User-transparent security method and apparatus for authenticating user terminal access to a network
First Claim
1. A method for determining whether access to a network from a selected one of a plurality of user terminals in communication through the network is authorized, each of the plurality of user terminals having an identifier for distinguishing one of the user terminals from the remainder of the user terminals within the network, the method comprising the steps of:
- detecting the identifier of the selected user terminal upon establishment of a communication between the network and the user terminal, the identifier containing information of the user terminal'"'"'s coupling to the network;
retrieving from the user terminal a password;
comparing the identifier and the password;
allowing access to the network for the selected user terminal if a first predetermined portion of the identifier and a second predetermined portion of the password satisfy a predetermined relation between the first predetermined portion of the identifier and the second predetermined portion of the password; and
denying access to the network for the selected user terminal if the first predetermined portion of the identifier and the second predetermined portion of the password do not satisfy the predetermined relation between the first predetermined portion of the identifier and the second predetermined portion of the password,wherein the detecting, retrieving and comparing steps are automatically performed independent of and transparent to the user by a network control center in communication with the network.
4 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a password authentication security system for a telecommunications network having a plurality of user terminals or subscriber stations communicably coupled to the network. The system comprises a network control center coupled to the subscriber stations, to service provider stations and to network databases via the network. Upon establishment of a communication with a subscriber station, a network coupling identifier comprising in one embodiment the telephone number of the line to which the subscriber station is connected is detected at a telephone switching office and transmitted to the control center. If this is the first time communications have been established between the subscriber station and the network, the received telephone number is encrypted to produce a secret password that is then automatically transmitted to the subscriber station for storage in memory. Upon subsequent communications, the telephone number is again received by the control center where it is encrypted to produce a second password. The first password is then automatically retrieved from memory of the subscriber station independent of user interaction. The two passwords are compared, and the network control center causes the incoming call of the selected user terminal to be connected to a network service provider station, a network database, a network output device or the like if the passwords are at least similar. If the two passwords are not at least similar, the control center causes the incoming call of the selected user terminal to be disconnected, thereby terminating the user terminal'"'"'s access to the network.
-
Citations
25 Claims
-
1. A method for determining whether access to a network from a selected one of a plurality of user terminals in communication through the network is authorized, each of the plurality of user terminals having an identifier for distinguishing one of the user terminals from the remainder of the user terminals within the network, the method comprising the steps of:
-
detecting the identifier of the selected user terminal upon establishment of a communication between the network and the user terminal, the identifier containing information of the user terminal'"'"'s coupling to the network; retrieving from the user terminal a password; comparing the identifier and the password; allowing access to the network for the selected user terminal if a first predetermined portion of the identifier and a second predetermined portion of the password satisfy a predetermined relation between the first predetermined portion of the identifier and the second predetermined portion of the password; and denying access to the network for the selected user terminal if the first predetermined portion of the identifier and the second predetermined portion of the password do not satisfy the predetermined relation between the first predetermined portion of the identifier and the second predetermined portion of the password, wherein the detecting, retrieving and comparing steps are automatically performed independent of and transparent to the user by a network control center in communication with the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. In a security system for authenticating access to a network from a selected one of a plurality of user terminals in communication through the network, each of the plurality of user terminals having an identifier for distinguishing one of the user terminals from the remainder of the user terminals within the network, a method is provided for selecting and passing to the selected user terminal a password used to obtain access to the network, the method comprising the steps of:
-
detecting the identifier of the selected user terminal upon establishment of a communication between the network and the user terminal, the identifier containing unique information of the user terminal'"'"'s coupling to the network; encrypting the identifier to generate a secret password; and transmitting the password to the user terminal via the network. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. In a security system for a telecommunications network having a plurality of user terminals in communication through the network, an apparatus is provided for authenticating access to the network from a selected one of the plurality of user terminals having memory, each of the plurality of user terminals having an identifier for distinguishing one of the user terminals from the remainder of the user terminals within the network, the apparatus comprising:
a network control center in communication with the network for receiving the identifier from memory of the selected user terminal upon establishment of a communication between the network and the user terminal, the identifier comprising one of a communications channel indicator, a network address and a telephone number of an incoming communication from the selected user terminal, the network control center comprising comparison logic for comparing the identifier with a password read from a predetermined location in memory of the selected user terminal, and a switch for allowing or denying access to the network for the selected user terminal based upon the result of the comparison. - View Dependent Claims (22, 23, 24)
-
25. In a telecommunications system comprising a network service bureau having subscriber accounts and being in communication with one or more subscriber stations via a telecommunications network for the provision of services and information from the network to subscribers located at the subscriber stations, a method is provided for uniquely associating each subscriber with a corresponding subscriber account maintained at the service bureau upon establishment of communications between the subscriber and the service bureau, the method comprising the steps of:
-
creating a subscriber account for each subscriber upon initial communication between the subscriber and the service bureau; associating the subscriber account with a unique telephone number provided by the subscriber, the telephone number being assigned by the telecommunications network to a first subscriber station from which the subscriber currently establishes communications with the service bureau and recorded at the service bureau for future use in associating the subscriber with the subscriber account; detecting the telephone number generated by an automatic number identification service of the network upon subsequent establishments of communication between the subscriber and the service bureau; and selecting the subscriber account associated with the generated telephone number; wherein when the subscriber selects a second different subscriber station for establishing communications with the service bureau, the method further comprises the step of the telecommunications network assigning the same unique telephone number to the second subscriber station such that upon call establishment between the subscriber from the second subscriber station to the service bureau, the previously created subscriber account will be selected for the subscriber.
-
Specification