Intelligent computer networks include a plurality of interconnected network nodes, each having specified resources. In executing a process at one node it is frequently necessary for the process to utilize resources located at one or more other nodes. When one node has access to resources at another node of the network, security problems can arise. The security problems include: (1) unauthorized disclosure and modification of one customer's database by other customers, and (2) the danger that customers will access and/or change network control information, such as communication control. To prevent such security problems, the network must be equipped with protection mechanisms to insure data security and network integrity.
The Intelligent Network/2 (IN/2) is an example of a distributed telecommunication network architecture which is being developed to support future switched network services. The IN/2 concept is described by R.J. Hass et al in "Intelligent Network/2: A Network Architecture Concept for the 1900's", Proc. IEEE Int. Switching Symp., Phoenix, Ariz., March 1987, pp 944-951. The IN/2 concept builds upon existing network technoloqies to provide more service functions and more user control over the services. In addition, the IN/2 concept enables enhanced service providers to use basic service elements of the telephone network for their customers to access the enhanced services. Under the IN/2 concept, the future network is a distributed system in which more network resources, such as databases and basic service elements, are shared by different service users. While the IN/2 concept provides opportunities to introduce new services more conveniently and more flexibly, it also introduces additional security problems which result primarily from increased customer control and tighter coupling between vendor networks.
In the past, the use of security techniques in the intelligent network service environment has been minimal. Existing security control in telecommunication networks has been restricted to the customer interface level, such as use of password codes for valid login, or the network communication level, such as use of cryptoqraphy techniques in message transmission. These techniques are insufficient for the protection of unauthorized network resource and service accesses, especially for accesses at an operating system level.
Security techniques used for protection of information in conventional computer and distributed systems include capability based protection, access control list based protection and multilevel security. The first two techniques belong to discretionary security control, while the last one belongs to mandatory security control. These techniques have customarily been applied to the protection of centralized operating systems. Security mechanisms have occasionally been used in distributed systems. See for example, G. T. Almes et al, "The Eden System: A Technical Review", IEEE Trans. Software Eng., Vol. SE-11, No. 1, January 1985, pp 43-59 and A. S. Tanenbaum et al, "Using Sparse Capabilities in a Distributed Operating System", Proc. 6th IEEE Int. Conf. Distributed Comp. Syst., 1986, pp 558-563.
Previous security measures used in intelligent network services are inadequate for protection of unauthorized resource and service accesses. In general, a customer is allowed to access only his private database or purchased services within the network. However, when a password mechanism is used as the only safeguard, a customer that is successfully logged onto to the system can access all network data and services, including those that are unauthorized for him. The use of cryptography techniques in message transmission insures only that the messages are protected during transmission. There is no protection after messages are received at another node. Such messages may include unauthorized invocations of services located at remote network nodes.
Security techniques used in conventional computer and distributed operating systems cannot be applied directly to intelligent networks because there are significant differences between the service environments of traditional computer systems and intelligent networks. Some of these differences are as follows. Centralized protection mechanisms cannot insure safe use of distributed network resources and services because activities at one network node are beyond the control of other nodes. Conventional distributed systems concentrate on protection of data processing, such as protection against unauthorized database access. In addition to data security, an intelligent network must support call processing and multimedia services, including voice and video services. Such a wide range of services requires more systematic and sophisticated protection mechanisms. Conventional distributed systems assume overall control of a collection of computer systems.
The service architecture of future intelligent networks allows some outside service providers to share the telephone network resources and services to support enhanced services. Moreover, the telephone company allows a certain degree of customer control over purchased services. Such special relationships between the telephone company and service providers, and between the telephone company and customers, require an additional degree of protection which has not been well-handled by the security measures of conventional distributed systems.
It is a general object of the present invention to provide security techniques for a distributed intelligent network.
It is another object of the present invention to provide techniques for maintaining security in an intelligent network when a process at one network node requests access to a resource at another node.
It is a further object of the present invention to provide security safeguards for a distributed intelligent network that utilize capability and signature techniques.
It is further object of the present invention to provide techniques for prevention of unauthorized access to network resources and network services in intelligent networks.