WO2004097607A1 - Password management and replication system - Google Patents

Password management and replication system Download PDF

Info

Publication number
WO2004097607A1
WO2004097607A1 PCT/IE2004/000061 IE2004000061W WO2004097607A1 WO 2004097607 A1 WO2004097607 A1 WO 2004097607A1 IE 2004000061 W IE2004000061 W IE 2004000061W WO 2004097607 A1 WO2004097607 A1 WO 2004097607A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
target
pbx
management system
target system
Prior art date
Application number
PCT/IE2004/000061
Other languages
French (fr)
Inventor
Paul O'sullivan
Kieran O'sullivan
Original Assignee
Paul O'sullivan
Kieran O'sullivan
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Paul O'sullivan, Kieran O'sullivan filed Critical Paul O'sullivan
Publication of WO2004097607A1 publication Critical patent/WO2004097607A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords

Definitions

  • the present invention relates to a password management and replication system and in particular a system for:
  • PBX private branch exchange
  • a private branch exchange is a phone switch serving a business organisation that is usually located on the organisation's premises.
  • a PBX is owned and operated by the organisation rather than a telephone company (which may however, be a supplier or a service provider to the organisation) .
  • a PBX provides services including internal calling and access to the public switched telephone network (PSTN) .
  • PSTN public switched telephone network
  • a PBX switches calls between an organisation's users on local lines whilst allowing all its users to share a number of external phone lines.
  • the main function of a PBX is to save an organisation the cost of requiring a line for each user to the telephone company's central office.
  • PBX systems have dramatically changed since those early days and are now typically digital in nature with stored programme control systems.
  • This fundamental change in the underlying technology of PBX systems has dramatically changed the range of facilities offered by modern PBX systems, so that now after more than twenty years of stored programme control development, PBX systems can now provide more features and functions than any one customer probably needs.
  • the increased range of services e.g. voicemail, integrated services digital network (ISDN) , direct inwards system access (DISA) , external call forward and remote system access
  • ISDN integrated services digital network
  • DISA direct inwards system access
  • external call forward and remote system access e.g. voicemail, integrated services digital network (ISDN) , direct inwards system access (DISA) , external call forward and remote system access
  • Phreaking refers to (a) the theft of telecommunications e.g. by making stolen long distance or trunk telephone calls or (b) in general to the process of security cracking in any other context (especially, but not exclusively, on telecommunications networks) .
  • Phreakers can gain access to PBX systems through a number of routes including administration and maintenance ports and the use of through dialling features on the PBX systems.
  • PBX systems allow for some sort of through dialling capability.
  • One such facility basically allows calls to be placed to an outside number from the PBX system if the user can identify themselves as an authorised user through the voicemail system.
  • Another through dialling feature namely direct inward system access (DISA) lines
  • DISA direct inward system access
  • DISA lines allow employees to call a local or toll free line into a PBX system and on entering a security code use the PBX system to dial long distance calls that are billed back to the main PBX location.
  • this feature can be very useful for staff who travel frequently, who can use a DISA number to allow them to access their organisation's PBX system from any telephone and use the PBX system to access corporate sites rather than the more expensive public long-distance network
  • DISA lines also represent a significant security risk to the organisation's PBX system. It is clear that if a user's DISA security codes were obtained by an unauthorised person it could lead to significant toll fraud.
  • Phreakers can illegally access the remote maintenance port and carry out reprogramming to establish previously described access routes and disable reporting features of the target system, such as call detail recording. Since attacks on PBX systems can originate outside the country in which the target PBX is located and phreakers typically cover their trails by way of complicated chains of PBX hacking, it may prove extremely difficult to identify the responsible party, should a PBX system be hacked into.
  • Call selling is a process in which fraudsters who have gained illegal access to a PBX system sell high tariff calls below their true market value. Such call selling operations have been uncovered in numerous places around the world and in many cases have cost the PBX system owners thousands of dollars.
  • PBX systems are typically supplied by a vendor with a set of default passwords.
  • the number of passwords required to gain access to a PBX system depends on the specific system in question but in general, most PBX systems employ at least two levels of passwords.
  • a PBX system When a PBX system is installed at a client's premises, the default passwords are changed by the vendor installation and engineering staff. The resulting passwords must be used in all subsequent procedures in which access to the system is required (e.g. routine maintenance, fault diagnosis and specific programming to reflect personnel movements within the client organisation, additions and changes to the system) . In such circumstances, a PBX system is typically accessed either (a) remotely via a modem which is connected to the remote access maintenance port, or (b) by on-site engineering staff connecting directly to the system maintenance port .
  • PBX systems which are connected to the customers' local area network (LAN) can be accessed during a TELNET session in which the engineer selects the system's PBX Internet Protocol (IP) address and manually inputs the PBX password.
  • IP Internet Protocol
  • vendors also face the problem of ensuring that the passwords remain private.
  • the vendor's engineering staff must know the password to a PBX system, in order to perform routine maintenance etc. on the system.
  • the passwords may become known outside the vendor's company, thereby increasing the risk of hacking into a vendor's PBX system.
  • the vendor typically uses the same password on most of his PBX installations, a departing employee with knowledge of the password is taking with them know-how of some substantial value. In particular, the vendor may suffer substantial revenue loss if the departing employee offers his services to the vendor's customer base.
  • a password management system comprising a password changing means which in turn comprises a password generating means and a password communication means, wherein an at least one password generated by the password generating means is communicated by the password communication means to a target system.
  • the target system is a telecommunications system.
  • the target system is a PBX system.
  • the password management system further comprises a password replication means.
  • the password replication means employs the password generating means to generate a replica of the at least one current-, password of the target system.
  • the password replication means employs the date of a password replication request together with an identifier of the target system to generate a replica of the at least one current password of the target system.
  • the password replication means displays the replica of the at least one current password of the target system to a user.
  • access to the password replication means is restrictable to selected personnel.
  • the password management system further comprises a password activated access management system which employs the password generating means to generate a replica of the current at least one password of a target system without displaying the replica of the at least one current password of the target system.
  • the password activated access management system resides on at least one computing device.
  • the password activated access management system resides on at least one mobile computing device.
  • access to the target system is provided by connection of at least one of the at least one computing device to the target system.
  • the at least one of the at least one computing device is connectable to the target system directly through a communications port.
  • the at least one of the at least one computing device is connectable to the target system through a LAN.
  • a password management system comprising a password changing means residing in a target system which in turn comprises a password generating means and a password communication means, wherein an at least one password generated by the password generating means is communicated by the password communication means to the target system.
  • the password changing means is triggered by the target system.
  • the password communication means is in communication with the password generating means to retrieve an at least one password generated by the password generating means.
  • the password communication means transmits the at least one password generated by the password generating means to the target system.
  • the password changing means is capable of instructing the target system to replace an at least one password stored on the target system with the at least one password generated by the password generating means.
  • a password management system comprising a password changing means which in turn comprises a password generating means and a password communication means, wherein the password changing means and the password communication means are resident in a server in communication with the target system and at least one password generated by the password generating means is communicated by the password communication means to the target system.
  • a password management system comprising a password changing means which in turn comprises a password generating means and a password communication means, wherein the password changing means and the password communication means are resident in a server in communication with the target system over a PSTN and at least one password generated by the password generating means is communicated by the password communication means to the target system.
  • the password changing means is capable of instructing the target system to replace an at least one password stored on the target system with the at least one password generated by the password generating means.
  • the password changing means further comprises a password verification means which is capable of verifying the password transmitted to the target system, before the password is stored by the target system.
  • a password management system comprising a password changing means which in turn comprises a password generating means and a password communication means, wherein the password changing means and the password communication means are resident in a server which is in direct communication with the target system wherein the server is located in proximity to the target system, and at least one password generated by the password generating means is communicated by the password communication means to the target system.
  • the password changing means is triggered by a scheduler in the password management system.
  • the password changing means is capable of instructing the target system to replace an at least one password stored on the target system with the at least one password generated by the password generating means.
  • the password generating means encrypts the passwords.
  • the password generating means employs an algorithm for password encryption.
  • a method of changing an at least one password of a target system comprising the steps of: generating at least one new password; establishing communications with the target system; transmitting the at least one password to the target system; instructing the target system to replace its at least one existing password with the at least one transmitted password; wherein the target system for the password change is a telecommunications system.
  • the method of password change includes a triggering mechanism whose frequency can be set by the user.
  • a method of changing the at least one password of a target system from a remote server through a PSTN comprising the steps of: (a) generating at least one new password; (b) establishing communications with the target system; (c) transmitting the at least one password to the target system; (d) verifying the at least one transmitted password; and (e) instructing the target system to replace its at least one existing password with the at least one transmitted password.
  • a method of changing the at least one password of a target system from a proximal server through a direct connection to the target system comprising the steps of: (a) generating at least one new password; (b) establishing communications with the target system; (c) transmitting the at least one password to the target system; and (d) instructing the target system to replace its at least one existing password with the at least one transmitted password.
  • a method of displaying the current at least one password of a target PBX system to restricted personnel comprising the steps of: (a) checking whether the requester is authorised to obtain password status data; (b) obtaining an identifier of the target PBX system; (c) obtaining the date/time of the replication request; (d) combining the identifier of the target PBX system with the date/time of the replication request to generate a replica of the password of the current password of the target PBX system; and (e) displaying the current at least one password of the target system to the requester.
  • a ninth aspect of the invention there is provided a method of enabling an authorised person to gain access to a password protected target PBX system without displaying the at least one current password of the target PBX system to the authorised person comprising the steps of: (a) connecting the computing device to the target PBX system; (b) checking whether the requester is authorised to gain access to the target PBX system; (c) obtaining an identifier of the target PBX system; (d) obtaining the date/time of the connection to the target PBX system; (e) combining the identifier of the target PBX system with the date/time of the connection to the target PBX system to generate a replica of the at least one current password of the target PBX system; (f) establishing communications with the target PBX system and transmitting the replica of the at least one current password of the target PBX system to the target PBX system; wherein the password is not displayed to the authorised person during or after transmission to the target system.
  • a password management system capable of running the methods of the previous aspects of the invention.
  • a password management product capable of running the methods of the previous aspects of the invention, resident on a storage means .
  • the storage means is a disk.
  • the object of the invention is to overcome the problems of the prior art.
  • Traditional password models employ a fixed password which can be manually changed by a user. Typically these passwords are changed infrequently (e.g. once a month) if changed at all.
  • the present invention inverts the traditional password model and provides a automatic dynamic password management system.
  • the present invention provides a system for managing and automating the secure deployment of multiple passwords to multiple PBX systems.
  • the system enables the passwords of target PBX systems to be changed on a regular basis the frequency of which can be established by the user. Since the password changing process is conducted automatically, the passwords can be changed much more frequently than those of a traditional manual password changing system. For instance, it may be possible to change passwords every day/hour etc.
  • the passwords generated by the password management system are transmitted to target PBX systems in encrypted form.
  • a further innovative development provided by the present invention is the use of the dynamic paradigm underlying the password changing system in the password generation process.
  • one of the key variables used in generating a password is the date and/or time at which the password change was originally initiated.
  • the present invention not only dynamically changes the passwords of client PBX systems it also dynamically changes the generation process for the passwords themselves. Collectively, these two processes dramatically increase the complexity of the problem faced by hackers in attempting to obtain the passwords of a PBX system.
  • At least two modes of operation of the password management system generate and transmit passwords to a target PBX system in a closed system which is physically or otherwise protected from external unauthorised public access.
  • the password generating software module is directly integrated into a PBX system, so that there is no password transmission to the PBX system from an external source.
  • the present invention does not maintain an archive of the passwords generated by the password changing system.
  • the absence of the archive is intended to ensure that there is no central repository of the passwords of client PBX systems that might be accessed by unauthorised persons.
  • the lack of an available record of the current password of a client PBX system makes it very difficult for vendors to perform routine maintenance and other modifications (e.g. specific programming to reflect personnel movements within a client organisation to a client PBX system.
  • the present invention provides a method of generating replicas of the current passwords of client PBX systems through the synchronisation of an external device with the password changing system of a client PBX, without requiring the connection of the external device to the client PBX system.
  • this feature provides a method for a vendor to determine the current password of a client PBX system and thereby remotely gain access to the PBX system, to perform maintenance and other routine operations on the PBX system without compromising the security of the system.
  • the present invention provides a means for regenerating the current password of a client PBX system by a similar synchronisation process as that mentioned above, to enable an engineer to gain access to a client PBX system without revealing the current password to the engineer.
  • the present invention is a new password management and replication system that deploys a secure method for changing, managing and replicating unique passwords for multiple PBX and adjunct systems.
  • the system of the present invention is a transparent integrated suite of system control and application software modules used to change, manage and replicate passwords for one or more PBX or adjunct systems.
  • the system of the present invention can also be used to provide greater security for other systems such as routers, modems and any other communications devices which are password protected.
  • Figure 1 is a flow-diagram showing a broad overview of Mode 1 operations of the password management system
  • Figure 2 is a flowchart providing a more detailed overview of the Startup Phase of the Mode la (Dialup Mode) operations of the password management system shown in Figure 1
  • Figure 3 is a flowchart providing a more detailed overview of the Dialling Phase of the Mode la (Dialup Mode) operations of the password management system shown in Figure 1
  • Figure 4 is a flowchart providing an overview of the Mode lb (Direct Connection Mode) operations of the password management system
  • Figure 5 is a flow-diagram providing an overview of Mode lc (Integrated Mode) operations of the password management system
  • Figure 6 is a flowchart of the User Input Manual Mode operations of the password management system
  • Figure 7 is a flowchart showing an example of the operation of the password generating algorithm employed by the password management system.
  • Figure 8 is a flowchart providing an overview of the Mode 2 operations (Help Desk Mode) of the password management system
  • Figure 9 is a flowchart of the Mode 3 Operations (Engineer Logon Mode) of the password management system in both direct and Telnet modes
  • Figure 10 is a block diagram showing the software architecture of the password management system
  • Figure 11a is a block diagram showing a first configuration of an SPMS Server Module of the password management system
  • Figure lib is a block diagram showing a second configuration of the SPMS Server Module of the password management system in which a dial up connection is made across a PSTN between the SPMS Server and a PBX device
  • Figure lie is a block diagram showing a third configuration of the SPMS Server Module of the password management system in which the SPMS Server is directly connected to a PBX device
  • Figure 12 is a flowchart of the operation of an SPMS Manager Module of the password management system.
  • Table 1 lists the operational parameters included in an initialisation the password management system
  • Table 2 lists the parameters included in an SPMS Master Database of the password management system.
  • the password changing means and the password generating means will be known as the SPMS Server Module and the password generation algorithm respectively.
  • the password replication means and the password activated access management system will be known as the SPMS Helpdesk Module and the SPMS Engineer Logon Module respectively.
  • the description will first focus on the operation of the software for the password management system and will then turn to a discussion of the software architecture of the system and a detailed analysis of the operation of individual software components with a view to how these components relate to the overall functionality of the password management system.
  • the Password Management System can be broadly described as having three main modes of operation, Mode 1 in which password changes are made automatically to PBX systems, Mode 2 in which a vendor/customer may obtain a replica of the current passwords of their PBX systems and Mode 3 in which an engineer may be connected to a PBX system without ascertaining the current PBX system password.
  • processing is performed automatically by the password management system.
  • a specific software module of the password management system is responsible for Mode 1 processing, namely the SPMS Server Module.
  • the SPMS Server Module will be described in greater detail later when discussing the software architecture of the password management system.
  • Mode 1 operations take different forms depending on where the SPMS Server Module is located.
  • Mode 1 operation Mode la or Dialup Mode Operations
  • the SPMS Server Module resides on an SPMS server which may be located some distance from the PBX system and may communicate with the target PBX system across a PSTN.
  • the SPMS server may be located adjacent to the target PBX system and in communication with the target PBX system through its serial port .
  • Mode 1 operations namely Mode lc or Integrated Mode Operations
  • the SPMS Server Module resides in a target PBX system.
  • the SPMS Server Module If the SPMS Server Module is located on the SPMS server and not the target PBX system, then regardless of the location of the SPMS server, on commencement of Mode 1 operations the SPMS Server Module must identify and connect to a target PBX to enable password change. All the information required for making a connection to the target PBX and changing the passwords of the target PBX system (e.g. target modem number, modem speed, parity, system type and current passwords) are contained in a database associated with the SPMS Server Module (i.e. the SPMS Server Module Database) .
  • the SPMS Server Module Database i.e. the SPMS Server Module Database
  • FIG. 1 is a flow-diagram showing a broad overview of Mode 1 operations (including the PBX connecting steps of Mode la and Mode lb operations) .
  • Mode la and Mode lb require additional operational steps than Mode lc (in connecting to a target PBX system)
  • this broad overview of the Mode 1 operations will focus on the steps performed by all three forms of Mode 1 operations and will later deal with the steps specifically associated with each of three forms of Mode 1 operations.
  • the SPMS Server Module once the SPMS Server Module makes contact with a target PBX 10 and logs onto 12 the target PBX , the SPMS Server Module generates a new password 14 for the target PBX.
  • the SPMS Server Module then changes the existing password of the target PBX to the newly generated password 16 and updates 18 appropriate databases and then logs off the target PBX 20.
  • the number of passwords which can be changed during Mode 1 operations can be varied according to the requirements of the target PBX system and customer/vendor requirements and set by the variable StrLevel which is stored in an initialisation file.
  • Mode 1 operations are performed periodically at intervals established in the SPMS Server Module Database.
  • the intervals for such Mode 1 operations can be set as daily, weekly or monthly in accordance with vendor/client requirements.
  • Mode 1 operation on a target PBX is unsuccessful, repeated attempts are made at the Mode 1 operations.
  • the number of repeat attempts at Mode 1 operation is also established in the SPMS Server Module Database and can be varied according to specific vendor/client ' s requirements.
  • an alert is raised, a history file is generated and an email message generated to the system manager.
  • the email address of the recipient system manager is specified by the field EmailAddrl in Table 1.
  • Mode 1 operations of the password management system the description will now provide a detailed description of the stages involved in the Mode 1 Operations focussing on the specific steps performed in each of the three different forms of Mode 1 operations.
  • the Mode la operation of the SPMS system is designed to enable a vendor to distribute passwords to multiple client PBX systems from a single site.
  • an SPMS server is remotely located from a target PBX and communicates with the target PBX through a PSTN.
  • the SPMS Server Module is launched by the scheduler of the server's Operating System.
  • the first task of the SPMS Server Module once launched is to read data from an Initialisation file stored on disk 30.
  • the variables stored in the initialisation file are shown in Table 1. For security purposes this file is encrypted.
  • the SPMS Server Module completes the Initialisation Phase of the Mode la operations by verifying the integrity of the initialisation file.
  • the initialisation stage is implemented by the Program_start () routine which enables the scheduler to launch the SPMS Server Module.
  • the Program start () routine initialises the SPMS Server Module and in turn calls the following routines:
  • the Startup Phase of the Mode la operations shown in Figure 1 is shown in greater detail in Figure 2.
  • the Startup Phase comprises a combination of sub routines ( GetLicenses () that read and verify license agreements 32.
  • the SPMS Server Module connects 34 to a SPMS Master Database 35.
  • the variables stored in the SPMS Master Database 35 are shown in Table 2. Since the Mode la operation of the SPMS system permits a vendor to transmit passwords to multiple sites, it will be understood that the SPMS Master Database 35 contains multiple entries, wherein each entry contains the values of the variables (specified in Table 2) specific to a given client PBX system.
  • the SPMS Server Module queries 36 the SPMS Master Database 35 to download the various parameters stored within, and associated with each PBX. These parameters include the telephone number of the target PBX system, the Baud rate of remote PBX system, a site specific identifier (namely Si telD) and the current passwords of the target PBX system.
  • the software elements responsible for connecting to and querying the SPMS Master Database 36 are as follows:
  • ConnectDatabase This routine connects to the SPMS Master Database for loading stored PBX parameters, it uses Jet for Access and SQL Databases. If a connection cannot be made then an error is flagged and processed.
  • Mode la and Mode lb operations i.e. where the SPMS Server Module is resident on an SPMS server and not on the target PBX system
  • the Startup Phase of the Mode 1 operations is completed and the SPMS Server Module implements the Dialling Phase of the Mode la/Mode lb operations.
  • the Dialling Phase connects the SPMS server to the target PBX system.
  • the connection to the target PBX is made by dialling the target PBX through the PSTN.
  • Mode lb operations connection is made directly to the target PBX system.
  • Dialling Phase The Dialling Phase of the Mode la operations shown in Figure 1 is shown in greater detail in Figure 3.
  • the SPMS server operating under MScomm opens an appropriate serial port and dials 40 the target PBX system using the PBX parameters of the relevant client PBX system (determined from the client records retained on the SPMS Master Database, the variables stored in the SPMS Master Database are shown in Table 2) .
  • the SPMS Server then waits for a "connect” to be received from the called Modem 42, upon receipt of the "connect", the SPMS Server polls 44 for a system prompt from the PBX. Upon receipt of the system prompt, the SPMS Server then "Logs On” 46 to the remote system using the current password stored in its SPMS Master Database 35.
  • the variables stored in the SPMS Master Database 35 are shown in Table 2.
  • Dial This routine dials the target PBX telephone number stored in record 1 of the database and waits for connection from the remote modem.
  • TmrDiaK This routine waits a predetermined length of time (the length of which is specified in the initialisation file) for "connection" from remote modem to be received.
  • Step 1 The current values of a number of password descriptor variables are read from a database stored in the PBX.
  • the password descriptor variables in question include the following: (i) the current level 1 and level 2 passwords (for a two level security system) (namely strCurrentLevellPas sword and strCurrL2Password) (ii) the type of PBX in question (namely StrType_Of_PBX) (iii)the maximum password length (namely intMaxPasswordLength) (iv) A customer/vendor site specific identification code (namely strSi teld)
  • Step 2 A new set of passwords is generated and stored 115 in the password descriptor variables strNewLl Pas sword and strNewL2Pas sword (for a two- level security system) .
  • the two steps mentioned above provide a broad description of the password changing process, however, the specific details of the manner in which password change is performed varies depending on the type of PBX on which the password change is being implemented. For instance, in one type of PBX system the password changing system software module loads an overlay and sets the values PBX variables NewPassWordl and NewPassWord2 to strNewLlPas sword and strNewL2 Pa sword respectively.
  • the password changing system software module may make a backup of the existing password file with a time and date stamp, and overwrite the current values of the PBX password variables with strNewLlPas sword and strNewL2 Pas sword respectively.
  • the password changing system software module updates its history and client detail databases with the details of the old and new password parameters. This information can then be used as a full audit trail of the target PBX passwords, in the event of problems arising with procedures and subroutines used in communicating with a target PBX.
  • the veracity of the passwords communicated by the SPMS Server Module to the target PBX system over a PSTN is checked 50 to verify that the passwords transmitted to and provisionally stored in the target PBX system are in fact the passwords newly generated by the SPMS Server Module. If so, it then transmits a request to the remote system to store them. Once this task is complete the SPMS Server then records all of the transactions in its history and client details databases. If not then the password cycle is executed a further time.
  • UpdateHistoryFile O This routine writes the values of variables associated with a password changing session to a History database.
  • the variables in question include details of the Old passwords, New Passwords and the date of the password change.
  • the above variables are stored in the history database for easy retrieval in the event of problems occurring.
  • the SPMS Server Module logs off the target PBX 52 and terminates the call.
  • the SPMS Server Module then reads the next record from the SPMS Master Database and dials the next PBX system 54.
  • EODatabase a Boolean variable EODatabase is set true.
  • the software calls the End of Program EOP () routine which conducts all the end of program tasks such as closing all the databases and communication ports, emailing the details and results of all transactions to EmailAddrl and then calling closedown () .
  • End of Program EOP routine which conducts all the end of program tasks such as closing all the databases and communication ports, emailing the details and results of all transactions to EmailAddrl and then calling closedown () .
  • DialNext This routine moves the password management system software module to the next PBX record in the SPMS database.
  • the DialNext O routine checks to see if it is the last record +1, if so it calls the End of Program routines (EOP) .
  • EOP End of Program
  • the EOP routine processes end of program tasks as follows: (1) CloseConnections 0 Closes all databases and ports. (2) Email () Generates a file containing success and failure statistics and emails the file to the recipient designated in the initialisation file (refer to Table 1) field Emailaddrl . (3) EndProgram O Ends the Program by carrying out an orderly shutdown.
  • DialNext O routine finds that the next record in the SPMS server database is not the last client record (i.e. records still exist), all parameters are reset with respect to the last call.
  • Control is then handed back to the ConnectDatabase () routine to retrieve the next record and a call is placed to routine Dial 0 .
  • the password management system software module then loops through the steps following the Dialling, Password Change and Transmission End Phases until no records remain.
  • a routine onComm O raises a comEvReceive flag and hands control over to a Decodelnput () routine.
  • the Decodelnput ( ) routine interrogates the inbound data stream and depending on its content redirects the password management system program flow to the various routines assigned to handle it.
  • the Decodelnput 0 routine also updates the GUI with copies of actual inbound and outbound data.
  • the Mode la operations of the SPMS software provides an automatic, dynamic password changing system which enables a vendor to overcome the logistical problems of managing the deployment of multiple passwords to multiple PBX systems .
  • This system thereby increases the security of client PBX systems by reducing the risk of hackers obtaining the passwords of client PBX systems through reducing the effective lifetime of a PBX password.
  • the passwords newly generated by the SPMS software are communicated to target PBX systems through private, non-publicly accessible media.
  • the passwords are generated by a PC (owned by a client PBX owner) which is physically located adjacent to a target PBX system.
  • the PC is connected to the target PBX system through a direct serial connection therebetween.
  • Mode lc operations of the SPMS system takes the process of protecting the security of the passwords transmitted to a target PBX system a step further, by incorporating the SPMS password changing module of the SPMS system into a target PBX system itself, thus producing an autonomous, dynamic, automatic password changing system which does not need external connection to a PC or server.
  • the installation of the software in each case is intended for a single user (i.e. client PBX system) .
  • the Mode lb and Mode lc operations of the SPMS software would not be suitable for transmitting passwords to multiple PBX sites from a single server. Consequently the SPMS Master Databases 35 (see Table 2 for details) for the Mode lb and Mode lc operations, do not contain multiple entries for multiple PBX sites, but instead contain entries for the single PBX site to which each SPMS Master Database 35 is connected.
  • Mode lb and Mode lc operations of the SPMS software Having provided a broad overview of the principle of operation of the Mode lb and Mode lc operations of the SPMS software, the description will continue with a more detailed discussion of the Mode lb and Mode lc operations in turn.
  • Mode lb Software resides in a Server located proximal to a Target PBX
  • the SPMS server 60 is directly connected to a target PBX system 62 via a serial port.
  • the SPMS Server Module logs on to the target PBX system 62 using passwords stored in its database in accordance with the Dialling and Startup Phases described for Mode la operations.
  • the SPMS Server Module changes the old passwords of the target PBX system for new passwords in accordance with the Change Password Phase previously described for Mode la operations.
  • the connection between the SPMS server and the target PBX system is made directly through the serial ports of both systems, rather than a PSTN, the chances of transmission errors being introduced into the passwords is reduced and thus verification of the transmitted passwords is not required.
  • FIG. 5 shows Mode lc operations.
  • the SPMS Server Module lies dormant within a client's PBX system 100 until it is launched by the PBX scheduler, at a prescribed time 105.
  • the SPMS Server Module retrieves operational parameters 110 from an initialisation file stored in a PBX database.
  • the operational parameters contained in the initialisation file are shown in Table 1.
  • variable strAuto_run is set "I" (to indicate that the SPMS Server Module and Password Generation Module are integrated into the target PBX) and the SPMS Server Module which is resident in the PBX changes the password of the PBX.
  • the password changing system software module updates its history and client detail databases with the details of the old and new password parameters. This information can then be used as a full audit trail of the target PBX passwords, in the event of problems arising with procedures and subroutines used in communicating with a target PBX.
  • Modes la and lb of operation can also be operated manually as in Figure 6.
  • the description of the Mode 1 operations so- far has focussed on the method of initiating a password changing session and the method of communicating newly generated passwords from the SPMS software (whether resident on a server, dedicated PC or within a PBX system itself) to a target PBX.
  • the description has so far shown how the SPMS software provides a dynamic automated method of changing the passwords of PBX systems.
  • the description has not shown how the passwords themselves are generated by the SPMS software.
  • the password generation algorithm of the SPMS software extends the concept of the dynamic password changing capability of the SPMS software to form the basis for the password generating function of the software.
  • the SPMS software implements a dynamic process for automatically changing PBX passwords, the software also employs the dynamic nature of the password changing process to generate the passwords themselves.
  • Key to the operation of the password generating algorithm is the date/time at which a password changing operation is initiated.
  • the algorithm combines the date/time of the operation together with other specific variables to generate a variable which when encrypted provides a resultant password.
  • Figure 7 shows an exemplary operation of the password generation algorithm.
  • the password generation algorithm employs two variables, namely the Si telD and the date to generate passwords for a PBX system.
  • the Si telD variable is a character or integer representation of a client's site name.
  • the string "TEST” is used as a Si telD 270.
  • the date variable is represented as 28/01/2003 272.
  • the SitelD variable and the date variable are combined 274 to produce a single string of characters which is assigned to a further variable entitled Str_2_Encrypt .
  • the Str_2_encrypt variable becomes TEST28012003 276.
  • the SPMS encryption algorithm 278 will reverses the string to produce a new variable Str_Encrypted which in the case of the present example becomes 30021082TSET.
  • the Str_Encrypted variable becomes the Password for Site TEST on 28 th January 2003 280.
  • the run date of the password generation algorithm is 13/03/2003 (and using the same SitelD "TEST" as used earlier) , the Str_encrypted variable becomes 30023031TSET.
  • the above Algorithm also uses strong encryption methods (e.g. EIGamal, 3DES (Data encryption standard) , AES (Advanced Encryption Standard) , RSA IDEA (International Data Encryption Algorithm) , Blowfish or CAST) to enhance the security provided by the Str_encrypted password.
  • strong encryption methods e.g. EIGamal, 3DES (Data encryption standard) , AES (Advanced Encryption Standard) , RSA IDEA (International Data Encryption Algorithm) , Blowfish or CAST
  • the password generating process is employed in all of the operations of the SPMS software.
  • the password generating process is employed for: (a) generating new passwords to change the passwords of target PBX systems (b) generating replicas of current passwords of PBX systems to enable authorised persons to gain access to the target PBX systems.
  • a vendor In order to gain access to a client PBX system to perform routine maintenance and other operations (e.g. restrictions on user-accounts etc) on the system, a vendor must know the current password (s) of the client PBX system. Under traditional password management systems, this did not create a particular problem for vendors, because the vendor typically used a single password for all of its installations or the passwords were changed very infrequently.
  • PBX passwords are changed automatically by the SPMS software (without the intervention of the vendor) and can be changed at frequent intervals. Since no external record is kept of the passwords of a client PBX system (to enhance the security of the system) , the vendor would have some difficulties in determining the password of the client PBX system and in gaining access to client PBX systems to perform routine maintenance etc.
  • the Mode 2 operations of the SPMS system provides a tool which enables a vendor to generate a replica of the current password of a client PBX system.
  • Central to the password regeneration process of the Mode 2 operations is the fact that there is no distribution of current PBX passwords from a target PBX system, central server or other archive to the Mode 2 operations user. Consequently there is no need for a vendor's PC to be in any way connected to a target PBX system or other password archive to determine a current PBX password.
  • the Mode 2 operations of the SPMS software employs the inherent determinism of the original password generating algorithm for the client PBX system to enable the regeneration of a replica of a current PBX password.
  • Mode 2 operations of the SPMS software are primarily intended for the use of a PBX vendor, it is also envisaged that this mode of operations could also be used by the vendor's customers should the customers require knowledge of the current password of their PBX systems.
  • the designated employee of the vendor or customer users are requested to enter a password (henceforth known as the customer ID) 130. If the password entered by the personnel is authenticated by the Helpdesk module, the module requests the authorised user to enter a site Name/ID which specifically identifies the target PBX.
  • the password generating algorithm (described above) combines the site Name/ID of the target PBX system with the date/time stamp of the password request to generate 134 a replica of the current password of the identified target PBX system.
  • Key to the password replication process is the synchronisation of the clock of the vendor's PC (running the Helpdesk Module) and the clock of : (a) the server connected to a target PBX system through a PSTN (in Mode la operations) or (b) a PC directly linked to a target PBX system (in Mode lb operations) or (c) the target PBX system itself (in Mode lc operations) .
  • the clock of the vendor's PC running the Helpdesk Module
  • the password (s) generated by the Mode 2 operations may not match the actual current password (s) of the target PBX system.
  • the password is displayed 136 to the appropriate Help Desk personnel .
  • a module known as an Engineer Logon Module is provided to engineers of the vendor company.
  • the Engineer Logon Module enables an engineer to directly connect to a client's PBX system for the purpose of service, maintenance and authorised system programming, without revealing the current password (s) of the client PBX system.
  • An engineer may connect a mobile computing device (e.g. a laptop computer) to a PBX system either directly through a serial port or through a client's local area net (LAN) via a SPMS Telnet session (provided that the target PBX system itself is connected to the LAN) .
  • a mobile computing device e.g. a laptop computer
  • LAN local area net
  • the Engineer Logon Module is launched.
  • the Engineer Logon Module reads data from an Initialisation file stored on disk.
  • the initialisation file contains various parameters and flags e.g. maximum allowed password length, frequency of allowed engineer logons, Baud Rate of connection, port settings and User authentication details.
  • the initialisation file is encrypted, furthermore these authentication details once set cannot be altered.
  • the engineer is requested to enter a password (henceforth known as the engineer password) . If the password entered by the engineer is authenticated by the Engineer Logon Module 140, the Engineer Logon Module 140 will request the authorised engineer to enter a site Name/ID 142 ( strSi telD) which specifically identifies the PBX system to which access is requested.
  • a password herein known as the engineer password
  • the Engineer logon Module 140 will request the authorised engineer to enter a site Name/ID 142 ( strSi telD) which specifically identifies the PBX system to which access is requested.
  • the Engineer Logon Module 140 employs the password generating algorithm (previously described) to combine the site Name/ID with the date/time of the engineer logon request to generate a replica of the current passwords 144 of the target PBX system.
  • the password regeneration process depends on the inherent determinism of the original password generation algorithm and on the synchronisation of the clock of the engineer's laptop (or other mobile computing device) with the clock of the: (a) server connected to the target PBX through a PSTN (in Mode la operations) or (b) PC directly connected to the target PBX (in Mode lb operations) or (c) the target PBX system itself (in Mode lc operations) .
  • the Engineer Logon Module will log the engineer onto the required PBX system 146. at the selected level.
  • the Engineer logon Mode 3 operations
  • the engineer is requested to close the Engineer Logon Module and launches his preferred communications package to continue.
  • the password management system includes a system manager program 200 that comprises an interface management program 210 and four client programs which will be known henceforth as modules.
  • the four modules of the password management system are known in turn as the SPMS Server Module 212, the SPMS Helpdesk Module 214, the SPMS Engineer Logon Module 216, and the SPMS Manager Module 218. All modules are capable of being run under the Windows or Unix operating systems. Whilst each module is capable of operating independently of the others, each module also conforms to a set of rules from which passwords are constructed and retrieved. Each of the four modules are discussed in greater detail below.
  • SPMS Server Module 212
  • the SPMS Server Module 212 has the task of communicating with a target PBX system and changing its password (s) . Thus the SPMS Server Module 212 facilitates the Mode 1 Operations of the password management system.
  • the SPMS Server Module has three possible configurations shown in Figures 11a, lib and lie respectively. These three configurations are designed to facilitate the different forms of Mode 1 operations described earlier.
  • the SPMS Server Module 212 In its first configuration ( Figure 11a) the SPMS Server Module 212 resides within a client's PBX system 240. Consequently, the SPMS Server Module 212 in its first configuration, is a single system programme device which can be shipped with new PBX's or added to existing systems as an upgrade.
  • the first configuration ( Figure 11a) of the SPMS Server Module 212 is designed to enable the automated password updating of Mode 1 operations, to overcome any problems which might arise from dialling target PBX's over a public switched telephone network.
  • the SPMS Server Module 212 is a multi system device which can reside on a separate SPMS server 242 (under control of the vendor company) and communicates across a Public Switched Telephone Network (PSTN) 244 with the target PBX 240.
  • PSTN Public Switched Telephone Network
  • the second configuration of the SPMS Server Module 212 includes a database (SQL or Access) which contains records of all target PBX's. Records can be added to the database at any time using the SPMS Manager function (to be described later) .
  • the SPMS Server Module 212 In its third configuration ( Figure lie) the SPMS Server Module 212 resides on an SPMS server 246 located beside the client's PBX system 240 and connected directly to the PBX system 240 by way of a serial port. This is desirable in situations where the customer nominates to control his own system passwords.
  • the SPMS Server Module 212 includes a GUI which can be edited during manual mode.
  • the variables which can be selected and actioned through the GUI include: (a) BaudRate: used to set communications speed with remote modem. (b) Com Port : used to communicate with SPMS server Modem (c) Frequency used to select the Frequency of Remote Password update. (d) Advance used to advance the database by a single record (e) Moveto start of Database (f) Moveto previous record (g) Moveto end of database. (h) Send a Carriage return to remote modem. (i) View History file entries. (j) View history of Passwords for a given site. (k) View system date (1) Dial current entry
  • the SPMS Help Desk Module 214 is an executable program file which is installed on a standard PC of a nominated customer and/or vendor.
  • the SPMS Helpdesk Module 214 is used by a PBX Vendor service centre and/or customer service centre as a password finder to regenerate the password of a specific PBX system at any given time.
  • the SPMS Helpdesk Module 214 is the software component of the password management system which enables its Mode 2 operations (Help Desk Mode) .
  • the SPMS Helpdesk Module 214 includes a GUI which allows the user to set various parameters such as: (a) Site ID/Name (used to identify an individual vendor help desk/customer site) . (b) Frequency (used to determine the frequency of update)
  • GUI of the SPMS Helpdesk Module 214 displays the vendor Co. name, User name and user ID authorised by license.
  • the SPMS Helpdesk Module 214 is a secure program which is password protected. As also discussed in relation to the Mode 2 operations, a specific SPMS Helpdesk Module 214 can only be used by a single customer and/or vendor company . The SPMS Helpdesk Module 214 uses the common password generation algorithm (previously described) to replicate the password (s) stored in the Server Master Database.
  • the third module is SPMS Engineer Logon Module 216.
  • the SPMS Engineer Logon Module 216 is an executable program installed at nominated standard laptop PCs and is used by mobile Engineering Staff. The function of the SPMS Engineer Logon Module 216 is to automatically log an engineer onto a PBX system without revealing the current password (s) of the PBX system. Thus the SPMS Engineer Logon Module 216 facilitates the Mode 3 operations of the password management system.
  • the SPMS Engineer Logon Module 216 is a secure programme which is password protected. To enhance the security of the password management system, the SPMS Engineer Logon Module 216 is only operable from the single laptop computer on which it is installed. To facilitate different methods of connection of an engineer's laptop to a target PBX system, the SPMS Engineer Logon Module 216 is itself provided with two separate modules .
  • the first module is known as the Direct Engineer Logon Module 220. This module requires an engineer's PC to be directly connected between a PC's Serial port and a PBX for communication between the engineer's PC and the target PBX system to take place.
  • the second module is known as the Telnet Session Engineer Logon Module 222. This module enables an engineer's PC to remotely connect to a target PBX through a LAN.
  • the SPMS Engineer Logon Module 216 uses the common password generation algorithm (previously described) .
  • the SPMS Manager Module 218 is a software tool used to input data and parameters to the SPMS Master Database.
  • the SPMS Manager Module 218 has many components providing typical database and communications features that can be managed via this interface.
  • the SPMS Manager Module 218 can be run in a standalone or networked environment. All data entered into the system through the SPMS Manager Module 218 is stored in the SPMS Master database .
  • the functions of the SPMS Manager Module 218 can be broadly divided into SPMS Master Database operations and Maintenance operations.
  • Figure 12 shows a number of the software elements which enable the SPMS Manager Module 218 to perform its functions.

