United States Patent [19]
`McNair
`
`US 005276444A
`[11] Patent Number:
`[45] Date of Patent:
`
`5,276,444
`Jan. 4, 1994
`
`[54] CENTRALIZED SECURITY CONTROL
`SYSTEM
`
`[55]
`
`,
`
`,
`
`U's‘ PATENT DOCUMENTS
`rgggggg 1;;
`24:53:“ ---------------------------
`4,795,890 l/l989 Goldman ...................... .. IMO/825.33
`4,876,717 10/1989 Barron .......................... .. 340/825.34
`4,893,330 1/1990 Franco ................................ .. 379/91
`4,896,346 1/1990 Bel?eld et a1. ...................... .. 379/88
`
`5,012,515 4/ 1991 McVitie ....................... .. IMO/825.31
`5,052,040 9/ 1991 Preston ......................... .. IMO/825.31
`5,086,457 2/1992 Barraud ............................. .. 379/112
`[75] Inventor: Bruce E. McNair, Holmdel, NJ.
`_
`_
`Y k
`[131
`w mar-m» my izzzziiizzr::ztaz?asmfsm
`H111’ NJ‘
`Attorney, Agent, or Firm-Eugene J. Rosenthal
`_
`[21] Appl. No.: 763,718
`[57]
`ABSTRACI.
`[22] Filed:
`p’ 23’ 1991
`A central security control system (security system)
`[51] Int. Cl.5 ............................................. .. H040 1/00
`interfaces between a plurality of requesters and a plural
`[52] US. Cl. ........................ .. 340/825.33; 340/825.31;
`ity of dcstina?ons sugh that it rmivcs from the request
`379/ 91; 379/ 1 12; 379/ 123
`ers requests for access to the destinations and communi
`[58] Field Of Search .................... .. 340/825.33, 825.31,
`cates to thc destinatigns a lgvg] of access that should be
`340/82534, 825-5, 325-79; 379/ 91, 112’ 123
`granted to a requester by that destination on a per re
`Referenm Cited
`quest basis. In a preferred embodiment the security
`system also a) authenticates the requester to a predeter
`mined level from which the level of access that is to be
`granted is derived and b) causes a direct connection to
`zgncstabhshcd between the request" and the destma
`'
`
`e ............................... ..
`
`~
`
`'
`
`'
`
`_
`
`23 Claims, 10 Drawing Sheets
`
`ORIGINA TING
`STATION
`
`ORIGINAL
`ass
`
`T
`
`DESTINATION DESTINATION
`SUP s,,,Tg’I5§{g",4,§'g’,§Mm sir/m1
`snnow
`
`ORIGINAL
`"'61"
`urc s'mcu
`l
`S56‘
`'4” 800
`: mummy
`800 No.
`If E
`'
`T
`|
`AUTHENT'CATION mm AUTHENTlCAT:mN mu
`5% ‘WWW/mm” 1m
`‘Um/Winner: 1m
`g2
`mu ADDITIONAL i N REQUIRED
`=1"
`ENTICA
`CATIO
`°= ADDITIONAL AFTHREQUIRED
`AUTHENTI
`JUTIIENII I
`AUTHENTICATION INFO
`GATION INFO
`7
`P1:
`:
`I
`D W HE§§%EWTICAIION
`g
`vHANDSHAKE
`i PROCEE
`l \ < 0mm!’ :
`
`>
`
`P '
`
`0” 115.9
`“W5
`
`:
`
`i
`
`‘
`
`MobileIron, Inc., Ex. 1018 - Page 001
`
`

`

`US. Patent
`
`Jan. 4, 1994
`
`Sheet 1 of 10
`
`5,276,444
`
`
`
`
`
`
`
`:55 5555 E25 5% 525
`
`
`
`“M: 2; PE mmEE P3
`
`E5252“ E 2% ii.‘
`
`a VA 1 m m \
`
`
`
`a: a:
`
`. a: w: ml. 2:
`
`v \ ‘I
`5 ‘ n E. \
`
`- - £555
`
`:55
`
`N2
`
`
`
`\ Qhk 555
`
`
`
`N: | E25 2; .I.
`
`25 33%
`
`mmm
`
`MobileIron, Inc., Ex. 1018 - Page 002
`
`

