Secure access from a user location to multiple target systems with a simplified user interface
First Claim
1. A method of providing secure access from a user system at a user location to a target system at a secure location, said method allowing access from said user location to a plurality of target locations including said secure location, wherein said secure access is provided on a telecommunication network capable of supporting connectivity to said plurality of target locations simultaneously from said user location, said method comprising the steps of:
- (a) configuring said telecommunication network to provide connectivity from said user location to each of said plurality of target locations, wherein said connectivity is provided via a switch at said user location, said switch having a first switch setting corresponding to said target system at said secure location and at least one other switch setting corresponding to said plurality of target locations other than said secure location;
(b) enabling a user to select a desired target location to which access is to be provided;
(c) disabling the connectivity between said user location and all of said plurality of target locations except said desired target location selected in step (b) by having said switch at said first switch setting if said desired target location corresponds to said secure location; and
(d) transferring data between said user system and said desired target location to provide a virtual circuit between said user location and said desired target location, wherein said transferred data provides basis for access of said target system from said user system, wherein the disabling of step (c) ensures that said access from said user system to said target system at said desired secure location is secure.
21 Assignments
0 Petitions
Accused Products
Abstract
A telecommunication system which provides secure access from a user system at a user location to target systems at a desired target location (“secure location”). The system is implemented such that connectivity to any other target locations from a user system is disabled when the user system requires connectivity to the target systems at the secure location. By disabling the connectivity, the present invention ensures that access to the target location does not expose the target systems to the risk of unauthorized access. A simple user interface is also provided. The user may select the desired target location from among several target locations, for example, by operating a physical interface on a customer premises equipment (CPE).
30 Citations
16 Claims
-
1. A method of providing secure access from a user system at a user location to a target system at a secure location, said method allowing access from said user location to a plurality of target locations including said secure location, wherein said secure access is provided on a telecommunication network capable of supporting connectivity to said plurality of target locations simultaneously from said user location, said method comprising the steps of:
-
(a) configuring said telecommunication network to provide connectivity from said user location to each of said plurality of target locations, wherein said connectivity is provided via a switch at said user location, said switch having a first switch setting corresponding to said target system at said secure location and at least one other switch setting corresponding to said plurality of target locations other than said secure location;
(b) enabling a user to select a desired target location to which access is to be provided;
(c) disabling the connectivity between said user location and all of said plurality of target locations except said desired target location selected in step (b) by having said switch at said first switch setting if said desired target location corresponds to said secure location; and
(d) transferring data between said user system and said desired target location to provide a virtual circuit between said user location and said desired target location, wherein said transferred data provides basis for access of said target system from said user system, wherein the disabling of step (c) ensures that said access from said user system to said target system at said desired secure location is secure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
(e) providing a profile corresponding to each of said plurality of target locations;
(f) providing an interface on said user system to said CPE, wherein said interface can be used by said user to select one of said profiles; and
(g) configuring said CPE according to said profile selected by said user in step (f), wherein said configuration causes said CPE to enable only said PVC related to said desired target location selected in step (b).
-
-
7. The method of claim 1, wherein steps (a)-(c) comprise the steps of:
-
(h) providing a single permanent virtual circuit (PVC) to a customer premises equipment (CPE) at said user location;
(i) providing an authentication session between said CPE and an authentication server when connection is desired from said user location to any of said plurality of plurality of target locations, said authentication session being provided on said single PVC;
(j) authenticating a user based on a user identifier and authentication information received on said session established in step (i), wherein a different user identifier is associated with each of said plurality of target locations; and
(k) determining said desired target location according to said user identifier entered in step (h); and
(1) providing another session between said user location and said desired target location, wherein step (d) comprises the step of transferring data on said session of step (l).
-
-
8. The method of claim 1, further comprising the steps of:
-
(m) enabling said user to select another desired target location to which secure access is to be provided;
(n) disabling data transfer between said desired target location selected in step (b) and said user location; and
(o) enabling data transfer between said user location and said another target location selected in step (m).
-
-
9. A system for providing secure access from a user system at a user location to a target system at a secure location, said system allowing access from said user location to a plurality of target locations including said secure location, said system comprising:
-
a telecommunication network configured to provide connectivity from said user location to each of said plurality of target locations, wherein said connectivity is provided via a switch at said user location, said switch having a first switch setting corresponding to said target system at said secure location and at least one other switch setting corresponding to said plurality of target locations other than said secure location;
means for enabling a user to select a desired target location to which secure access is to be provided;
means for disabling connectivity between said user location and all of said plurality of target locations except said desired target location selected by said user by having said switch at said first switch setting if said desired target location corresponds to said secure location; and
means for transferring data between said user system and said desired target location to provide a virtual circuit between said user location and said target location, wherein said transferred data provides basis for access of said target system from said user system, wherein the disabling ensures that said access from said user system to said target system at said secure location is secure.
-
-
10. A system for providing secure access from a user system at a user location to a target system at a secure location, said system allowing access from said user location to a plurality of target locations including said secure location, said system comprising:
-
a telecommunication network configured to provide connectivity from said user location to each of said plurality of target locations, wherein said connectivity is provided via a switch at said user location, said switch having a first switch setting corresponding to said target system at said secure location and at least one other switch setting corresponding to said plurality of target locations other than said secure location;
a first customer premise equipment (CPE) provided at said user location, said first CPE being coupled to said telecommunication network and said user system;
a second CPE provided at said secure location, said second CPE being coupled to said telecommunication network and said target system; and
an interface for enabling said user to select one of said plurality of target locations by selecting a corresponding switch setting of said switch, wherein said first CPE, said second CPE, and said telecommunication network are designed to transfer data between said user system and said target system selected by said user, and wherein connectivity is disabled from said user location to all of said plurality of target locations except said secure location if said user selects said secure location. - View Dependent Claims (11, 12, 13, 14, 15, 16)
a digital subscriber loop access multiplexor (DSLAM) coupled to said first CPE by a local loop;
an authentication server for receiving a user identifier and authentication information on a first session established on said single PVC, and wherein said authentication server authenticates said user based on said identifier and authentication information, said authentication server being designed to receive a plurality of user identifiers and corresponding authentication information, wherein each user identifier relates to one of said plurality of target locations; and
a gateway coupled to said DSLAM;
wherein said desired target location is determined according to said user identifier received by said authentication server, and wherein a second session is established between said first CPE and a target location corresponding to said user identifier received by said authentication server, wherein said second session provides for the data transfer between said user location and the target location corresponding to the user identifier received by said authentication server.
-
Specification