Method and apparatus for authenticated dial-up access to command controllable equipment

US 20060195694A1
Filed: 12/23/2005
Published: 08/31/2006
Est. Priority Date: 01/16/2001
Status: Abandoned Application

First Claim

Patent Images

1-60. -60. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for secure and authenticated access to command controllable computerized equipment is described. The method involves using an access apparatus that prevents access to the command controllable computerized equipment until a user is authenticated as a trusted user authorized to access the command controllable computer equipment. The apparatus may be a secure access controller or a secure access transceiver. Each has a normally disabled data port that prevents the pass-through of data until a user is authenticated as a trusted user. The apparatus may operate under autonomous control or under the control of a network centric control facility. The advantage is secure control of access to command controllable computerized equipment that enables remote access to the equipment by authorized users with substantially no risk of compromise.

15 Citations

View as Search Results

106 Claims

1-60. -60. (canceled)

61. A system for controlling access to computerized equipment by a remote entity, said system comprising:
- an authentication server and an access controller interconnectable with each other and with said remote entity for communications therebetween, said access controller connected to said computerized equipment;
  
  said authentication server operable to provide said remote entity with a first access key and said access controller with a second access key corresponding to said first access key;
  
  said access controller operable to attempt to authenticate said remote entity at least in part on a basis of said access keys, wherein said access controller enables data to pass from said remote entity to said computerized equipment only upon successful authentication of said remote entity.
- View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75)
- - 62. A system as defined in claim 61, wherein said authentication server is operable to generate said first and second access keys.
  - 63. A system as defined in claim 61, wherein said access controller and said remote entity are interconnectable over a first communications link and said authentication server and said remote entity are interconnectable over a second communications link, each of said communications links being established via a network.
  - 64. A system as defined in claim 63, wherein said network is the PSTN.
  - 65. A system as defined in claim 61, wherein said computerized equipment is a telecommunications switch.
  - 66. A system as defined in claim 61, wherein said authentication server is responsive to a request from said remote entity for access to said computerized equipment to provide said remote entity and said access controller with said access keys.
  - 67. A system as defined in claim 61, wherein said authentication of said remote entity performed by said access controller includes a validation process utilizing said keys.
  - 68. A system as defined in claim 67, wherein said validation process includes a generation of a random number by said access controller, a delivery of said random number to said remote entity, an encryption of said random number by said remote entity using said first access key, a delivery of said encrypted random number from said remote entity to said access controller, a decryption of said encrypted number using said second access key by said access controller, and a comparison of said random number and said decrypted number to validate that said remote entity is authorized to access said computerized equipment.
  - 69. A system as defined in claim 68, wherein if a match is found between said random number and said decrypted number, said access controller enables data to pass from said remote entity to said computerized equipment.
  - 70. A system as defined in claim 68, wherein if no match is found between said random number and said decrypted number, said access controller prevents data from passing from said remote entity to said computerized equipment.
  - 71. A system as defined in claim 68, wherein said remote entity provides said encrypted random number with a digital signature before sending said encrypted random number to said access controller, said access controller operable to verify said digital signature to ensure that said remote entity is authorized to access said computerized equipment before decrypting said encrypted random number.
  - 72. A system as defined in claim 61, wherein said authentication server only provides said first access key to said remote entity if a user operating said remote entity authenticates said user'"'"'s identity with said authentication server.
  - 73. A system as defined in claim 61, wherein said first and second access keys are valid for only one access session to said computerized equipment.
  - 74. A system as defined in claim 61, wherein said first and second access keys are valid for a predetermined period of time.
  - 75. A system as defined in claim 61, wherein said first and second access keys are valid for a duration of a service to be performed on said computerized equipment.

76. A method for controlling access to computerized equipment by a remote entity, the computerized equipment connected to an access controller operative to enable data to be passed from the remote entity to the computerized equipment if the remote entity is successfully authenticated, said method comprising:
- receiving a request for access to the computerized equipment from the remote entity;
  
  determining a first access key and a second access key corresponding to said first access key;
  
  providing said first access key to the remote entity;
  
  providing said second access key to the access controller for use in the authentication of the remote entity.
- View Dependent Claims (77, 78, 79, 80, 81, 82, 83)
- - 77. A method as defined in claim 76, wherein the step of determining said first and second access keys includes generating said first and second access keys.
  - 78. A method as defined in claim 76, wherein authentication of the remote entity by the access controller includes a validation process utilizing said keys.
  - 79. A method as defined in claim 78, wherein said validation process includes a generation of a random number by the access controller, a delivery of said random number to the remote entity, an encryption of said random number by the remote entity using said first access key, a delivery of said encrypted random number from the remote entity to the access controller, a decryption of said encrypted number using said second access key by the access controller, and a comparison of said random number and said decrypted number to validate that the remote entity is authorized to access the computerized equipment.
  - 80. A method as defined in claim 76, further comprising the steps of identifying a user operating the remote entity and authenticating the identity of the user prior to providing said first access key to the remote entity.
  - 81. A method as defined in claim 76, wherein said first and second access keys are valid for only one access session to the computerized equipment.
  - 82. A method as defined in claim 76, wherein said first and second access keys are valid for a predetermined period of time.
  - 83. A method as defined in claim 76, wherein said first and second access keys are valid for a duration of a service to be performed on the computerized equipment.

84. An authentication server for controlling access to computerized equipment by a remote entity, said computerized equipment connected to an access controller, said authentication server responsive to a request from said remote entity for access to said computerized equipment to provide said remote entity with a first access key and said access controller with a second access key corresponding to said first access key, wherein said first access key is usable by said remote entity for communication with said access controller and said second access key is usable by said access controller for attempting to authenticate said remote entity, said access controller enabling data to be passed from said remote entity to said computerized equipment only upon successful authentication of said remote entity.

85. In an authentication server, a method of controlling access to computerized equipment by a remote entity, said computerized equipment connected to an access controller operative to enable data to be passed from said remote entity to said computerized equipment if said remote entity is successfully authenticated, said method comprising:
- receiving a request from said remote entity for access to said computerized equipment;
  
  delivering a first access key to said remote entity, said first access key usable by said remote entity for communication with said access controller;
  
  delivering a second access key to said access controller for use in the authentication of said remote entity.
- View Dependent Claims (86, 87, 88, 89, 90, 91, 92)
- - 86. A method as defined in claim 85, further comprising the step of generating said first and second access keys in response to said request from said remote entity for access to said computerized equipment.
  - 87. A method as defined in claim 85, wherein the step of delivering a second access key to said access controller includes:
    - establishing a communications session with said access controller;
      
      validating to said access controller that said authentication server is a trusted administrator;
      
      commencing an administration session with said access controller; and
      
      transmitting said second access key to said access controller for storage in a memory of said access controller.
  - 88. A method as defined in claim 85, further comprising the step of providing updated authentication information to said access controller for use in authenticating said remote entity.
  - 89. A method as defined in claim 88, wherein said updated authentication information includes one or more access certificates.
  - 90. A method as defined in claim 89, wherein said one or more access certificates include one or more electronic access keys.
  - 91. A method as defined in claim 88, wherein said updated authentication information includes an updated second access key.
  - 92. A method as defined in claim 88, wherein said updated authentication information includes one or more lists of revoked electronic access keys.

93. An access controller for intermediating communications between a remote entity and computerized equipment, said remote entity using a first access key for communicating with said access controller, said access controller operative to use a second access key complementary to said first access key for attempting to authenticate said remote entity, said access controller enabling data to be passed from said remote entity to said computerized equipment only upon successful authentication of said remote entity.
- View Dependent Claims (94, 95)
- - 94. An access controller as defined in claim 93, wherein said authentication of said remote entity by said access controller includes a validation process utilizing said access keys.
  - 95. An access controller as defined in claim 94, wherein said validation process includes a generation of a random number by said access controller, a delivery of said random number to said remote entity, an encryption of said random number by said remote entity using said first access key, a delivery of said encrypted random number from said remote entity to said access controller, a decryption of said encrypted number using said second access key by said access controller, and a comparison of said random number and said decrypted number to validate that said remote entity is authorized to access said computerized equipment.

96. In an access controller, a method for selectively passing data from a remote entity to computerized equipment in order to ensure secure access to the computerized equipment, said remote entity using a first access key for communicating with said access controller, said method comprising:
- using a second access key complementary to said first access key for attempting to authenticate said remote entity;
  
  if authentication of said remote entity is successful, enabling data to be passed from said remote entity to said computerized equipment;
  
  if authentication of said remote entity fails, preventing data from being passed from said remote entity to said computerized equipment.
- View Dependent Claims (97, 98, 99, 100, 101, 102, 103, 104, 105, 106)
- - 97. A method as defined in claim 96, wherein attempting to authenticate said remote entity includes implementing a validation process utilizing said access keys.
  - 98. A method as defined in claim 97, wherein said validation process includes a generation of a random number by said access controller, a delivery of said random number to said remote entity, an encryption of said random number by said remote entity using said first access key, a delivery of said encrypted random number from said remote entity to said access controller, a decryption of said encrypted number using said second access key by said access controller, and a comparison of said random number and said decrypted number to validate that said remote entity is authorized to access said computerized equipment.
  - 99. A method as defined in claim 96, further comprising the step of receiving said second access key from an authentication server, said authentication server operable to initiate communications sessions with said remote entity and said access controller in order to provide said remote entity and said access controller with said first and second access keys respectively.
  - 100. A method as defined in claim 99, further comprising the step of validating that said authentication server is a trusted administrator.
  - 101. A method as defined in claim 100, wherein the step of validating said authentication server includes:
    - generating a segment of data and sending the segment of data to said authentication server;
      
      receiving the segment of data returned from said authentication server in an encrypted form and decrypting the encrypted segment of data using said second access key; and
      
      comparing the decrypted segment of data to a copy of the segment of data, and dropping the communications session if the segments of data do not match.
  - 102. A method as defined in claim 99, wherein said access controller receives updated authentication information from said authentication server for use in authenticating said remote entity.
  - 103. A method as defined in claim 102, wherein said updated authentication information includes one or more access certificates.
  - 104. A method as defined in claim 103, wherein said one or more access certificates include one or more electronic access keys.
  - 105. A method as defined in claim 102, wherein said updated authentication information includes an updated second access key.
  - 106. A method as defined in claim 102, wherein said updated authentication information includes one or more lists of revoked electronic access keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
William G O'Brien
Original Assignee
William G O'Brien
Inventors
O'Brien, William G.

Application Number

US11/315,010
Publication Number

US 20060195694A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/108   when the policy decisions a...

Method and apparatus for authenticated dial-up access to command controllable equipment

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

106 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for authenticated dial-up access to command controllable equipment

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

106 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others