User authentication in a communications network
First Claim
1. A telecommunications station for use with a telecommunications network, said station performing an authentication process in which said station exchanges authentication signals with the network and permits exchange of telecommunications traffic with the network only when said authentication process is successful, said station comprising:
- a network termination unit with a network port for connection to said network, and a terminal port for connection to separate non-authenticating user equipment;
separate non-authenticating user equipment removably connected to said terminal port;
wherein;
said network termination unit contains circuitry, connected to said network port, for performing said authentication process automatically upon detection of an off-hook condition indicating initiation of use of said separate non-authenticating user equipment and without further user intervention, and a switch connected between said terminal port and said network port, said switch being responsive to signals from said authentication circuitry to permit exchange of said telecommunications traffic between said user equipment and said network only when said authentication process is successful.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication system of a terminal on a public switched telephone network provides a security node associated with a local exchange and a network terminal. For one-way authentication, the terminal responds to a call initiation by sending a unique authentication code comprising a number and a secret key encrypted according to a first algorithm, the secret key being specific to the terminal. The security node constructs the expected authentication code from the number, using the first algorithm and a second key which is a function of a terminal identification number, and compares the expected code with the received code. In two-way authentication, the security node responds to the call initiation by sending a transaction number to the terminal encrypted according to a second algorithm. The terminal generates the authentication code as a function of the first algorithm, the secret key and the transaction number. The authentication code is sent back to the security node. An expected code is compared with the received one in the same way. In both cases, a match between expected and received authentication codes constitutes authentication of the terminal allowing the user access to the network.
57 Citations
20 Claims
-
1. A telecommunications station for use with a telecommunications network, said station performing an authentication process in which said station exchanges authentication signals with the network and permits exchange of telecommunications traffic with the network only when said authentication process is successful, said station comprising:
-
a network termination unit with a network port for connection to said network, and a terminal port for connection to separate non-authenticating user equipment;
separate non-authenticating user equipment removably connected to said terminal port;
wherein;
said network termination unit contains circuitry, connected to said network port, for performing said authentication process automatically upon detection of an off-hook condition indicating initiation of use of said separate non-authenticating user equipment and without further user intervention, and a switch connected between said terminal port and said network port, said switch being responsive to signals from said authentication circuitry to permit exchange of said telecommunications traffic between said user equipment and said network only when said authentication process is successful.
-
-
2. An authentication station for connection between a telecommunications network and separate non-authenticating user equipment, comprising:
-
a network port for connecting the authentication station to the telecommunications network;
a terminal port for removably connecting the authentication station to the separate non-authenticating user equipment, said separate non-authenticating user equipment being incapable of providing authentication for any other equipment connected thereto; and
authentication circuitry for automatically, upon detection of an off-hook condition indicating initiation of use of said separate non-authenticating user equipment and without further user intervention, exchanging authentication signals with the network and permitting exchange of telecommunications traffic between the telecommunications network and the separate non-authenticating user equipment only when an authentication process between the telecommunications network and said authentication station permits said exchange.
-
-
3. A method of authenticating a line of a communications network automatically upon detection of an off-hook condition of separate non-authenticating user equipment and without further user intervention, the line being connected to a network termination unit, said network termination unit not functioning as a user terminal and having a port for removable operative connection to said separate non-authenticating user equipment, the method comprising the steps of:
-
detecting an off-hook condition of the separate non-authenticating user equipment;
indicating to a security node associated with the network that a user of the network termination unit requires use of the network;
calculating an authentication code at the network termination unit, the authentication code being a function of a transaction number encrypted by means of at least one first key associated with the termination unit, and an algorithm;
transmitting the authentication code to the security node;
calculating an expected authentication code at the security node based on the transaction number, the algorithm and said at least one first key;
comparing the expected authentication code with the received authentication code; and
denying unrestricted access to the network for the network termination unit unless the expected and received authentication codes match. - View Dependent Claims (4, 5, 6, 7, 8, 9)
-
-
10. A system for authenticating lines of a communications network automatically upon detection of an off-hook condition of separate non-authenticating user equipment each connected to the network via a network termination unit and without further user intervention, comprising:
-
a plurality of network termination units each connected to the network, each of said plurality of network termination units not functioning as a user terminal and having a terminal port for removable operative connection to said separate non-authenticating user equipment compatible with the network, at least one of the network termination units comprising processing means including a memory, and signaling means operably connected to the network and enabled by the processing means, the signaling means being arranged to transmit to the line an authentication code automatically after a potential user initiates a use of the network, the authentication code being calculated by the processing means as a function of a transaction number encrypted by means of an algorithm and a key associated with that network termination unit; and
a security node operable to receive authentication codes from the network termination units, to determine whether a received code corresponds, in accordance with said algorithm, to the transaction number a key corresponding to that network termination unit, and to deny unrestricted access to the network for that unit unless such correspondence is found. - View Dependent Claims (11, 12, 13, 14, 15)
-
- 16. A network termination unit for a communications network, the network termination unit not functioning as a user terminal and comprising a terminal port for removable operative connection to separate non-authenticating user equipment compatible with the network, a network port for connecting the network termination unit to a line of the network, processing means including a memory, and signaling means arranged to transmit signals through the network port, the processing means being operable, following initiation of use of the network by a user, to automatically, upon detection of an off-hook condition of said separate non-authenticating user equipment connected to said network termination unit and without further user intervention, calculate an authentication code which is a function of a transaction number encrypted by means of an algorithm and a key stored in the processing means and to enable the signaling means to transmit the authentication code through the network port.
-
19. A communications network comprising:
-
a plurality of network termination units connected to the network, said network termination units not functioning as a user terminal and including a terminal port for removable operative connection to separate non-authenticating user equipment;
at least one of said plurality of network termination units comprising a processor, said processor including a memory and a signaling circuit enabled by said processor and operatively connected to the network;
said signaling circuit being arranged to transmit an authentication code automatically, upon detection of an off-hook condition of said separate non-authenticating user equipment connected to said network termination unit and without further user intervention, said authentication code being determined by the processor based on a transaction number encrypted by an algorithm and a key associated with the network termination unit; and
a security node operable to receive authentication codes from the network termination units, said security node further determining whether a received code corresponds to the transaction number and a key corresponding to that network termination unit, said security node denying unrestricted access to the network for that unit unless a correspondence is found.
-
-
20. A network termination unit that does not function as a user terminal comprising:
-
a terminal port for removably operatively connecting the network termination unit to separate non-authenticating user equipment;
a network port for connecting the network termination unit to a line of a communications network; and
a processor including a memory and a signaling circuit arranged to transmit signals through the network port, said processor being operable, automatically, upon detection of an off-hook condition of said separate non-authenticating user equipment connected to said network termination unit and without further user intervention, to determine an authentication code based on a transaction number encrypted by means of an algorithm and a key stored in the processor, said processor further enabling the signaling circuit to transmit the authentication code through the network port.
-
Specification