`

`US. Patent
`
`Jan. 4, 1994
`
`Sheet 2 of 10
`
`5,276,444
`
`a:
`
`NQNK
`
`SEE
`
`SE355%
`
`
`
`{Sui-HQ...MENam.32.......
`32ch ./--.-----.
`
`5352
`
`“255a
`
`.mwm
`
`
`
`>3:SEESgmE:3.5::
`
`$53.5.
`
`$333
`
`
`
`.22:22.29%mam-8‘
`
`3N
`
`
`
`2e:«saw-E
`
`
`
`>3:“952%:st
`
`.53
`
`
`
`REM-“Sgt.
`
`
`
`2c:Etzmabw
`
`.22:
`
`EN
`
`gamma-“E
`
`E:35355
`
`MobileIron, Inc., EX. 1018 - Page 003
`
`MobileIron, Inc., Ex. 1018 - Page 003
`
`
`
`
`
`
`
`

`

`US. Patent
`
`Jan. 4, 1994
`
`Sheet 3 of 10
`
`5,276,444
`
`31.
`
`E
`
`¢
`
`25 5552
`4 5.55
`
`
`
`\ v. E5555
`
`a” \ . _ \
`
`_ E L
`
`5E2 @325 \( 35:
`
`
`53:5 522% 2;. \ E5»
`
`
`
`
`
`
`
`.ES EEEEZMEE 252mg:
`
`
`
`
`
`42,282 E‘. E. N;
`
`N2, 5 E
`
`\( 5%
`
`m .QPN
`
`MobileIron, Inc., Ex. 1018 - Page 004
`
`

`

`U.S. Pétent
`
`Jali. 4, 1994
`
`Sheet 4 of 10
`
`5,276,444
`
`FIG.4
`
`220
`
`222 -
`
`|
`
`I
`A
`2
`DESTINATION
`H
`408
`AUTHENTICATION
`404
`/
`PROCESSOR 4
`DES TINA TI ON
`AUTHENTICATION
`404
`INFORMATION
`STORE
`
`DESTINATION
`CHALLENGE / 404 '
`RESPONSE
`
`230
`DESTINATION AUTHENTICATION UNIT
`
`406
`
`MobileIron, Inc., Ex. 1018 - Page 005
`
`

`

`US. Patent
`
`Jan. 4, 1994
`
`Sheet 5 of 10
`
`5,276,444
`
`FIG.8
`
`FIG.5
`
`801
`
`F I G. 5
`
`REQUESTER DIALS
`1-800-BANK ~ 803
`
`LL‘C SWITCH zwcocmzzs
`THAT AN Am 800 NUMBER\ 805
`
`FIG.6
`
`LE6 ROUTES CALL TO Am 4ESS~ 807
`
`AT&T 4L‘SS ROUTES TO APPROPRIATE NCP ~ 809
`
`FIG?
`
`311
`NCP RECOCNIZES THAT CALL REQUIRES SECURITY
`AND ROUTES CALL TO SCP
`"
`
`L
`SCP PERFORMS FIRST LEVEL OF
`SECURITY PROCESSING INHERENT IN REQUEST
`
`813
`
`815
`
`IS
`FIRST
`LEVEL NET DY
`REQUESTER
`9
`
`YES
`SCP LOOKS UP DESTINATION AND DETERMINES LEVELS OF
`ACCESS AVAILABLE AND AUTHENTICATION REQUIRED FOR’ EACH
`
`837
`
`YES
`
`IS
`AN IDENITYQA VAILABLE
`
`'
`
`841
`
`NO
`SCP ASKS REQUESTER FOR
`AN ALLEGED IDENITY
`|
`
`MobileIron, Inc., Ex. 1018 - Page 006
`
`

`

`US. Patent
`
`Jan. 4, 1994
`
`Sheet 6 of 10
`
`5,276,444
`
`843
`
`REQUESTER
`PROVIDES VALID
`ALLEGED IDENITY PRIOR
`TO EXPIRATION
`OF TIME
`9
`' YES
`
`TIME
`OUT
`
`I
`l f SCP ASKS REQUESTER TO
`PROVIDE AUTHENTICATION INFO
`
`B45
`
`AUTHENTICATION INFO
`PRIOR TO EXPIRATION
`
`CAN
`CE T MORE
`INFO
`?
`
`MobileIron, Inc., Ex. 1018 - Page 007
`
`

`

`US. Patent
`
`Jan. 4, 1994
`
`Sheet 7 of 10
`
`5,276,444
`
`FIG. 7
`
`' 827
`Y
`/
`SOP LOOKS UP
`OESTINATION AOTIIENTICATION
`I
`829
`\ SCP CONNECTS TO DESTINATION
`TIIROIICII OESTINATION EEC
`I
`831\ SCP ENCACES IN AOTIIENTICATION
`
`SESSION NITII OESTINATION
`
`8 17
`
`I
`-
`CONNECTION IS
`REFUSED
`J
`TRANSACTION 5
`‘LEINFFMWZJ
`I
`819
`
`SCP GRANTS ACCESS TO REQUESTER
`833\
`BY CONNECTINC REQUESTER AND DESTINATION
`
`@grw
`
`MobileIron, Inc., Ex. 1018 - Page 008
`
`

`

`US. Patent
`
`Jan. 4, 1994
`
`Sheet 8 of 10
`
`5,276,444
`
`
`
`
`93$szEbb:..a?.at:a:5:.555:2:25%;:22:52:DE“E55%35%9535%m65%
`22.25%mnnu._§§"nuu.nu“s§§§<"_ua-umm_m§§§m$5.3mEs3.513%§r"223mSEW.
`mnn.5533mm_2E_.nuu_nmE22:3.“a5.»m.mA.m382:“m_.§nnu:.u"SEE
`22.3%:u23:assfiafiwgwmMNmm.m,m2m_E:nmmnm23:
`
`
`EEEEEVmEmmmmmnsESEEEmmmmmummmuumnm3.2::H5::midmnu":53:
`$2wi§MmWe§§§5mn.a:nmuuE.nunummuHE:
`
`étfitfifii”ES2212223“22:2m”mm“um..u.umymmmm§$
`
`MobileIron, Inc., EX. 1018 - Page 009
`
`MobileIron, Inc., Ex. 1018 - Page 009
`
`

`

`US. Patent
`
`Jan. 4, 1994
`
`Sheet 9 of 10
`
`5,276,444
`
`FIG.12 '
`
`F1910
`
`FIGJO
`
`1201
`
`REQUESTER DIALS
`I-OOO-SPORTS "\— 1203
`
`F’ c‘ 1 7
`
`LEE SWITCH REcocNlzEs ‘I. 1205
`THAT AN ATArT 900 NUMBER
`
`I
`LEC ROUTES CALL TO ATAET 4ESS,-/ 1207
`I
`ATRT 4ESS ROUTES CALL TO SCP
`I
`SCP PERFORMS FIRST LEVEL OF w '2' 1
`SECURITY PROCESSING INHERENT 11v REQUEST
`
`#7209
`
`FIRST
`LEVEL LIE T BY
`REQUESTER
`?
`
`/
`YES
`SCP LOOKS UP DESTINATION AND DETERMINES LEVEL
`'
`OF ACCESS REQUESTED
`
`MobileIron, Inc., Ex. 1018 - Page 010
`
`

`

`' US. Patent
`
`Jan. 4, 1994
`
`Sheet 10 of 10
`
`5,276,444
`
`FIG. 1 1
`
`__|
`
`1229
`./
`‘I
`.S'CP ASKS REQUESTER TO
`PROVIDE AUTHENTICATION INFO
`
`AUTHENTICATION INFO
`PRIOR TO EXPIRATION
`
`GET MORE
`11m)
`'9
`
`1215
`1 /
`comvzcmw 1s REFUSED
`
`111mm1531111111111
`1225
`I
`\ SOP GRANTS ACCESS TO REQUESTER
`,2”
`BY CONNECTING REQUESTER AND DESTINATION
`
`Q5 1219
`
`MobileIron, Inc., Ex. 1018 - Page 011
`
`

