US20060045268A1 - Method and system for calling line authenticated key distribution - Google Patents

Method and system for calling line authenticated key distribution Download PDF

Info

Publication number
US20060045268A1
US20060045268A1 US11/261,296 US26129605A US2006045268A1 US 20060045268 A1 US20060045268 A1 US 20060045268A1 US 26129605 A US26129605 A US 26129605A US 2006045268 A1 US2006045268 A1 US 2006045268A1
Authority
US
United States
Prior art keywords
authentication key
server
calling
calling line
computer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/261,296
Inventor
Thomas Adams
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
AT&T Labs Inc
Original Assignee
SBC Technology Resources Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/747,741 external-priority patent/US20020087875A1/en
Application filed by SBC Technology Resources Inc filed Critical SBC Technology Resources Inc
Priority to US11/261,296 priority Critical patent/US20060045268A1/en
Publication of US20060045268A1 publication Critical patent/US20060045268A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/38Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
    • H04M3/382Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections using authorisation codes or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/38Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M7/00Arrangements for interconnection between switching centres
    • H04M7/0024Services and arrangements where telephone services are combined with data services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M7/00Arrangements for interconnection between switching centres
    • H04M7/006Networks other than PSTN/ISDN providing telephone service, e.g. Voice over Internet Protocol (VoIP), including next generation networks with a packet-switched transport layer
    • H04M7/0078Security; Fraud detection; Fraud prevention
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q3/00Selecting arrangements
    • H04Q3/0016Arrangements providing connection between exchanges
    • H04Q3/0029Provisions for intelligent networking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2207/00Type of exchange or network, i.e. telephonic medium, in which the telephonic communication takes place
    • H04M2207/12Type of exchange or network, i.e. telephonic medium, in which the telephonic communication takes place intelligent networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2242/00Special services or facilities
    • H04M2242/22Automatic class or number identification arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/42025Calling or Called party identification service
    • H04M3/42034Calling party identification service
    • H04M3/42059Making use of the calling party identifier

