1. Field of the Invention
This invention relates to terminal authentication in a communications network such as in a telecommunications network.
2. Description of the Related Art
In a typical network providing telephony, fax and associated services, such as a public switched telephone network (PSTN), customer premises equipment (CPE) is connected via network termination equipment (NTE) to the PSTN for mutual intercommunication via switches or exchanges which constitute nodes in the network. There are various levels of exchange. The exchange functionally nearest a customer""s NTE, through which all calls to and from that customer may be routed, is known as the local exchange.
A telephone service is usually xe2x80x98post-paymentxe2x80x99 in nature, i.e. billing is carried out retrospectively over a period since the last billing date. Apart from the basic security aspect, it is desirable to be able to authenticate the use of service user equipment to minimise the opportunity for unauthorised access to the network, as this may lead to billing disputes with the customer. For example, if an unauthorised user taps into a customer""s line between the NTE and the local exchange, any chargeable service provided to the unauthorised user will be recorded as used by the authorised customer and billed accordingly.
Various systems are known for providing authentication. For example, a calling-card-based system involves the user keying in, through the telephone, a sequence of numbers to establish the user""s identity. Another example is the use of a button, programmed to send a personal identification number (PIN), on the telephone equipment which allows access to an enhanced level of service, or an alternative network, through the same local exchange. For more specialist services this may be acceptable. However, such systems require the user to establish his or her identity as part of the call set-up procedure.
Although this added complexity may not be a severe problem on more specialist or less frequently used services, it is still an inconvenience which it would be advantageous to remove from that part of the call set-up procedure carried out by the customer. This is particularly so when the customer is using a standard service on a frequent basis. Removing the authentication steps from the customer would streamline the procedure considerably.
The present invention provides a method of authenticating a network terminal on a communications network, the method comprising the steps of:
indicating to a security node associated with the network that a user of the terminal requires use of the network;
calculating an authentication code at the terminal, the authentication code being a function of a transaction number encrypted by means of a first key associated with the terminal, and a first algorithm;
transmitting the authentication code to the security node;
calculating an expected transaction number at the security node based on the transaction number, the first algorithm and the first key;
comparing the expected authentication code with the received authentication code; and
denying unrestricted access to the network for the terminal unless the expected and received authentication codes match.
The terminal may be part of an NTE with which the security node communicates to establish authentication or not. Alternatively, the terminal may be part of the actual customer equipment connected with the network through the NTE.
Preferably, the security node calculates at least one first key for the terminal, the or each first key being a function of a security algorithm stored within the node, the terminal identification code and a second key, the or each first key being loaded into the terminal for later use with the first algorithm in authenticating a terminal. Advantageously, the first key is a function of the terminal identification code encrypted by the second key using the security algorithm.
In a preferred embodiment, the transaction number is a variable number which is changed after each authentication attempt.
The security node may generate the transaction number, which is sent as a challenge to the terminal in response to the indication received by the security node that the user requires use of the network.
Conveniently, the security node prevents access to the network for the terminal in the event that no match between the expected and received authentication codes is made within a predetermined duration.
Preferably, the terminal transmits a negative acknowledgement to the security node in the event that no challenge, or an invalid challenge, is received following an indication that the user requires use of the network.
The first key may be loaded into the terminal remotely by the security node, or locally from storage means connected temporarily to the terminal.
Advantageously, the or each first key is identified at the security node by calculation from the terminal identification code. Alternatively, the or each first key is identified at the security node by means of a look-up table based on the terminal identification code.
Preferably, the security node permits a dial tone to be established with the terminal independent of the result of the authentication. In this case, the security node may permit access to the network for identifiable emergency traffic and/or non-chargeable traffic in the event that the expected and received authentication codes do not match.
The telecommunications network may have a plurality of exchanges, each for routing traffic to, and from, a plurality of terminals, at least one of the exchanges having the security node associated therewith.
The invention also provides a system for authenticating terminals on a communications network comprising a security node and a plurality of terminals connected to the network through the node, at least one of the terminals comprising processing means including a memory, and terminal signalling means operably connected to the network and enabled by the processing means, the terminal signalling means being arranged to transmit to the security node an authentication code after a potential user initiates a use of the network, the authentication code being calculated by the processing means as a function of a transaction number encrypted by means of a first algorithm and a first key associated with that terminal, the security node being operable to calculate an expected authentication code from that terminal using the transaction number, the first algorithm also stored in the security node, and the first key, and to deny unrestricted access to the network for that terminal unless the expected and received authentication codes match.
The invention further provides a customer terminal for a communications network, the terminal comprising a customer port for customer equipment compatible to the network, a network port for connecting the terminal to the network, processing means including a memory, the processing means being arranged to receive signals through the network port, and signalling means arranged to transmit signals through the network port, the processing means being operable, following initiation of use of the network by a user, to calculate an authentication code which is a function of a transaction number encrypted by means of a first algorithm and a first key associated with the terminal, and to enable the signalling means to transmit the authentication code through the network port.
Preferably, the signalling means is a modem, for example a FSK modem for data transmission on the network. However, other signalling means may be used. For example, a dual tone multi-frequency (DTMF)-based system could be employed.
The present invention requires only the authenticating equipment to be connected between the user""s equipment, for example a telephone, and the security node governing authentication for the local exchange associated with the NTE. The authenticating equipment communicates cryptographically with the security node to provide authentication of the equipment initiating a call (but not the individual user) automatically. Thus, the authentication process takes place when the user lifts the handset, or otherwise initiates access to the network. The user does not have to insert a token or card, or key in an authorisation number.
The authenticating equipment can be line or mains powered, and may conveniently be built into a housing remote from customer equipment, for example the master socket in the customer""s premises to which the telephone equipment is connected. Alternatively, the authenticating equipment may be battery powered.
While the invention is described in terms of authentication to avoid fraudulent use of telephone lines, it is applicable to other situations in which a discrimination is required based on authentication of a user. For example, the invention may equally well be arranged to restrict access to certain geographical areas on the basis of authentication.
The invention is particularly applicable to a telecommunications network, such as a public switched telephone network. However, the concept of a security node through which the traffic passes, or under the governance of which traffic is allowed to pass from the terminal to the rest of the network, is applicable to other communications system