`

`1
`
`5,276,444 '
`
`CENTRALIZED SECURITY CONTROL SYSTEM
`
`TECHNICAL FIELD
`This invention relates to security system that regu
`late access to systems or locations and, more particu
`larly, where access may be sought by multiple autho
`rized users to a plurality of such systems or locations
`and where each such system or location may have its
`own distinct security requirements.
`
`10
`
`2
`its own requirements as to the authentication level that
`is necessary before any particular level of access can be
`granted. In addition, a particular authorized user may
`wish to specify an authentication level that should be
`met before access is allowed for a request that alleges
`that user’s identity. Prior security systems do not pro
`vide mechanisms for security level control by the user.
`Furthermore, if the access control is speci?ed directly
`at the destination, the problems associated with a wide
`security perimeter result.
`In order to actually authenticate the identity of an
`access requester, prior systems have made use of repre
`sentations of various different identifying characteris
`tics of a person. Identifying characteristics that have
`been employed include: voice samples, ?ngerprints,
`retina patterns, personal appearance, handwriting and
`even the manner in which a wave is polarized as it
`passes through a portion of the body. Such representa
`tions are known as authentication information. These
`prior systems obtain an identity that is alleged by the
`access requester. One method employed to obtain such
`an alleged identity is to require the requester to enter
`some type of a code. This code may be typed in via a
`keypad or scanned from a device in the requester’s
`possession. The prior systems then attempt to authenti
`cate that the requester is actually the individual whose
`identity was alleged by comparing a measure of the
`authentication information that has been previously
`stored with a measure of the same authentication infor
`mation that is taken from the requester during the ac
`cess request process. If the result of the comparison is
`that the stored authentication information matches the
`authentication information taken from the requester
`during the access request to within a predetermined
`limit the allegation of identity is con?rmed and access is
`granted. Otherwise, access is denied.
`
`BACKGROUND OF THE INVENTION
`Only those individuals authorized to have access to
`any particular system or location, referred to herein as
`"destinations”, should be granted such access. Indeed
`today, many destinations may be remotely accessed via
`telecommunications. Typical remotely accessible desti
`nations include remote telephones, systems that provide
`access to credit and systems that provide value-added
`telecommunications services. On a regular basis, a large
`number of authorized individuals must authenticate
`their identity, i.e., to con?rm that the person requesting
`the access is actually who he alleges that he is, to sev
`eral destinations to which access is sought.
`Typically each destination has its own systems and
`25
`procedures for authenticating its authorized users. The
`resulting plurality of authentication systems is expen
`sive. Also, each authentication system must keep a copy
`of all the information necessary to identify each of its
`authorized users, thereby creating large storage de~
`mands. Further, the compromising of a copy of an indi
`vidual user’s information that is required for access to
`one system tends to compromise the information con
`tained in other authentication systems. This results be
`cause authentication systems tend to require the same
`basic information. Also, the number of copies of the
`information increases as the number of destinations to
`which the user may obtain authorized access increases.
`Since each copy is independently vulnerable to attack
`ers of the system, the overall likelihood that any of the
`copies will remain secure decreases. In addition, each
`authentication system must be secured physically, as
`well as logically, against attackers which adds addi
`tional expense. These problems can be called the prob
`lems of a wide security perimeter.
`From the viewpoint of a user, a plurality of authenti
`cation procedures is cumbersome and repetitive. The
`perceived constant requirement to comply with secu
`rity arrangements encourages users to choose trivial
`identi?cation means. The user typically deals with the
`most common security requirement of supplying a per
`sonal identi?cation number (PIN) by employing an
`easy~to~remember PIN, such as a birthday, and employ
`ing the same PIN for each destination. Choosing the
`same PIN for each destination results in the undesirable
`55
`effect that when one destination is compromised, all of
`the destinations are immediately compromised. Further,
`in selecting and easy-to-remember PIN, a user almost
`invariably selects a PIN that is easy to arrive at by
`guesswork or simple trial and error methods.
`Another problem with prior security systems is how
`to manage the diverse security needs of a plurality of
`destinations and a plurality of authorized users. In par
`ticular, there is a need to insure that the ultimate bearer
`of the cost of erroneous access is capable of specifying
`65
`the authentication level, i.e., the level of con?dence of
`the accuracy of 'an identi?cation, employed for any
`particular access. Each particular destination may have
`
`35
`
`45
`
`50
`
`SUMMARY OF THE INVENTION
`The dif?culties with prior access-authorizing systems
`are overcome, in accordance with the principles of the
`invention, by employing a shared centralized security
`control system (security system) that interfaces between
`a plurality of requesters and a plurality of destinations
`such that the security system receives from the request
`ers requests for access to the destinations and communi
`cates to the destinations indications of a level of access
`that should be granted to each requester by that destina
`tion on a per request basis. In a preferred embodiment,
`the security system also a) authenticates the requester to
`a predetermined level from which the level of access
`that is to be granted is derived and b) causes a direct
`connection to be established between the requester and
`the destination. Once a connection is either made or
`denied between a requester and the corresponding re
`quested destination, the security system is then free to
`process other requests from other requesters.
`
`BRIEF DESCRIPTION OF THE DRAWING
`In the drawing:
`.
`FIG. 1 shows, in simpli?ed form, an exemplary tele
`phone network embodying the principles of the inven
`tion;
`FIG. 2 shows an exemplary central security control
`system used in the network of FIG. 1;
`FIG. 3 depicts an expanded view of an exemplary
`requester authentication unit shown in the central secu
`rity control system of FIG. 2;
`
`MobileIron, Inc., Ex. 1018 - Page 012
`
`

`

`5
`
`20
`
`25
`
`5,276,444
`3
`4
`FIG. 4 shows an expanded view of an destination
`134-1 and SCP 134-2 which are networked together by
`authentication unit 220 shown in the central security
`link 202. Link 202 is part of signalling network 138
`control system of FIG. 2;
`(FIG. 1). In this embodiment, each of SCPs 134 con
`FIGS. 5, 6 and 7, when arranged as shown in FIG. 8,
`tains identical copies of all the information required to
`depict in ?ow chart form, an exemplary method of
`provide security operations. This interconnection pat
`processing an access request by a requester to a destina
`tern among the SCPs 134 of security system is arranged
`tion where the security requirements for the granting of
`to provide fully redundant operation. Such an intercon
`access is speci?ed by the destination;
`nection arrangement may be used to provide load bal
`FIG. 9 shows an example of the call setup messages
`ancing, which reduces waiting time for security pro
`employed if a security system is to provide secured
`cessing, as well as providing backup in the case of fail
`access by a user to a particular destination; and
`ure of one of SCPs 134. Alternative embodiments may
`FIGS. 10 and 11, when arranged as shown in FIG.
`arrange the interconnection of SCPs 134 so as to allow
`12, depict in flow chart form, an exemplary access re
`partitioning of the information required to be stored in
`quest by a requester to a destination where the security
`security system 133 among each one of SCPs 134. Such
`requirements for the granting of access is speci?ed by
`partitioning will be discussed further below.
`the requester or the network operators.
`SCP 134-1 and 134-2 are both connected to switching
`machine 128 by at least one requester information path
`DETAILED DESCRIPTION
`204 and at least one destination information path 230,
`Shown in FIG. 1, in simpli?ed form, is exemplary
`which are each carried over the respective ones of
`telephone network 100 embodying the principles of the
`information links 140 that interconnect each of SCPs
`invention. Telephone network 100 comprises originat
`134 and switching machine 128. Each connection of a
`ing stations 102 and 104, local exchange carrier (LEC)
`requester to one of SCPs 134 may be routed through a
`networks 106, 108, 110 and 112, destination stations 114
`plurality of switching machines until it reaches the ap
`and 116, bypass origin 115, bypass destination station
`propriate one of SCPs 134 that will handle the request.
`117 and long distance network 118, illustratively the
`Each of SCP 134-1 and SCP 134-2 are also connected
`AT&T network. Originating stations 102 and 104, desti
`via at least one requester signalling link 206 and at least
`nation stations 114 and 116, bypass origin 115 and by
`one destination signalling link 228, at least indirectly, to
`pass destination station 117 are representative of a plu
`NCP 132, switching machines 128 and 130 and AP 136.
`rality of network endpoints, the remainder of which are
`Each signalling message for the one of SCPs 134 that is
`not shown for clarity of exposition. Only those portions
`30
`to be associated with a call may pass through several
`of telephone network 100 necessary for calls to be made
`NCP 132 (not shown) or SCPs 134 via signalling net
`from an origin to a destination are shown.
`work 138 (FIG. 1). Signalling links 206 and 228 are part
`LEC networks 106, 108, 110 and 112 contains switch
`of signaling network 138.
`ing machines 120, 122, 124, 126, respectively. Switching
`In accordance with an aspect of the invention, each
`machines 120, 122, 124, 126 are capable of connecting a
`of SCPs 134 includes access decision unit 208 which
`plurality of network endpoints to long distance network
`communicates with user pro?le storage unit 210, desti
`118. Such switching machines are well known and may
`nation pro?le storage unit 216, requester authentication
`be, for example, AT&T’s 5ESS® switch. Long dis
`unit 218 and destination authentication unit 220 over
`tance network 118 comprises switching machines 128
`bidirectional links 222. Links 222 need not be of identi
`and 130, network control point (N C?) 132, central secu~
`cal type. They may include, at the implementor’s discre
`rity control system (security system) 133 and optional
`tion, well known links such as: serial links, parallel links,
`adjunct processor (AP) 136. NCP 132 is of a type well
`shared memory, or a common bus such that a plurality
`known in the art. Switching machines employed in
`of elements connected to access decision unit 208 by
`communications networks are well known. Switching
`links 222 share a link 222. Requester authentication unit
`machines 128 and 130 are illustratively AT&T’s No. 4
`218 is also interconnected with user pro?le storage unit
`E88 TM switch. Additionally, security system 133 com
`210 by link 224 and destination authentication unit 220 is
`prises security control points (SCP) 134-1 and SCP
`interconnected to destination pro?le storage unit 216 by
`134-2.
`link 226. In this embodiment, in accordance with an
`Switching machines 128 and 130, NCP 132, security
`aspect of the invention, it is access decision unit 208 that
`system 133 and AP 136 are interconnected in the man
`is connected to requester signaling link 206 and destina
`ner shown by signaling network 138, represented by
`tion signaling link 228. This may be achieved via com
`dashed lines. Originating stations 102 and 104, destina
`munication interfaces (not shown) which may be em
`tion stations 114 and 116, bypass destination station 117,
`ployed in access decision unit 208. Requester authenti
`switching machines 120, 122, 124, 126, switching ma
`cation unit 218 is connected to requester information
`chines 128 and 130 and SCPs 134 are interconnected by
`path 204 and destination authentication unit 220 is con
`information links 140, in the manner shown. Informa
`nected to destination information path 230.
`tion links 140 are of the well known types in the art for
`FIG. 3 depicts an expanded view of an exemplary
`interconnecting communicating apparatus and can
`requester authentication unit 218. Requester authentica
`carry at least voice, data and video. Each of information
`tion unit 218 includes requester authentication proces
`links 140 need not have the same capacity. A typical
`sor 302 which is connected to voice password 306,
`implementation would comprise a mix of convention
`requester challenge 308 and comparison function 310
`ally known digital transmission links, e.g., DS0, D81
`via links 304. Voice password 306, requester challenge
`and D83, provisioned in accordance with the needs of
`308 and comparison function 310 are also intercon
`the network providers.
`nected to requester information path 204. User authenti
`Shown in FIG. 2 is a more detailed view of exem
`cation data 312 is interconnected to voice password 306
`plary security system 133. In the manner shown, secu
`and comparison function 310 via links 314. In similar
`rity system 133 comprises security control points
`fashion as links 222, each of links 304 or 314 need not be
`(SCPs) 134, including security control point (SCP)
`of identical type. Links 222 and 224 connect requester
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`MobileIron, Inc., Ex. 1018 - Page 013
`
`

`

`6
`132 translation table wherein the address of one of SCPs
`134 may be returned in response to a call that requires
`security processing. NPA is an abbreviation for num
`bering plan area, more commonly known as area code.
`
`TABLE 1
`NCP Translation Table
`Originating NPA
`908
`any other
`any
`any
`any
`212, 516, 718
`any
`
`Translate to
`908-949-3110
`609-555-9876
`SCP_l34-l
`SCP_l34-l
`SCP-I344
`SCP_l34-1
`312-411-6543
`
`Called number
`8(11-555-1234
`?ll-5554234
`Sal-BANK
`BW-BANKXYZ
`9(D-INFOSVC
`DOO-STOKMKT
`QGJ-SSMDOI
`
`5,276,444
`5
`authentication processor 302 to access decision unit 208
`and user pro?le storage unit 210, respectively.
`An expanded view of destination authentication unit
`220 is shown in FIG. 4. Links 222 and 226 from access
`decision unit 208 and destination pro?le storage 216,
`respectively are interconnected to destination authenti
`cation processor 402. In turn, destination authentication
`processor 402 is interconnected by links 404 to destina
`tion challenge response 406 and destination authentica
`tion information store 408. Destination challenge re
`sponse 406 interfaces with destination authentication
`information store 408 via one of links 404 and with
`destination information path 230. It is noted that each
`element of FIGS, 2, 3 and 4 may be implemented as
`either hardware, software or a combination thereof‘, at
`the implementor’s discretion.
`FIGS. 5, 6 and 7, when arranged as shown in FIG. 8,
`depict in ?ow chart form, an exemplary method of
`processing an access request by a requester to a destina
`tion where the security requirements for the granting of
`20
`access is speci?ed by the destination. The requester is
`located at originating station 102 (FIG. 1). The destina
`tion is the computer system of a bank, which, for pur~
`poses of this example is located at destination station
`114. Destination station 114 is shown as a computer
`25
`bridged onto a phone line. The bank has contracted to
`have its security clearance functions performed by the
`provider of long distance network 118 using security
`system 133.
`Authorized users of the bank computer system desire
`to employ the computer system of the bank to perform
`certain banking transactions. The bank has determined
`that it will only permit requesters to perform transac
`tions valued at up to $200 if they are authenticated to at
`least a ?rst level of authentication. Transactions of
`35
`greater value need to be authenticated to a second,
`higher, level of authentication. This security informa
`tion has been stored in destination pro?le storage 216
`(FIG. 2). For the convenience of its authorized users,
`the bank has provided a toll free 800-type number
`40
`which requesters can dial to gain access to the computer
`system. The necessary authentication information has
`been obtained from authorized users of the bank's com
`puter system. This information has been stored in user
`pro?le storage 210 and user authentication data 312
`45
`(FIG. 3).
`The method begins at step 801 when a requester at
`originating station 102 is detected to go off hook by
`switching machine 120. Thereafter, in step 803, the
`requester dials the number of the destination to which
`access is sought. In this example, the requester dials
`from originating station 102 the bank’s 800 number,
`I-BOO-BANK. In step 805, switching machine 120 re~
`ceives the dialed digits and recognizes that the number
`dialed is an 800 type number for which service is pro
`55
`vided via long distance network 118.
`Switching machine 120 of LEC network 106, in step
`807, routes the call to switching machine 128 in long
`distance network 118. Switching machines 128 routes
`the call to its appropriate associated NCP 132, as is
`60
`typically performed for 800 type calls in step 809. The
`appropriate NCP 132 is determined from the function to
`be provided by the NCP to service the call and prede
`termined internal mapping tables contained within
`switching machine 128. Exemplary functions which are
`typically provided by NCP 132 are 800 and 900 number
`translation and conventional, well known credit card
`billingveri?cation. Table 1 shows an exemplary NCP
`
`30
`
`In step 811, when the address of one of SCPs 134 of
`security system 133 is supplied in place of number trans
`lation or billing veri?cation information, NCP 132 rec
`ognizes that this call may require security processing
`beyond a ?rst'level inherent in the nature of the request
`and accordingly routes the call to security system 133.
`In a preferred embodiment, as described above, each of
`SCPs 134 contains all the data necessary to perform all
`authentications.‘ Therefore, NCP 132 routes the call to
`the closest one of SCPs 134. For purposes of this exam
`ple, the closest one of SCPs 134 is SCP 134-1. There
`fore, NCP 132 always returns the address of SCP 134-1,
`as shown in Table I, when additional security process
`ing beyond the ?rst level may be required.
`In an alternate embodiment, each user would have a
`predetermined “home” one of SCPs 134. This “home”
`one of SCPs 134 would be assigned based on a deter
`mined or inferred user identity. In a further alternate
`embodiment, each destination would have a predeter
`mined “home” one of SCPs 134. The “home” one of
`SCPs 134 would be the one of SCPs 134 that is closest
`to the destination. Each NCP 132 would be associated
`with one of SCPs 134 and would initially route incom
`ing calls that it receives to that one of SCPs 134. If the
`one of SCPs 134 to which the call was initially routed
`was not the “home” one SCPs 134 for the received call,
`that one of SCPs 134 would containsuf?cient informa
`tion to cause the call to be routed to the “home” one of
`SCPs 134 of that call for security processing.
`SCP 134-1 receives the call information on requester
`signalling link 206. Upon receiving the call, SCP 134-1,
`in step 813 causes any ?rst level of security processing
`speci?ed by the nature of the request to be performed.
`For a call to be charged to a credit card, such a speci?
`cation of a ?rst level of security processing is that a
`valid credit card number, including the PIN portion,
`must be supplied by the requester. Other requests, such
`as direct distance dialed calls, 800-type and 900-type
`calls, have a null ?rst level of security processing. This
`?rst level of security processing may be performed by
`SCP 134-1 itself or SCP 134-1 may request that the that
`level of security processing be performed by NCP 132
`and the results of the processing be returned to SCP
`134-1 via signalling network 138.
`Step 815 tests if the requester has successfully met the
`requirements of the ?rst level of security processing. If
`the test result in step 815 is NO, control is passed to step
`817 in which SCP 134-1 causes the connection to be
`refused. Thereafter, control is passed to optional step
`819 which journals an unsuccessful access attempt. The
`method is then exited at step 821.
`
`50
`
`65
`
`MobileIron, Inc., Ex. 1018 - Page 014
`
`

`

`TABLE S-continued
`SCP Authentication Level Table
`Authentication
`Authentication
`Level
`Means
`S
`Keystroke Timing
`N/A
`No Access allowable
`
`Whether a particular access request will require the
`requester to actually supply authentication information
`is dependent upon the any ?rst level of security process
`ing inherent in the request, as well as the speci?ed secu
`rity needs of the destination and the values of the other
`attributes of the access request. These attributes typi
`cally include the alleged identity of the requester and
`the available call information. Available call informa
`tion can include the originating address, e.g., automatic
`
`15
`
`5,276,444
`7
`If the test result in step 815 is YES, control is passed
`to step 823 in which access decision unit 208 looks up
`the destination in destination pro?le storage 216 to de
`termine what levels of authentication are required to
`achieve each level of access that can be made available
`for this type of request. If there is no pro?le for a partic
`ular destination then additional security processing is
`not required by that destination. Table 2 shows several
`exemplary destination pro?les. The attributes which
`may be considered for each request in this example are
`the destination billing (bill) type, list of permitted users
`and a speci?ed additional attribute. The authentication
`information which must be supplied to achieve each
`corresponding authentication level are shown in Table
`3. It is noted that the mapping of the authentication
`level to the access level to be granted is speci?ed by the
`destination pro?les shown in Table 2.
`TABLE 2
`SCP Destination Table - Attributes and Access Requirements
`Bill
`Permitted
`Add’l
`Authentic Access
`Type
`Users
`Attribute
`Level
`Level
`
`Destination
`
`l-BOO-BANK
`
`l-800-BANKXYZ
`
`l-900-INFOSVC
`
`l-BOO-STOKMKT
`
`group 1
`
`-—
`—
`--
`— group 2
`
`—
`-
`— not group 3
`— group 3
`- group 3
`-—
`any
`—
`any
`
`Internatn'l Calls to
`country group 2
`Internatn'l Calls to
`country group 1
`
`Domestic
`Calls
`
`CC
`CC
`CC
`CC
`CC
`CC
`
`any
`any
`any
`any
`any
`anyv
`
`—
`
`—
`
`—-
`
`ANI = 212
`time = 1000
`—l600 local
`PFO
`NPO
`PFO
`PFO
`NYC
`PFO from
`S. Bronx
`
`1
`2
`3
`2
`
`3
`4
`0
`l
`2
`0
`1
`
`N/A
`3
`2
`5
`2
`2
`
`till $200
`over $200
`over $200
`till $5000
`
`over $5000
`over $5000
`l min
`20 min.
`1 hour
`10 min.
`unlimited
`
`none
`20 minutes
`10 minutes
`30 minutes
`unlimited
`unlimited
`
`The “groupX” entries in the Permitted Users column,
`where X is a number, are pointers to lists of users who
`are authorized to gain access to the destination. Such
`lists would be stored in destination pro?le storage 216.
`For example, group 1 would be a pointer to a list of all
`the identi?es of the users who were authorized by the
`bank to access the bank’s computer system. As men
`tioned above, this information was previously supplied
`by the bank to the provider of long distance network
`118. Similarly, the "country group X” entries in the
`destination column are pointers to lists of countries
`which receive the same security treatment. CC stands
`for Credit-card Call. PFO stands for Public Phone
`Origination. NPO stands for Non-public Phone Origi
`nation. A dash indicates the particular attribute is not
`considered for the speci?ed destination. ANI is the
`abbreviation for Automatic Number Identi?cation
`which is the source of the request. In this example only
`the area code of the source is considered. Control is
`then passed to conditional branch point 825.
`TABLE 3
`SCP Authentication Level Table
`Authentication
`Authentication
`Level
`Means
`None
`PIN (or Password)
`Voice Print
`Finger Print
`Retina Pattern
`
`55
`
`65
`
`45
`
`50
`
`number identi?cation (ANI), which would specify the
`location from which the access is sought; the destina
`tion to which access is sought which can be determined
`from the number dialed; the cost of the call, which may
`be expressed as a cost per unit of access or a cost re?ect
`ing the overall value of the access, and any other param
`eters of the call.
`In conditional branch point 825, access decision unit
`208 of SCP 134-1 tests to determine, if it can de?nitely
`allow access to be granted at the level requested, if it
`can de?nitely not allow access to be granted at the
`requested level or if it doesn’t know whether it should
`allow access to be granted. For purposes of this exam
`ple, each destination pro?le stored in destination pro?le
`storage 216 speci?es the available levels of access and
`the corresponding set of attributes required to achieve
`authentication such that access to the destination can be
`granted at each available level. Again, such pro?les are
`shown in Table 2. Upon the initial