Secure dial access to computer systems

US 5,003,595 A
Filed: 08/29/1989
Issued: 03/26/1991
Est. Priority Date: 08/29/1989
Status: Expired due to Term

First Claim

Patent Images

1. A method of obtaining secure authenticated telecommunications access via a communications network to a target computer comprising the steps of:

in a processor means for authenticating access to the target computer, responsive to receipt of a call and called at a for said call over an access facility from said network, the call data comprising a number of a caller supplied by said network, testing whether the number is in a list of numbers of users authorized to access the target computer; and

if the number is in the list, connecting the call to the target computer;

responsive to receipt of said call, testing whether the number is in a reject list of the processor means; and

if the number is in the reject list, disconnecting the call;

receiving additional repeated calls and repeated call data for said additional calls, said repeated call data comprising a specific number, the specific number not being on the list of numbers authorized; and

responsive to receiving the additional repeated call data calls, adding the specific number to the reject list.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention relates to a method and apparatus for making it difficult for unauthorized callers to access a target computer such as a data base for providing data to and accepting orders from agents. The caller is identified by an arrangement that is relatively secure from tampering. The caller'"'"'s telephone number is identified by Automatic Number Identification (ANI) and forwarded to an adjunct processor associated with the target computer. The ANI number is compared with a stored list of authorized ANI numbers and if there is a match, the caller is connected to the target computer. The arrangement also provides other facilities including automatic rejection of calls from a second list of ANI numbers, trapping of calls from a third list of ANI numbers and facilities for permitting authorized agents calling from unauthorized numbers to access the target computer. Advantageously, an arrangement, ANI, which is highly resistant to tampering is used for identifying the caller, thus making it very difficult for unauthorized callers to get access to the target computer.

264 Citations

14 Claims

1. A method of obtaining secure authenticated telecommunications access via a communications network to a target computer comprising the steps of:
- in a processor means for authenticating access to the target computer, responsive to receipt of a call and called at a for said call over an access facility from said network, the call data comprising a number of a caller supplied by said network, testing whether the number is in a list of numbers of users authorized to access the target computer; and
  
  if the number is in the list, connecting the call to the target computer;
  
  responsive to receipt of said call, testing whether the number is in a reject list of the processor means; and
  
  if the number is in the reject list, disconnecting the call;
  
  receiving additional repeated calls and repeated call data for said additional calls, said repeated call data comprising a specific number, the specific number not being on the list of numbers authorized; and
  
  responsive to receiving the additional repeated call data calls, adding the specific number to the reject list.

2. A method of obtaining secure authenticated telecommunications access via a communications network to a target computer comprising the steps of:
- in a processor means for authenticating access to the target computer, responsive to receipt of a call and call data for said call over an access facility from said network, the call data comprising a number of a caller supplied by said network, testing whether the number is in a list of numbers of users authorized to access the target computer; and
  
  if the number is in the list, connecting the call to the target computer;
  
  responsive to receipt of said call, testing whether the number is in a reject list of the processor means; and
  
  if the number is in the reject list, disconnecting the call;
  
  wherein the disconnecting step comprises disconnecting without returning an answer supervision signal for charging a call.

3. A method of obtaining secure authenticated telecommunications access via a communications network to a target computer comprising the steps of:
- in a processor means for authenticating access to the target computer, responsive to receipt of a call and call data for said call over an access facility from said network, the call data comprising a number of a caller supplied by said network, testing whether the number is in a list of numbers of users authorized to access the target computer;
  
  if the number is in the list, connecting the call to the target computer;
  
  responsive to receipt of said call, testing whether the number is in a reject list of the processor means;
  
  if the number is in the reject list, disconnecting the call; and
  
  maintaining a count of a number of calls received from a number on the reject list.
- View Dependent Claims (4)
- - 4. The method of claim 3 further comprising:
    - if the count exceeds a predetermined threshold, generating an alarm signal.

5. A method of obtaining secure authenticated telecommunications access via a communications network to a target computer comprising the steps of:
- in a processor means for authenticating access to the target computer, responsive to receipt of a call and call data for said call over an access facility from said network, the call data comprising a number of a caller supplied by said network, testing whether the number is in a list of numbers of users authorized to access the target computer;
  
  if the number is in the list, connecting the call to the target computer;
  
  responsive to receipt of another call comprising other call data including another number of another caller, testing whether said another number is in a trap list; and
  
  if the another number is in the trap list, connecting the call to trap processor means for recording information about said another caller.
- View Dependent Claims (6, 7)
- - 6. The method of claim 5 further comprising the step of:
    - entering a number in the trap list in response to a command from a target computer administrator.
  - 7. The method of claim 5 further comprising:
    - if said another number is in the trap list, generating an alarm signal.

8. A method of obtaining secure authenticated telecommunications access via a communications network to a target computer comprising the steps of:
- in a processor means for authenticating access to the target computer, responsive to receipt of a call and call data for said call over an access facility from said network, the call data comprising a number of a caller supplied by said network, testing whether the number is in a list of numbers authorized to access the target computer; and
  
  if the number is in the list, connecting the call to the target computer;
  
  if the number is not in the list, disconnecting the call;
  
  wherein the disconnecting step comprises disconnecting without returning an answer supervision signal for charging a call.

