1. Field of the Invention
The present invention relates to a voice network access system wherein a one-time password system, used as an access authentication system, is applied to a voice network consisting of an private automatic branch exchange.
2. Related Arts
As a conventional system, a service start permission, flag exchange method using a public communication line is described in Japanese Unexamined Patent Publication No. Sho 62-168440. According to this method, a service start permission ID is transmitted not only unidirectionally, from a terminal to a host, along a public communication network, but is also exchanged interactively, so that more precisely specified and important terminal information, such as monetary information, can be exchanged via the public communication line.
According to a computer remote control method described in Japanese Unexamined Patent Publication No. Hei 2-118752, an authorized user can operate a computer in a conventional manner, however, should that authorized user attempt to access a computer by using the registered name and the code number of another user, so long as the subscriber number for the communication line that is used is not that of the user whose name and code number have been appropriated, the authorized user will be inhibited from operating the subject computer.
Further, according to a sub-address dial-in control method described in Japanese Unexamined Patent Publication No. Hei 6-197384, upon receiving a call setup message from a calling terminal device, security code added at the head of a received sub-address is employed to search a table in which the security code and corresponding data conversion algorithms are entered, and the data conversion algorithm that is extracted is executed. As a result, a communication service maintaining a high level of secrecy can be provided only to those senders who have been issued the appropriate security code.
An private automatic branch exchange described in Japanese Unexamined Patent Publication No. Hei 9-271051 effectively prevents a third party from illegally using the network of an institution, and improves the exchange service function. That is, based on specific information that concerns a sender, or that is input by a sender, a predetermined security check is performed by the switchboard, which includes a security processor for determining whether permission for the connection of a call should be granted.
In addition, according to a sub-address dial-in control method described in Japanese Examined Patent Publication No. Hei 6-066832, a table is provided in which are entered security codes and corresponding service regulation classes, and a regulation class is identified by searching the table using a security code that is added to the head of a sub-address received as part of a call setup message. The service for a class that corresponds to the security code is provided only to a sender who has been issued the appropriate security code, while for all other senders provision of the service is inhibited.
In the above described conventional system, a security system for a data network and a security system constituted by an private automatic branch exchange are provided separately. Therefore, to access such a system from outside an office, in accordance with the access destination that is desired, different passwords must be employed. As a result, a user must memorize two passwords and a manager must manage the data for the two systems.
In addition, since the security systems are provided separately, the granting of authorization to a user can not be governed by a verification process involving the use of either data, or voice.
Furthermore, although the opportunities for external voice accesses have increased as more and more users have come to employ portable telephones and PHSes, for maintaining security almost no countermeasures are available that depend on the use of voice.
It is, therefore, one objective of the present invention to provide a voice network access system that applies for a voice network an authentication system that provides the same security as that afforded by a data network.
To achieve the above objective, according to one aspect of the present invention, provided is a voice network access system wherein, to provide the same security as that afforded by a data network, a one-time password system, which is used as an access authentication system, is applied for a voice network that is constituted by an private automatic branch exchange; and wherein the specifications for the private automatic branch exchange are that the exchange of sender number information that is received across a public network is enabled, and that the private automatic branch exchange includes an external interface and a computer telephony server that is connected via the external interface.
It is preferable that the external interface be an interface for a local area network.
In addition, it is preferable that the private automatic branch exchange further include a voice response device connected by a line circuit.
Furthermore, it is preferable that the private automatic branch exchange call the voice response device upon receiving a call from a public network switchboard subscriber, while at the same time transmitting the sender number information to the computer telephony server.
Further, it is preferable that upon receiving the sender number information the computer telephony server obtain a pertinent user name by searching a conversion table for sender number information and users"" names, which are prepared in advance in the computer telephony server.
It is preferable that the voice network access system further comprise an authentication system server that, to perform a personal authentication process, is connected to the external interface to receive a user""s name from the computer telephony server.
Also, it is preferable that the authentication system server instruct the voice response device to send a response, and that the voice response device form a loop for the line circuit.
Further, it is preferable that the voice response device prepare a numerical reception circuit, that the voice response device receive a password dialed in by the public network subscriber and transmit the password to the authentication system server, and that the authentication system server examine the password and return the result to the voice response device.
In addition, it is preferable that the voice response device use tones or a display to relay to the public network subscriber the result provided by the examination of the password, and that the public network subscriber be granted access to the private automatic branch exchange to the extent that is authorized when, as a result of the examination, the password has been verified.
It is also preferable that the authentication system server employ a power authentication function and a log function; that the authentication system server, by using the power authentication function, be capable of flexibly assigning, for each user, the function of the private automatic branch exchange and other resources; and that the authentication system server, by using the log function, be capable of quickly detecting a user who has illegally accessed a system and of observing traffic
According to another aspect of the present invention, provided is a voice network access system wherein a one-time password system, which is used for an access authentication system, is applied for a voice network, which is constituted by an private automatic branch exchange, in order to provide the same security as that which is afforded by a data network; and wherein for the private automatic branch exchange are included a specification that provides for the exchange of sender number information that is received across a public network, and an external interface and a voice response device that are connected via the external interface and to which a function of a computer telephony server is assigned.
With this arrangement, since the authentication system is applied to a voice network, the same security can be provided as that which is attained with a data network.