×

Method and apparatus for enhancing security of communications in a packet-switched data communications system

  • US 4,799,153 A
  • Filed: 09/17/1987
  • Issued: 01/17/1989
  • Est. Priority Date: 12/14/1984
  • Status: Expired due to Term
First Claim
Patent Images

1. In a packet-switched data communications system having a network with at least one data entry and display terminal for system users and at least one host data processor having a stored database for communicating with said terminal via plural data transmission paths of said network, wherein communication and processing of data is accomplished according to a pre-established protocol and data format and with preprogrammed software and wherein any user may obtain access from a terminal to the database associated with a selected processor for a data communications session therewith, the security improvement comprising:

  • a terminal security means introduced into said system in data communicative relationship with said terminal and said network for generating an initial data packet including data identifing an authorized user and the address of the processor with the database to be accessed, in advance of at least one additional data packet containing message data to be processed by the addressed processor, said intial data packet generated in said format and compatible with said protocol but incompatible with said programmed software for processing by the addressed processor, said terminal security means includingmeans responsive to user-initiated data entry seeking access from a terminal for detecting whether the data entry includes user identify data, andmeans responsive to said detection for transmitting said initial data packet and said at least one additional data packet to the addressed processor via said network; and

    a host security means introduced into said system in data communicative relationship with said network to intercept and process said initial data packet for allowing or denying the requested access according to whether any user identity data contained in the intercepted initial data packet designates the initiating user as authorized or unauthorized, respectively, to obtain the requested access, said incompatibility of said initial data packet rendering it and immediately following data packets unsuitable for processing by the addressed processor, whereby neither data contained in the initial data packet nor the message data contained in additional data packets immediately following said initial data packet can be processed by the addressed processor should said host security means fail for any reason to intercept said initial data packet, said host security means includingmeans for processing the intercepted initial data packet to detect any such user identity data contained therein,means responsive to detected user identity data for authenticating the authorization of the user therefrom, andmeans responsive to authentication of user authorization for generating an artificial data packet in place of said initial data packet, to render the immediately following data packets compatible with both said protocol and said preprogrammed software to enable the addressed processor to process the message data contained in said at least one additional data packet and to provide the requested access for a communications session with the authorized user.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×