Definitions

  • the present invention relates to telecommunication systems and in particular to a method and system for calling line authenticated key distribution.
  • Servers on computer networks can provide secure services to users. Users are often required to provide an authenticated key to gain access to such secured services.
  • Several methods can be used to distribute authenticated keys to authorized users. For example, an authenticated key can be printed on paper and mailed to an authorized user's home. In some situations, it may be desired to distribute authenticated keys electronically, such as with a server on the computer network.
  • distributing authenticated keys this way can be problematic since it can be difficult to verify that the person requesting an authenticated key is an authorized user. For example, if a password is used to verify the identity of a person requesting an authenticated key, the server providing the key cannot differentiate between an authorized user and an imposter who stolen the authorized user's password.
  • the problems of password distribution and key distribution are similar: passwords that provide high security (e.g., an arbitrary 128-character string) are too difficult to distribute by voice, and passwords that are easy to distribute by voice provide little security.
  • FIG. 1 is an illustration of a system of a preferred embodiment for calling line authenticated key distribution.
  • FIG. 2 is a flow chart of a method of a preferred embodiment for calling line authenticated key distribution.
  • FIG. 3 is an illustration of a system of another preferred embodiment for calling line authenticated key distribution.
  • a telephone network is used in combination with a computer network to distribute authentication keys to take advantage of the telephone network's ability to identify a calling party.
  • an authentication key is provided to a calling party if the calling party is phoning from a calling line associated with an authorized user.
  • This preferred embodiment provides a more secure authentication key distribution method as compared to the prior art since preventing an unauthorized user from gaining access to an authorized user's calling line is more feasible and reliable than attempting to prevent an unauthorized user from obtaining an authorized user's password.
  • Other preferred embodiments are provided, and each of the preferred embodiments described below can be used alone or in combination with one another.
  • FIG. 1 is an illustration of a system of a preferred embodiment for calling line authenticated key distribution.
  • this system comprises a calling party 100 , a server 120 , and a telephone network 130 connecting the calling party 100 and the server 120 .
  • the term “connecting” means directly connecting or indirectly connecting through one or more named or unnamed components.
  • the telephone network 130 enables the calling party 100 to establish a communication link with the server 120 .
  • the calling party 100 can use any suitable type of customer premises equipment that can communicate with the server 120 .
  • the customer premises equipment can take the form of a personal computer, workstation, mobile telephone, and suitable types of portable electronic devices.
  • the server 120 can also take any suitable form, such as an Internet server.
  • the calling party 100 connects to the telephone network 130 via a calling line 180 .
  • the calling line 180 is identified by a calling line identifier.
  • the calling line identifier can take any suitable form and, in one embodiment, is a directory number (e.g., the calling party's telephone number).
  • the telephone network 130 is part of a public-switched telephone network and is implemented as an advanced intelligent network (“AIN”), such as the Signal System 7 (“SS7”) network.
  • AIN advanced intelligent network
  • the telephone network 130 comprises a service switching point (“SSP”) 140 , a service control point (“SCP”) 150 , and a database 160 .
  • SSP 140 and SCP 150 are connected to one another by a Common Channel Signaling network 170 .
  • the telephone network 130 can comprise additional components (such as a signal transfer point and additional SSPs), which are not shown in FIG. 1 for simplicity.
  • the server 120 is used to distribute authenticated keys, which are used to authenticate a user for a secured service offered by the server 120 or by another server on the same or different computer network.
  • authenticated key broadly refers to any mechanism that can be used to authenticate a user.
  • An authentication key can be in a form (such as an alpha-numeric string) that allows a user to manually input the key when attempting authentication.
  • An authentication key can take other forms, such as, but not limited to, a cookie for a web browser.
  • a key can also be of such complexity that it is infeasible to transmit other than by automated means.
  • FIG. 2 is a flow chart of a method of a preferred embodiment for calling line authenticated key distribution.
  • the calling party 100 wants to receive an authentication key from the server 120 , the calling party 100 dials the telephone number of the server 120 (act 200 ).
  • the telephone number of the server 120 is an 800 number.
  • the telephone network 130 routes the call from the calling party 100 to the server 120 through the SSP 140 (act 210 ).
  • the SSP 140 also sends a query to the SCP 150 (act 220 ).
  • the query includes the calling line identifier of the calling line 180 used by the calling party 100 to place the call to the server 120 .
  • the calling line identifier is the directory number of the calling line 180 .
  • the database 160 stores data associating authentication keys with respective calling line identifiers, and, in response to the query sent by the SSP 140 , the SCP 150 consults that database 160 to determine if there is an authentication key associated with the calling line identifier (act 230 ). If there is, the SCP 150 retrieves the authentication key and sends it to the server 120 (act 240 ).
  • the phrase “sends to” can mean directly sends to or indirectly sends to through one or more named or unnamed components.
  • the SCP 150 can send the authentication key to the server 120 through a firewall and/or through additional servers, as will be discussed below.
  • the server 120 then sends the authentication key to the calling party 100 via the telephone network 130 (act 250 ).
  • the server 120 can send the authentication key to the calling party 100 on its own initiative or in response to a request from the calling party 100 . Further, the server 120 can send the authentication key during the connection with the calling party 100 or at some later time (e.g. via email). It should be noted that some or all of acts 220 , 230 and 240 can be performed before, during, or after act 210 . Accordingly, the authentication key can be sent to the server 120 simultaneously with the calling party being connected to the server 120 , or the authentication key can be sent to the server 120 before or after the calling party is connected to the server 120 .
  • FIG. 3 is an illustration of a system of another preferred embodiment that leverages AIN and Internet technologies to distribute authentication keys based on calling line identifiers.
  • this system comprises a calling party with a desktop personal computer system 300 , a computer network 310 , and a telephone network 330 connecting the calling party 300 and the computer network 310 .
  • the telephone network 330 is part of a public-switched telephone network and comprises an SSP 340 , an SCP 350 , and a customer database 360 , which correlates authentication keys and calling line identifiers.
  • the computer network 310 operates in an Internet environment and comprises a point-to-point protocol (PPP) connectivity server 320 , an isolated Ethernet or local area network (LAN) 370 , a key distribution server 380 , and a firewall 390 .
  • PPP point-to-point protocol
  • LAN local area network
  • the computer network 310 connects with the telephone network 330 through the PPP connectivity server 320 (via a modem 325 ) and through the firewall 390 .
  • the calling party 300 or software supplied by a key distribution vendor calls a special 800 toll-free key distribution number assigned to a dial-up server (action 1 ).
  • a terminating attempt trigger (“TAT”) on the 800 number identifies the calling line identifier (e.g., the directory number) of the calling line used to initiate the call and causes the SSP 340 to query the SCP 350 with the calling line identifier (action 2 ).
  • the SCP 340 searches the database 360 for the calling line identifier presented in the query (action 3 ).
  • the SCP 350 retrieves the authentication key associated with the calling line identifier.
  • the SCP 350 then directs the SSP 340 to route the call from the calling party 300 to the modem 325 , thereby establishing a communication link between the calling party 300 and the modem 325 .
  • a dial-up connection to the PPP connectivity server 320 is made, and a TCP/IP link is established.
  • the authentication key is sent through the firewall 390 and is placed on the key distribution server 380 (action 4 ).
  • the key distribution server 380 then provides the authentication key to the PPP connectivity server 320 through the isolated LAN 370 (action 5 ).
  • the PPP connectivity server 320 queries the key distribution server 380 for the authentication key upon an establishment of the communication link between the calling party 300 and the PPP connectivity server 320 .
  • the key distribution server 380 provides the authentication key to the PPP connectivity server 320 upon detection of the establishment of the communication link between calling party 300 and the PPP connectivity server 320 .
  • the PPP connectivity server 320 sends the authentication key to the calling party 300 (action 6 ), and the SCP 350 removes the authentication key from the key distribution server 380 or marks the authentication key as distributed.
  • the calling party 300 can access a secured service offered by the same or different server on the Internet.
  • the calling party 300 can phone a different dial-up server to access a secured service, such as a service that provides the calling party 300 with the ability to turn on/off telecommunication features offered to that calling party 300 .
  • the calling party 300 connects to the connectivity server 320 only once (to receive the authentication key), and then uses the authentication key in a later interaction with a different server.
  • the SCP retrieved an authentication key from a database and sent the key to the key distribution server.
  • the database merely stores a list of calling line identifiers for which authentication keys exist.
  • the key distribution server not the database consulted by the SCP—stores authentication keys.
  • the SCP in response to a query from the SSP, the SCP consults the database to determine whether the calling line identifier is listed as one of the calling line identifiers for which an authentication key exists. If the calling line identifier is listed, the SCP sends an indication to the key distribution server that the authentication key stored in the key distribution server should be sent to the calling party. After the authentication key is sent to the calling party, the authentication key can be removed from the key distribution server or the authentication key can merely be marked as distributed.
  • originating or terminating SSPs can be used to send a query to an SCP.
  • telephone networks were described above as AIN networks, other types of networks can be used. More generally, any suitable type of telecommunication element (e.g., switches, processors) can be used to implement the methods described above. Further, computer-readable media having computer-readable code embodied therein for implementing these methods can be used.
  • a telephone network determines an authentication key associated with a calling line identifier and sends the authentication key to a server.
  • a component other than the telephone network e.g., a server or other component in a computer network
  • a calling line identifier such as a directory number can be provided to the called party when the called party uses an 800 number or when the called party subscribes to a Caller ID service in an AIN or non-AIN network.
  • the called party can use the directory number to authenticate the caller so that an authentication key is sent only if the directory number is recognized.

Abstract

The preferred embodiments described herein provide a method and system for calling line authenticated key distribution. In one preferred embodiment, an authentication key is provided to a calling party if the calling party is phoning from a calling line associated with an authorized user. This preferred embodiment provides a more secure authentication key distribution method as compared to the prior art since preventing an unauthorized user from gaining access to an authorized user's calling line is more feasible and reliable than attempting to prevent an unauthorized user from obtaining an authorized user's password. Other preferred embodiments are provided, and each of the preferred embodiments described herein can be used alone or in combination with one another.

Description

    RELATED APPLICATIONS
  • The present patent document is a continuation of U.S. patent application Ser. No. 10/038,048, filed Dec. 20, 2001, which is a continuation-in-part of U.S. patent application Ser. No. 09/747,741, filed Dec. 22, 2000, the entirety of which are both hereby incorporated by reference.
    • TECHNICAL FIELD
  • The present invention relates to telecommunication systems and in particular to a method and system for calling line authenticated key distribution.
    • BACKGROUND
  • Servers on computer networks, such as the Internet, can provide secure services to users. Users are often required to provide an authenticated key to gain access to such secured services. Several methods can be used to distribute authenticated keys to authorized users. For example, an authenticated key can be printed on paper and mailed to an authorized user's home. In some situations, it may be desired to distribute authenticated keys electronically, such as with a server on the computer network. However, distributing authenticated keys this way can be problematic since it can be difficult to verify that the person requesting an authenticated key is an authorized user. For example, if a password is used to verify the identity of a person requesting an authenticated key, the server providing the key cannot differentiate between an authorized user and an imposter who stole the authorized user's password. Moreover, the problems of password distribution and key distribution are similar: passwords that provide high security (e.g., an arbitrary 128-character string) are too difficult to distribute by voice, and passwords that are easy to distribute by voice provide little security.
  • There is a need, therefore, for a method and system that can be used to distribute authenticated keys that overcomes the disadvantages described above.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is an illustration of a system of a preferred embodiment for calling line authenticated key distribution.
  • FIG. 2 is a flow chart of a method of a preferred embodiment for calling line authenticated key distribution.
  • FIG. 3 is an illustration of a system of another preferred embodiment for calling line authenticated key distribution.
    • DETAILED DESCRIPTION OF THE DRAWINGS
  • The various embodiments of the present invention yield several advantages over the prior art. By way of introduction, a telephone network is used in combination with a computer network to distribute authentication keys to take advantage of the telephone network's ability to identify a calling party. In one preferred embodiment, an authentication key is provided to a calling party if the calling party is phoning from a calling line associated with an authorized user. This preferred embodiment provides a more secure authentication key distribution method as compared to the prior art since preventing an unauthorized user from gaining access to an authorized user's calling line is more feasible and reliable than attempting to prevent an unauthorized user from obtaining an authorized user's password. Other preferred embodiments are provided, and each of the preferred embodiments described below can be used alone or in combination with one another.
  • Turning now to the drawings, FIG. 1 is an illustration of a system of a preferred embodiment for calling line authenticated key distribution. As shown in FIG. 1, this system comprises a calling party 100, a server 120, and a telephone network 130 connecting the calling party 100 and the server 120. As used herein, the term “connecting” means directly connecting or indirectly connecting through one or more named or unnamed components. The telephone network 130 enables the calling party 100 to establish a communication link with the server 120. The calling party 100 can use any suitable type of customer premises equipment that can communicate with the server 120. For example, the customer premises equipment can take the form of a personal computer, workstation, mobile telephone, and suitable types of portable electronic devices. The server 120 can also take any suitable form, such as an Internet server.
  • The calling party 100 connects to the telephone network 130 via a calling line 180. The calling line 180 is identified by a calling line identifier. The calling line identifier can take any suitable form and, in one embodiment, is a directory number (e.g., the calling party's telephone number). In this preferred embodiment, the telephone network 130 is part of a public-switched telephone network and is implemented as an advanced intelligent network (“AIN”), such as the Signal System 7 (“SS7”) network. The telephone network 130 comprises a service switching point (“SSP”) 140, a service control point (“SCP”) 150, and a database 160. In this embodiment, the SSP 140 and SCP 150 are connected to one another by a Common Channel Signaling network 170. It should be noted that the telephone network 130 can comprise additional components (such as a signal transfer point and additional SSPs), which are not shown in FIG. 1 for simplicity.
  • In this preferred embodiment, the server 120 is used to distribute authenticated keys, which are used to authenticate a user for a secured service offered by the server 120 or by another server on the same or different computer network. As used herein, the term “authenticated key” broadly refers to any mechanism that can be used to authenticate a user. An authentication key can be in a form (such as an alpha-numeric string) that allows a user to manually input the key when attempting authentication. An authentication key can take other forms, such as, but not limited to, a cookie for a web browser. A key can also be of such complexity that it is infeasible to transmit other than by automated means.
  • The operation of this preferred embodiment will now be illustrated in conjunction with FIG. 2, which is a flow chart of a method of a preferred embodiment for calling line authenticated key distribution. When the calling party 100 wants to receive an authentication key from the server 120, the calling party 100 dials the telephone number of the server 120 (act 200). In one preferred embodiment, the telephone number of the server 120 is an 800 number. The telephone network 130 routes the call from the calling party 100 to the server 120 through the SSP 140 (act 210). The SSP 140 also sends a query to the SCP 150 (act 220). The query includes the calling line identifier of the calling line 180 used by the calling party 100 to place the call to the server 120. In this preferred embodiment, the calling line identifier is the directory number of the calling line 180. The database 160 stores data associating authentication keys with respective calling line identifiers, and, in response to the query sent by the SSP 140, the SCP 150 consults that database 160 to determine if there is an authentication key associated with the calling line identifier (act 230). If there is, the SCP 150 retrieves the authentication key and sends it to the server 120 (act 240). As used herein, the phrase “sends to” can mean directly sends to or indirectly sends to through one or more named or unnamed components. For example, the SCP 150 can send the authentication key to the server 120 through a firewall and/or through additional servers, as will be discussed below. The server 120 then sends the authentication key to the calling party 100 via the telephone network 130 (act 250). The server 120 can send the authentication key to the calling party 100 on its own initiative or in response to a request from the calling party 100. Further, the server 120 can send the authentication key during the connection with the calling party 100 or at some later time (e.g. via email). It should be noted that some or all of acts 220, 230 and 240 can be performed before, during, or after act 210. Accordingly, the authentication key can be sent to the server 120 simultaneously with the calling party being connected to the server 120, or the authentication key can be sent to the server 120 before or after the calling party is connected to the server 120.
  • Turning again to the drawings, FIG. 3 is an illustration of a system of another preferred embodiment that leverages AIN and Internet technologies to distribute authentication keys based on calling line identifiers. As shown in FIG. 3, this system comprises a calling party with a desktop personal computer system 300, a computer network 310, and a telephone network 330 connecting the calling party 300 and the computer network 310. The telephone network 330 is part of a public-switched telephone network and comprises an SSP 340, an SCP 350, and a customer database 360, which correlates authentication keys and calling line identifiers. The computer network 310 operates in an Internet environment and comprises a point-to-point protocol (PPP) connectivity server 320, an isolated Ethernet or local area network (LAN) 370, a key distribution server 380, and a firewall 390. The computer network 310 connects with the telephone network 330 through the PPP connectivity server 320 (via a modem 325) and through the firewall 390.
  • The operation of the system will now be illustrated in conjunction with the annotations in FIG. 3. First, the calling party 300 or software supplied by a key distribution vendor calls a special 800 toll-free key distribution number assigned to a dial-up server (action 1). A terminating attempt trigger (“TAT”) on the 800 number identifies the calling line identifier (e.g., the directory number) of the calling line used to initiate the call and causes the SSP 340 to query the SCP 350 with the calling line identifier (action 2). In response to the query, the SCP 340 searches the database 360 for the calling line identifier presented in the query (action 3). Upon detection of the calling line identifier, the SCP 350 retrieves the authentication key associated with the calling line identifier. The SCP 350 then directs the SSP 340 to route the call from the calling party 300 to the modem 325, thereby establishing a communication link between the calling party 300 and the modem 325. When the call is answered, a dial-up connection to the PPP connectivity server 320 is made, and a TCP/IP link is established.
  • Next, the authentication key is sent through the firewall 390 and is placed on the key distribution server 380 (action 4). The key distribution server 380 then provides the authentication key to the PPP connectivity server 320 through the isolated LAN 370 (action 5). In one embodiment, the PPP connectivity server 320 queries the key distribution server 380 for the authentication key upon an establishment of the communication link between the calling party 300 and the PPP connectivity server 320. In another embodiment, the key distribution server 380 provides the authentication key to the PPP connectivity server 320 upon detection of the establishment of the communication link between calling party 300 and the PPP connectivity server 320. Finally, the PPP connectivity server 320 sends the authentication key to the calling party 300 (action 6), and the SCP 350 removes the authentication key from the key distribution server 380 or marks the authentication key as distributed.
  • With the authentication key, the calling party 300 can access a secured service offered by the same or different server on the Internet. For example, the calling party 300 can phone a different dial-up server to access a secured service, such as a service that provides the calling party 300 with the ability to turn on/off telecommunication features offered to that calling party 300. In this example, the calling party 300 connects to the connectivity server 320 only once (to receive the authentication key), and then uses the authentication key in a later interaction with a different server.
  • There are several alternatives that can be used with these preferred embodiments. In the preferred embodiment discussed above, the SCP retrieved an authentication key from a database and sent the key to the key distribution server. In an alternate embodiment, the database merely stores a list of calling line identifiers for which authentication keys exist. In this embodiment, the key distribution server—not the database consulted by the SCP—stores authentication keys. In operation, in response to a query from the SSP, the SCP consults the database to determine whether the calling line identifier is listed as one of the calling line identifiers for which an authentication key exists. If the calling line identifier is listed, the SCP sends an indication to the key distribution server that the authentication key stored in the key distribution server should be sent to the calling party. After the authentication key is sent to the calling party, the authentication key can be removed from the key distribution server or the authentication key can merely be marked as distributed.
  • It should also be noted that originating or terminating SSPs can be used to send a query to an SCP. Additionally, while the telephone networks were described above as AIN networks, other types of networks can be used. More generally, any suitable type of telecommunication element (e.g., switches, processors) can be used to implement the methods described above. Further, computer-readable media having computer-readable code embodied therein for implementing these methods can be used.
  • Finally, in the embodiments described above, a telephone network determines an authentication key associated with a calling line identifier and sends the authentication key to a server. In an alternate embodiment, a component other than the telephone network (e.g., a server or other component in a computer network) can store data correlating calling line identifiers and authentication keys, and the same or a different component in the computer network can use this data to determine an authentication key associated with a given calling line identifier. For example, a calling line identifier such as a directory number can be provided to the called party when the called party uses an 800 number or when the called party subscribes to a Caller ID service in an AIN or non-AIN network. The called party can use the directory number to authenticate the caller so that an authentication key is sent only if the directory number is recognized.
  • It is therefore intended that the foregoing detailed description be regarded as illustrative rather than limiting, and that it be understood that it is the following claims, including all equivalents, that are intended to define the spirit and scope of this invention.

