Method for protecting an internet supplementary service

Abstract

The invention relates to a method for improving the security of an Internet supplementary service. When access to the IP server network of a network operator is sought for an ISS message from the Internet, a service-independent authorization procedure is carried out by a purpose-built server, a service-independent identification being used to obtain said authorization. A service-related authorization procedure is subsequently carried out by a service access server, by means of a user password.

Description

[0001] 1. What technical problem is to be solved by your invention?

[0002] 2. How has this problem been previously solved?

[0003] 3. In which way does your invention solve the given problem (give advantages)?

[0004] As to Point 1: Which Technical Problem is to be Solved by Your Invention?

[0005] For the realization of Internet Supplementary Services (for example, Call Waiting Internet Busy, Subscriber Controlled Input via Internet) information is required (hereinafter called Service Information), which is exchanged between Internet users and PSTN/ISDN exchanges. Thereby there arises the following security demands:

[0006] a) the resources of the network of a telecommunications operator (PSTN/ISDN network, internal server net) must be protected against unauthorized access (access by Internet users who are not customers of the telecommunications operator).

[0007] b) the source of the service information must be authenticated and the non-falsification of the service information must be verified.

[0008] c) the access of the user to the service must be authorized.

[0009] As to Point 2: How Has This Problem Been Previously Solved?

[0010] Standard methods for the protection of signaling information for Internet supplementary services have not previously existed. Depending on the service different combinations of IP-security methods have been used. In many cases a common secret (for example, a password, a PIN) coded by standard methods (for example, “Transport Layer Security”, RFC 2246) has been transmitted to the server which supports the service as a gateway into the PSTN/ISDN. At this server the password is evaluated based on interfaces to corresponding service related data bases of the PSTN/ISDN network operator, which can be either network central databases (in the gateway server or separate) or databases which are distributed in the networks of the subscriber's exchanges. With such methods requirements b) and c) can be filled, however, not requirement a) at the same time.

[0011] As to Point 3: In Which Way Does Your Invention Solve the Given Problem (Give Advantages)?

[0012] The method for protecting service information from Internet supplementary services users is divided into two steps. Upon access from the Internet to the IP-server net of the network operator, through a special security server (firewall server) a generic, that is a service independent, authorization is provided, for which a service independent identification, for example the customer number, is used. Then from a service access server a service related authorization is provided, for which a service related (service specific) secret (for example a user password, a PIN) is used. Neither the customer number nor the service related secret is transmitted over the Internet (as explained later in more detail). A subscriber identifier of the ISS subscriber, for example the call number, is transmitted in plain text (Klartext) over the Internet and assists the receiver (security server or service access server) to determine the associated common secret (service independent identifier or service related secret), with which it can test the involved authorization. The security server and the service access server can especially be realized on a hardware platform.

[0013] In the following the invention is explained in more detail (for which see also the figure).

[0014] A service independent identification, for example the customer number of the subscriber, serves as the common secret (shared secret) for the forming of a cryptographic test sum, for example according to the standard method (RFC 2104) of the “Hashed Message Authentication Code”, which as a so called “digital signature” is appended to the service information. A generic security server (firewall-server) evaluates the HMAC-test sum of the received service information, based on interfaces to the databases of the PSTN/ISDN net operator for the customer number and the call number. Upon a successful HMAC-test (by which the customer authentication and the data integrity is assured) the subscriber receives access to the service net of the operator.

[0015] His information is routed to the appertaining service access server which enables the access to the Internet Supplementary Service, and here the service specific authorization (the service access server can especially concern a gateway server (see the figure) which enables access to an Internet Supplementary Service offered by another net). In addition, the service access server evaluates a second “Hashed Message Authentication Code” which has been formed from the IP-application of the user with the assistance of a service related secret. The service access server evaluates the HMAC based on interfaces to the service related databases of the PSTN/ISDN net operator, which contain the service related secrets of the service subscribers. These can be either net central databases (in the gateway server or separate) or also databases which are distributed in the net at the subscriber exchanges.

[0016] Short Explanation of the Functioning of the HMAC:

[0017] The sender appends to the service information, before its sending, the common secret (here for example the customer number or user password) and forms by way of either the test sum. Then the customer number or password is removed, the test sum is appended to the service information and the information is sent. The receiver removes the test sum, appends the customer number or the password (taken from his databank) to the service information and calculates likewise the test sum. A successful comparison of the received with the calculated test sum indicates first, that the sender knows the customer number or password, and second, that the information has not been changed by the transmission (which would have changed the test sum). The customer number or password has therefore been transmitted neither in clear text nor in code. Nevertheless, the sender indicates that he knows the correct password.

[0018] Advantages of the Invention:

[0019] By way of the described two step process it is possible to fill the demands a), b) and c) and at the same time to use existing password databases in the exchanges and existing databases of the net operator. Thereby one spares the installation and maintenance of additional external databanks and the eventual doubling of security relevant data (for example in the exchanges and at the external servers).

[0020] Because of the possibility of reuse of already existing passwords on PIN's, the ISS subscriber need bear in mind no additional password for Internet Supplementary Services.

[0021] Exchange internal databanks are not accessible from the outside and therefore are generically more secure than databanks on servers.

[0022] By way of the two step authentication the appearance of additional hurdles in the way is avoided.

[0023] The costs of such two step authorization, because of the reuse of already existing databanks, are significantly lower than those of similarly secure protection methods, which undertake the entire subscriber authentication already in the security servers at the entrance to the IP server net.

[0024] In synopsis, it can be said that the invention describes a simple two step security method, that combines existing data (customer number, call number) and security methods for telecommunications nets (call number related PIN) with existing Internet security methods (HMAC).

Claims

1. A method for protecting an Internet supplementary service, wherein: upon admission of an Internet supplementary service information from the Internet to an IP-server net of a network operator a service independent authorization is performed, for which a service independent identification is used, after a positive service independent authorization in a service access server, which enables access to an Internet supplementary service, a service related authorization is performed, for which a service related secret is used.

2. The method according to claim 1 further characterized in that an identification of the subscriber necessary in the framework of the service independent or service related authorization is carried out with the aid of a subscriber identification contained in the Internet supplementary service information.

3. The method according to claim 1 or 2, further characterized in that the Internet supplementary service information for admission from the Internet to an IP-server net of a network operator is provided with a digital signature.