Francotyp-Postalia Ag & Co. Kg | Anordnung zum Erfassen und gesicherten Speichern von Erfassungswerten |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0347155A2 (fr) * | 1988-06-13 | 1989-12-20 | Canon Kabushiki Kaisha | Appareil de communication |
JPH03262251A (ja) * | 1990-03-12 | 1991-11-21 | Canon Inc | Isdn接続の通信端末装置 |
JPH06261096A (ja) * | 1993-03-09 | 1994-09-16 | Ricoh Co Ltd | Isdn通信装置 |
US5467388A (en) * | 1994-01-31 | 1995-11-14 | Bell Atlantic Network Services, Inc. | Method and apparatus for selectively blocking incoming telephone calls |
US5497414A (en) * | 1994-05-04 | 1996-03-05 | Bell Atlantic Network Services, Inc. | Telephone system processing of designated caller ID private calls |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4288659A (en) * | 1979-05-21 | 1981-09-08 | Atalla Technovations | Method and means for securing the distribution of encoding keys |
-
1996
- 1996-03-29 DE DE19612662A patent/DE19612662A1/de not_active Withdrawn
-
1997
- 1997-03-20 AU AU22899/97A patent/AU2289997A/en not_active Withdrawn
- 1997-03-20 WO PCT/EP1997/001419 patent/WO1997037473A1/fr active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0347155A2 (fr) * | 1988-06-13 | 1989-12-20 | Canon Kabushiki Kaisha | Appareil de communication |
JPH03262251A (ja) * | 1990-03-12 | 1991-11-21 | Canon Inc | Isdn接続の通信端末装置 |
JPH06261096A (ja) * | 1993-03-09 | 1994-09-16 | Ricoh Co Ltd | Isdn通信装置 |
US5467388A (en) * | 1994-01-31 | 1995-11-14 | Bell Atlantic Network Services, Inc. | Method and apparatus for selectively blocking incoming telephone calls |
US5497414A (en) * | 1994-05-04 | 1996-03-05 | Bell Atlantic Network Services, Inc. | Telephone system processing of designated caller ID private calls |
Non-Patent Citations (3)
Title |
---|
BILL NEWMAN, CONNIE MCFARLAND: "Why ISDN?", TELECOMMUNICATIONS, February 1988 (1988-02-01), pages 34,36,38,40,41,43,45, XP000563574 * |
PATENT ABSTRACTS OF JAPAN vol. 16, no. 67 (E - 1168) 19 February 1992 (1992-02-19) * |
PATENT ABSTRACTS OF JAPAN vol. 18, no. 667 (E - 1645) 15 December 1994 (1994-12-15) * |
Also Published As
Publication number | Publication date |
---|---|
DE19612662A1 (de) | 1997-10-02 |
AU2289997A (en) | 1997-10-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE69117915T2 (de) | Rufvorrichtung für Kreditkartenfernsprechgerät in einem Fernsprechnetz und Betriebsverfahren | |
DE68919121T2 (de) | Anonymes Fernsprechsystem mit gegenseitiger Wechselwirkung und mit erweiterten äusseren Anrufmerkmalen. | |
DE69734933T2 (de) | Verfahren und anordnung zum automatischen vergeben und abrechnung von kommunikationsdiensten | |
DE69736760T2 (de) | Gerät und Verfahren für Telekommunikationsleitweglenkung | |
DE69906333T2 (de) | System und verfahren zur durchführung einer auktion über ein kommunikationsnetzwerk | |
DE69117814T2 (de) | Zugriffsverfahren für schnurlosen Telefondienst | |
DE69118115T2 (de) | Vorrichtung und Verfahren zur Gültigkeitserklärung für Kreditkarten in einen ISDN-Netz | |
EP1306789A2 (fr) | Serveur pour bloquer des cartes bancaires | |
DE19518930A1 (de) | Verfahren zur Verbindungssteuerung für interaktive Dienste | |
DE19726292A1 (de) | Verfahren zur geäuschlosen Überwachung von Telefongesprächen | |
EP0855069B1 (fr) | Procédé de paiement sans espèces pour les services pouvant être commandés à travers un réseau réparti de transmission de données | |
DE4001755A1 (de) | Faksimilegeraet | |
DE69729037T2 (de) | Billiges, automatisches und transparentes Zugriffverfahren und Protokoll für Telekommunikationsdienste-Anbieter über ISDN | |
EP1203497B1 (fr) | Procede d'actualisation de donnees concernant un abonne d'un reseau de telecommunications | |
WO1997037473A1 (fr) | Procede pour le controle de l'autorisation d'acces d'un operateur lors d'un acces via un reseau de donnees a transmission en mode connexion | |
DE19532490A1 (de) | Verfahren zur Bereitstellung von Ansagen für Dienste in einem Kommunikationsnetz sowie Dienststeuereinrichtung, Dienstunterstützungssystem, Dienstzugangseinrichtung, Dienstvermittlungsstelle und Dienstesystem | |
EP1014734B1 (fr) | Procédé d'écoutes légales d'un abonné dans un réseau intelligent | |
EP1022888B1 (fr) | Methode ou système pour la protection de l'accès au services de télécommunications | |
EP1260089B1 (fr) | Extension de la fonction "recheminement d'appel" | |
WO1998002991A1 (fr) | Procede de repartition d'une cle entre deux unites qui participent a une liaison par rnis/internet | |
EP0890245A1 (fr) | Procede de fourniture de donnees via un reseau teleinformatique | |
EP0890246A1 (fr) | Procede de remise de donnees via un moyen a large bande | |
DE4133147C2 (de) | Fernsprechendgerät | |
DE60131506T2 (de) | Verfahren zum Durchführen mehrerer Dienstleistungen während eines Telefonanrufes | |
WO2001061919A1 (fr) | Procede et systeme permettant de controler le contenu de conversations telephoniques |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH HU IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK TJ TM TR TT UA UG US UZ VN YU AM AZ BY KG KZ MD RU TJ TM |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH KE LS MW SD SZ UG AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF |
|
WA | Withdrawal of international application | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
122 | Ep: pct application non-entry in european phase | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
NENP | Non-entry into the national phase |
Ref country code: CA |
|
NENP | Non-entry into the national phase |
Ref country code: JP Ref document number: 1997534873 Format of ref document f/p: F |