Abstract

A password management system comprises a password changing means which in turn comprises a password generating means and a password communication means, wherein an at least one password generated by the password generating means is communicated by the password communication means to a target system, for example a PBX system. The password management system has three main modes of operation Mode 1 in which password changes are made automatically to PBX systems, Mode 2 in which a vendor/customer may obtain a replica of the current passwords of their PBX systems and Mode 3 in which an engineer may be connected to a PBX system without ascertaining the current PBX system password. The password management system overcomes the traditional password model, which employs a fixed password, which can be manually changed by a user, and provides an automatic and thus secure dynamic password management system.

Description

Password Management and Replication System
Technical Field
The present invention relates to a password management and replication system and in particular a system for:
(a) managing the secure deployment of passwords to private branch exchange (PBX) systems and other password protected communications devices; and (b) regenerating the current passwords of PBX systems (and other password protected communications devices) onto other devices .
Background Art
A private branch exchange (PBX) is a phone switch serving a business organisation that is usually located on the organisation's premises. A PBX is owned and operated by the organisation rather than a telephone company (which may however, be a supplier or a service provider to the organisation) . A PBX provides services including internal calling and access to the public switched telephone network (PSTN) . In operation, a PBX switches calls between an organisation's users on local lines whilst allowing all its users to share a number of external phone lines. The main function of a PBX is to save an organisation the cost of requiring a line for each user to the telephone company's central office.
Early PBX systems were based entirely on analogue technology, employing step by step selectors or crossbar switches to switch lines and set up calls. These early PBX system were typically programmed by soldering straps onto wiring distribution blocks. Consequently, if a customer required any modification to the programming of an early PBX system (e.g. requesting a restriction change on an internal extension) it was necessary for a technician to travel to the customer's premises, plug in a soldering iron and change a strap on a wiring distribution block.
PBX systems have dramatically changed since those early days and are now typically digital in nature with stored programme control systems. This fundamental change in the underlying technology of PBX systems has dramatically changed the range of facilities offered by modern PBX systems, so that now after more than twenty years of stored programme control development, PBX systems can now provide more features and functions than any one customer probably needs. Whilst the increased range of services (e.g. voicemail, integrated services digital network (ISDN) , direct inwards system access (DISA) , external call forward and remote system access) made available by modern PBX system have benefited users by providing a more flexible communications platform, the inherent openness of modern PBX systems has introduced problems which would have been inconceivable in earlier analogue PBX systems.
One of the most important problems of modern PBX systems, are their vulnerability to unauthorised attack and consequent misuse. Unauthorised access to early PBX systems was physically prevented by locks on the telephone switch-room door or on the PBX cabinet itself. However, the advent of digital communications, the Internet and the inter- connection of telecommunication and computer networks has meant that such control over the access to a modern PBX system is now virtually impossible.
Thus one of the supreme ironies of the development of digital PBX technology is that whilst it has resulted in inherently more flexible phone systems it is has also produced systems which are inherently less secure than their earlier analogue counterparts.
Whilst most modern organisations are very aware of the problems of hacking and of the very real damage it can cause to their IT systems (and they may even be aware that their PBX systems may be identified by war diallers and used to gain access to their computer systems) , such organisations frequently overlook their own phone systems as potential hacking targets.
The term "Phreaking" refers to (a) the theft of telecommunications e.g. by making stolen long distance or trunk telephone calls or (b) in general to the process of security cracking in any other context (especially, but not exclusively, on telecommunications networks) .
Phreakers can gain access to PBX systems through a number of routes including administration and maintenance ports and the use of through dialling features on the PBX systems.
(A) Administration and Maintenance Ports
Modern PBX systems are typically provided with lines or terminal connections to allow administrators to make changes and diagnose problems. For similar reasons, it is not unusual for an outside vendor to require access to the production switch of a PBX system to apply upgrades or troubleshoot problems within the system. Whilst these dialup lines provide necessary direct access into a PBX they also represent one of the primary unauthorised entry points to the PBX system for Phreakers. (B) Through Dialling Features (Voicemail, DISA and auto attended)
Many PBX systems allow for some sort of through dialling capability. One such facility basically allows calls to be placed to an outside number from the PBX system if the user can identify themselves as an authorised user through the voicemail system.
Another through dialling feature, namely direct inward system access (DISA) lines, allow employees to call a local or toll free line into a PBX system and on entering a security code use the PBX system to dial long distance calls that are billed back to the main PBX location. Whilst this feature can be very useful for staff who travel frequently, who can use a DISA number to allow them to access their organisation's PBX system from any telephone and use the PBX system to access corporate sites rather than the more expensive public long-distance network, DISA lines also represent a significant security risk to the organisation's PBX system. It is clear that if a user's DISA security codes were obtained by an unauthorised person it could lead to significant toll fraud.
Furthermore, it is not uncommon for Phreakers to illegally access the remote maintenance port and carry out reprogramming to establish previously described access routes and disable reporting features of the target system, such as call detail recording. Since attacks on PBX systems can originate outside the country in which the target PBX is located and phreakers typically cover their trails by way of complicated chains of PBX hacking, it may prove extremely difficult to identify the responsible party, should a PBX system be hacked into.
One of the most common forms of fraud associated with PBX hacking is call selling. Call selling is a process in which fraudsters who have gained illegal access to a PBX system sell high tariff calls below their true market value. Such call selling operations have been uncovered in numerous places around the world and in many cases have cost the PBX system owners thousands of dollars.
PBX systems are typically supplied by a vendor with a set of default passwords. The number of passwords required to gain access to a PBX system depends on the specific system in question but in general, most PBX systems employ at least two levels of passwords.
When a PBX system is installed at a client's premises, the default passwords are changed by the vendor installation and engineering staff. The resulting passwords must be used in all subsequent procedures in which access to the system is required (e.g. routine maintenance, fault diagnosis and specific programming to reflect personnel movements within the client organisation, additions and changes to the system) . In such circumstances, a PBX system is typically accessed either (a) remotely via a modem which is connected to the remote access maintenance port, or (b) by on-site engineering staff connecting directly to the system maintenance port .
In addition, some PBX systems which are connected to the customers' local area network (LAN) can be accessed during a TELNET session in which the engineer selects the system's PBX Internet Protocol (IP) address and manually inputs the PBX password.
Individual vendors can typically supply and install several thousand PBX systems. In such circumstance, the logistics of managing and distributing individual passwords for multiple sites can prove extremely difficult. In order to simplify the problem, a single vendor may frequently use the same single password on many, if not all, of the PBX systems they install. Clearly the use of a single password for so many PBX systems increases the risks of these systems being hacked into.
Beyond the problem of managing the distribution of passwords for large numbers of PBX systems, vendors also face the problem of ensuring that the passwords remain private. As indicated above, in current PBX systems, the vendor's engineering staff must know the password to a PBX system, in order to perform routine maintenance etc. on the system. However, when an engineer leaves the employment of a vendor (either to other employment or to establish their own ventures) the passwords may become known outside the vendor's company, thereby increasing the risk of hacking into a vendor's PBX system. Furthermore, since the vendor typically uses the same password on most of his PBX installations, a departing employee with knowledge of the password is taking with them know-how of some substantial value. In particular, the vendor may suffer substantial revenue loss if the departing employee offers his services to the vendor's customer base.
One way of reducing the above risks would be to change the passwords of PBX systems on a regular basis. However, the results of previous studies suggest that approximately 50 man-hours would be required to change passwords on one thousand PBX systems. This estimate is perhaps unrealistic as it based on the assumption that no access problems were encountered as a result of faulty lines, remote modem problems or difficulties with the remote access maintenance port. Thus the amount of time which would normally be required to change the passwords on one thousand PBX systems may substantially exceed the above estimate. Clearly, this represents a substantial investment of time and resources which a vendor may not be in a position to make .
Furthermore, the possibility of introducing errors into the passwords during such updating processes is also a deterring factor for vendors. Thus, taking into account the cost of updating the PBX passwords and the possibility of introducing errors into the passwords, vendors are understandably reluctant to update the passwords of their PBX systems on a regular basis, even though it is recognised that installed PBX systems are rendered more vulnerable to hacking as a result .
Disclosure of Invention
According to the invention there is provided a password management system comprising a password changing means which in turn comprises a password generating means and a password communication means, wherein an at least one password generated by the password generating means is communicated by the password communication means to a target system.
Preferably, the target system is a telecommunications system.
Preferably, the target system is a PBX system.
Desirably, the password management system further comprises a password replication means.
Desirably, the password replication means employs the password generating means to generate a replica of the at least one current-, password of the target system. Preferably, the password replication means employs the date of a password replication request together with an identifier of the target system to generate a replica of the at least one current password of the target system.
Desirably, the password replication means displays the replica of the at least one current password of the target system to a user.
Preferably, access to the password replication means is restrictable to selected personnel.
Preferably, the password management system further comprises a password activated access management system which employs the password generating means to generate a replica of the current at least one password of a target system without displaying the replica of the at least one current password of the target system.
Desirably, the password activated access management system resides on at least one computing device.
Preferably, the password activated access management system resides on at least one mobile computing device.
Desirably, access to the target system is provided by connection of at least one of the at least one computing device to the target system. Desirably, the at least one of the at least one computing device is connectable to the target system directly through a communications port.
Alternatively, the at least one of the at least one computing device is connectable to the target system through a LAN.
According to a first aspect of the invention, there is provided a password management system comprising a password changing means residing in a target system which in turn comprises a password generating means and a password communication means, wherein an at least one password generated by the password generating means is communicated by the password communication means to the target system.
Desirably, the password changing means is triggered by the target system.
Preferably, the password communication means is in communication with the password generating means to retrieve an at least one password generated by the password generating means.
Preferably, the password communication means transmits the at least one password generated by the password generating means to the target system.
Desirably, the password changing means is capable of instructing the target system to replace an at least one password stored on the target system with the at least one password generated by the password generating means.
According to a second aspect of the invention, there is provided a password management system comprising a password changing means which in turn comprises a password generating means and a password communication means, wherein the password changing means and the password communication means are resident in a server in communication with the target system and at least one password generated by the password generating means is communicated by the password communication means to the target system.
According to a third aspect of the invention, there is provided a password management system comprising a password changing means which in turn comprises a password generating means and a password communication means, wherein the password changing means and the password communication means are resident in a server in communication with the target system over a PSTN and at least one password generated by the password generating means is communicated by the password communication means to the target system.
Desirably, the password changing means is capable of instructing the target system to replace an at least one password stored on the target system with the at least one password generated by the password generating means. Preferably, the password changing means further comprises a password verification means which is capable of verifying the password transmitted to the target system, before the password is stored by the target system.
According to a fourth aspect of the invention, there is provided a password management system comprising a password changing means which in turn comprises a password generating means and a password communication means, wherein the password changing means and the password communication means are resident in a server which is in direct communication with the target system wherein the server is located in proximity to the target system, and at least one password generated by the password generating means is communicated by the password communication means to the target system.
Preferably, the password changing means is triggered by a scheduler in the password management system.
Preferably, the password changing means is capable of instructing the target system to replace an at least one password stored on the target system with the at least one password generated by the password generating means.
Preferably, the password generating means encrypts the passwords. Preferably, the password generating means employs an algorithm for password encryption.
According to a fifth aspect of the invention there is provided a method of changing an at least one password of a target system, comprising the steps of: generating at least one new password; establishing communications with the target system; transmitting the at least one password to the target system; instructing the target system to replace its at least one existing password with the at least one transmitted password; wherein the target system for the password change is a telecommunications system.
Preferably, the method of password change includes a triggering mechanism whose frequency can be set by the user.
