A virtual communications network (VCN) is a custom designed "private" telecommunications network typically offered by an interexchange carrier such as AT&T (or by local exchange carriers or international carriers) to large business customers who require inter-premises voice and data communications. Customers can directly access the VCN from customer premises equipment such as terminals connected to the customers' PBX, via private lines or switched connections using local exchange carriers. They can also remotely access the VCN, e.g., from stations that originate a call to the PBX from an "off-net" location and then are connected to the VCN via a second connection originated in the PBX. Each customer is allocated virtual resources within the carrier's network, based upon the customer's expected calling patterns and historical communications needs.
A VCN typically includes one or more data bases that associate information provided by the caller (such as the caller's telephone number) with stored information in the data base, in order to determine how the call is to be routed and treated. Ones of these data bases can also serve as "screening filters" in order to allow or deny each call based on predetermined screening instructions. Filtering may include various fraud prevention schemes, requiring entry of personal identification numbers (PINs), passwords or other identifiers, so as to eliminate or reduce the occasions when the VCN is used as a gateway into the interexchange network by hackers or other unauthorized callers. Additionally, filtering may restrict access through the VCN to particular destinations under particular circumstances, even if the calls originate from on-net (as opposed to off-net) locations.
While secure and effective access control mechanisms are critical to the operation of VCN's, numerous instances of entry into a VCN by unauthorized individuals have been reported. This may occur, for example, when a hacker breaks into a PBX via its remote access capability and then dials out to various destinations, or when an unauthorized individual obtains the PIN of an authorized user by trial and error guessing, by obtaining the PIN through unintended disclosure by an authorized user (e.g., by overhearing verbal entry of the PIN into the access control system) or by outright theft of a record (such as a credit card) bearing the PIN. In such events, the compromised HN may be disabled, and the characteristics of the screening filters can be updated to prevent further losses. However, the losses that already occurred cannot usually be remedied. The milk that has been spilled cannot easily be returned to the bottle.