This invention relates to enforcement of central control over access in a switched telephone network and, in particular, to methods and apparatus for providing authorized and, optionally, audited access to a selected destination point in a switched telephone network.
Telecommunications networks such as the Public Switched Telephone Network (PSTN), Local Area Networks (LANs), Wide Area Networks (WAN), etc. are made up primarily of network elements that are geographically distributed. Maintenance and servicing of these network elements is commonly performed employing unattended xe2x80x9cBack Door Modemsxe2x80x9d (BDMs) accessed by dial-up connections through the PSTN. The BDMs operate in accordance with well understood standards. An important issue related to the provision of telephone connections over the PSTN, and the provision of data transport services over data networks such as LANs and WANs, is that of providing authorized access to the equipment which supports these services. The equipment and services that can be controlled once access is gained through a BDM, are subject to attack by unauthorized persons who accidentally or covertly obtain an access number. Consequently, it is important to ensure that only authorized access to BDMs is permitted.
The issue of authorized access is also of interest in the provision of telephone based services such as telephone banking, telephone voting, etc. The goal in providing access to these services is to discriminate customers/users from impostors.
Authorized access to equipment can also be used to inhibit the misuse of the equipment and associated resources, such as for example, the use of company equipment for personal use or gain.
It is estimated that in up to 80% of telecommunications fraud cases, an employee of the telecommunications company providing the telecommunications service is involved. A high incidence of fraud is enabled because BDMs have no capacity to discriminate between authorized and unauthorized users seeking access to equipment. It is also estimated that upwards of 60% of corporate communications are spent in non-work related activity, and upwards of 40% of corporate communications budgets are spent in casual usage of telecommunications equipment and services.
A distinction is made in the presentation of this application between an authenticated user to access selected destination points and an authorized user to access a selected destination point: An authenticated user to access a selected destination point is a user who has been preregistered with an authentication agency granting access to selected destination points for requesting access to selected destination points and in particular a user who has overcome a predetermined subgroup of predetermined authentication challenges. An authorized user to access a selected destination point is an authenticated user to access a selected destination point designated to access a selected destination point. In what follows the xe2x80x9cauthenticatedxe2x80x9d and the xe2x80x9cauthorizedxe2x80x9d terms will be used when referring to the distinction presented above.
It is known in the art to provide apparatus and methods for secure access to BDMS. User/service profile matching is provided for users of telephone based services accessed through Interactive Voice Response (IVR) units as described in United States Patent No. 5,276,444 which issued to McNair on January 4, 1994. McNair focuses on providing multiple levels of authentication to limit loss and liability in providing the services. An authentication system removes itself from the session once the session is established.
United States Patent No. 5,181,238 which issued to Medamana et al. on January 19, 1993, also describes a user/service profile matching method for authenticating users. This method focuses on providing a single authentication method for users subscribing to multiple telephone services available on a telephone network.
A call transfer and call-back upon authentication method is described in United States Patent No. 4,876,717 which issued to Barron et al. on October 24, 1989. This function is provided by an adjunct processor which disconnects itself from the call path once the connection is established.
A personal identification number-based authentication prior to establishing a connection using a call-back procedure is described in United States Patent No. 4,922,521 to Krikke et al. which issued on May 1, 1990. This method enforces access from specific origination points associated with pin numbers but does not describe how to discriminate between authorized and unauthorized access to a destination point.
All of these inventions have merit in providing different levels of protection. However, these solutions do not provide end-to-end call completion monitoring after authentication. Furthermore, none of these inventions provides real-time monitoring of telephone connections.
Considering that telephone switches, network routers, network bridges, network gateways, data switches, backup power equipment, Tele-banking IVR units, key systems and company PBX systems are generally accessible through transceivers, there is a need to provide authorized access control to this equipment which cannot be readily compromised.
It is an object of the invention to provide a method of authenticating users seeking access to equipment or service accessed through a dial-up transceiver in a switched telephone network.
It is another object of the invention to provide a method of authorizing users seeking access to a selected destination point accessed through a dial-up connection in a switched telephone network.
It is further object of the invention to provide a centralized real-time authorization of users seeking access to command controllable equipment accessed through a dial-up connection in a switched telephone network.
It is a further object of the invention to centrally authenticate and authorize users on the switched telephone network before establishing a telephone connection to a selected destination point.
It is a further object of the invention to authenticate a user seeking access to a selected destination point accessed through the PSTN, using a first communications connection before a connection is established between the user and the selected destination point.
It is a further object of the invention to monitor the authentication process and the call completion process to ensure that an authorized session progresses in accordance with an established protocol between an origination point and a selected destination point in the switched telephone network.
It is a further object of the invention to provide a full audit of both the signaling and the payload paths of a communications connection between an origination point and a selected destination point in a switched telephone network.
It is a further object of the invention to provide a facility for releasing, from a control point the switched telephone network, a telephone connection representing a communications connection between an originating point and a selected destination point.
It is a further object of the invention to provide control over access to a plurality of selected destination points in the switched telephone network accessed using a common directory number.
The invention provides a method of enforcing network-centric control over access to a selected destination point in a switched telephone network. Processing of call completion requests to establish a communications session to the selected destination point is made dependent on a calling line identification present in the call completion request.
The method comprises a first step of receiving a call completion request from an originating point. The call completion request bears an origination calling line identification. The user associated with the origination point is authenticated on receipt of the call completion request. In a further step of the method, an authorized calling line identification is generated and is associated with the origination point for the purpose of completing a call to the selected destination point. A destination service switching point associated with the selected destination point is enabled to complete calls to the selected destination point based on the authorized calling line identification. A communication session is established between the origination point and the selected destination point based on the authorized calling line identification by substituting the origination calling line identification with the authorized calling line identification. As a final step, the authorized calling line identification is preferably discarded subsequent to completing the communication session between the user and the selected destination point. During call setup, the signaling path and the payload path can be routed through network equipment adapted to extract signaling and payload information to provide a full audit of the communications session.
According to one aspect of the invention, the user is provided with a directory number associated with the selected destination point. Network equipment routing call completion requests is enabled to detect directory numbers associated with the selected destination points and route the call completion requests to a point on the network adapted to authenticate the user.
According to a further aspect of the invention, the user is only provided with a general directory number for accessing a selected destination point. Network routing equipment is therefore enabled to route all call completion requests associated with the general directory number to an authentication server for further processing.
According to a further aspect of the invention, the user is provided with a directory number associated with a selected destination point after authentication of the user.
According to a further aspect of the invention, the communications session between the origination point and the selected destination point is established from a control node in the network.
According to a further aspect of the invention, network switching equipment associated with the destination point is enabled to complete calls to the selected destination point only on receiving call completion requests bearing an authorized calling line identification.
According to a further aspect of the invention, associated with each selected destination point there is an authorized calling line identification list that is consulted on each call completion request by the switching equipment associated with the selected destination point.
According to a further aspect of the invention, the authorized calling line identification list associated with the selected destination point is updated with an authorized calling line identification only after the authentication of the user, to enable the user to complete a call to the selected destination point.
According to a further aspect of the invention, the communications session between the origination point and selected destination point is monitored to capture signaling and payload data associated with the communications session.
According to a further aspect of the invention, the authorized calling line identification is removed from the authorized calling line identification list on completing the communications session between the origination point and the selected destination point.
According to a further aspect of the invention, the communications session between the origination point and the selected destination point is established by routing the signaling path and the payload path through network equipment adapted to extract signaling and payload information.
According to a further aspect of the invention, the authorized calling line identification is generated in a pseudo random fashion subsequent to authentication of the user According to a further aspect of the invention, the calling line identification carried in signaling messages from an origination point, from which an authorized user initiates a call request, is modified by substituting the originating calling line identification with an authorized calling line identification.
According to yet another aspect of the invention, a full audit of a connection between an origination point and a selected destination point is provided in real time to a service management system to enable real time decision making and action taking in case of detection of intrusion or misuse.