According to a sixth aspect of the invention there is provided a method of changing the at least one password of a target system from a remote server through a PSTN comprising the steps of: (a) generating at least one new password; (b) establishing communications with the target system; (c) transmitting the at least one password to the target system; (d) verifying the at least one transmitted password; and (e) instructing the target system to replace its at least one existing password with the at least one transmitted password.
According to a seventh aspect of the invention there is provided a method of changing the at least one password of a target system from a proximal server through a direct connection to the target system comprising the steps of: (a) generating at least one new password; (b) establishing communications with the target system; (c) transmitting the at least one password to the target system; and (d) instructing the target system to replace its at least one existing password with the at least one transmitted password.
According to an eighth aspect of the invention there is provided a method of displaying the current at least one password of a target PBX system to restricted personnel comprising the steps of: (a) checking whether the requester is authorised to obtain password status data; (b) obtaining an identifier of the target PBX system; (c) obtaining the date/time of the replication request; (d) combining the identifier of the target PBX system with the date/time of the replication request to generate a replica of the password of the current password of the target PBX system; and (e) displaying the current at least one password of the target system to the requester.
According to a ninth aspect of the invention there is provided a method of enabling an authorised person to gain access to a password protected target PBX system without displaying the at least one current password of the target PBX system to the authorised person comprising the steps of: (a) connecting the computing device to the target PBX system; (b) checking whether the requester is authorised to gain access to the target PBX system; (c) obtaining an identifier of the target PBX system; (d) obtaining the date/time of the connection to the target PBX system; (e) combining the identifier of the target PBX system with the date/time of the connection to the target PBX system to generate a replica of the at least one current password of the target PBX system; (f) establishing communications with the target PBX system and transmitting the replica of the at least one current password of the target PBX system to the target PBX system; wherein the password is not displayed to the authorised person during or after transmission to the target system.
According to a tenth aspect of the invention there is provided a password management system capable of running the methods of the previous aspects of the invention.
According to an eleventh aspect of the invention there is provided a password management product capable of running the methods of the previous aspects of the invention, resident on a storage means .
Preferably, the storage means is a disk.
Object of the Invention The object of the invention is to overcome the problems of the prior art.
Advantages of the Invention
Traditional password models employ a fixed password which can be manually changed by a user. Typically these passwords are changed infrequently (e.g. once a month) if changed at all. The present invention inverts the traditional password model and provides a automatic dynamic password management system.
At its simplest level, the present invention provides a system for managing and automating the secure deployment of multiple passwords to multiple PBX systems. The system enables the passwords of target PBX systems to be changed on a regular basis the frequency of which can be established by the user. Since the password changing process is conducted automatically, the passwords can be changed much more frequently than those of a traditional manual password changing system. For instance, it may be possible to change passwords every day/hour etc.
Central to the present invention is the concept that the shorter the lifetime of a password, the shorter the window of opportunity for a hacker to use the password. Thus the present invention represents a dramatic leap forward in the development of password-based PBX security systems by providing a means of moving from the traditional pseudo-static password-based security paradigm to a security system based on the concept of a dynamically changing password-space.
To enhance the security of the present invention, the passwords generated by the password management system are transmitted to target PBX systems in encrypted form. A further innovative development provided by the present invention is the use of the dynamic paradigm underlying the password changing system in the password generation process. Using this dynamic password generation model, one of the key variables used in generating a password is the date and/or time at which the password change was originally initiated. Thus the present invention not only dynamically changes the passwords of client PBX systems it also dynamically changes the generation process for the passwords themselves. Collectively, these two processes dramatically increase the complexity of the problem faced by hackers in attempting to obtain the passwords of a PBX system.
To further enhance the security of the present invention, at least two modes of operation of the password management system generate and transmit passwords to a target PBX system in a closed system which is physically or otherwise protected from external unauthorised public access. Indeed, in one of the configurations of the present invention the password generating software module is directly integrated into a PBX system, so that there is no password transmission to the PBX system from an external source.
Characteristically, the present invention does not maintain an archive of the passwords generated by the password changing system. The absence of the archive is intended to ensure that there is no central repository of the passwords of client PBX systems that might be accessed by unauthorised persons. Whilst this feature further enhances the security of the present invention, the lack of an available record of the current password of a client PBX system makes it very difficult for vendors to perform routine maintenance and other modifications (e.g. specific programming to reflect personnel movements within a client organisation to a client PBX system. The present invention provides a method of generating replicas of the current passwords of client PBX systems through the synchronisation of an external device with the password changing system of a client PBX, without requiring the connection of the external device to the client PBX system. Thus this feature provides a method for a vendor to determine the current password of a client PBX system and thereby remotely gain access to the PBX system, to perform maintenance and other routine operations on the PBX system without compromising the security of the system.
Finally, the present invention provides a means for regenerating the current password of a client PBX system by a similar synchronisation process as that mentioned above, to enable an engineer to gain access to a client PBX system without revealing the current password to the engineer.
In general, the present invention is a new password management and replication system that deploys a secure method for changing, managing and replicating unique passwords for multiple PBX and adjunct systems.
The system of the present invention is a transparent integrated suite of system control and application software modules used to change, manage and replicate passwords for one or more PBX or adjunct systems. In addition to changing, managing and replicating passwords for PBX systems, the system of the present invention can also be used to provide greater security for other systems such as routers, modems and any other communications devices which are password protected.
Brief Description of Drawings
An embodiment of the invention will now be described with reference to the accompanying drawings in which: Figure 1 is a flow-diagram showing a broad overview of Mode 1 operations of the password management system; Figure 2 is a flowchart providing a more detailed overview of the Startup Phase of the Mode la (Dialup Mode) operations of the password management system shown in Figure 1; Figure 3 is a flowchart providing a more detailed overview of the Dialling Phase of the Mode la (Dialup Mode) operations of the password management system shown in Figure 1 ; Figure 4 is a flowchart providing an overview of the Mode lb (Direct Connection Mode) operations of the password management system; Figure 5 is a flow-diagram providing an overview of Mode lc (Integrated Mode) operations of the password management system; Figure 6 is a flowchart of the User Input Manual Mode operations of the password management system; Figure 7 is a flowchart showing an example of the operation of the password generating algorithm employed by the password management system. Figure 8 is a flowchart providing an overview of the Mode 2 operations (Help Desk Mode) of the password management system Figure 9 is a flowchart of the Mode 3 Operations (Engineer Logon Mode) of the password management system in both direct and Telnet modes; Figure 10 is a block diagram showing the software architecture of the password management system; Figure 11a is a block diagram showing a first configuration of an SPMS Server Module of the password management system; Generation Module Integrated within a PBX; Figure lib is a block diagram showing a second configuration of the SPMS Server Module of the password management system in which a dial up connection is made across a PSTN between the SPMS Server and a PBX device; Figure lie is a block diagram showing a third configuration of the SPMS Server Module of the password management system in which the SPMS Server is directly connected to a PBX device; and Figure 12 is a flowchart of the operation of an SPMS Manager Module of the password management system.
The embodiment of the invention will also be described with reference to the accompanying tables in which: Table 1 lists the operational parameters included in an initialisation the password management system; and Table 2 lists the parameters included in an SPMS Master Database of the password management system.
Modes for Carrying Out the Invention
In the following description, the password changing means and the password generating means will be known as the SPMS Server Module and the password generation algorithm respectively. Further, the password replication means and the password activated access management system will be known as the SPMS Helpdesk Module and the SPMS Engineer Logon Module respectively.
The description will first focus on the operation of the software for the password management system and will then turn to a discussion of the software architecture of the system and a detailed analysis of the operation of individual software components with a view to how these components relate to the overall functionality of the password management system.
OPERATION OF PASSWORD MANAGEMENT SYSTEM SOFTWARE
The Password Management System can be broadly described as having three main modes of operation, Mode 1 in which password changes are made automatically to PBX systems, Mode 2 in which a vendor/customer may obtain a replica of the current passwords of their PBX systems and Mode 3 in which an engineer may be connected to a PBX system without ascertaining the current PBX system password.
Each of these Modes of operation will now be described in greater detail.
MODE 1 OPERATIONS;
As mentioned above, in this operational mode, processing is performed automatically by the password management system. A specific software module of the password management system is responsible for Mode 1 processing, namely the SPMS Server Module. The SPMS Server Module will be described in greater detail later when discussing the software architecture of the password management system.
The initial stages of Mode 1 operations take different forms depending on where the SPMS Server Module is located. In one form of Mode 1 operation (Mode la or Dialup Mode Operations) the SPMS Server Module resides on an SPMS server which may be located some distance from the PBX system and may communicate with the target PBX system across a PSTN.
In another form of Mode 1 operations (namely Mode lb or Direct Connection Mode Operations) the SPMS server may be located adjacent to the target PBX system and in communication with the target PBX system through its serial port .
In the final form of Mode 1 operations (namely Mode lc or Integrated Mode Operations) , the SPMS Server Module resides in a target PBX system.
If the SPMS Server Module is located on the SPMS server and not the target PBX system, then regardless of the location of the SPMS server, on commencement of Mode 1 operations the SPMS Server Module must identify and connect to a target PBX to enable password change. All the information required for making a connection to the target PBX and changing the passwords of the target PBX system (e.g. target modem number, modem speed, parity, system type and current passwords) are contained in a database associated with the SPMS Server Module (i.e. the SPMS Server Module Database) .
Figure 1 is a flow-diagram showing a broad overview of Mode 1 operations (including the PBX connecting steps of Mode la and Mode lb operations) . Given that Mode la and Mode lb require additional operational steps than Mode lc (in connecting to a target PBX system) , for the sake of simplicity this broad overview of the Mode 1 operations will focus on the steps performed by all three forms of Mode 1 operations and will later deal with the steps specifically associated with each of three forms of Mode 1 operations. Referring to Figure 1, once the SPMS Server Module makes contact with a target PBX 10 and logs onto 12 the target PBX , the SPMS Server Module generates a new password 14 for the target PBX. The SPMS Server Module then changes the existing password of the target PBX to the newly generated password 16 and updates 18 appropriate databases and then logs off the target PBX 20.
The number of passwords which can be changed during Mode 1 operations can be varied according to the requirements of the target PBX system and customer/vendor requirements and set by the variable StrLevel which is stored in an initialisation file..
Mode 1 operations are performed periodically at intervals established in the SPMS Server Module Database. The intervals for such Mode 1 operations can be set as daily, weekly or monthly in accordance with vendor/client requirements.
In the event that a Mode 1 operation on a target PBX is unsuccessful, repeated attempts are made at the Mode 1 operations. The number of repeat attempts at Mode 1 operation is also established in the SPMS Server Module Database and can be varied according to specific vendor/client ' s requirements. In the event that the repeated Mode 1 operations are unsuccessful, an alert is raised, a history file is generated and an email message generated to the system manager. The email address of the recipient system manager is specified by the field EmailAddrl in Table 1.
Having provided a brief overview of the Mode 1 operations of the password management system, the description will now provide a detailed description of the stages involved in the Mode 1 Operations focussing on the specific steps performed in each of the three different forms of Mode 1 operations.
Mode la; SPMS Software in a remote SPMS server communicating with a target PBX across a PSTN
The Mode la operation of the SPMS system is designed to enable a vendor to distribute passwords to multiple client PBX systems from a single site. As will be recalled, in this form of Mode 1 operation an SPMS server is remotely located from a target PBX and communicates with the target PBX through a PSTN. In this case the SPMS Server Module is launched by the scheduler of the server's Operating System.
Initialisation Stage:
When the SPMS Server Module is resident in an SPMS server as opposed to a target PBX then regardless of the location of the SPMS server (i.e. whether beside or remote from the target PBX [Mode la or Mode lb operations]), the first task of the SPMS Server Module once launched, is to read data from an Initialisation file stored on disk 30. The variables stored in the initialisation file are shown in Table 1. For security purposes this file is encrypted. The SPMS Server Module completes the Initialisation Phase of the Mode la operations by verifying the integrity of the initialisation file. The initialisation stage is implemented by the Program_start () routine which enables the scheduler to launch the SPMS Server Module. The Program start () routine initialises the SPMS Server Module and in turn calls the following routines:
(a) Read_ini_file () This routine spawns a read from initialisation file to get the parameters listed in the initialisation file (described in table 1) .
(b) GetJoaudRate ( ) This routine loads the Port settings with the baudrate parameters read from the initialisation file
(c) Get_Frequency ( ) This routine retrieves the value of the frequency parameter from the initialisation file.
(d) Open_port () This routine opens the port specified in the initialisation file. If no port exists or the port does not open an Error message is flagged to the password management system software and is processed. Having completed the Initialisation Phase, the SPMS Server Module then implements the Startup Phase of the Mode la operations.
Startup Phase
The Startup Phase of the Mode la operations shown in Figure 1 is shown in greater detail in Figure 2. The Startup Phase comprises a combination of sub routines ( GetLicenses () that read and verify license agreements 32.
When the license agreements are verified the SPMS Server Module connects 34 to a SPMS Master Database 35. The variables stored in the SPMS Master Database 35 are shown in Table 2. Since the Mode la operation of the SPMS system permits a vendor to transmit passwords to multiple sites, it will be understood that the SPMS Master Database 35 contains multiple entries, wherein each entry contains the values of the variables (specified in Table 2) specific to a given client PBX system.
The SPMS Server Module queries 36 the SPMS Master Database 35 to download the various parameters stored within, and associated with each PBX. These parameters include the telephone number of the target PBX system, the Baud rate of remote PBX system, a site specific identifier (namely Si telD) and the current passwords of the target PBX system. The software elements responsible for connecting to and querying the SPMS Master Database 36 are as follows:
(a) ConnectDatabase () This routine connects to the SPMS Master Database for loading stored PBX parameters, it uses Jet for Access and SQL Databases. If a connection cannot be made then an error is flagged and processed.
(b) AssignCli entDetails () This routine reads data parameters from the password management system database and stores them in variables for future manipulation.
In Mode la and Mode lb operations (i.e. where the SPMS Server Module is resident on an SPMS server and not on the target PBX system) when the transfer of data from the SPMS Master Database 36 is complete, the Startup Phase of the Mode 1 operations is completed and the SPMS Server Module implements the Dialling Phase of the Mode la/Mode lb operations. The Dialling Phase connects the SPMS server to the target PBX system. In the Mode la operations, the connection to the target PBX is made by dialling the target PBX through the PSTN. In the Mode lb operations, connection is made directly to the target PBX system.
Dialling Phase The Dialling Phase of the Mode la operations shown in Figure 1 is shown in greater detail in Figure 3.
In the first step of the PBX Dial Phase, the SPMS server operating under MScomm opens an appropriate serial port and dials 40 the target PBX system using the PBX parameters of the relevant client PBX system (determined from the client records retained on the SPMS Master Database, the variables stored in the SPMS Master Database are shown in Table 2) .
The SPMS Server then waits for a "connect" to be received from the called Modem 42, upon receipt of the "connect", the SPMS Server polls 44 for a system prompt from the PBX. Upon receipt of the system prompt, the SPMS Server then "Logs On" 46 to the remote system using the current password stored in its SPMS Master Database 35. The variables stored in the SPMS Master Database 35 are shown in Table 2.
The specific software elements responsible for the Dialling Phase are as follows :
(a) Dial () This routine dials the target PBX telephone number stored in record 1 of the database and waits for connection from the remote modem.
(b) TmrDiaK) This routine waits a predetermined length of time (the length of which is specified in the initialisation file) for "connection" from remote modem to be received.
If the connection is not received within the allotted time an error is raised and processed. If however, the connection is made within the allotted time, the routine CheckCommandPrompt ( ) is called.
(c) CheckCommmandPrompt () This routine waits a predetermined length of time (the length of which is specified in the initialisation file) for a PBX command prompt to be received. This exact content/detail of the prompt will differ depending on the type of PBX being contacted (details of the type of PBX being contacted are stored in the PBXType variable in the initialisation file) .
If a prompt is not received from the target PBX within the allotted time an error is raised and processed. If however, the prompt is received within the allotted time, the routine Login O is called.
(d) Login O This routine logs onto the target PBX, however the specific details of an actual logon sequence differ depending on the type of PBX system contacted. As before, the details of the type of PBX being contacted are stored in the PBXType variable in the initialisation file. On completion of the Dialling Phase, the Mode la operations enter the Password Changing Phase 48. The process of changing a password can be broadly described as a two-step procedure as follows:
Step 1: The current values of a number of password descriptor variables are read from a database stored in the PBX. The password descriptor variables in question include the following: (i) the current level 1 and level 2 passwords (for a two level security system) (namely strCurrentLevellPas sword and strCurrL2Password) (ii) the type of PBX in question (namely StrType_Of_PBX) (iii)the maximum password length (namely intMaxPasswordLength) (iv) A customer/vendor site specific identification code (namely strSi teld)
Step 2 : A new set of passwords is generated and stored 115 in the password descriptor variables strNewLl Pas sword and strNewL2Pas sword (for a two- level security system) .
The two steps mentioned above provide a broad description of the password changing process, however, the specific details of the manner in which password change is performed varies depending on the type of PBX on which the password change is being implemented. For instance, in one type of PBX system the password changing system software module loads an overlay and sets the values PBX variables NewPassWordl and NewPassWord2 to strNewLlPas sword and strNewL2 Pa sword respectively.
Similarly, in another type of PBX system, the password changing system software module may make a backup of the existing password file with a time and date stamp, and overwrite the current values of the PBX password variables with strNewLlPas sword and strNewL2 Pas sword respectively.
The process of password change implemented on all other types of PBX systems is performed in a similar manner of the either of the above-mentioned mechanisms or derivative therefrom.
Once the PBX passwords have been changed the password changing system software module updates its history and client detail databases with the details of the old and new password parameters. This information can then be used as a full audit trail of the target PBX passwords, in the event of problems arising with procedures and subroutines used in communicating with a target PBX.
Because of the potential for errors to be introduced into a password transmitted over a PSTN. The veracity of the passwords communicated by the SPMS Server Module to the target PBX system over a PSTN is checked 50 to verify that the passwords transmitted to and provisionally stored in the target PBX system are in fact the passwords newly generated by the SPMS Server Module. If so, it then transmits a request to the remote system to store them. Once this task is complete the SPMS Server then records all of the transactions in its history and client details databases. If not then the password cycle is executed a further time.
The specific software elements responsible for implementing the Password Changing Phase of the Mode la operations is as follows:
(a) GeneratePas sword () This routine gathers the parameters necessary to generate a new password. The GeneratePas sword () routine stores the passwords in two variables namely strnewLlPas sword and strNewL2Password.
(b) ChangePas swords () This routine changes the existing PBX password values with the values stored in the strnewLlPas sword and strNewL2 Pas sword variables.
(c) Ver ifyPas swords () This routine verifies that the new passwords are now designated as the current passwords of the target PBX system.
(d) S 'tor ePas swords () This routine writes the new PBX system passwords to the hard drive of the PBX server. (e) UpdateClientDetails () This routine writes the values of variables associated with a password changing session to a Clientdetails database. The variables in question include the details of the Old passwords, New Passwords, date of change, success/Failure flag.
(f) UpdateHistoryFile O This routine writes the values of variables associated with a password changing session to a History database. The variables in question include details of the Old passwords, New Passwords and the date of the password change. The above variables are stored in the history database for easy retrieval in the event of problems occurring.
Transmission End Phase Once the Password changing phase of the operation is complete the SPMS Server Module logs off the target PBX 52 and terminates the call. The SPMS Server Module then reads the next record from the SPMS Master Database and dials the next PBX system 54.
If at any time the end of the database is reached , then a Boolean variable EODatabase is set true. When EODatabase is true, the software calls the End of Program EOP () routine which conducts all the end of program tasks such as closing all the databases and communication ports, emailing the details and results of all transactions to EmailAddrl and then calling closedown () . The specific software elements responsible for the Transmission End Phase are as follows .-
(a) HangupClosePortDialNext () This routine Hangs up on the present call, closes the communications port, and calls the DialNext O subroutine.
(b) DialNext () This routine moves the password management system software module to the next PBX record in the SPMS database. The DialNext O routine checks to see if it is the last record +1, if so it calls the End of Program routines (EOP) .
(c) End of Program (EOP) () The EOP routine processes end of program tasks as follows: (1) CloseConnections 0 Closes all databases and ports. (2) Email () Generates a file containing success and failure statistics and emails the file to the recipient designated in the initialisation file (refer to Table 1) field Emailaddrl . (3) EndProgram O Ends the Program by carrying out an orderly shutdown.
If the DialNext O routine finds that the next record in the SPMS server database is not the last client record (i.e. records still exist), all parameters are reset with respect to the last call.
Control is then handed back to the ConnectDatabase () routine to retrieve the next record and a call is placed to routine Dial 0 . The password management system software module then loops through the steps following the Dialling, Password Change and Transmission End Phases until no records remain.
Having discussed in some detail the steps involved in the Mode la operations it is worthwhile discussing the operations which occur during any of the above steps in which data is transferred between the SPMS server and the target PBX.
In such circumstances, when data reaches the serial port of the SPMS server, a routine onComm O raises a comEvReceive flag and hands control over to a Decodelnput () routine. The Decodelnput ( ) routine interrogates the inbound data stream and depending on its content redirects the password management system program flow to the various routines assigned to handle it. The Decodelnput 0 routine also updates the GUI with copies of actual inbound and outbound data.
Modes lb and lc Operations
As discussed above, the Mode la operations of the SPMS software provides an automatic, dynamic password changing system which enables a vendor to overcome the logistical problems of managing the deployment of multiple passwords to multiple PBX systems . This system thereby increases the security of client PBX systems by reducing the risk of hackers obtaining the passwords of client PBX systems through reducing the effective lifetime of a PBX password.
To further enhance the security of the SPMS system, in the Mode lb and Mode lc operations of the SPMS software, the passwords newly generated by the SPMS software are communicated to target PBX systems through private, non-publicly accessible media. For instance, in Mode lb operations of the SPMS software, the passwords are generated by a PC (owned by a client PBX owner) which is physically located adjacent to a target PBX system. The PC is connected to the target PBX system through a direct serial connection therebetween.
Mode lc operations of the SPMS system, takes the process of protecting the security of the passwords transmitted to a target PBX system a step further, by incorporating the SPMS password changing module of the SPMS system into a target PBX system itself, thus producing an autonomous, dynamic, automatic password changing system which does not need external connection to a PC or server.
Characteristically of both the Mode lb and Mode lc operations of the SPMS software, the installation of the software in each case is intended for a single user (i.e. client PBX system) . Thus the Mode lb and Mode lc operations of the SPMS software would not be suitable for transmitting passwords to multiple PBX sites from a single server. Consequently the SPMS Master Databases 35 (see Table 2 for details) for the Mode lb and Mode lc operations, do not contain multiple entries for multiple PBX sites, but instead contain entries for the single PBX site to which each SPMS Master Database 35 is connected.
Having provided a broad overview of the principle of operation of the Mode lb and Mode lc operations of the SPMS software, the description will continue with a more detailed discussion of the Mode lb and Mode lc operations in turn.
Mode lb: Software resides in a Server located proximal to a Target PBX
Referring to Figure 4, in this case the SPMS server 60 is directly connected to a target PBX system 62 via a serial port. When the software is launched, the SPMS Server Module logs on to the target PBX system 62 using passwords stored in its database in accordance with the Dialling and Startup Phases described for Mode la operations.
Having logged onto the target PBX 62, the SPMS Server Module changes the old passwords of the target PBX system for new passwords in accordance with the Change Password Phase previously described for Mode la operations. However, since the connection between the SPMS server and the target PBX system is made directly through the serial ports of both systems, rather than a PSTN, the chances of transmission errors being introduced into the passwords is reduced and thus verification of the transmitted passwords is not required.
Mode lc ; Software Resident in Target PBX System
Figure 5 shows Mode lc operations. In Mode lc operations, the SPMS Server Module lies dormant within a client's PBX system 100 until it is launched by the PBX scheduler, at a prescribed time 105.
Once launched the SPMS Server Module, retrieves operational parameters 110 from an initialisation file stored in a PBX database. The operational parameters contained in the initialisation file are shown in Table 1.
The value of the variable strAuto_run is set "I" (to indicate that the SPMS Server Module and Password Generation Module are integrated into the target PBX) and the SPMS Server Module which is resident in the PBX changes the password of the PBX.
The manner in which the passwords are changed 48 in the Mode lc operations is the same as is implemented in the Mode la operations as described above. Once the PBX passwords have been changed the password changing system software module updates its history and client detail databases with the details of the old and new password parameters. This information can then be used as a full audit trail of the target PBX passwords, in the event of problems arising with procedures and subroutines used in communicating with a target PBX.
Whilst the above description of the different forms of Mode 1 operations have focussed on automatic operations, it should be recognised that Modes la and lb of operation can also be operated manually as in Figure 6.
Mode 1 Operations: PASSWORD GENERATION ALGORITHM
The description of the Mode 1 operations so- far has focussed on the method of initiating a password changing session and the method of communicating newly generated passwords from the SPMS software (whether resident on a server, dedicated PC or within a PBX system itself) to a target PBX. In effect, the description has so far shown how the SPMS software provides a dynamic automated method of changing the passwords of PBX systems. However, the description has not shown how the passwords themselves are generated by the SPMS software.
The following description will focus on the password generation function of the SPMS software. The password generation algorithm of the SPMS software extends the concept of the dynamic password changing capability of the SPMS software to form the basis for the password generating function of the software. Thus, not only does the SPMS software implement a dynamic process for automatically changing PBX passwords, the software also employs the dynamic nature of the password changing process to generate the passwords themselves.
Key to the operation of the password generating algorithm is the date/time at which a password changing operation is initiated. The algorithm combines the date/time of the operation together with other specific variables to generate a variable which when encrypted provides a resultant password.
For the purposes of explaining the general workings of the algorithm it is necessary to take a simple approach and review a trivial data-set and apply string reversal as the basic algorithm. Figure 7 shows an exemplary operation of the password generation algorithm.
The password generation algorithm employs two variables, namely the Si telD and the date to generate passwords for a PBX system. The Si telD variable is a character or integer representation of a client's site name. For the purposes of example, the string "TEST" is used as a Si telD 270. For the purposes of example the date variable is represented as 28/01/2003 272.
The SitelD variable and the date variable are combined 274 to produce a single string of characters which is assigned to a further variable entitled Str_2_Encrypt .
Thus, using the above example data, the Str_2_encrypt variable becomes TEST28012003 276.
The SPMS encryption algorithm 278 will reverses the string to produce a new variable Str_Encrypted which in the case of the present example becomes 30021082TSET.
The Str_Encrypted variable becomes the Password for Site TEST on 28th January 2003 280. In a similar manner, if the run date of the password generation algorithm is 13/03/2003 (and using the same SitelD "TEST" as used earlier) , the Str_encrypted variable becomes 30023031TSET.
The above Algorithm also uses strong encryption methods (e.g. EIGamal, 3DES (Data encryption standard) , AES (Advanced Encryption Standard) , RSA IDEA (International Data Encryption Algorithm) , Blowfish or CAST) to enhance the security provided by the Str_encrypted password. Since the password generating process is inherently deterministic in nature, separate servers/PC's running separate copies of the SPMS application will generate identical passwords provided the input data (in this case Site ID) is identical.
The password generating process is employed in all of the operations of the SPMS software. In particular, the password generating process is employed for: (a) generating new passwords to change the passwords of target PBX systems (b) generating replicas of current passwords of PBX systems to enable authorised persons to gain access to the target PBX systems.
In relation to the process of generating replicas of current PBX passwords, the inherently deterministic nature of the password generating process is central to the password replication process employed in the Mode 2 and Mode 3 operations to be discussed below.
Finally, it will be understood that all software modules and operations employing the discussed password generating algorithm are adapted to take into account different time zones
MODE 2 OPERATIONS (Help Desk Mode) :
In order to gain access to a client PBX system to perform routine maintenance and other operations (e.g. restrictions on user-accounts etc) on the system, a vendor must know the current password (s) of the client PBX system. Under traditional password management systems, this did not create a particular problem for vendors, because the vendor typically used a single password for all of its installations or the passwords were changed very infrequently.
In the SPMS system however, PBX passwords are changed automatically by the SPMS software (without the intervention of the vendor) and can be changed at frequent intervals. Since no external record is kept of the passwords of a client PBX system (to enhance the security of the system) , the vendor would have some difficulties in determining the password of the client PBX system and in gaining access to client PBX systems to perform routine maintenance etc.
The Mode 2 operations of the SPMS system provides a tool which enables a vendor to generate a replica of the current password of a client PBX system. Central to the password regeneration process of the Mode 2 operations is the fact that there is no distribution of current PBX passwords from a target PBX system, central server or other archive to the Mode 2 operations user. Consequently there is no need for a vendor's PC to be in any way connected to a target PBX system or other password archive to determine a current PBX password. Instead the Mode 2 operations of the SPMS software employs the inherent determinism of the original password generating algorithm for the client PBX system to enable the regeneration of a replica of a current PBX password.
It should be noted that whilst the Mode 2 operations of the SPMS software are primarily intended for the use of a PBX vendor, it is also envisaged that this mode of operations could also be used by the vendor's customers should the customers require knowledge of the current password of their PBX systems.
When a customer or vendor requires the current password of a PBX system, designated employees of customer/vendor (henceforth known as Help Desk personnel) initiate Mode 2 operations by launching the application. On launching the application, the Helpdesk Module reads data from an Initialisation file stored on disk. The initialisation file contains various parameters and flags e.g. maximum allowed password length, allowed frequency of requests, user authentication details. To enhance the security of the system, this file is encrypted, furthermore these authentication details once set cannot be altered. These strong security measures are implemented to ensure that a vendor or client company cannot obtain password information relating to other user companies.
Referring to Figure 8, having launched the application, the designated employee of the vendor or customer users are requested to enter a password (henceforth known as the customer ID) 130. If the password entered by the personnel is authenticated by the Helpdesk module, the module requests the authorised user to enter a site Name/ID which specifically identifies the target PBX.
The password generating algorithm (described above) combines the site Name/ID of the target PBX system with the date/time stamp of the password request to generate 134 a replica of the current password of the identified target PBX system. Key to the password replication process is the synchronisation of the clock of the vendor's PC (running the Helpdesk Module) and the clock of : (a) the server connected to a target PBX system through a PSTN (in Mode la operations) or (b) a PC directly linked to a target PBX system (in Mode lb operations) or (c) the target PBX system itself (in Mode lc operations) .
Clearly, if the clock of the vendor's PC (running the Helpdesk Module) is not synchronised with the clock of the system running the password changing/generating Mode 1 operations, the password (s) generated by the Mode 2 operations may not match the actual current password (s) of the target PBX system.
Once the replica of the current password of the target PBX system has been generated the password is displayed 136 to the appropriate Help Desk personnel .
Mode 3 Operations (Engineer Logon Mode) ;
A module known as an Engineer Logon Module is provided to engineers of the vendor company. The Engineer Logon Module enables an engineer to directly connect to a client's PBX system for the purpose of service, maintenance and authorised system programming, without revealing the current password (s) of the client PBX system. An engineer may connect a mobile computing device (e.g. a laptop computer) to a PBX system either directly through a serial port or through a client's local area net (LAN) via a SPMS Telnet session (provided that the target PBX system itself is connected to the LAN) .
Once the laptop computer is connected to the target PBX maintenance port or to the appropriate LAN, the Engineer Logon Module is launched. On launching the application, the Engineer Logon Module reads data from an Initialisation file stored on disk. The initialisation file contains various parameters and flags e.g. maximum allowed password length, frequency of allowed engineer logons, Baud Rate of connection, port settings and User authentication details.
To enhance the security of the system, the initialisation file is encrypted, furthermore these authentication details once set cannot be altered. These strong security measures are implemented to ensure that a vendor or client company cannot obtain password information relating to other user companies .
Referring to Figure 9, having launched the application, the engineer is requested to enter a password (henceforth known as the engineer password) . If the password entered by the engineer is authenticated by the Engineer Logon Module 140, the Engineer Logon Module 140 will request the authorised engineer to enter a site Name/ID 142 ( strSi telD) which specifically identifies the PBX system to which access is requested.
Once a valid site Name/ID has been received the Engineer Logon Module 140 employs the password generating algorithm (previously described) to combine the site Name/ID with the date/time of the engineer logon request to generate a replica of the current passwords 144 of the target PBX system.
As in the case of the Mode 2 operation (Helpdesk Module) the password regeneration process depends on the inherent determinism of the original password generation algorithm and on the synchronisation of the clock of the engineer's laptop (or other mobile computing device) with the clock of the: (a) server connected to the target PBX through a PSTN (in Mode la operations) or (b) PC directly connected to the target PBX (in Mode lb operations) or (c) the target PBX system itself (in Mode lc operations) . Depending on the type of PBX supported by the password management system, the Engineer Logon Module will log the engineer onto the required PBX system 146. at the selected level. In contrast with the Helpdesk Module (Mode 2 operations) the Engineer Logon (Mode 3 operations) does not display the current PBX system password to the engineer..
Once the engineer is logged onto the PBX system, the engineer is requested to close the Engineer Logon Module and launches his preferred communications package to continue.
SOFTWARE ARCHITECTURE
Referring to Figure 10, the password management system includes a system manager program 200 that comprises an interface management program 210 and four client programs which will be known henceforth as modules. The four modules of the password management system are known in turn as the SPMS Server Module 212, the SPMS Helpdesk Module 214, the SPMS Engineer Logon Module 216, and the SPMS Manager Module 218. All modules are capable of being run under the Windows or Unix operating systems. Whilst each module is capable of operating independently of the others, each module also conforms to a set of rules from which passwords are constructed and retrieved. Each of the four modules are discussed in greater detail below. (a) SPMS Server Module (212)
The SPMS Server Module 212 has the task of communicating with a target PBX system and changing its password (s) . Thus the SPMS Server Module 212 facilitates the Mode 1 Operations of the password management system.
The SPMS Server Module has three possible configurations shown in Figures 11a, lib and lie respectively. These three configurations are designed to facilitate the different forms of Mode 1 operations described earlier.
In its first configuration (Figure 11a) the SPMS Server Module 212 resides within a client's PBX system 240. Consequently, the SPMS Server Module 212 in its first configuration, is a single system programme device which can be shipped with new PBX's or added to existing systems as an upgrade. The first configuration (Figure 11a) of the SPMS Server Module 212 is designed to enable the automated password updating of Mode 1 operations, to overcome any problems which might arise from dialling target PBX's over a public switched telephone network.
In its second configuration (Figure lib) the SPMS Server Module 212 is a multi system device which can reside on a separate SPMS server 242 (under control of the vendor company) and communicates across a Public Switched Telephone Network (PSTN) 244 with the target PBX 240. The second configuration of the SPMS Server Module 212 includes a database (SQL or Access) which contains records of all target PBX's. Records can be added to the database at any time using the SPMS Manager function (to be described later) .
In its third configuration (Figure lie) the SPMS Server Module 212 resides on an SPMS server 246 located beside the client's PBX system 240 and connected directly to the PBX system 240 by way of a serial port. This is desirable in situations where the customer nominates to control his own system passwords.
In all of its configurations, the SPMS Server Module 212 includes a GUI which can be edited during manual mode. The variables which can be selected and actioned through the GUI include: (a) BaudRate: used to set communications speed with remote modem. (b) Com Port : used to communicate with SPMS server Modem (c) Frequency used to select the Frequency of Remote Password update. (d) Advance used to advance the database by a single record (e) Moveto start of Database (f) Moveto previous record (g) Moveto end of database. (h) Send a Carriage return to remote modem. (i) View History file entries. (j) View history of Passwords for a given site. (k) View system date (1) Dial current entry
(b) SPMS Helpdesk Module 214
The SPMS Help Desk Module 214 is an executable program file which is installed on a standard PC of a nominated customer and/or vendor. The SPMS Helpdesk Module 214 is used by a PBX Vendor service centre and/or customer service centre as a password finder to regenerate the password of a specific PBX system at any given time. Thus the SPMS Helpdesk Module 214 is the software component of the password management system which enables its Mode 2 operations (Help Desk Mode) .
The SPMS Helpdesk Module 214 includes a GUI which allows the user to set various parameters such as: (a) Site ID/Name (used to identify an individual vendor help desk/customer site) . (b) Frequency (used to determine the frequency of update)
Furthermore, the GUI of the SPMS Helpdesk Module 214 displays the vendor Co. name, User name and user ID authorised by license.
As discussed in relation to the description of the security aspects of the Mode 2 operations of the password management system, the SPMS Helpdesk Module 214 is a secure program which is password protected. As also discussed in relation to the Mode 2 operations, a specific SPMS Helpdesk Module 214 can only be used by a single customer and/or vendor company . The SPMS Helpdesk Module 214 uses the common password generation algorithm (previously described) to replicate the password (s) stored in the Server Master Database.
(c) SPMS Engineer Logon Module 216
The third module is SPMS Engineer Logon Module 216. The SPMS Engineer Logon Module 216 is an executable program installed at nominated standard laptop PCs and is used by mobile Engineering Staff. The function of the SPMS Engineer Logon Module 216 is to automatically log an engineer onto a PBX system without revealing the current password (s) of the PBX system. Thus the SPMS Engineer Logon Module 216 facilitates the Mode 3 operations of the password management system.
Like the SPMS Helpdesk Module 214, the SPMS Engineer Logon Module 216 is a secure programme which is password protected. To enhance the security of the password management system, the SPMS Engineer Logon Module 216 is only operable from the single laptop computer on which it is installed. To facilitate different methods of connection of an engineer's laptop to a target PBX system, the SPMS Engineer Logon Module 216 is itself provided with two separate modules .
The first module is known as the Direct Engineer Logon Module 220. This module requires an engineer's PC to be directly connected between a PC's Serial port and a PBX for communication between the engineer's PC and the target PBX system to take place.
The second module is known as the Telnet Session Engineer Logon Module 222. This module enables an engineer's PC to remotely connect to a target PBX through a LAN.
In common with the SPMS Helpdesk Module 214, the SPMS Engineer Logon Module 216 uses the common password generation algorithm (previously described) .
(d) SPMS Manager Module 218
The SPMS Manager Module 218 is a software tool used to input data and parameters to the SPMS Master Database. The SPMS Manager Module 218 has many components providing typical database and communications features that can be managed via this interface. The SPMS Manager Module 218 can be run in a standalone or networked environment. All data entered into the system through the SPMS Manager Module 218 is stored in the SPMS Master database .
The functions of the SPMS Manager Module 218 can be broadly divided into SPMS Master Database operations and Maintenance operations. Figure 12 shows a number of the software elements which enable the SPMS Manager Module 218 to perform its functions.
(a) Master Database Operations 248
(1) View Records 250 When selected this function returns all the records stored in the SPMS Master Database. (2) Add New Records 252 When selected this function permits a user to add records to SPMS Master Database. (3) Print Records 254 When selected this function prints a listing of all the records stored in SPMS Master Database.
(b) Maintenance 256 (1) Backup Database 258 When selected this function makes a backup copy of the Master Database. (2) Repair Database 260 When selected this function repairs a damaged Master Database (3) Init Modem 262 When selected this function initialises the modem connected to the server with settings appropriate for secure dialogue with PBX remote modem. (4) Manage Licenses 264 When selected this function allows a user to amend license details.
It should be recognized that the functionality of the SPMS Manager Module 218 should not be considered as being limited to the above described functions and indeed further functionality may also be included.
The invention is not limited by the example hereinbefore described which may be varied in construction and detail.
Table 1
Figure imgf000061_0001
Table 2
Figure imgf000062_0001

Claims

Claims: -
1. A password management system comprising a password changing means which in turn comprises a password generating means and a password communication means, wherein an at least one password generated by the password generating means is communicated by the password communication means to a target system.
2. A password management system according to Claim 1 , wherein the target system is a telecommunications system.
3. A password management system according to Claim 1 or 2, wherein the target system is a PBX system.
4. A password management system according to any preceding claim, which further comprises a password replication means.
5. A password management system according to Claim 4, wherein the password replication means employs the password generating means to generate a replica of the at least one current password of the target system.
6. A password management system according to Claim 4 or 5, wherein the password replication means employs the date of a password replication request together with an identifier of the target system to generate a replica of the at least one current password of the target system.
7. A password management system according to any one of Claims 4-6, wherein the password replication means displays the replica of the at least one current password of the target system to a user.
8. A password management system according to any one of Claims 4-7, wherein access to the password replication means is restrictable to selected personnel.
9. A password management system according to any preceding claim, which further comprises a password activated access management system which employs the password generating means to generate a replica of the current at least one password of a target system without displaying the replica of the at least one current password of the target system.
10. A password management system according to Claim 9, wherein the password activated access management system resides on at least one computing device.
11. A password management system according to Claim 9 or 10, wherein the password activated access management system resides on at least one mobile computing device.
12. A password management system according to any preceding claim, wherein access to the target system is provided by connection of at least one of the at least one computing device to the target system.
13. A password management system according to Claim 12, wherein the at least one computing device is connectable to the target system directly through a communications port.
14. A password management system according to Claim 12, wherein the at least one of the at least one computing device is connectable to the target system through a LAN.
15. A password management system according to any preceding claim, comprising a password changing means residing in a target system which in turn comprises a password generating means and a password communication means, wherein an at least one password generated by the password generating means is communicated by the password communication means to the target system.
16. A password management system according to Claim 15 , wherein the password changing means is triggered by the target system.
17. A password management system according to Claim 15 or
16, wherein the password communication means is in communication with the password generating means to retrieve an at least one password generated by the password generating means.
18. A password management system according to Claim 17, wherein the password communication means transmits the at least one password generated by the password generating means to the target system.
19. A password management system according to Claim 17 or 18, wherein the password changing means is capable of instructing the target system to replace an at least one password stored on the target system with the at least one password generated by the password generating means.
20. A password management system according to any one of Claims 1-14, comprising a password changing means which in turn comprises a password generating means and a password communication means, wherein the password changing means and the password communication means are resident in a server in communication with the target system and at least one password generated by the password generating means is communicated by the password communication means to the target system.
21. A password management system according to any one of Claim 1-14, comprising a password changing means which in turn comprises a password generating means and a password communication means, wherein the password changing means and the password communication means are resident in a server in communication with the target system over a PSTN and at least one password generated by the password generating means is communicated by the password communication means to the target system.
22. A password management system according to Claim 20 or 21, wherein the password changing means is capable of instructing the target system to replace an at least one password stored on the target system with the at least one password generated by the password generating means.
23. A password management system according to any one of Claims 20 to 22, wherein the password changing means further comprises a password verification means which is capable of verifying the password transmitted to the target system, before the password is stored by the target system.
24. A password management system according to any one of Claims 1-14, comprising a password changing means which in turn comprises a password generating means and a password communication means, wherein the password changing means and the password communication means are resident in a server which is in direct communication with the target system wherein the server is located in proximity to the target system, and at least one password generated by the password generating means is communicated by the password communication means to the target system.
25. A password management system according to Claim 24, wherein the password changing means is triggered by a scheduler in the password management system.
26. A password management system according to Claim 24 or
25, wherein the password changing means is capable of instructing the target system to replace an at least one password stored on the target system with the at least one password generated by the password generating means.
27. A password management system according to Claim 26, wherein the password generating means encrypts the passwords.
28. A password management system according to Claim 27, wherein the password generating means employs an algorithm for password encryption.
29. A method of changing an at least one password of a target system, comprising the steps of:
generating at least one new password;
establishing communications with the target
system;
transmitting the at least one password to the
target system;
instructing the target system to replace its at
least one existing password with the at least
one transmitted password;
wherein the target system for the password change is a telecommunications system.
30. A method according to Claim 29, wherein the method of password change includes a triggering mechanism whose frequency can be set by the user.
31. A method of changing the at least one password of a target system from a remote server through a PSTN comprising the steps of:
(a) generating at least one new password;
(b) establishing communications with the
target system;
(c) transmitting the at least one password to
the target system;
(d) verifying the at least one transmitted
password; and
(e) instructing the target system to replace
its at least one existing password with
the at least one transmitted password.
32. A method of changing the at least one password of a target system from a proximal server through a direct connection to the target system comprising the steps of: (a) generating at least one new password;
(b) establishing communications with the
target system;
(c) transmitting the at least one password to
the target system; and
(d) instructing the target system to replace
its at least one existing password with
the at least one transmitted password.
33. A method of displaying the current at least one password of a target PBX system to restricted personnel comprising the steps of:
(a) checking whether the requester is
authorised to obtain password status data;
(b) obtaining an identifier of the target PBX
system;
(c) obtaining the date/time of the replication
request; (d) combining the identifier of the target PBX
system with the date/time of the
replication request to generate a replica
of the password of the current password of
the target PBX system; and
(e) displaying the current at least one
password of the target system to the
requester.
34. A method of of enabling an authorised person to gain access to a password protected target PBX system without displaying the at least one current password of the target PBX system to the authorised person comprising the steps of:
(a) connecting the computing device to the
target PBX system;
(b) checking whether the requester is
authorised to gain access to the target
PBX system; (c) obtaining an identifier of the target PBX
system;
(d) obtaining the date/time of the connection
to the target PBX system;
(e) combining the identifier of the target PBX
system with the date/time of the
connection to the target PBX system to
generate a replica of the at least one
current password of the target PBX
system;
(f) establishing communications with the
target PBX system and transmitting the
replica of the at least one current
password of the target PBX system to the target PBX system;
wherein the password is not displayed to the authorised person during or after transmission to the target system.
35. A password management system capable of running a method according to any one of Claims 29-34.
36. A password management product capable of running a method according to any one of Claims 29-34, resident on a storage means.
37. A password management product according to Claim 36, wherein the storage means is a disk.
38. A password management system according to Claim 1 , substantially as hereinbefore described with particular reference to and as illustrated in the accompanying drawings.
39. A method according to Claim 29 of changing an at least one password of a target system, substantially as hereinbefore described.
40. A method according to Claim 33 of displaying the current at least one password of a target PBX system to restricted personnel, substantially as hereinbefore described.
41. A method according to Claim 34 of enabling an authorised person to gain access to a password protected target PBX system to the authorised person, substantially as hereinbefore described.
42. A password management system according to Claim 35 , substantially as hereinbefore described with particular reference to and as illustrated in the accompanying drawings.
43. A password management product according to Claim 36, substantially as hereinbefore described.
PCT/IE2004/000061 2003-05-02 2004-04-30 Password management and replication system WO2004097607A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IE20030336 2003-05-02
IES2003/0336 2003-05-02

Publications (1)

Publication Number Publication Date
WO2004097607A1 true WO2004097607A1 (en) 2004-11-11

Family

ID=33397632

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IE2004/000061 WO2004097607A1 (en) 2003-05-02 2004-04-30 Password management and replication system

Country Status (1)

Country Link
WO (1) WO2004097607A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11328297B1 (en) * 2008-06-30 2022-05-10 Amazon Technologies, Inc. Conducting transactions with dynamic passwords

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4609777A (en) * 1984-02-22 1986-09-02 Gordian Systems, Inc. Solid state key for controlling access to computer software
US4720860A (en) * 1984-11-30 1988-01-19 Security Dynamics Technologies, Inc. Method and apparatus for positively identifying an individual
WO1997036221A1 (en) * 1996-03-27 1997-10-02 Siemens Business Communication Systems, Inc. Method and system for providing password protection
WO2001031840A1 (en) * 1999-10-29 2001-05-03 Nokia Corporation Method and arrangement for reliably identifying a user in a computer system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4609777A (en) * 1984-02-22 1986-09-02 Gordian Systems, Inc. Solid state key for controlling access to computer software
US4720860A (en) * 1984-11-30 1988-01-19 Security Dynamics Technologies, Inc. Method and apparatus for positively identifying an individual
WO1997036221A1 (en) * 1996-03-27 1997-10-02 Siemens Business Communication Systems, Inc. Method and system for providing password protection
WO2001031840A1 (en) * 1999-10-29 2001-05-03 Nokia Corporation Method and arrangement for reliably identifying a user in a computer system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
TZONG-CHEN W ET AL: "Authenticating passwords over an insecure channel", COMPUTERS & SECURITY, ELSEVIER SCIENCE PUBLISHERS. AMSTERDAM, NL, vol. 15, no. 5, 1996, pages 431 - 439, XP004013733, ISSN: 0167-4048 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11328297B1 (en) * 2008-06-30 2022-05-10 Amazon Technologies, Inc. Conducting transactions with dynamic passwords

Similar Documents

Publication Publication Date Title
CN109831327B (en) IMS full-service network monitoring intelligent operation and maintenance support system based on big data analysis
US7302570B2 (en) Apparatus, system, and method for authorized remote access to a target system
US7707116B2 (en) Flexible license file feature controls
EP1804418A1 (en) A dynamic password authentication system and the method thereof
CN201846355U (en) Safety consultation system
CN112765245A (en) Electronic government affair big data processing platform
US20070186115A1 (en) Dynamic Password Authentication System and Method thereof
CN109286632B (en) Block chain-based big data authorization and evidence-storing method and system
CN100499652C (en) Communication apparatus and authentication apparatus and method, and operation method
CN106230843A (en) A kind of for the smart mobile phone configuration method of cloud virtual mobile phone, server and system
WO2001025914A2 (en) Operations architectures for netcentric computing systems
CN104718526A (en) Secure mobile framework
WO2003017069A2 (en) Data integrity
CN109831463A (en) Intelligent terminal security protection system for operating system login authentication
EP1018231B1 (en) A data encryption system for internet communication
CN109309645A (en) A kind of software distribution security guard method
US20060190567A1 (en) System and Method for Providing Customers With Secure Data Access to a Management System
CN108134822A (en) The method for down loading of storage system based on block chain
CN106357727A (en) Method and system to upload files to multiple servers simultaneously
CN108965317B (en) Network data protection system
WO2004097607A1 (en) Password management and replication system
Wallich Wire pirates
IE20040301A1 (en) Password management and replication system
CN115114657A (en) Data protection method, electronic device and computer storage medium
KR100401178B1 (en) Internet Personal Voulting Service and Its Method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase