United States Patent (19)
`McNair
`
`(54) CENTRALZED SECURITY CONTROL
`SYSTEM
`75 Inventor: Bruce E. McNair, Holmdel, N.J.
`73) Assignee: AT&T Bell Laboratories, Murray
`Hill, N.J.
`(21) Appl. No. 763,718
`(22
`Filed:
`Sep. 23, 1991
`5ll Int. Cli.............................................. H04Q1/00
`52 U.S. C. .......................... 340/825.33; 340/825.31;
`379/91; 379/112; 379/123
`(58) Field of Search ...................... 340/825.33, 825.31,
`340/825.34, 825.5, 825.79; 379/91, 112, 123
`References Cited
`U.S. PATENT DOCUMENTS
`4,481,384 11/1984 Matthews .............................. 179/18
`4,756,020 7/1988 Fodale ................................. 379/12
`4,795,890 1/1989 Goldman.....
`340/825.33
`4,876,717 10/1989 Barron ............................ 340/825.34
`4,893,330 l/1990 Franco .................................. 379/91
`4,896,346 l/1990 Belfield et al. ........................ 379/88
`
`(56)
`
`|H|||||||||||||
`US005276444A
`(11
`Patent Number:
`5,276,444
`45
`Date of Patent:
`Jan. 4, 1994
`
`5,012,515 4/991 McVitie ......................... 340/825.31
`5,052,040 9/1991 Preston ........................... 340/825.31
`5,086,457 2/1992 Barraud............................... 379/12
`Primary Examiner-Donald J. Yusko
`Assistant Examiner-Brian Zimmerman
`Attorney, Agent, or Firm-Eugene J. Rosenthal
`57
`ABSTRACT
`A central security control system (security system)
`interfaces between a plurality of requesters and a plural
`ity of destinations such that it receives from the request
`ers requests for access to the destinations and communi
`cates to the destinations a level of access that should be
`granted to a requester by that destination on a per re
`quest basis. In a preferred embodiment the security
`system also a) authenticates the requester to a predeter
`mined level from which the level of access that is to be
`granted is derived and b) causes a direct connection to
`be established between the requester and the destina
`tion.
`
`23 Claims, 10 Drawing Sheets
`
`ORIGINATING
`STATION
`
`ORICINAL
`LEC SITCH
`
`ORIGINAL
`(ESS
`
`NCP
`
`SC p
`
`DESTINATION DESTINATION DESTINATION
`SNITCHINE ECHINELEC SITCH
`STATION
`
`
`
`
`
`UNIFIED PATENTS EXHIBIT 1012
`Page 1 of 23
`
`

`

`U.S. Patent
`
`Jan. 4, 1994
`
`Sheet 1 of 10
`
`
`
`
`
`
`
`
`
`UNIFIED PATENTS EXHIBIT 1012
`Page 2 of 23
`
`

`

`U.S. Patent
`
`Jan. 4, 1994
`
`Sheet 2 of 10
`
`5,276,444
`
`NOILVHYOINI=082
`NOLLVNILSI0
`NOILYNILS30
`NITIVNOIS
`
`‘802
`
`087
`
`6~hel
`
`gE
`
`‘X90¢
`
`
`
`FOVUOLSTIVUOLS
`
`IT40Ud
`
`
`
`JINANOISIOAGSSHOOV
`
`|PONITIVNDIS
`90¢ yauSaNbTY
`
`
`
`
`
`0é¢
`
`NOILYNILSAC
`
`YaILSINGTT
`
`NOLLVOLINTHLNV
`NOLLVOIINGRLAV
`
`LIND
`
`LINN
`
`YaLSANbsd
`
`NOILVAYOINI
`
`bee
`
`r02
`
`UNIFIED PATENTS EXHIBIT 1012
`Page 3 of 23
`
`UNIFIED PATENTS EXHIBIT 1012
`Page 3 of 23
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Jan. 4, 1994
`
`Sheet 3 of 10
`
`5,276,444
`
`
`
`
`
`JININ NOII WOIIN?HIQW HÁISTÍN?38
`
`
`
`
`
`8
`
`f) I „H
`
`
`
`N0IJ WOIINIHIV
`
`WIWIT
`
`3010A
`
`([H0/SSWd
`
`UNIFIED PATENTS EXHIBIT 1012
`Page 4 of 23
`
`

`

`U.S. Patent
`
`Jan. 4, 1994
`
`Sheet 4 of 10
`
`5,276,444
`
`FIG. 4
`
`
`
`DESTINATION
`AUTHENTICATION
`PROCESSOR
`
`DESTINATION
`CHALLENCE /
`RESPONSE
`
`DESTINATION
`AUTHENTICATION
`INFORMATION
`STORE
`
`406
`
`230
`DESTINATION AUTHENTICATION UNIT
`
`UNIFIED PATENTS EXHIBIT 1012
`Page 5 of 23
`
`

`

`U.S. Patent
`
`Jan. 4, 1994
`
`Sheet 5 of 10
`
`5,276,444
`
`FIC. 8
`
`801 " NENTER
`REQUESTER DIALS
`f-800-BANK
`
`FIG.6
`
`803
`
`LEC SWITCH RECOGNIZES
`THAT AN AT&T 800 NUMBER
`
`805
`
`LEC ROUTES CALL TO AT&T 4ESS-807
`
`AT&T 4ESS ROUTES TO APPROPRIATE NCPh. 809
`
`NCP RECOGNIZES THAT CALL REQUIRESSECURITY
`AND ROUTES CALL TO SCP
`
`11
`
`SCP PERFORMS FIRST LEVEL OF
`SECURITY PROCESSINC INHERENT IN REQUEST
`
`8f3
`
`
`
`815
`
`IS
`FIRST
`LEVE, MET BY
`REQUESTER
`p
`
`NO
`
`823
`
`YES
`SCP LOOKS UP DESTINATION AND DETERMINES LEWELS OF
`ACCESS AVAILABLE AND AUTHENTICATION REQUIRED FOR EACH
`837
`
`YES
`
`
`
`IS
`AN IDENI TAALBLE
`
`41 8
`
`NO
`SCP ASKS REQUESTER FOR
`AN ALLECED IDENITY
`
`UNIFIED PATENTS EXHIBIT 1012
`Page 6 of 23
`
`

`

`U.S. Patent
`
`Jan. 4, 1994
`
`Sheet 6 of 10
`
`5,276,444
`
`
`
`
`
`INVALID
`
`843
`
`REQUESTER
`PROVIDES WALID
`ALLECED IDENITY PRIOR
`TO EXPIRATION
`OF TIME
`p
`
`TIME
`
`SCP ASKS REQUESTER TO
`PROVIDE AUTHENTICATION INFO
`
`839
`
`REQUESTER
`PROVIDES
`AUTHENTICATION INFO
`PRIOR TO EXPIRATION
`OF TIME
`p
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`NO
`
`
`
`CAN
`CET MORE
`INFO
`g
`
`835
`
`ACCESS
`quotably
`YES
`
`825
`
`FIC. 6
`
`UNIFIED PATENTS EXHIBIT 1012
`Page 7 of 23
`
`

`

`U.S. Patent
`
`Jan. 4, 1994
`
`Sheet 7 of 10
`
`5,276,444
`
`FIG. 7
`
`827
`
`829
`
`831
`
`SCP LOOKS UP
`DESTINATION AUTHENTICATION
`
`SCP CONNECTS TO DESTINATION
`THROUCH DESTINATION LEC
`
`SCP ENCACES IN AUTHENTICATION
`SESSION WITH DESTINATION
`
`817
`
`
`
`
`
`CONNECTION IS
`REFUSED
`
`-------------- -
`
`TRANSACTION
`IS J0URNALLED
`
`833
`
`SCP CRANTS ACCESS TO REQUESTER
`BY CONNECTINCREQUESTER AND DESTINATION
`
`821
`
`UNIFIED PATENTS EXHIBIT 1012
`Page 8 of 23
`
`

`

`U.S. Patent
`
`Jan. 4, 1994
`
`Sheet 8 of 10
`
`5,276,444
`
`UNIFIED PATENTS EXHIBIT 1012
`Page 9 of 23
`
`

`

`U.S. Patent
`
`Jan. 4, 1994
`
`Sheet 9 of 10
`
`5,276,444
`
`FIG. 12
`
`FIG. 10
`
`FIC. 10
`
`f20f
`
`REQUESTER DIALS
`f-900-SPORTS
`
`f203
`
`FIC. f f
`
`LEC SWITCH RECOGNIZES
`THAT AN AT&T 900 NUMBER
`
`f205
`
`LEC ROUTES CALL TO AT&T 4ESS - 1207
`
`AT&T 4ESS ROUTES CALL TO SCP
`
`f209
`
`SCP PERFORMS FIRST LEVEL OF
`SECURITY PROCESSINC INHERENT IN REQUEST
`1213
`
`12ff
`
`
`
`
`
`
`
`IS
`FIRST
`LEWE, MET BY
`REQUESTER
`p
`
`NO
`
`YES
`SCP LOOKS UP DESTINATION AND DETERMINES LEWEL
`OF ACCESS REQUESTED
`
`f221
`
`UNIFIED PATENTS EXHIBIT 1012
`Page 10 of 23
`
`

`

`U.S. Patent
`
`Jan. 4, 1994
`
`Sheet 10 of 10
`
`5,276,444
`
`FIC. 11
`
`SCP ASKS REQUESTER TO
`PROVIDE AUTHENTICATION INFO
`
`REQUESTER
`PROVIDES
`AUTHENTICATION INFO
`PRIOR TO EXPIRATION
`OF TIME
`g
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`CAN
`CET MORE
`INFO
`p
`
`
`
`ACCESS
`1215
`ALLOWABLE
`p
`fís CONNECTION IS REFUSED
`
`- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
`
`1219
`
`UNIFIED PATENTS EXHIBIT 1012
`Page 11 of 23
`
`

`

`1.
`
`CENTRALZED SECURITY CONTROL SYSTEM
`
`15
`
`TECHNICAL FELO
`This invention relates to security systems that regu
`late access to systems or locations and, more particu
`larly, where access may be sought by multiple autho
`rized users to a plurality of such systems or locations
`and where each such system or location may have its
`own distinct security requirements.
`BACKGROUND OF THE INVENTION
`Only those individuals authorized to have access to
`any particular system or location, referred to herein as
`"destinations", should be granted such access. Indeed
`today, many destinations may be remotely accessed via
`telecommunications. Typical remotely accessible desti
`nations include remote telephones, systems that provide
`access to credit and systems that provide value-added
`telecommunications services. On a regular basis, a large
`20
`number of authorized individuals must authenticate
`their identity, i.e., to confirm that the person requesting
`the access is actually who he alleges that he is, to sev
`eral destinations to which access is sought.
`Typically each destination has its own systems and
`25
`procedures for authenticating its authorized users. The
`resulting plurality of authentication systems is expen
`sive. Also, each authentication system must keep a copy
`of all the information necessary to identify each of its
`authorized users, thereby creating large storage de
`mands. Further, the compromising of a copy of an indi
`vidual user's information that is required for access to
`one system tends to compromise the information con
`tained in other authentication systems. This results be
`cause authentication systems tend to require the same
`35
`basic information. Also, the number of copies of the
`information increases as the number of destinations to
`which the user may obtain authorized access increases.
`Since each copy is independently vulnerable to attack
`ers of the system, the overall likelihood that any of the
`copies will remain secure decreases. In addition, each
`authentication system must be secured physically, as
`well as logically, against attackers which adds addi
`tional expense. These problems can be called the prob
`lens of a wide security perimeter.
`From the viewpoint of a user, a plurality of authenti
`cation procedures is cumbersome and repetitive. The
`perceived constant requirement to comply with secu
`rity arrangements encourages users to choose trivial
`identification means. The user typically deals with the
`most common security requirement of supplying a per
`sonal identification number (PIN) by employing an
`easy-to-remember PIN, such as a birthday, and employ
`ing the same PIN for each destination. Choosing the
`same PIN for each destination results in the undesirable
`55
`effect that when one destination is compromised, all of
`the destinations are immediately compromised. Further,
`in selecting and easy-to-remember PIN, a user almost
`invariably selects a PIN that is easy to arrive at by
`guesswork or simple trial and error methods.
`60
`Another problem with prior security systems is how
`to manage the diverse security needs of a plurality of
`destinations and a plurality of authorized users. In par
`ticular, there is a need to insure that the ultimate bearer
`of the cost of erroneous access is capable of specifying
`65
`the authentication level, i.e., the level of confidence of
`the accuracy of an identification, employed for any
`particular access. Each particular destination may have
`
`5,276,444
`2
`its own requirements as to the authentication level that
`is necessary before any particular level of access can be
`granted. In addition, a particular authorized user may
`wish to specify an authentication level that should be
`met before access is allowed for a request that alleges
`that user's identity. Prior security systems do not pro
`vide mechanisms for security level control by the user.
`Furthermore, if the access control is specified directly
`at the destination, the problems associated with a wide
`security perimeter result,
`O
`In order to actually authenticate the identity of an
`access requester, prior systems have made use of repre
`sentations of various different identifying characteris
`tics of a person. Identifying characteristics that have
`been employed include: voice samples, fingerprints,
`retina patterns, personal appearance, handwriting and
`even the manner in which a wave is polarized as it
`passes through a portion of the body. Such representa
`tions are known as authentication information. These
`prior systems obtain an identity that is alleged by the
`access requester. One method employed to obtain such
`an alleged identity is to require the requester to enter
`some type of a code. This code may be typed in via a
`keypad or scanned from a device in the requester's
`possession. The prior systems then attempt to authenti
`cate that the requester is actually the individual whose
`identity was alleged by comparing a measure of the
`authentication information that has been previously
`stored with a measure of the same authentication infor
`mation that is taken from the requester during the ac
`cess request process. If the result of the comparison is
`that the stored authentication information matches the
`authentication information taken from the requester
`during the access request to within a predetermined
`limit the allegation of identity is confirmed and access is
`granted. Otherwise, access is denied.
`SUMMARY OF THE INVENTION
`The difficulties with prior access-authorizing systems
`are overcome, in accordance with the principles of the
`invention, by employing a shared centralized security
`control system (security system) that interfaces between
`a plurality of requesters and a plurality of destinations
`such that the security system receives from the request
`ers requests for access to the destinations and communi
`cates to the destinations indications of a level of access
`that should be granted to each requester by that destina
`tion on a per request basis. In a preferred embodiment,
`the security system also a) authenticates the requester to
`a predetermined level from which the level of access
`that is to be granted is derived and b) causes a direct
`connection to be established between the requester and
`the destination. Once a connection is either made or
`denied between a requester and the corresponding re
`quested destination, the security system is then free to
`process other requests from other requesters.
`BRIEF DESCRIPTION OF THE DRAWING
`In the drawing:
`FIG. 1 shows, in simplified form, an exemplary tele
`phone network embodying the principles of the inven
`tion;
`FIG. 2 shows an exemplary central security control
`system used in the network of FIG. 1;
`FIG. 3 depicts an expanded view of an exemplary
`requester authentication unit shown in the central secu
`rity control system of FIG. 2;
`
`UNIFIED PATENTS EXHIBIT 1012
`Page 12 of 23
`
`

`

`5
`
`15
`
`10
`
`5,276,444
`3
`4.
`FIG. 4 shows an expanded view of an destination
`134-1 and SCP 1342 which are networked together by
`authentication unit 220 shown in the central security
`link 202. Link 202 is part of signalling network 138
`control system of FIG. 2;
`(FIG. 1). In this embodiment, each of SCPs 134 con
`FIGS. 5, 6 and 7, when arranged as shown in FIG. 8,
`tains identical copies of all the information required to
`depict in flow chart form, an exemplary method of
`provide security operations. This interconnection pat
`processing an access request by a requester to a destina
`tern among the SCPs 134 of security system is arranged
`tion where the security requirements for the granting of
`to provide fully redundant operation. Such an intercon
`access is specified by the destination;
`nection arrangement may be used to provide load bal
`FIG. 9 shows an example of the call setup messages
`ancing, which reduces waiting time for security pro
`employed if a security system is to provide secured
`cessing, as well as providing backup in the case of fail
`access by a user to a particular destination; and
`ure of one of SCPs 134. Alternative embodiments may
`FIGS. 10 and 11, when arranged as shown in FIG.
`arrange the interconnection of SCPs 134 so as to allow
`12, depict in flow chart form, an exemplary access re
`partitioning of the information required to be stored in
`quest by a requester to a destination where the security
`security system 133 among each one of SCPs 134. Such
`requirements for the granting of access is specified by
`partitioning will be discussed further below.
`the requester or the network operators.
`SCP 134-1 and 134-2 are both connected to switching
`machine 128 by at least one requester information path
`DETALED DESCRIPTION
`204 and at least one destination information path 230,
`Shown in FIG. 1, in simplified form, is exemplary
`which are each carried over the respective ones of
`telephone network 100 embodying the principles of the
`information links 140 that interconnect each of SCPs
`20
`invention. Telephone network 100 comprises originat
`134 and switching machine 128. Each connection of a
`ing stations 102 and 104, local exchange carrier (LEC)
`requester to one of SCPs 134 may be routed through a
`networks 106, 108, 110 and 112, destination stations 114
`plurality of switching machines until it reaches the ap
`and 116, bypass origin 115, bypass destination station
`propriate one of SCPs 134 that will handle the request.
`117 and long distance network 118, illustratively the
`Each of SCP 134-1 and SCP 34-2 are also connected
`25
`AT&T network. Originating stations 102 and 104, desti
`via at least one requester signalling link 206 and at least
`nation stations 114 and 116, bypass origin 115 and by
`one destination signalling link 228, at least indirectly, to
`pass destination station 117 are representative of a plu
`NCP 132, switching machines 128 and 130 and AP 136.
`rality of network endpoints, the remainder of which are
`Each signalling message for the one of SCPs 134 that is
`not shown for clarity of exposition. Only those portions
`to be associated with a call may pass through several
`30
`of telephone network 100 necessary for calls to be made
`NCP 132 (not shown) or SCPs 134 via signalling net
`from an origin to a destination are shown.
`work 138 (FIG. 1). Signalling links 206 and 228 are part
`LEC networks 106, 108, 110 and 112 contains switch
`of signaling network 138.
`ing machines 120, 122,124, 126, respectively. Switching
`In accordance with an aspect of the invention, each
`machines 120, 122, 124,126 are capable of connecting a
`of SCPs 134 includes access decision unit 208 which
`35
`plurality of network endpoints to long distance network
`communicates with user profile storage unit 210, desti
`118. Such switching machines are well known and may
`nation profile storage unit 216, requester authentication
`be, for example, AT&T's 5ESS (E) switch. Long dis
`unit 218 and destination authentication unit 220 over
`tance network 118 comprises switching machines 128
`bidirectional links 222. Links 222 need not be of identi
`and 130, network control point (NCP) 132, central secu
`cal type. They may include, at the implementor's discre
`rity control system (security system) 133 and optional
`tion, well known links such as: serial links, parallel links,
`adjunct processor (AP) 136. NCP 132 is of a type well
`shared memory, or a common bus such that a plurality
`known in the art. Switching machines employed in
`of elements connected to access decision unit 208 by
`communications networks are well known. Switching
`links 222 share a link 222. Requester authentication unit
`machines 128 and 130 are illustratively AT&T's No. 4
`218 is also interconnected with user profile storage unit
`45
`ESSTM switch. Additionally, security system 133 com
`210 by link 224 and destination authentication unit 220 is
`prises security control points (SCP) 134-1 and SCP
`interconnected to destination profile storage unit 216 by
`134-2,
`link 226. In this embodiment, in accordance with an
`Switching machines 128 and 130, NCP 132, security
`aspect of the invention, it is access decision unit 208 that
`system 133 and AP 136 are interconnected in the man
`is connected to requester signaling link 206 and destina
`ner shown by signaling network 138, represented by
`tion signaling link 228. This may be achieved via con
`dashed lines. Originating stations 102 and 104, destina
`munication interfaces (not shown) which may be em
`tion stations 114 and 116, bypass destination station 117,
`ployed in access decision unit 208. Requester authenti
`switching machines 120, 122, 124, 126, switching ma
`cation unit 218 is connected to requester information
`chines 128 and 130 and SCPs 134 are interconnected by
`path 204 and destination authentication unit 220 is con
`55
`information links 140, in the manner shown. Informa
`nected to destination information path 230.
`tion links 140 are of the well known types in the art for
`FIG. 3 depicts an expanded view of an exemplary
`interconnecting communicating apparatus and can
`requester authentication unit 218. Requester authentica
`carry at least voice, data and video. Each of information
`tion unit 218 includes requester authentication proces
`links 140 need not have the same capacity. A typical
`sor 302 which is connected to voice password 306,
`implementation would comprise a mix of convention
`requester challenge 308 and comparison function 310
`ally known digital transmission links, e.g., DS0, DS1
`via links 304. Voice password 306, requester challenge
`and DS3, provisioned in accordance with the needs of
`308 and comparison function 310 are also intercon
`the network providers.
`nected to requester information path 204. User authenti
`Shown in FIG. 2 is a more detailed view of exem
`cation data 312 is interconnected to voice password 306
`65
`plary security system 133. In the manner shown, secu
`and comparison function 310 via links 314. In similar
`rity system 133 comprises security control points
`fashion as links 222, each of links 304 or 314 need not be
`(SCPs) 134, including security control point (SCP)
`of identical type. Links 222 and 224 connect requester
`
`UNIFIED PATENTS EXHIBIT 1012
`Page 13 of 23
`
`

`

`TABLE 1
`NCP Translation Table
`Originating NPA
`908
`any other
`any
`any
`any
`212, 516, 718
`any
`
`Caled number
`800SSS-234
`800-555-1234
`800-BANK
`800-BANKXYZ
`900-NFOSVC
`800-STOKMKT
`900-SSS0001
`
`Translate to
`908-949-3000
`609-555-9876
`SCP134
`SCP34-1
`SCP134-1
`SCP134-1
`312-411-6543
`
`O
`
`15
`
`5,276,444
`5
`6
`authentication processor 302 to access decision unit 208
`132 translation table wherein the address of one of SCPs
`and user profile storage unit 210, respectively.
`134 may be returned in response to a call that requires
`An expanded view of destination authentication unit
`security processing. NPA is an abbreviation for num
`220 is shown in FIG. 4. Links 222 and 226 from access
`bering plan area, more commonly known as area code.
`decision unit 208 and destination profile storage 216,
`respectively are interconnected to destination authenti
`cation processor 402. In turn, destination authentication
`processor 402 is interconnected by links 404 to destina
`tion challenge response 406 and destination authentica
`tion information store 408. Destination challenge re
`sponse 406 interfaces with destination authentication
`information store 408 via one of links 404 and with
`destination information path 230. It is noted that each
`element of FIGS. 2, 3 and 4 may be implemented as
`either hardware, software or a combination thereof, at
`the implementor's discretion.
`FIGS. 5, 6 and 7, when arranged as shown in FIG. 8,
`depict in flow chart form, an exemplary method of
`processing an access request by a requester to a destina
`tion where the security requirements for the granting of
`20
`access is specified by the destination. The requester is
`located at originating station 102 (FIG. 1). The destina
`tion is the computer system of a bank, which, for pur
`poses of this example is located at destination station
`114. Destination station 114 is shown as a computer
`25
`bridged onto a phone line. The bank has contracted to
`have its security clearance functions performed by the
`provider of long distance network 118 using security
`system 133.
`Authorized users of the bank computer system desire
`30
`to employ the computer system of the bank to perform
`certain banking transactions. The bank has determined
`that it will only permit requesters to perform transac
`tions valued at up to $200 if they are authenticated to at
`least a first level of authentication. Transactions of 35
`greater value need to be authenticated to a second,
`higher, level of authentication. This security informa
`tion has been stored in destination profile storage 216
`(FIG. 2). For the convenience of its authorized users,
`the bank has provided a toll free 800-type number
`which requesters can dial to gain access to the computer
`system. The necessary authentication information has
`been obtained from authorized users of the bank's con
`puter system. This information has been stored in user
`profile storage 210 and user authentication data 312
`45
`(FIG. 3).
`The method begins at step 801 when a requester at
`originating station 102 is detected to go off hook by
`switching machine 120. Thereafter, in step 803, the
`requester dials the number of the destination to which
`access is sought. In this example, the requester dials
`from originating station 102 the bank's 800 number,
`1-800-BANK. In step 805, switching machine 120 re
`ceives the dialed digits and recognizes that the number
`dialed is an 800 type number for which service is pro
`55
`vided via long distance network 118.
`Switching machine 120 of LEC network 106, in step
`807, routes the call to switching machine 128 in long
`distance network 118. Switching machines 128 routes
`the call to its appropriate associated NCP 132, as is
`typically performed for 800 type calls in step 809. The
`appropriate NCP132 is determined from the function to
`be provided by the NCP to service the call and prede
`termined internal mapping tables contained within
`switching machine 128. Exemplary functions which are
`65
`typically provided by NCP 132 are 800 and 900 number
`translation and conventional, well known credit card
`billing verification. Table 1 shows an exemplary NCP
`
`In step 811, when the address of one of SCPs 134 of
`security system 133 is supplied in place of number trans
`lation or billing verification information, NCP 132 rec
`ognizes that this call may require security processing
`beyond a first level inherent in the nature of the request
`and accordingly routes the call to security system 133.
`In a preferred embodiment, as described above, each of
`SCPs 134 contains all the data necessary to perform all
`authentications. Therefore, NCP 132 routes the call to
`the closest one of SCPs 134. For purposes of this exam
`ple, the closest one of SCPs 134 is SCP 134-1. There
`fore, NCP 132 always returns the address of SCP 134-1,
`as shown in Table 1, when additional security process
`ing beyond the first level may be required.
`In an alternate embodiment, each user would have a
`predetermined "home" one of SCPs 134. This "home"
`one of SCPs 134 would be assigned based on a deter
`mined or inferred user identity. In a further alternate
`embodiment, each destination would have a predeter
`mined "home' one of SCPs 134. The "home' one of
`SCPs 134 would be the one of SCPs 134 that is closest
`to the destination. Each NCP 132 would be associated
`with one of SCPs 134 and would initially route incom
`ing calls that it receives to that one of SCPs 134. If the
`one of SCPs 134 to which the call was initially routed
`was not the "home' one SCPs 134 for the received call,
`that one of SCPs 134 would contain sufficient informa
`tion to cause the call to be routed to the "home' one of
`SCPs 134 of that call for security processing.
`SCP 134-1 receives the call information on requester
`signalling link 206. Upon receiving the call, SCP 134-1,
`in step 813 causes any first level of security processing
`specified by the nature of the request to be performed.
`For a call to be charged to a credit card, such a specifi
`cation of a first level of security processing is that a
`valid credit card number, including the PIN portion,
`must be supplied by the requester. Other requests, such
`as direct distance dialed calls, 800-type and 900-type
`calls, have a null first level of security processing. This
`first level of security processing may be performed by
`SCP 134-1 itself or SCP 134-1 may request that the first
`level of security processing be performed by NCP 132
`and the results of the processing be returned to SCP
`134-1 via signalling network 138.
`Step 815 tests if the requester has successfully met the
`requirements of the first level of security processing. If
`the test result in step 815 is NO, control is passed to step
`817 in which SCP 134-1 causes the connection to be
`refused. Thereafter, control is passed to optional step
`819 which journals an unsuccessful access attempt. The
`method is then exited at step 821.
`
`UNIFIED PATENTS EXHIBIT 1012
`Page 14 of 23
`
`

`

`8
`TABLE 3-continued
`SCP Authentication Level Table
`Authentication
`Authentication
`Level
`Means
`5
`Keystroke Timing
`N/A
`No Access allowable
`
`O
`
`15
`
`Whether a particular access request will require the
`requester to actually supply authentication information
`is dependent upon the any first level of security process
`ing inherent in the request, as well as the specified secu
`rity needs of the destination and the values of the other
`attributes of the access request. These attributes typi
`cally include the alleged identity of the requester and
`the available call information. Available call informa
`tion can include the originating address, e.g., automatic
`
`5,276,444
`7
`If the test result in step 815 is YES, control is passed
`to step 823 in which access decision unit 208 looks up
`the destination in destination profile storage 216 to de
`termine what levels of authentication are required to
`achieve each level of access that can be made available
`for this type of request. If there is no profile for a partic
`ular destination then additional security processing is
`not required by that destination. Table 2 shows several
`exemplary destination profiles. The attributes which
`may be considered for each request in this example are
`the destination billing (bill) type, list of permitted users
`and a specified additional attribute. The authentication
`information which must be supplied to achieve each
`corresponding authentication level are shown in Table
`3. It is noted that the mapping of the authentication
`level to the access level to be granted is specified by the
`destination profiles shown in Table 2.
`TABLE 2
`SCP Destination Table - Attributes and Access Requirements
`Bill
`Permitted
`Add
`Authentic Access
`Type
`Users
`Attribute
`Level
`Level
`aa-
`group 1
`-
`1
`till S200
`2
`over $200
`over S200
`3
`2
`ti SS000
`3
`over S5000
`4.
`over SS000
`0
`1 min
`20 min.
`1 hour
`10 min.
`unlimited
`
`Destination
`1-800-BANK
`
`1-800-BANKXYZ
`
`group 2
`
`-
`
`a-
`
`1-900-NFOSVC
`
`1-800-STOKMKT
`
`- not group 3
`group 3
`group 3
`any
`any
`
`re
`ra
`
`Internatin' Calls to
`country group 2
`Internatn'l Cals to
`country group 1
`
`domestic
`Calls
`
`CC
`CC
`CC
`CC
`CC
`CC
`
`any
`any
`any
`any
`any
`any.
`
`-
`
`ANI s 212
`time s 1000
`-1600 local
`PFO
`NPO
`PFO
`PFO
`NPO
`PFO from
`S. Bronx
`
`2
`0
`l
`
`N/A
`3
`2
`5
`2
`2
`
`Olse
`20 minutes
`10 minutes
`30 minutes
`unlimited
`unlimited
`
`The "groupX" entries in the Permitted Users column,
`where X is a number, are pointers to lists of users who
`are authorized to gain access to the destination. Such
`lists would be stored in destination profile storage 216.
`For example, group 1 would be a pointer to a list of all
`the identifies of the users who were authorized by the
`45
`bank to access the bank's computer system. As men
`tioned above, this information was previously supplied
`by the bank to the provider of long distance network
`118. Similarly, the "country group X" entries in the
`destination column are pointers to lists of countries
`50
`which receive the same security treatment. CC stands
`for Credit-card Call. PFO stands for Public Phone
`Origination. NPO stands for Non-public Phone Origi
`nation. A dash indicates the particular attribute is not
`considered for the specified destination. ANI is the
`55
`abbreviation for Automatic Number Identification
`which is the source of the request. In this example only
`the area code of the source is considered. Control is
`then passed to conditional branch point 825.
`TABLE 3
`SCP Authentication Level Table
`Authentication
`Authentication
`Level
`Means
`O
`None
`1.
`PIN (or Password)
`2
`Voice Print
`3
`Finger Print
`4.
`Retina Pattern
`
`number identification (ANI), which would specify the
`location from which the access is sought; the destina
`tion to which access is sought which can be determined
`from the number dialed; the cost of the call, which may
`be expressed as a cost per unit of access or a cost reflect
`ing the overall value of the access, and any other param
`eters of the call.
`In conditional branch point 825, access decision unit
`208 of SCP 134-1 tests to determine, if it can definitely
`allow access to be granted at the level requested, if it
`can definitely not allow access to be granted at the
`requested level or if it doesn't know whether it should
`allow access to be granted. For purposes of this exam
`ple, each destination profile stored in destination profile
`storage 216 specifies the available levels of access and
`the corresponding set of attributes required to achieve
`authentication such that access to the destination can be
`granted at each available level. Again, such profiles are
`shown in Table 2. Upon the initial iteration of step 825
`access will be caused to be granted to a requester since
`any first level of security processing inherent in the
`request has been met by the requester, unless a predeter
`mined set of attributes of the particular access request
`matches a set of specified criteria for those predeter
`mined attributes, in which case additional authentica
`tion information is requested from the requester. If the
`requested additional authentication information is sup
`plied, that information is used as part of the available
`request attributes, along with the other request attri
`
`UNIFIED PATENTS EXHIBIT 1012
`Page 15 of 23
`
`

`

`5,276,444
`10
`butes, in an attempt to authenticate the alleged identity
`The test result during the initial pass through step 825
`of the