9. A method of obtaining secure authenticated telecommunications access to a target computer comprising the steps of:
- in a processor means for authenticating access to the target computer, storing at least one first list of numbers of users defining a computer access treatment for members of each of the at least one first list and second lists for identifying customers of a first and second class;
  
  responsive to receipt of a call in the processor means over an access facility of a communications network, testing whether a telephone number of a caller of the call supplied by said network matches a number on said at least one first list;
  
  if no match is found, and the caller provides an identity of a customer of the first class, calling the caller back at a number associated with the caller and recorded in the second list; and
  
  if no match is found and the caller provides an identity of a customer of the second class, connecting the caller to the target computer only if the caller passes a login procedure.

10. Processor means, connected to a communications network via an integrated digital signal interface, comprising:
- a list of caller identification numbers stored in a memory of said processor means authorized to access a computer,said processor means responsive to data received over said integrated digital signal interface comprising a signaling channel not controllable by a user for receiving a caller identification number over said signaling channel of said interface to check whether said received identification number matches an identification number in said list stored in said memory; and
  
  said processor means further responsive to determining that said received identification number matches said identification number in said list, controlling connection of an incoming call associated with said received identification number to a target computer.
- View Dependent Claims (11, 12)
- - 11. The processor means of claim 10 further comprising:
    - another list stored in said memory of caller identification numbers whose calls are to be rejected if received;
      
      said processor means responsive to said identification number received over said interface to check whether said received identification number matches an identification number stored in said another list; and
      
      said processor means further responsive to determining that said identification number matches said identification number stored in said another list, for controlling disconnection of an incoming call associated with said received identification number.
  - 12. The processor means of claim 11 further comprising:
    - a third list of identification numbers, stored in said memory, of callers to be connected to means for recording caller data from a connected caller;
      
      said processor means responsive to said data received over said interface to check whether said received identification number matches an identification number stored in said third list of identification numbers; and
      
      responsive to determining that said received identification number matches said identification number stored in said third list of identification numbers, controlling connection of an incoming call associated with said received identification number to said means for recording caller data.

13. A method of obtaining secure authenticated telecommunications access via a communications network to a target computer comprising the steps of:
- identifying a caller telephone number by automatic number identification;
  
  in a processor means for authenticating access to the target computer, responsive to receipt of a call and call data for said call over an access facility from said network, the call data comprising said caller number, testing whether said caller number is in an authorized user list, stored in memory of said processor means, comprising numbers of users authorized to access the target computer;
  
  if the number is in the authorized user list connecting the call to the target computer;
  
  testing whether the caller number is in a reject list of the processor means;
  
  if the number is in the reject list, disconnecting the call without returning an answer supervision signal for charging a call;
  
  maintaining a count of calls from callers having a number not on the authorized user list;
  
  when the count for a specific caller number exceeds a predetermined threshold, adding said specific caller number to said reject list;
  
  resting whether said caller number is in a trap list of the processor means;
  
  if the number is in the trap list, connecting the call to processor means for recording information about a connected caller;
  
  entering and deleting numbers to the authorized user list, the reject list and the trap list under the control of an administrator;
  
  recording numbers for calls to the target computer;
  
  responsive to receipt of call data for another call, wherein said data for said another call does not include a number of a caller, receiving further data from a caller of said another call identifying said caller of said another call in said processor means; and
  
  if said further data identifies an authorized user, calling said caller of said another call back at a number stored in another list of users authorized to access the target computer;
  
  wherein the list of authorized users comprises a plurality of sublists each sublist corresponding to at least one of a plurality of port groups of the target computer and wherein the connecting step comprises;
  
  if the number is in a specific one of the plurality of sublists, connecting the call to one of the ports of the at lest one of the port groups corresponding to the specific one of the plurality of sublists.

14. A method of obtaining secure authenticated telecommunications access via a communications network to a target computer comprising the steps of:
- in a processor means for authenticating access to the target computer, responsive to receipt of a call and call data for said call over an access facility from said network, the call data comprising a number of a caller supplied by said network, testing whether the number is in a list of numbers of users authorized to access the target computer;
  
  if the number is in the list, connecting the call to the target computer;
  
  responsive to receipt of another call and called at a for said another call, wherein said call data for said another call does not include a number of a caller, receiving further data from a caller of said another call, identifying said caller of said another call;
  
  if said further data identifies an authorized user, calling said caller of said another call back at a number stored in another list of users authorized to access the target computer; and
  
  if said further data does not identify an authorized user, connecting said caller to a signal for identifying a telephone number for receiving assistance in establishing a call to said target computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bell Telephone Laboratories, Inc. (Nokia Corporation), Lucent Technologies, Inc. (Nokia Corporation)
Original Assignee
AT&T, Inc.
Inventors
Collins, Cynthia B., Mueller, Kay L., Lynch, Francis T.
Primary Examiner(s)
Buczinski, Stephen C.
Assistant Examiner(s)
Gregory, Bernarr Earl

Application Number

US07/399,808
Time in Patent Office

574 Days
Field of Search

364/200, 364/900, 380/23, 380/25, 380/3-5, 380/49-50, 379/95, 340/825.34, 340/825.31
US Class Current

1/1
CPC Class Codes

G06F 21/313   using a call-back technique...

H04M 2242/22   Automatic class or number i...

H04M 3/382   using authorisation codes o...

H04M 3/42   Systems providing special s...

H04M 3/42059   Making use of the calling p...

H04M 3/436   Arrangements for screening ...

H04M 3/48   Arrangements for recalling ...

H04M 3/493   Interactive information ser...

H04Q 3/625   Arrangements in the private...

H04Q 3/72   Finding out and indicating ...

Y10S 379/903   Password

Y10S 707/99939   Privileged access

Secure dial access to computer systems

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

264 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Secure dial access to computer systems

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

264 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links