Claims (20)

1. A method of sending an authentication key to a calling party, the method comprising:
determining with a telephone network an authentication key associated with a calling line identifier, the calling line identifier identifying a calling line on which a calling party initiated a telephone call; and
sending the authentication key to calling party.
2. The method of claim 1, further comprising:
marking the authentication key as distributed.
3. The method of claim 1, wherein the calling line identifier comprises a directory number.
4. A system for sending an authentication key to a calling party, the system comprising:
a server to receive a call from a calling party, the calling party initiating the call from a calling line identified by a calling line identifier;
a database correlating authentication keys and calling line identifiers; and
a service control point in communication with the database and operative to determine an authentication key associated with the calling line identifier in response to a query from the service switching point, wherein the service control point is further operative to send the authentication key associated with the calling line identifier to the server; wherein the server is further operative to send the authentication key to the calling party.
5. The system of claim 4, wherein the calling line identifier comprises a directory number.
6. A computer-readable storage medium containing a set of instructions for sending an authentication key to a calling party, the set of instructions to direct a computer system to perform acts of:
routing a call from a calling party to a server, the calling party initiating the call from a calling line identified by a calling line identifier;
determining an authentication key associated with the calling line identifier;
sending the authentication key to the server; and
sending the authentication key from the server to the calling party.
7. The computer-readable storage medium of claim 6, wherein the set of instructions further directs the computer server to perform the acts of:
marking the authentication key as distributed.
8. The computer-readable storage medium of claim 6, wherein the call is routed using a service switching point.
9. The computer-readable storage medium of claim 6, wherein the server comprises a connectivity server and the authentication key is sent to the connectivity server through a key distribution server.
10. The computer-readable storage medium of claim 9, wherein the authentication key is sent to the key distribution server through a firewall.
11. The computer-readable storage medium of claim 6, wherein the calling line identifier comprises a directory number.
12. A computer-readable storage medium containing a set of instructions for sending an authentication key to a calling party, the set of instructions to direct a computer system to perform acts of:
routing a call from a calling party to a connectivity server through a service switching point, the calling party initiating the call from a calling line identified by a calling line identifier;
sending a query from the service switching point to a service control point, the query comprising the calling line identifier;
determining an authentication key associated with the calling line identifier;
sending the authentication key to a key distribution server;
sending the authentication key from the key distribution server to the connectivity server; and
sending the authentication key from the connectivity server to the calling party.
13. The computer-readable storage medium of claim 12, the set of instructions to direct the computer system to perform further acts of:
marking the authentication key as distributed.
14. The computer-readable storage medium of claim 12, the set of instructions to direct the computer system to perform further acts of:
removing the authentication key from key distribution server.
15. The computer-readable storage medium of claim 12, wherein the authentication key is sent to the key distribution server through a firewall.
16. The computer-readable storage medium of claim 12, wherein the authentication key is retrieved from a database correlating authentication keys and calling line identifiers.
17. The computer-readable medium of claim 12, wherein the calling line identifier comprises a directory number.
18. A computer-readable storage medium containing a set of instructions for sending an authentication key to a calling party, the set of instructions to direct a computer system to perform acts of:
routing a call from a calling party to a server, the calling party initiating the call from a calling line identified by a calling line identifier;
providing the server with the calling line identifier;
authenticating the calling party with the calling line identifier; and
sending an authentication key from the server to the calling party.
19. The computer-readable storage medium of claim 18, wherein the calling line identifier comprises a directory number.
20. The computer-readable storage medium of claim 18, the set of instructions to direct the computer system to perform further acts of:
marking the authentication key as distributed.
US11/261,296 2000-12-22 2005-10-28 Method and system for calling line authenticated key distribution Abandoned US20060045268A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/261,296 US20060045268A1 (en) 2000-12-22 2005-10-28 Method and system for calling line authenticated key distribution

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US09/747,741 US20020087875A1 (en) 2000-12-22 2000-12-22 Method and system for calling line authentication
US10/038,048 US6985587B2 (en) 2000-12-22 2001-12-20 Method and system for calling line authenticated key distribution
US11/261,296 US20060045268A1 (en) 2000-12-22 2005-10-28 Method and system for calling line authenticated key distribution

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US10/038,048 Continuation US6985587B2 (en) 2000-12-22 2001-12-20 Method and system for calling line authenticated key distribution

Publications (1)

Publication Number Publication Date
US20060045268A1 true US20060045268A1 (en) 2006-03-02

Family

ID=35943084

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/038,048 Expired - Fee Related US6985587B2 (en) 2000-12-22 2001-12-20 Method and system for calling line authenticated key distribution
US11/261,296 Abandoned US20060045268A1 (en) 2000-12-22 2005-10-28 Method and system for calling line authenticated key distribution

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US10/038,048 Expired - Fee Related US6985587B2 (en) 2000-12-22 2001-12-20 Method and system for calling line authenticated key distribution

Country Status (1)

Country Link
US (2) US6985587B2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008149126A2 (en) * 2007-06-07 2008-12-11 Vodaphone Group Plc Methods, apparatuses and software for initiating a circuit switched call to a key server, for receiving incoming circuit switched calls and for attaching a computer peripheral device

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8325889B2 (en) * 2006-12-22 2012-12-04 Mobileaxept As Efficient authentication of a user for conduct of a transaction initiated via mobile telephone

Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5003595A (en) * 1989-08-29 1991-03-26 At&T Bell Laboratories Secure dial access to computer systems
US5239294A (en) * 1989-07-12 1993-08-24 Motorola, Inc. Method and apparatus for authenication and protection of subscribers in telecommunication systems
US5301246A (en) * 1992-07-29 1994-04-05 At&T Bell Laboratories Data communications equipment security device using calling party directory number
US5325419A (en) * 1993-01-04 1994-06-28 Ameritech Corporation Wireless digital personal communications system having voice/data/image two-way calling and intercell hand-off
US5546447A (en) * 1994-06-29 1996-08-13 Intel Corporation Displaying caller identification information in a computer system
US5572193A (en) * 1990-12-07 1996-11-05 Motorola, Inc. Method for authentication and protection of subscribers in telecommunications systems
US5684951A (en) * 1996-03-20 1997-11-04 Synopsys, Inc. Method and system for user authorization over a multi-user computer system
US5724426A (en) * 1994-01-24 1998-03-03 Paralon Technologies, Inc. Apparatus and method for controlling access to and interconnection of computer system resources
US5774670A (en) * 1995-10-06 1998-06-30 Netscape Communications Corporation Persistent client state in a hypertext transfer protocol based client-server system
US5901284A (en) * 1996-06-19 1999-05-04 Bellsouth Corporation Method and system for communication access restriction
US5940187A (en) * 1997-01-06 1999-08-17 Bellsouth Corporation Method for certifying facsimile communications over a telephone network
US6035402A (en) * 1996-12-20 2000-03-07 Gte Cybertrust Solutions Incorporated Virtual certificate authority
US6067546A (en) * 1997-02-18 2000-05-23 Ameritech Corporation Method and system for providing computer-network related information about a calling party
US6088799A (en) * 1997-12-11 2000-07-11 International Business Machines Corporation Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same
US6098056A (en) * 1997-11-24 2000-08-01 International Business Machines Corporation System and method for controlling access rights to and security of digital content in a distributed information system, e.g., Internet
US6154528A (en) * 1999-02-11 2000-11-28 Ameritech Corporation System and method for storing and transferring information tokens in a low network communication
US20040083259A1 (en) * 2001-04-16 2004-04-29 United Virtualities, Inc. Method for integrating electronic mail and worldwide web communications with a user
US6980962B1 (en) * 1999-03-02 2005-12-27 Quixtar Investments, Inc. Electronic commerce transactions within a marketing system that may contain a membership buying opportunity

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5375161A (en) * 1984-09-14 1994-12-20 Accessline Technologies, Inc. Telephone control system with branch routing
US5549447A (en) * 1995-08-21 1996-08-27 Mcneil (Ohio) Corporation System for cooling a centrifugal pump
US6096056A (en) * 1999-03-04 2000-08-01 Scimed Life Systems, Inc. Fugitive stent securement means

Patent Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5239294A (en) * 1989-07-12 1993-08-24 Motorola, Inc. Method and apparatus for authenication and protection of subscribers in telecommunication systems
US5003595A (en) * 1989-08-29 1991-03-26 At&T Bell Laboratories Secure dial access to computer systems
US5572193A (en) * 1990-12-07 1996-11-05 Motorola, Inc. Method for authentication and protection of subscribers in telecommunications systems
US5301246A (en) * 1992-07-29 1994-04-05 At&T Bell Laboratories Data communications equipment security device using calling party directory number
US5325419A (en) * 1993-01-04 1994-06-28 Ameritech Corporation Wireless digital personal communications system having voice/data/image two-way calling and intercell hand-off
US5724426A (en) * 1994-01-24 1998-03-03 Paralon Technologies, Inc. Apparatus and method for controlling access to and interconnection of computer system resources
US5546447A (en) * 1994-06-29 1996-08-13 Intel Corporation Displaying caller identification information in a computer system
US5774670A (en) * 1995-10-06 1998-06-30 Netscape Communications Corporation Persistent client state in a hypertext transfer protocol based client-server system
US5684951A (en) * 1996-03-20 1997-11-04 Synopsys, Inc. Method and system for user authorization over a multi-user computer system
US5901284A (en) * 1996-06-19 1999-05-04 Bellsouth Corporation Method and system for communication access restriction
US6035402A (en) * 1996-12-20 2000-03-07 Gte Cybertrust Solutions Incorporated Virtual certificate authority
US5940187A (en) * 1997-01-06 1999-08-17 Bellsouth Corporation Method for certifying facsimile communications over a telephone network
US6067546A (en) * 1997-02-18 2000-05-23 Ameritech Corporation Method and system for providing computer-network related information about a calling party
US6098056A (en) * 1997-11-24 2000-08-01 International Business Machines Corporation System and method for controlling access rights to and security of digital content in a distributed information system, e.g., Internet
US6088799A (en) * 1997-12-11 2000-07-11 International Business Machines Corporation Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same
US6154528A (en) * 1999-02-11 2000-11-28 Ameritech Corporation System and method for storing and transferring information tokens in a low network communication
US6980962B1 (en) * 1999-03-02 2005-12-27 Quixtar Investments, Inc. Electronic commerce transactions within a marketing system that may contain a membership buying opportunity
US20040083259A1 (en) * 2001-04-16 2004-04-29 United Virtualities, Inc. Method for integrating electronic mail and worldwide web communications with a user

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008149126A2 (en) * 2007-06-07 2008-12-11 Vodaphone Group Plc Methods, apparatuses and software for initiating a circuit switched call to a key server, for receiving incoming circuit switched calls and for attaching a computer peripheral device
WO2008149126A3 (en) * 2007-06-07 2009-05-14 Vodaphone Group Plc Methods, apparatuses and software for initiating a circuit switched call to a key server, for receiving incoming circuit switched calls and for attaching a computer peripheral device

Also Published As

Publication number Publication date
US20020159597A1 (en) 2002-10-31
US6985587B2 (en) 2006-01-10

Similar Documents

Publication Publication Date Title
US8873725B2 (en) Methods and apparatus for authenticating and authorizing ENUM registrants
US9871914B2 (en) Methods, systems, and products for processing communications
US6122357A (en) Providing enhanced services through double SIV and personal dial tone
US7203293B1 (en) System and method for monitoring incoming communications to a telecommunications device
US7221738B2 (en) Origin device based callee identification
US20100306539A1 (en) Method and system for content delivery control using a parallel network
CA2357741C (en) Communication network
JP4241935B2 (en) User registration in the communication network
US20050084077A1 (en) Destination device based callee identification
US20050002497A1 (en) Origin device based caller identification
US8953771B2 (en) Method and apparatus to provide cryptographic identity assertion for the PSTN
US7239688B1 (en) Method, architectures and technique for authentication of telephone calls
US9565317B2 (en) Method and system for providing communication control functionality at a remotely located site using a distributed feature architecture
JP4440932B2 (en) Method for remotely associating a communication device with a computer terminal
US20060045268A1 (en) Method and system for calling line authenticated key distribution
US7245709B2 (en) Portability of subscriber features in a telecommunication system
JP2001516531A (en) Registration protocol
SE517567C2 (en) Directing incoming calls
US6456701B1 (en) Network-centric control of access to transceivers
SE512440C2 (en) Method for secure telephony with mobility in a telephone and data communication system comprising an IP network
US20020087875A1 (en) Method and system for calling line authentication
WO2004012429A1 (en) Method and system for providing secure access to a telephone service
US9117216B1 (en) Time control of internet usage
CA2311897C (en) Network-centric control of access to transceivers
SE519539C2 (en) Device and method of telecommunication systems

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION