US20060045268A1 - Method and system for calling line authenticated key distribution - Google Patents
Method and system for calling line authenticated key distribution Download PDFInfo
- Publication number
- US20060045268A1 US20060045268A1 US11/261,296 US26129605A US2006045268A1 US 20060045268 A1 US20060045268 A1 US 20060045268A1 US 26129605 A US26129605 A US 26129605A US 2006045268 A1 US2006045268 A1 US 2006045268A1
- Authority
- US
- United States
- Prior art keywords
- authentication key
- server
- calling
- calling line
- computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/38—Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
- H04M3/382—Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections using authorisation codes or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/38—Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M7/00—Arrangements for interconnection between switching centres
- H04M7/0024—Services and arrangements where telephone services are combined with data services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M7/00—Arrangements for interconnection between switching centres
- H04M7/006—Networks other than PSTN/ISDN providing telephone service, e.g. Voice over Internet Protocol (VoIP), including next generation networks with a packet-switched transport layer
- H04M7/0078—Security; Fraud detection; Fraud prevention
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q3/00—Selecting arrangements
- H04Q3/0016—Arrangements providing connection between exchanges
- H04Q3/0029—Provisions for intelligent networking
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M2207/00—Type of exchange or network, i.e. telephonic medium, in which the telephonic communication takes place
- H04M2207/12—Type of exchange or network, i.e. telephonic medium, in which the telephonic communication takes place intelligent networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M2242/00—Special services or facilities
- H04M2242/22—Automatic class or number identification arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/42—Systems providing special services or facilities to subscribers
- H04M3/42025—Calling or Called party identification service
- H04M3/42034—Calling party identification service
- H04M3/42059—Making use of the calling party identifier
Definitions
- the present invention relates to telecommunication systems and in particular to a method and system for calling line authenticated key distribution.
- Servers on computer networks can provide secure services to users. Users are often required to provide an authenticated key to gain access to such secured services.
- Several methods can be used to distribute authenticated keys to authorized users. For example, an authenticated key can be printed on paper and mailed to an authorized user's home. In some situations, it may be desired to distribute authenticated keys electronically, such as with a server on the computer network.
- distributing authenticated keys this way can be problematic since it can be difficult to verify that the person requesting an authenticated key is an authorized user. For example, if a password is used to verify the identity of a person requesting an authenticated key, the server providing the key cannot differentiate between an authorized user and an imposter who stolen the authorized user's password.
- the problems of password distribution and key distribution are similar: passwords that provide high security (e.g., an arbitrary 128-character string) are too difficult to distribute by voice, and passwords that are easy to distribute by voice provide little security.
- FIG. 1 is an illustration of a system of a preferred embodiment for calling line authenticated key distribution.
- FIG. 2 is a flow chart of a method of a preferred embodiment for calling line authenticated key distribution.
- FIG. 3 is an illustration of a system of another preferred embodiment for calling line authenticated key distribution.
- a telephone network is used in combination with a computer network to distribute authentication keys to take advantage of the telephone network's ability to identify a calling party.
- an authentication key is provided to a calling party if the calling party is phoning from a calling line associated with an authorized user.
- This preferred embodiment provides a more secure authentication key distribution method as compared to the prior art since preventing an unauthorized user from gaining access to an authorized user's calling line is more feasible and reliable than attempting to prevent an unauthorized user from obtaining an authorized user's password.
- Other preferred embodiments are provided, and each of the preferred embodiments described below can be used alone or in combination with one another.
- FIG. 1 is an illustration of a system of a preferred embodiment for calling line authenticated key distribution.
- this system comprises a calling party 100 , a server 120 , and a telephone network 130 connecting the calling party 100 and the server 120 .
- the term “connecting” means directly connecting or indirectly connecting through one or more named or unnamed components.
- the telephone network 130 enables the calling party 100 to establish a communication link with the server 120 .
- the calling party 100 can use any suitable type of customer premises equipment that can communicate with the server 120 .
- the customer premises equipment can take the form of a personal computer, workstation, mobile telephone, and suitable types of portable electronic devices.
- the server 120 can also take any suitable form, such as an Internet server.
- the calling party 100 connects to the telephone network 130 via a calling line 180 .
- the calling line 180 is identified by a calling line identifier.
- the calling line identifier can take any suitable form and, in one embodiment, is a directory number (e.g., the calling party's telephone number).
- the telephone network 130 is part of a public-switched telephone network and is implemented as an advanced intelligent network (“AIN”), such as the Signal System 7 (“SS7”) network.
- AIN advanced intelligent network
- the telephone network 130 comprises a service switching point (“SSP”) 140 , a service control point (“SCP”) 150 , and a database 160 .
- SSP 140 and SCP 150 are connected to one another by a Common Channel Signaling network 170 .
- the telephone network 130 can comprise additional components (such as a signal transfer point and additional SSPs), which are not shown in FIG. 1 for simplicity.
- the server 120 is used to distribute authenticated keys, which are used to authenticate a user for a secured service offered by the server 120 or by another server on the same or different computer network.
- authenticated key broadly refers to any mechanism that can be used to authenticate a user.
- An authentication key can be in a form (such as an alpha-numeric string) that allows a user to manually input the key when attempting authentication.
- An authentication key can take other forms, such as, but not limited to, a cookie for a web browser.
- a key can also be of such complexity that it is infeasible to transmit other than by automated means.
- FIG. 2 is a flow chart of a method of a preferred embodiment for calling line authenticated key distribution.
- the calling party 100 wants to receive an authentication key from the server 120 , the calling party 100 dials the telephone number of the server 120 (act 200 ).
- the telephone number of the server 120 is an 800 number.
- the telephone network 130 routes the call from the calling party 100 to the server 120 through the SSP 140 (act 210 ).
- the SSP 140 also sends a query to the SCP 150 (act 220 ).
- the query includes the calling line identifier of the calling line 180 used by the calling party 100 to place the call to the server 120 .
- the calling line identifier is the directory number of the calling line 180 .
- the database 160 stores data associating authentication keys with respective calling line identifiers, and, in response to the query sent by the SSP 140 , the SCP 150 consults that database 160 to determine if there is an authentication key associated with the calling line identifier (act 230 ). If there is, the SCP 150 retrieves the authentication key and sends it to the server 120 (act 240 ).
- the phrase “sends to” can mean directly sends to or indirectly sends to through one or more named or unnamed components.
- the SCP 150 can send the authentication key to the server 120 through a firewall and/or through additional servers, as will be discussed below.
- the server 120 then sends the authentication key to the calling party 100 via the telephone network 130 (act 250 ).
- the server 120 can send the authentication key to the calling party 100 on its own initiative or in response to a request from the calling party 100 . Further, the server 120 can send the authentication key during the connection with the calling party 100 or at some later time (e.g. via email). It should be noted that some or all of acts 220 , 230 and 240 can be performed before, during, or after act 210 . Accordingly, the authentication key can be sent to the server 120 simultaneously with the calling party being connected to the server 120 , or the authentication key can be sent to the server 120 before or after the calling party is connected to the server 120 .
- FIG. 3 is an illustration of a system of another preferred embodiment that leverages AIN and Internet technologies to distribute authentication keys based on calling line identifiers.
- this system comprises a calling party with a desktop personal computer system 300 , a computer network 310 , and a telephone network 330 connecting the calling party 300 and the computer network 310 .
- the telephone network 330 is part of a public-switched telephone network and comprises an SSP 340 , an SCP 350 , and a customer database 360 , which correlates authentication keys and calling line identifiers.
- the computer network 310 operates in an Internet environment and comprises a point-to-point protocol (PPP) connectivity server 320 , an isolated Ethernet or local area network (LAN) 370 , a key distribution server 380 , and a firewall 390 .
- PPP point-to-point protocol
- LAN local area network
- the computer network 310 connects with the telephone network 330 through the PPP connectivity server 320 (via a modem 325 ) and through the firewall 390 .
- the calling party 300 or software supplied by a key distribution vendor calls a special 800 toll-free key distribution number assigned to a dial-up server (action 1 ).
- a terminating attempt trigger (“TAT”) on the 800 number identifies the calling line identifier (e.g., the directory number) of the calling line used to initiate the call and causes the SSP 340 to query the SCP 350 with the calling line identifier (action 2 ).
- the SCP 340 searches the database 360 for the calling line identifier presented in the query (action 3 ).
- the SCP 350 retrieves the authentication key associated with the calling line identifier.
- the SCP 350 then directs the SSP 340 to route the call from the calling party 300 to the modem 325 , thereby establishing a communication link between the calling party 300 and the modem 325 .
- a dial-up connection to the PPP connectivity server 320 is made, and a TCP/IP link is established.
- the authentication key is sent through the firewall 390 and is placed on the key distribution server 380 (action 4 ).
- the key distribution server 380 then provides the authentication key to the PPP connectivity server 320 through the isolated LAN 370 (action 5 ).
- the PPP connectivity server 320 queries the key distribution server 380 for the authentication key upon an establishment of the communication link between the calling party 300 and the PPP connectivity server 320 .
- the key distribution server 380 provides the authentication key to the PPP connectivity server 320 upon detection of the establishment of the communication link between calling party 300 and the PPP connectivity server 320 .
- the PPP connectivity server 320 sends the authentication key to the calling party 300 (action 6 ), and the SCP 350 removes the authentication key from the key distribution server 380 or marks the authentication key as distributed.
- the calling party 300 can access a secured service offered by the same or different server on the Internet.
- the calling party 300 can phone a different dial-up server to access a secured service, such as a service that provides the calling party 300 with the ability to turn on/off telecommunication features offered to that calling party 300 .
- the calling party 300 connects to the connectivity server 320 only once (to receive the authentication key), and then uses the authentication key in a later interaction with a different server.
- the SCP retrieved an authentication key from a database and sent the key to the key distribution server.
- the database merely stores a list of calling line identifiers for which authentication keys exist.
- the key distribution server not the database consulted by the SCP—stores authentication keys.
- the SCP in response to a query from the SSP, the SCP consults the database to determine whether the calling line identifier is listed as one of the calling line identifiers for which an authentication key exists. If the calling line identifier is listed, the SCP sends an indication to the key distribution server that the authentication key stored in the key distribution server should be sent to the calling party. After the authentication key is sent to the calling party, the authentication key can be removed from the key distribution server or the authentication key can merely be marked as distributed.
- originating or terminating SSPs can be used to send a query to an SCP.
- telephone networks were described above as AIN networks, other types of networks can be used. More generally, any suitable type of telecommunication element (e.g., switches, processors) can be used to implement the methods described above. Further, computer-readable media having computer-readable code embodied therein for implementing these methods can be used.
- a telephone network determines an authentication key associated with a calling line identifier and sends the authentication key to a server.
- a component other than the telephone network e.g., a server or other component in a computer network
- a calling line identifier such as a directory number can be provided to the called party when the called party uses an 800 number or when the called party subscribes to a Caller ID service in an AIN or non-AIN network.
- the called party can use the directory number to authenticate the caller so that an authentication key is sent only if the directory number is recognized.
Abstract
The preferred embodiments described herein provide a method and system for calling line authenticated key distribution. In one preferred embodiment, an authentication key is provided to a calling party if the calling party is phoning from a calling line associated with an authorized user. This preferred embodiment provides a more secure authentication key distribution method as compared to the prior art since preventing an unauthorized user from gaining access to an authorized user's calling line is more feasible and reliable than attempting to prevent an unauthorized user from obtaining an authorized user's password. Other preferred embodiments are provided, and each of the preferred embodiments described herein can be used alone or in combination with one another.
Description
- The present patent document is a continuation of U.S. patent application Ser. No. 10/038,048, filed Dec. 20, 2001, which is a continuation-in-part of U.S. patent application Ser. No. 09/747,741, filed Dec. 22, 2000, the entirety of which are both hereby incorporated by reference.
- The present invention relates to telecommunication systems and in particular to a method and system for calling line authenticated key distribution.
- Servers on computer networks, such as the Internet, can provide secure services to users. Users are often required to provide an authenticated key to gain access to such secured services. Several methods can be used to distribute authenticated keys to authorized users. For example, an authenticated key can be printed on paper and mailed to an authorized user's home. In some situations, it may be desired to distribute authenticated keys electronically, such as with a server on the computer network. However, distributing authenticated keys this way can be problematic since it can be difficult to verify that the person requesting an authenticated key is an authorized user. For example, if a password is used to verify the identity of a person requesting an authenticated key, the server providing the key cannot differentiate between an authorized user and an imposter who stole the authorized user's password. Moreover, the problems of password distribution and key distribution are similar: passwords that provide high security (e.g., an arbitrary 128-character string) are too difficult to distribute by voice, and passwords that are easy to distribute by voice provide little security.
- There is a need, therefore, for a method and system that can be used to distribute authenticated keys that overcomes the disadvantages described above.
-
FIG. 1 is an illustration of a system of a preferred embodiment for calling line authenticated key distribution. -
FIG. 2 is a flow chart of a method of a preferred embodiment for calling line authenticated key distribution. -
FIG. 3 is an illustration of a system of another preferred embodiment for calling line authenticated key distribution. - The various embodiments of the present invention yield several advantages over the prior art. By way of introduction, a telephone network is used in combination with a computer network to distribute authentication keys to take advantage of the telephone network's ability to identify a calling party. In one preferred embodiment, an authentication key is provided to a calling party if the calling party is phoning from a calling line associated with an authorized user. This preferred embodiment provides a more secure authentication key distribution method as compared to the prior art since preventing an unauthorized user from gaining access to an authorized user's calling line is more feasible and reliable than attempting to prevent an unauthorized user from obtaining an authorized user's password. Other preferred embodiments are provided, and each of the preferred embodiments described below can be used alone or in combination with one another.
- Turning now to the drawings,
FIG. 1 is an illustration of a system of a preferred embodiment for calling line authenticated key distribution. As shown inFIG. 1 , this system comprises acalling party 100, aserver 120, and atelephone network 130 connecting thecalling party 100 and theserver 120. As used herein, the term “connecting” means directly connecting or indirectly connecting through one or more named or unnamed components. Thetelephone network 130 enables thecalling party 100 to establish a communication link with theserver 120. Thecalling party 100 can use any suitable type of customer premises equipment that can communicate with theserver 120. For example, the customer premises equipment can take the form of a personal computer, workstation, mobile telephone, and suitable types of portable electronic devices. Theserver 120 can also take any suitable form, such as an Internet server. - The
calling party 100 connects to thetelephone network 130 via acalling line 180. Thecalling line 180 is identified by a calling line identifier. The calling line identifier can take any suitable form and, in one embodiment, is a directory number (e.g., the calling party's telephone number). In this preferred embodiment, thetelephone network 130 is part of a public-switched telephone network and is implemented as an advanced intelligent network (“AIN”), such as the Signal System 7 (“SS7”) network. Thetelephone network 130 comprises a service switching point (“SSP”) 140, a service control point (“SCP”) 150, and adatabase 160. In this embodiment, the SSP 140 and SCP 150 are connected to one another by a Common Channel Signaling network 170. It should be noted that thetelephone network 130 can comprise additional components (such as a signal transfer point and additional SSPs), which are not shown inFIG. 1 for simplicity. - In this preferred embodiment, the
server 120 is used to distribute authenticated keys, which are used to authenticate a user for a secured service offered by theserver 120 or by another server on the same or different computer network. As used herein, the term “authenticated key” broadly refers to any mechanism that can be used to authenticate a user. An authentication key can be in a form (such as an alpha-numeric string) that allows a user to manually input the key when attempting authentication. An authentication key can take other forms, such as, but not limited to, a cookie for a web browser. A key can also be of such complexity that it is infeasible to transmit other than by automated means. - The operation of this preferred embodiment will now be illustrated in conjunction with
FIG. 2 , which is a flow chart of a method of a preferred embodiment for calling line authenticated key distribution. When thecalling party 100 wants to receive an authentication key from theserver 120, thecalling party 100 dials the telephone number of the server 120 (act 200). In one preferred embodiment, the telephone number of theserver 120 is an 800 number. Thetelephone network 130 routes the call from thecalling party 100 to theserver 120 through the SSP 140 (act 210). The SSP 140 also sends a query to the SCP 150 (act 220). The query includes the calling line identifier of thecalling line 180 used by thecalling party 100 to place the call to theserver 120. In this preferred embodiment, the calling line identifier is the directory number of thecalling line 180. Thedatabase 160 stores data associating authentication keys with respective calling line identifiers, and, in response to the query sent by theSSP 140, the SCP 150 consults thatdatabase 160 to determine if there is an authentication key associated with the calling line identifier (act 230). If there is, theSCP 150 retrieves the authentication key and sends it to the server 120 (act 240). As used herein, the phrase “sends to” can mean directly sends to or indirectly sends to through one or more named or unnamed components. For example, theSCP 150 can send the authentication key to theserver 120 through a firewall and/or through additional servers, as will be discussed below. Theserver 120 then sends the authentication key to thecalling party 100 via the telephone network 130 (act 250). Theserver 120 can send the authentication key to thecalling party 100 on its own initiative or in response to a request from thecalling party 100. Further, theserver 120 can send the authentication key during the connection with thecalling party 100 or at some later time (e.g. via email). It should be noted that some or all ofacts act 210. Accordingly, the authentication key can be sent to theserver 120 simultaneously with the calling party being connected to theserver 120, or the authentication key can be sent to theserver 120 before or after the calling party is connected to theserver 120. - Turning again to the drawings,
FIG. 3 is an illustration of a system of another preferred embodiment that leverages AIN and Internet technologies to distribute authentication keys based on calling line identifiers. As shown inFIG. 3 , this system comprises a calling party with a desktoppersonal computer system 300, a computer network 310, and atelephone network 330 connecting thecalling party 300 and the computer network 310. Thetelephone network 330 is part of a public-switched telephone network and comprises anSSP 340, an SCP 350, and acustomer database 360, which correlates authentication keys and calling line identifiers. The computer network 310 operates in an Internet environment and comprises a point-to-point protocol (PPP)connectivity server 320, an isolated Ethernet or local area network (LAN) 370, akey distribution server 380, and afirewall 390. The computer network 310 connects with thetelephone network 330 through the PPP connectivity server 320 (via a modem 325) and through thefirewall 390. - The operation of the system will now be illustrated in conjunction with the annotations in
FIG. 3 . First, the callingparty 300 or software supplied by a key distribution vendor calls a special 800 toll-free key distribution number assigned to a dial-up server (action 1). A terminating attempt trigger (“TAT”) on the 800 number identifies the calling line identifier (e.g., the directory number) of the calling line used to initiate the call and causes theSSP 340 to query theSCP 350 with the calling line identifier (action 2). In response to the query, theSCP 340 searches thedatabase 360 for the calling line identifier presented in the query (action 3). Upon detection of the calling line identifier, theSCP 350 retrieves the authentication key associated with the calling line identifier. TheSCP 350 then directs theSSP 340 to route the call from the callingparty 300 to themodem 325, thereby establishing a communication link between the callingparty 300 and themodem 325. When the call is answered, a dial-up connection to thePPP connectivity server 320 is made, and a TCP/IP link is established. - Next, the authentication key is sent through the
firewall 390 and is placed on the key distribution server 380 (action 4). Thekey distribution server 380 then provides the authentication key to thePPP connectivity server 320 through the isolated LAN 370 (action 5). In one embodiment, thePPP connectivity server 320 queries thekey distribution server 380 for the authentication key upon an establishment of the communication link between the callingparty 300 and thePPP connectivity server 320. In another embodiment, thekey distribution server 380 provides the authentication key to thePPP connectivity server 320 upon detection of the establishment of the communication link between callingparty 300 and thePPP connectivity server 320. Finally, thePPP connectivity server 320 sends the authentication key to the calling party 300 (action 6), and theSCP 350 removes the authentication key from thekey distribution server 380 or marks the authentication key as distributed. - With the authentication key, the calling
party 300 can access a secured service offered by the same or different server on the Internet. For example, the callingparty 300 can phone a different dial-up server to access a secured service, such as a service that provides the callingparty 300 with the ability to turn on/off telecommunication features offered to that callingparty 300. In this example, the callingparty 300 connects to theconnectivity server 320 only once (to receive the authentication key), and then uses the authentication key in a later interaction with a different server. - There are several alternatives that can be used with these preferred embodiments. In the preferred embodiment discussed above, the SCP retrieved an authentication key from a database and sent the key to the key distribution server. In an alternate embodiment, the database merely stores a list of calling line identifiers for which authentication keys exist. In this embodiment, the key distribution server—not the database consulted by the SCP—stores authentication keys. In operation, in response to a query from the SSP, the SCP consults the database to determine whether the calling line identifier is listed as one of the calling line identifiers for which an authentication key exists. If the calling line identifier is listed, the SCP sends an indication to the key distribution server that the authentication key stored in the key distribution server should be sent to the calling party. After the authentication key is sent to the calling party, the authentication key can be removed from the key distribution server or the authentication key can merely be marked as distributed.
- It should also be noted that originating or terminating SSPs can be used to send a query to an SCP. Additionally, while the telephone networks were described above as AIN networks, other types of networks can be used. More generally, any suitable type of telecommunication element (e.g., switches, processors) can be used to implement the methods described above. Further, computer-readable media having computer-readable code embodied therein for implementing these methods can be used.
- Finally, in the embodiments described above, a telephone network determines an authentication key associated with a calling line identifier and sends the authentication key to a server. In an alternate embodiment, a component other than the telephone network (e.g., a server or other component in a computer network) can store data correlating calling line identifiers and authentication keys, and the same or a different component in the computer network can use this data to determine an authentication key associated with a given calling line identifier. For example, a calling line identifier such as a directory number can be provided to the called party when the called party uses an 800 number or when the called party subscribes to a Caller ID service in an AIN or non-AIN network. The called party can use the directory number to authenticate the caller so that an authentication key is sent only if the directory number is recognized.
- It is therefore intended that the foregoing detailed description be regarded as illustrative rather than limiting, and that it be understood that it is the following claims, including all equivalents, that are intended to define the spirit and scope of this invention.
Claims (20)
1. A method of sending an authentication key to a calling party, the method comprising:
determining with a telephone network an authentication key associated with a calling line identifier, the calling line identifier identifying a calling line on which a calling party initiated a telephone call; and
sending the authentication key to calling party.
2. The method of claim 1 , further comprising:
marking the authentication key as distributed.
3. The method of claim 1 , wherein the calling line identifier comprises a directory number.
4. A system for sending an authentication key to a calling party, the system comprising:
a server to receive a call from a calling party, the calling party initiating the call from a calling line identified by a calling line identifier;
a database correlating authentication keys and calling line identifiers; and
a service control point in communication with the database and operative to determine an authentication key associated with the calling line identifier in response to a query from the service switching point, wherein the service control point is further operative to send the authentication key associated with the calling line identifier to the server; wherein the server is further operative to send the authentication key to the calling party.
5. The system of claim 4 , wherein the calling line identifier comprises a directory number.
6. A computer-readable storage medium containing a set of instructions for sending an authentication key to a calling party, the set of instructions to direct a computer system to perform acts of:
routing a call from a calling party to a server, the calling party initiating the call from a calling line identified by a calling line identifier;
determining an authentication key associated with the calling line identifier;
sending the authentication key to the server; and
sending the authentication key from the server to the calling party.
7. The computer-readable storage medium of claim 6 , wherein the set of instructions further directs the computer server to perform the acts of:
marking the authentication key as distributed.
8. The computer-readable storage medium of claim 6 , wherein the call is routed using a service switching point.
9. The computer-readable storage medium of claim 6 , wherein the server comprises a connectivity server and the authentication key is sent to the connectivity server through a key distribution server.
10. The computer-readable storage medium of claim 9 , wherein the authentication key is sent to the key distribution server through a firewall.
11. The computer-readable storage medium of claim 6 , wherein the calling line identifier comprises a directory number.
12. A computer-readable storage medium containing a set of instructions for sending an authentication key to a calling party, the set of instructions to direct a computer system to perform acts of:
routing a call from a calling party to a connectivity server through a service switching point, the calling party initiating the call from a calling line identified by a calling line identifier;
sending a query from the service switching point to a service control point, the query comprising the calling line identifier;
determining an authentication key associated with the calling line identifier;
sending the authentication key to a key distribution server;
sending the authentication key from the key distribution server to the connectivity server; and
sending the authentication key from the connectivity server to the calling party.
13. The computer-readable storage medium of claim 12 , the set of instructions to direct the computer system to perform further acts of:
marking the authentication key as distributed.
14. The computer-readable storage medium of claim 12 , the set of instructions to direct the computer system to perform further acts of:
removing the authentication key from key distribution server.
15. The computer-readable storage medium of claim 12 , wherein the authentication key is sent to the key distribution server through a firewall.
16. The computer-readable storage medium of claim 12 , wherein the authentication key is retrieved from a database correlating authentication keys and calling line identifiers.
17. The computer-readable medium of claim 12 , wherein the calling line identifier comprises a directory number.
18. A computer-readable storage medium containing a set of instructions for sending an authentication key to a calling party, the set of instructions to direct a computer system to perform acts of:
routing a call from a calling party to a server, the calling party initiating the call from a calling line identified by a calling line identifier;
providing the server with the calling line identifier;
authenticating the calling party with the calling line identifier; and
sending an authentication key from the server to the calling party.
19. The computer-readable storage medium of claim 18 , wherein the calling line identifier comprises a directory number.
20. The computer-readable storage medium of claim 18 , the set of instructions to direct the computer system to perform further acts of:
marking the authentication key as distributed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/261,296 US20060045268A1 (en) | 2000-12-22 | 2005-10-28 | Method and system for calling line authenticated key distribution |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/747,741 US20020087875A1 (en) | 2000-12-22 | 2000-12-22 | Method and system for calling line authentication |
US10/038,048 US6985587B2 (en) | 2000-12-22 | 2001-12-20 | Method and system for calling line authenticated key distribution |
US11/261,296 US20060045268A1 (en) | 2000-12-22 | 2005-10-28 | Method and system for calling line authenticated key distribution |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/038,048 Continuation US6985587B2 (en) | 2000-12-22 | 2001-12-20 | Method and system for calling line authenticated key distribution |
Publications (1)
Publication Number | Publication Date |
---|---|
US20060045268A1 true US20060045268A1 (en) | 2006-03-02 |
Family
ID=35943084
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/038,048 Expired - Fee Related US6985587B2 (en) | 2000-12-22 | 2001-12-20 | Method and system for calling line authenticated key distribution |
US11/261,296 Abandoned US20060045268A1 (en) | 2000-12-22 | 2005-10-28 | Method and system for calling line authenticated key distribution |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/038,048 Expired - Fee Related US6985587B2 (en) | 2000-12-22 | 2001-12-20 | Method and system for calling line authenticated key distribution |
Country Status (1)
Country | Link |
---|---|
US (2) | US6985587B2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008149126A2 (en) * | 2007-06-07 | 2008-12-11 | Vodaphone Group Plc | Methods, apparatuses and software for initiating a circuit switched call to a key server, for receiving incoming circuit switched calls and for attaching a computer peripheral device |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8325889B2 (en) * | 2006-12-22 | 2012-12-04 | Mobileaxept As | Efficient authentication of a user for conduct of a transaction initiated via mobile telephone |
Citations (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5003595A (en) * | 1989-08-29 | 1991-03-26 | At&T Bell Laboratories | Secure dial access to computer systems |
US5239294A (en) * | 1989-07-12 | 1993-08-24 | Motorola, Inc. | Method and apparatus for authenication and protection of subscribers in telecommunication systems |
US5301246A (en) * | 1992-07-29 | 1994-04-05 | At&T Bell Laboratories | Data communications equipment security device using calling party directory number |
US5325419A (en) * | 1993-01-04 | 1994-06-28 | Ameritech Corporation | Wireless digital personal communications system having voice/data/image two-way calling and intercell hand-off |
US5546447A (en) * | 1994-06-29 | 1996-08-13 | Intel Corporation | Displaying caller identification information in a computer system |
US5572193A (en) * | 1990-12-07 | 1996-11-05 | Motorola, Inc. | Method for authentication and protection of subscribers in telecommunications systems |
US5684951A (en) * | 1996-03-20 | 1997-11-04 | Synopsys, Inc. | Method and system for user authorization over a multi-user computer system |
US5724426A (en) * | 1994-01-24 | 1998-03-03 | Paralon Technologies, Inc. | Apparatus and method for controlling access to and interconnection of computer system resources |
US5774670A (en) * | 1995-10-06 | 1998-06-30 | Netscape Communications Corporation | Persistent client state in a hypertext transfer protocol based client-server system |
US5901284A (en) * | 1996-06-19 | 1999-05-04 | Bellsouth Corporation | Method and system for communication access restriction |
US5940187A (en) * | 1997-01-06 | 1999-08-17 | Bellsouth Corporation | Method for certifying facsimile communications over a telephone network |
US6035402A (en) * | 1996-12-20 | 2000-03-07 | Gte Cybertrust Solutions Incorporated | Virtual certificate authority |
US6067546A (en) * | 1997-02-18 | 2000-05-23 | Ameritech Corporation | Method and system for providing computer-network related information about a calling party |
US6088799A (en) * | 1997-12-11 | 2000-07-11 | International Business Machines Corporation | Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same |
US6098056A (en) * | 1997-11-24 | 2000-08-01 | International Business Machines Corporation | System and method for controlling access rights to and security of digital content in a distributed information system, e.g., Internet |
US6154528A (en) * | 1999-02-11 | 2000-11-28 | Ameritech Corporation | System and method for storing and transferring information tokens in a low network communication |
US20040083259A1 (en) * | 2001-04-16 | 2004-04-29 | United Virtualities, Inc. | Method for integrating electronic mail and worldwide web communications with a user |
US6980962B1 (en) * | 1999-03-02 | 2005-12-27 | Quixtar Investments, Inc. | Electronic commerce transactions within a marketing system that may contain a membership buying opportunity |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5375161A (en) * | 1984-09-14 | 1994-12-20 | Accessline Technologies, Inc. | Telephone control system with branch routing |
US5549447A (en) * | 1995-08-21 | 1996-08-27 | Mcneil (Ohio) Corporation | System for cooling a centrifugal pump |
US6096056A (en) * | 1999-03-04 | 2000-08-01 | Scimed Life Systems, Inc. | Fugitive stent securement means |
-
2001
- 2001-12-20 US US10/038,048 patent/US6985587B2/en not_active Expired - Fee Related
-
2005
- 2005-10-28 US US11/261,296 patent/US20060045268A1/en not_active Abandoned
Patent Citations (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5239294A (en) * | 1989-07-12 | 1993-08-24 | Motorola, Inc. | Method and apparatus for authenication and protection of subscribers in telecommunication systems |
US5003595A (en) * | 1989-08-29 | 1991-03-26 | At&T Bell Laboratories | Secure dial access to computer systems |
US5572193A (en) * | 1990-12-07 | 1996-11-05 | Motorola, Inc. | Method for authentication and protection of subscribers in telecommunications systems |
US5301246A (en) * | 1992-07-29 | 1994-04-05 | At&T Bell Laboratories | Data communications equipment security device using calling party directory number |
US5325419A (en) * | 1993-01-04 | 1994-06-28 | Ameritech Corporation | Wireless digital personal communications system having voice/data/image two-way calling and intercell hand-off |
US5724426A (en) * | 1994-01-24 | 1998-03-03 | Paralon Technologies, Inc. | Apparatus and method for controlling access to and interconnection of computer system resources |
US5546447A (en) * | 1994-06-29 | 1996-08-13 | Intel Corporation | Displaying caller identification information in a computer system |
US5774670A (en) * | 1995-10-06 | 1998-06-30 | Netscape Communications Corporation | Persistent client state in a hypertext transfer protocol based client-server system |
US5684951A (en) * | 1996-03-20 | 1997-11-04 | Synopsys, Inc. | Method and system for user authorization over a multi-user computer system |
US5901284A (en) * | 1996-06-19 | 1999-05-04 | Bellsouth Corporation | Method and system for communication access restriction |
US6035402A (en) * | 1996-12-20 | 2000-03-07 | Gte Cybertrust Solutions Incorporated | Virtual certificate authority |
US5940187A (en) * | 1997-01-06 | 1999-08-17 | Bellsouth Corporation | Method for certifying facsimile communications over a telephone network |
US6067546A (en) * | 1997-02-18 | 2000-05-23 | Ameritech Corporation | Method and system for providing computer-network related information about a calling party |
US6098056A (en) * | 1997-11-24 | 2000-08-01 | International Business Machines Corporation | System and method for controlling access rights to and security of digital content in a distributed information system, e.g., Internet |
US6088799A (en) * | 1997-12-11 | 2000-07-11 | International Business Machines Corporation | Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same |
US6154528A (en) * | 1999-02-11 | 2000-11-28 | Ameritech Corporation | System and method for storing and transferring information tokens in a low network communication |
US6980962B1 (en) * | 1999-03-02 | 2005-12-27 | Quixtar Investments, Inc. | Electronic commerce transactions within a marketing system that may contain a membership buying opportunity |
US20040083259A1 (en) * | 2001-04-16 | 2004-04-29 | United Virtualities, Inc. | Method for integrating electronic mail and worldwide web communications with a user |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008149126A2 (en) * | 2007-06-07 | 2008-12-11 | Vodaphone Group Plc | Methods, apparatuses and software for initiating a circuit switched call to a key server, for receiving incoming circuit switched calls and for attaching a computer peripheral device |
WO2008149126A3 (en) * | 2007-06-07 | 2009-05-14 | Vodaphone Group Plc | Methods, apparatuses and software for initiating a circuit switched call to a key server, for receiving incoming circuit switched calls and for attaching a computer peripheral device |
Also Published As
Publication number | Publication date |
---|---|
US20020159597A1 (en) | 2002-10-31 |
US6985587B2 (en) | 2006-01-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8873725B2 (en) | Methods and apparatus for authenticating and authorizing ENUM registrants | |
US9871914B2 (en) | Methods, systems, and products for processing communications | |
US6122357A (en) | Providing enhanced services through double SIV and personal dial tone | |
US7203293B1 (en) | System and method for monitoring incoming communications to a telecommunications device | |
US7221738B2 (en) | Origin device based callee identification | |
US20100306539A1 (en) | Method and system for content delivery control using a parallel network | |
CA2357741C (en) | Communication network | |
JP4241935B2 (en) | User registration in the communication network | |
US20050084077A1 (en) | Destination device based callee identification | |
US20050002497A1 (en) | Origin device based caller identification | |
US8953771B2 (en) | Method and apparatus to provide cryptographic identity assertion for the PSTN | |
US7239688B1 (en) | Method, architectures and technique for authentication of telephone calls | |
US9565317B2 (en) | Method and system for providing communication control functionality at a remotely located site using a distributed feature architecture | |
JP4440932B2 (en) | Method for remotely associating a communication device with a computer terminal | |
US20060045268A1 (en) | Method and system for calling line authenticated key distribution | |
US7245709B2 (en) | Portability of subscriber features in a telecommunication system | |
JP2001516531A (en) | Registration protocol | |
SE517567C2 (en) | Directing incoming calls | |
US6456701B1 (en) | Network-centric control of access to transceivers | |
SE512440C2 (en) | Method for secure telephony with mobility in a telephone and data communication system comprising an IP network | |
US20020087875A1 (en) | Method and system for calling line authentication | |
WO2004012429A1 (en) | Method and system for providing secure access to a telephone service | |
US9117216B1 (en) | Time control of internet usage | |
CA2311897C (en) | Network-centric control of access to transceivers | |
SE519539C2 (en) | Device and method of telecommunication systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |