CA1314956C - Method and apparatus for controlling access to a communication system - Google Patents

Method and apparatus for controlling access to a communication system

Info

Publication number
CA1314956C
CA1314956C CA000588046A CA588046A CA1314956C CA 1314956 C CA1314956 C CA 1314956C CA 000588046 A CA000588046 A CA 000588046A CA 588046 A CA588046 A CA 588046A CA 1314956 C CA1314956 C CA 1314956C
Authority
CA
Canada
Prior art keywords
password
code
communication system
subscriber
way communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CA000588046A
Other languages
French (fr)
Inventor
Kenneth J. Zdunek
Philip A. Bieri
Eric Reed Schorman
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Motorola Solutions Inc
Original Assignee
Motorola Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Motorola Inc filed Critical Motorola Inc
Application granted granted Critical
Publication of CA1314956C publication Critical patent/CA1314956C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time

Abstract

METHOD AND APPARATUS FOR CONTROLLING ACCESS
TO A COMMUNICATION SYSTEM

Abstract All subscribers operating within a communication system initially generate and transmit a random password and their ID code to the operation control) center of a communication system.
Thereafter, in a first embodiment, subscribers are commanded to modify (in a predetermined manner) and re-transmit their password and ID code either periodically or upon requesting access to the communication system. The modified password is retained as the current (authorized) password by both the subscriber and the system;
In a second embodiment, subscribers are commanded to generate and transmit a new random password and their ID code to the system, which maintains a history of each subscriber's current and previous passwords. According to the invention, some of the subscribers having an unauthorized (duplicated) ID code may be inactive (off) when the subscriber is commanded to modify or generate a password.
In this way, one of the subscribers having an unauthorized (duplicated) ID code will become out-of-sync with the system, and eventually transmit an unauthorized password. When the system receives an incorrect password for an out-of-sync subscriber, access to the communication system may be denied, and the subscribers that duplicate (or permit others to duplicate) ID codes may be identified.

Description

r~ ~3 MFTHOD AND APPARATUS FOR CONTROLLlN(à ACCESS
TO A COMMUNICATION SYSTEM
l O

T~chni~l Field This invention relates generally to two-way communication 15 systems, and more specifically to access control of such systems, and is more particuiarly directed toward subscriber authorization procedures to gain access to a hlvo-way communication system.

Ba~k~rQund Art Password controlled systems are known. In such systems, access to a resource (such as a central computer) is denied unless a predetermined coda (password) is initially provided.
In a two-way communi~ation system, subscriber~ each have 25 an identification (ID) cods, which may be analogized to a simple password control mechanism. Wheneval a subscriber desires to communicate, a r~quest (which includes the ID code) may be transmitted to a central location. If the subscriber is authorized (i.e., the ID code is recognized by the system) communication is 30 permitt~d. Unauthorized (unrecognized) subscribers are d~nied access to the communication resources. For example, operators of Specialized Mobile Radio (SMR) systems provide a communication service to th~ir subscribors in return for a basic monthly rate (which may also includ~ a variable charge depending upon ths amount 35 of "air time" us~d by each subscribar). Each subscriber is billed for each ID code that the system is programmed to recognize. Generally, `:~
- 2 - ~ C~-0033 8H

each subscriber has unlimited access to the SMR system so long as the serYice bills are paid.
The need for the pres0nt invention grew out of the realization by some SMR operators that some of the subscribers are 5 duplicating (or permitting others to duplicate) the memory device that contains the ID coda, and installing the duplicated devices in several radios. in this way, the basic monthly fee per unit is avoided since several subscribers now have the "same" ID code. The loss of revenue to the SMR operators is both significant and growing~
10 Although legal recourse may be available, it is both time consuming and costly. Typically, the SMR operator has inves~ed hundreds of thousands of dollars to provide the communication service, and the additional cost and burden of polieing the system may be intolerable.
From the above diseussiorl, it will be apparent that 15 conventional password systems are completely unsuited to address this problem. The fundamental problem with simpls password systems is that they prssuppose that a subscriber desires to maintain the password in secrecy, thereby assisting in the effort to control who has access to the resource. Accordingly, the addition of 20 a separate password (perhaps entered on a kaypad of a radio) would be fruitless since this password could be easily disseminated by those who currently duplicats the ID codes. Further, requiring individuals to enter a password prior to requesting a communication channel goes a~ainst the custom and practic0 of the communication ~5 industry, and may be overly burdensome to the subscribers Thus, a need e,xists to provide a method for allowing easy access to a communication system, while still providing protection to the operators of such communication systems.
3 ~Ym~3~b~Y~
Briefly, according to the invention, all subscribers initially generate and transmit a random password and their iD code to the operation (controi) center of a communication system. Th~reafter, 35 in a first embodiment, subscribers are commanded to modify (in a predetermined manner) and re-transmit their password and ID code either periodically or upon requesting access to the communication ~31~ 9~ CM-00338H
system. After acceptance, the modified password is retained as the current (authorized) password by both the subscriber and the system.
In a second embodiment, subscribers are commanded (or optionally determine independently) to generate and transmit a new random password and their ID code to the system, which maintains a history of each subscriber's current and previous passwords. According to the invention, some of the subscribers having an unauthorized (duplicated) ID code may be inactive (off) when the subscriber is commanded to modify or generate a password. In this way, at least one of the subscribers having an unauthorized ID cocle will become out-o~-sync with the system, and eventually transmit an unauthorized password. When the system receives an incorrect password from an out-of-sync subscriber, access to the communication systern may be denied, and the subscriber(s) that duplicate (or permit others to duplicate) ID codes may be identified.

Bri~f De~ription of the Drawin~

The invention may be und~rstood by reference to the 2 0 following description, taken in conjunction with the accompanying drawings, in which:
Figures la and lb are flow diagrams illustrating the steps executed by subscriber units according to a first embodiment of the present invention;
Figure ~ is a flow diagram illustrating the steps executed by an operational center (central) of a c:ommunication system in accordance with a first embodiment of the pres~nt invention;
Figures 3a and 3b are flow diagrams illustrating the steps executed by subscriber units according to a second embodiment of 3 0 the present invention;
Figure 4 is a flow diagram iilustrating the steps executed by an opsrational c~nter (central) of a communication system in accordance with a second embodiment of the present invention.
- 4 - , ~ CM-00338H

Detailed D~sçription Qf the Pref~r~d Em~odim~n~

The ~oal of the present invention is to detect the presence of subscriber units containing an unauthorized (duplioated~
identifioation (ID) code, which may be used to gain access to a two-way communication system. According to the principles of the present invention, the two-way communioation system could comprise virtually any communica~ion system in which information flows both from a central location to subscriber units, and from subscriber units back to the central location. Suoh systems include~
but are not limited to, trunked communication systems, cellular telephone communication systems, wiraline link computer systems, and the like. In achieving this goal, it is paramount that the present invention afford some protection to ensure against the possibility of ~false detection". That is, the present invention must guard against the possibility of designating an authorized subscriber unit as one that has obtained a duplicate ID code, and thus is operating (or attempting to operate) on a communication system in an unauthorized manner.
Since a primary focus of the present invention is to protect the interest of the comnlunication systern operator, the action taken upon the detection of an unauthorized subscriber unit is left largely in the hands of the communication service providsr. Accordingly, upon detection of an unauthorized subscriber, the ID code that has been duplicated may be denied future communication services.
Alternately, a list of any ID codes that have been determined to be unauthorized may be generated. This al~ernative action provides the system operator with the flexibili~y to determine whether or not to withhold communication services from a subscriber having an 3 0 unauthorized ID code.
Fundamentally, the present invention achieves its goals and objects by having each authorized subscriber generate a randomized password, which is stored both in the subscriber unit and the central station or controll~r of the two-way communication system. The initially randomized password is varied by either generating a new randomized password, or by modifying the ini~ial password to create a new password. Aocordingly, the passwords of each individual 13 ~ 9 ~ ~cM-oo338H
subscriber unit change on a relatively continuous basis either by command from the central unit, or automatically during events, such as, for example, the initiation by a subscriber unit of a call request (or other request) to use the communication services provided by the two-way communication system. According to the present invention, it is unlikely that every unauthorized subscriber unit would be active (i.e., on and monitoring the communication channels3 at all times. Thus, even if an unauthorized subscriber were able to obtain the initial randomized password, and thereafter, were able to keep up with certain rnodification commands, eventually at least one unauthorized subscriber will be inactive (off) when one or more commands to change or create a naw password is received. Thus, at least one unauthorized subscriber will be "out-of-syncN with the current (authorized) password expectad by the central controller and contained in the othar subscriber units (whether authorized or unauthorized). Accordingly, when the out-of-sync subscriber ultimately re-transmits its password to the communication facilities, the central may aasily detect the unauthorized (incorrect) password and determine that an unauthorized subscriber exists.
As will be apparent from the preceding discussion, the present invention operates to permit unauthorized subscribers te hàve some access to the communication system, preferring to wait until one or more of the unauthorized subscribers becomes confusecl (i.e., out-of-sync) as to what the current ~valid) password actually is. This reduces the possibility of falsaly de~erminin~ that the password is incorrect when, if fact, a correctly transmitted password has been corrupted by noise or other atmospheric disturbances while travelling through the communication channel (be it wireless or wireline). Typically, i~ is con~emplated by the present invention that the period of time required for unauthorized subscribers to become out-of-sync may be as short as 24 hours, or as long as 1 week. In any event, tha present invention prefers a more gradual (yet certain) detaction of unauthorized subscribers rather than a more ruthless (and error prone) detection mechanism.
3 5 Referring now to Figure 1a, the steps executed by a subscriber unit according to a first embodiment of the present invention ara shown. In st~p 100, a subscriber powers up and ~ 3 .~ ~ ~ 5 ~
generates a random (or pseudo-random) password. In step 102, the subscriber unit transmits its password (sither new or modified (step 123)) together with its ID code to the system controller (commonly referred to as a central controller or central). Decision 104, determines whether the subscriber has received a responsa from the centra1. Accordin~ to the present inven~ion, the subscriber awaits an "Acknowledge" code from the central indicating that the central has received and cross-referenced the subscriber's ID code to the current password. If the determination of decision 104 is that the subscriber has not r0ceived the response from the central, the routina proceeds to decision 106, which deterrnines whether or not it is appropriate for the subscriber to retransmit (retry) the transmission of its password and ID code. Typically, the subscriber will retry a transmission several times after waiting a predetermined time interval. HoweYRr, after completing several retransrnissions, if the subscriber has not received a response the routine proceecis to step 108, where the subscriber unit sets a flag, which records the fact that the password was transmitted. The routine then proceeds to decision 122.
If, however, the determination of decision 104 is that the subscriber has received a response, the routine proceeds to dscision 110, which determines whether a ~Service l)enied" code has been received. If the cantral has determinad that the subscriber is unauthorized, it may transmit a NService Danied" command code, 2 S which will terminate tho routine in step 112. Assuming, however, that decision 110 deterrninss that a "Service Denied'' code was not received, ~he routine proceeds to decision 11 4, which determines whether the expectad "Acknowledge" code from the central controller has b~en received. If not, the routine prooeeds to 3 0 reference letter C. Assuming however that the "Acknowledge" code has been received by the subscriber unit, the routine proceeds to step 120, in which the subscriber units stores the password (either initial or modified) in a suitable memory device. Preferably, the modification of the password comprises incrementing or decrernenting the digitai code comprising the password by a predetermined amount (for instance, by one). This operates to keep the password chan~ing in a relatively continuous manner.

- 7 - ~L3~ CM-00338H

Decision 122 determines wheth~r the subscriber has receivad a "Send PasswordH command from the central. if so, the password is modified (step 1233, after which the routine proceeds to step 102, wherein the subscriber retransmits the modified password 5 and its unit ID code. If, however, the determination of decision 122 is that a "Send PasswordH command has not been received, the routine proceeds to decision 124, which de~ermines whether the individual operating ~he subscriber unit has activated a push-to-talk (PTT) switch. Ordinarily, the PTT switch automatically initiates a 10 request for the subscriber to gain access to the communication resources. If decision 124 determinss that the subscriber does not wish to communicate, the routine proceeds to referenca letter C
(decision 122). The subscriber will continue to operate in the "loop`' formed by decisions 122 and 124 until some action or command has 15 been taken. Of course, the simplified loop embodied by decisions 122 and 124 serve only to illustrate the basic operation of the present invention. It will be understood by those skilled in the art that within this operational loop many other procedures and functions may be performed as are known and existing in the art 20 today. Assuming, however, that decision 124 has determined that the subscriber desires access of the communication resources, the routine proceeds to reference letter B of Figure 1b~
Referring to Figure ~b, the subscriber unit responds to the activation of the PTT switch by transmitting a call request to the 2 5 central controlier ~step 126). Ordinarily, the call request includes the subscriber unit identification coda and other information so as to inform the central as to the type of call requested (such as, for exarnple, voice transmission, data transmission, individual call, or group call~. Decision 128 determines whether a response has been 30 received from th~ central. If not, decision 130 determines whether i~ is appropriat~ to retransmit (retry) the c~ll request. If not, the routine proceeds to reference letter C. Assuming that the subscriber has received a response, decision 132 determines whether the central has transmitted a "Send Password" command. If so, the 35 password is modified (step 133), and the routine proceeds to reference letter A. Assuming, however, that the subscriber has not received a "Send Password" oommand, decision 134 determines - 8 ~ CM-00338H

whether a "Busy" command cods has been received by the subscriber.
Gen~rally, shared access communication systems (such as, for example, trunked communication systems) allocate a limited and fixed number of channeO resources amon~ a plurality of subscriber 5 units. Accordingly, there is a chance that, at any par~icular time, no communication channels will be availabla. In such circumstances, the central controller returns a "E3usy" command code. Thus, decision 134 routes control to reference letter C K a "E3usy~ command code is received. Howaver, if thc detcrmination of decision 134 is that a 10 busy command code has not been receivod, the routine proceeds to decision 136, which determines whether the subscriber has receivecl a "Channel Grant" command from the central. If the determination of decision 136 is that a "Channel Grant" has not been received, the routine proceeds to reference letter C. If, however, the central has 15 granted the subscriber's call request and assigned a communication channel for the subscriber to use, the routine proceeds to decision 138, which determines whether the flag indicating that the password was sent is set. An affirmative det~rmination of decision 138 indicates that the subscriber unit was waiting for a response 2 0 from the central (decision 104). Acoordingly, the password (initial or as modified) is stored (step 140) and the flag is cleared (step 142). Following this, the call is processed normally (step 144~.
However, if the determination of decision 138 is that the flag is not set, the subscriber may optionally modiFy and store its password 25 (step 146) prior to proc~ssin~ tha call (step 144).
Re~erring now to Figurc 2, the steps exe~uted by the system central control station (central) according to a first embodiment of the present invention are shown. In deeision 200, the central determines whether it has received a caii requast from a subscriber.
30 If so, decision 202 determin~s wheth~r the subscriber is currently authorized. According to the present inv~ntion, th~ subscriber would have an unauthorized status if the received call request was the first request received from suoh subscriber ~following an initial power up). Alternatelyt a subscriber can b~ moved from an 3 5 authorized to unauthorized status by the system operator to force a password modification and determine whether other subscribers have unauthorized duplioates of that particular ID code. Lastly, 9 ~ CM-00338H

according to the present invention, it is oontemplated that a certain subset of all available and authorized subscribers may be reclassified to an unauthorized status to force password modifications in an attempt to de~ect unauthorized users. The 5 status change from authorized to unauthorized may be performed by the central eithsr at random, or by a selection of those subscriber ID
codes that have not had a significant level of communication activity. This latter option forces ID code chan~es even in the event that a subscriber has not generat0d a significant amount of call 10 requests, which would automatically force password modificakions.
Accordingly, the central transmits (step 204) a NSend Password"
command to the requestin~ subsoriber unit and returns to deoision 200 to await the subscriber's response.
If the determination of decision ~02 is that the subscriber 15 is authorized, the routine proceeds to decision 210, which detarmines whether a channel is available. If not, the routine proceeds to step 212 where a "Busy" code may be transmitted to the subscriber. If, however, the determination of decision 210 is ~hat a channel is available, the routine may proceed to step 214, where the 2 0 central optionally modifies and stores the subscriber's password (cross-referenced to the subscribers ID code). Of ooursel for the password system of ~he present invention to operate correctly, both the central and th~ subscriber must mo~dify the current (valid) password in the same predetermined wa~y (preferably, by 25 incrementing or deorementing the password by a predetermined amount). Next, step 216 transmits a "Channel Grant" to the subscriber so that communication may proceed. Following this, the routine returns to decision 200.
Assuming now that the determination of decision 2û0 was 30 that a call requast was not received, decision 218 determines whether a password has been received from a subscriber. If the determination of decision 218 is that a password has not been received, the routine returns to decision 200, to await a call request. Of oourss, othar request codes currently known and used 3 5 may be received and operated upon by the central in any particular embocliment. Assuming now that the determination 218 was that a password has been rec~ived (which may bs in response to a "Send ~31 4~ CM-00338H
Password" command), the routine proceeds to decision 220, where the centrai determirl0s whether a password alraady exists for that subscriber's ID code. If so, decision 222 determines whether ths subscriber unit is authorized. if the subscriber is authori~ed, the 5 routine proceeds to step 226, which stores the received password.
Next, the central transmits an "AcknowledgeH code (step 228). If, however, the subscriber is not authorized, the subscriber's stored password is modified (step 224) and the routine proceeds to decision 2~5, which determine whether the received password and modified 10 password match. If the determination of decision 225 is that the passwords match, the routine proceeds to step 226, which stores the modified password (cross-referenced to the ID code of the subscriber unit) in a suitable mernory device. The routine flow from a ne~ative determination of decision 220 to step 226 stems from the 15 realization that if ~ subscriber unit has transmitted a password without being commanded to do so, it is likely that the subscriber unit has just powerad on and is seeking to registsr an authorized ID
code. In step 228, the central transmits an "Acknowledge" code to the subscriber, which will cause the subscriber to correspondingly 20 store its modified password thereby kees~ing the central and the subscriber "synchronizedN as to tha curn~nt (valid and authorized) pàssword.
Assuming, however, that the determination of d~cision 225 is that the received password and the rnodified password do not 25 matoh, the routine proceeds to step 230, whers a l'Service D~ni~d"
code may be transmitted. Alternat~ly, the central may communicate with a printer (or the like) and list the subscriber ID code that has transmitted the incorrect password. In this way, the syst~m operator may determine whether or not to deny future 30 communication systern access.
Preferably, if automatic denial of service is desired by a system operator, the "Sarvice Denied" command code is transmitted upon tha first determination that ~he passwords are incorrect. The reason for this selection results from the fact that the present 35 invention detects unauthorized users gradually rather than by a more ruthless method. In any ev~nt, to provide even more gradual detection, the c~ntral may have a password mismatch countar, which .3~9~Ç'3 CM-00338H

will count the number of times an incorrect password has been transmitted with a particular subscriber identification code. After a predetermined threshold has been reached, the system operator can be assured that unauthorized users exist.
Referring now to Figura 3a, the steps executed by a subscriber unit according to a second embodiment of the present invention are shown. In s~ep 300, a subscriber (upon initial power up~ generates a random (or pseudo-random) password. In step 302, the subscriber transmits this password together with its ID code to the system controller (commonly referred to as a central controller or central). Decision 304, determines whether the subscriber has received a "New Password" command from the central (optionally, the subscriber unit may itself generate a "New Password" command after the expiration of a timer upon the occurrence of some event~.
If so, the routine returns to step 300, where the subscriber unit generates and transmits (step 302) a new random password. If, however, the determination of decision 304 is that the subscriber has not received a "New Password" command from the c~ntral (optionally, the subscriber unit may itself 3~nerate a "New Password" command after the expiration of a timer or upon the occurrence of some event). if so, the routine returns to step 300, where the subscriber unit g~nerat~s and transmits (step 302) a new random password. If, however, the de~rmination of decision 304 i~
that the subscriber has not received a NNew Password" cammand from the central, the routine proceeds to de&ision 306, which determines whether the subscriber has activated its push-to^talk (PTT) switch to initiate a transmission. Ordinarily, the PTT switch autornatically initiates a request for the subscriber to gain access to the communication service. If decision 306 determines that the subscriber does not wish to communicate, the routine returns to decision 304. The subscriber unit will continue to operate in the "loop" formed by decisions 304 and 306 until some action or command has been taken. Of course, the simplified loop embodied by decisions 304 and 306 servG only to il.ustrate the basic operation of the present invention. It will be understood by those skilled in the art that within this operational loop many other procedures and - 12 - :3 3~4~i6 CM-00338H

functions may be performed as are known and existing in the art today.
Assuming that decision 306 has determined that the subscriber desires access of the communication rssources, the 5 routine proceeds to step 308, where the subscriber unit transmits a call request and the current password to the central controller.
Ordinarily, the call requast includes the subscriber's identification code and other information so as to inforrn the central as to the type of call requested (such as, for example, voico transmission, data 10 transmission, individual call, or group call). Decision 310 determines whether a response has been re~aived from the central.
If not, decision 312 determines whethcr it is appropriate to retransmi~ ~retry) the call request. Typically, the subscriber unit may retry a transmission several times aftsr waiting a 1 5 predetermined time interval. i lowever, after completing several retransmissions, if the subscriber has not received a response the routine proceeds to reference letter G to await a later attempt. If, however, the cl~termination of decision 310 is that the subscriber has received a rasponse, th~ routine procecds to decision 316, which 20 dotermines whather a "ServiGe Denied" code word has be~n received.
If the central has determined that the subscriber is unauthorized, it may transmit a "Service Denisd" command code, which will terminate the routine in step 318. Assumin~, however, that decision 316 dctermines that a "Service Denied" code was not receiv~d, the 25 routin~ proceeds to reference l~tter E of Figure 3b.
Referring now to Figure 3k, the routine continues in decision 320, which determines wh~thcr the cen~ral has transmi~ed a "Nlew Password" command. If so, the routine proceeds to reference letter F (Figure 3a). Assuming, however, that the subscriber has not 30 received a "New Password" command, decision 322 determines whether a "Busy" command code has be~n received by ths subscriber unit. Gen~rally, shared access communication systems (such as, for example, trunked communication systems) allocate a limit~d and fixed number of channel resources among a plurality of subscriber 35 units. Accordingly, there is a chance ~hat, at any particuiar time, no communication channels will be availabls. In such circumstances, th~ central controll~r roturns a "~usy" oommand code. Thus, decision 13 1 ~
322 routes centfol to reference letter G (Figure 3a) if a "Busy"
command coda is received. However, if the determination of decision 322 is that a "Busy" command code has not been receivad, the routine proceeds to decision 324, which determines whether the 5 subscriber has received a "Channel Grant" command from the central.
If the determination of decision 324 is that a "Channel Grant" has not been received, the routine procsads to referencs letter G (Figure 3a). If, howaver, the central has granted the subscriber's call request and assigned ~ communication channel for the subscriber to 10 use, the routina proceeds to step 326, where the subscriber unit processes the call normally, after which, the routine proceeds to reference letter G (Figure 3a).
Referring now to Figure 4, the steps executed by the system central control station (central) according to a second preferred 15 embodiment of the present invention are shown. In decision 400, the central determines whether to command a subscriber unit to generate and transrnit a nsw password. If so, step 402 transmits a "New Password" command to the subscriber unit. A negative determination of decision 400 causes the routine to proceed to 20 decision 404, which determines whether the central has received a new password from a subscriber unit. Typically, an affirmative detarmination of decision 404 occurs when a subscriber initially powers up and transmits a newly g~nera~te~ password. Optionally the subscriber unit may have automatically ~enerated a new password 25 after the expiration of a timer or the occurrence of some event.
Accordingly, if the determination of decision 404 is that a new password has b~en r~ceived, the routine proce~ds to step 406, where the current password (in any) is reassigned as a prior password to make room for the new (current) password. The new password is 30 then stored as the curren~ (authoriz~d) password in step 408.
Following this, the routine returns to decision 400.
Decision 410 detsrmines whether the central has received a call request. If not, the routine returns deoision 400. However, if the determination of decision 410 is that a call request has been 35 received, the routins proceeds to decision 412, which determines wh0ther the subscriber's curren~ (authorized) password correlates (matches) the received password. The matching (or correlation) of - 14 - ' ~L31~9~6 CM-00338H

the passwords by the present invention consists of a bit-by-bit comparison requiring 100% correspondence. If the determination of decision 412 is that the passwords do not match, the routine proceeds to decision 414, which det~rmines whether the received S password correlates with the subscriber's prior password.
Preferably, the present invention stores only the last prior password as the prior password. Alternately, if the central has suitable memory capacity, several prior passwords may be stored for each subscriber ID. In such a case, decision 414 would determine whether the received password matched any o~ the prior passwords. If the determination of decision 414 is that ths received password and prior password correlate the routina proceeds to step 416, where a "Service Denied" command cod~ may be transmitted to the subscriber. Altsrnately, the central may communicate with a printer (or tha like) and list the subscriber ID code that has transmitted the incorrect password. This way, the system operator may determine whether or not to deny ~uture communication system access Preferably, if automatic denial of service is desired by a system operator, tha ~Service Denied" command eode is transmitted upon the first determination that the passwords are incorrect. The reason for this selectior! rasults from the fact that the present invention detects unauthorized users 3radually rather than by a more ruthless rnethod. In any event, to provide even more gradual detection, the centrat may have a password mismatch counter, which will count the number of times an incorrect password has been transmitted with a particular subscriber identification code. After a predetermined threshold has been reach0d, the system operator can be assured that unauthorized users exist and are transmitting the incorrect password.
Assuming now that the determination of decision 414 is that the received password does not correlate to the subscriber's prior password, the routine proceeds to stap 418, where the current password is reassigned as a prior password. Next, in step 418, the received password is stor0d as the current (authorized) password 3 5 and the routine proceeds to decision 420. These steps of the central's routine provide protection for an authorized subscriber that has lost ~he current password through some error. Thus, if the - 1S - ~ 3 ~ CM-00338H

received password does not match the current password (decision 412~, the central may allow the subsoriber access so lon~ as the received password does not match a prior password (decision 414).
Of course, the central may also monitor how often a subscriber S transmits a new password that does not match either the current or a previous password. Thus, if a subscriber attempted to circumvent the access protection afforded by the present invention by continually generating new passwords, the central may detect this occurrence an~ alert the system operator.
If the determination of decision 412 is that the received password matches the current password, or if the determination of decision 414 is that the received password did not match the subscriber's prior password, the routine proceed to decision 420, which determines whether a channel is available. If not, the routine proceeds to step 422 whare a "Busy" code may be transmitted to the subscriber. If, howevar, the detarmination of decision 420 is that a`
channel is available, the routine proceeds to step 424, where the central transmits a "Channel Grant" to the subscriber so that communications may proceed.
What is claimed is:

Claims (14)

THE EMBODIMENTS OF THE INVENTION IN WHICH AN EXCLUSIVE PROPERTY
OR PRIVILEGE IS CLAIMED ARE DEFINED AS FOLLOWS:
1. In a two-way communication system having a central unit and a plurality of subscriber units each having at least an identification code stored therein, a method of controlling access to the two-way communication system comprising the steps of:
in at least one of said plurality of subscriber units:
(a) generating a first random number as a first password code;
(b) transmitting at least said first password code and said identification code;
(c) receiving a command code and generating a second random number as a second password code in response thereto;
(d) transmitting at least said second password code and said identification code.
2. In a two-way communication system having a central unit and a plurality of subscriber units each having at least an identification code and a first password code stored therein, a method of controlling access to the two-way communication system comprising the steps of:
(a) transmitting at least a call request code;
(b) receiving a command code and generating a random number as a second password code in response thereto;
(c) transmitting at least said second password code and said identification code; and (d) receiving a channel grant code.
3. In a two-way communication system having a central unit and a plurality of subscriber units each having at least an identification code and a first password code stored therein, a method of controlling access to the two-way communication system comprising the steps of:
in at least one of said plurality of subscriber units:
(a) receiving a command code and generating a random number as a second password code in response thereto;

(b) transmitting at least said second password code and said identification code.
4. In a two-way communication system having a central unit and a plurality of subscriber units each having at least an identification code stored therein, a method of controlling access to the two-way communication system comprising the steps of:
in at least one of said plurality of subscriber units:
(a) generating a first random number as a first password code;
(b) transmitting at least said first password code and said identification code;
(c) receiving a command code and generating a second random number as a second password code in response thereto;
(d) transmitting at least said second password code and said identification code;
at said central unit:
(a) receiving said first password code;
(b) transmitting said command code;
(c) receiving said second password code.
5. In a two-way communication system having a plurality of subscriber units each having at least an identification code and a first password code stored therein and at least ;one central unit designating said first password code as a current password code, a method of controlling access to the two-way commun-ication system comprising the steps of:
in at least one of said plurality of subscriber units;
(a) transmitting at least a call request code;
(b) receiving a command code and generating a random number as a second password code in response thereto;
(c) transmitting at least said second password code and said identification code: and (d) receiving a channel grant code, at said at least one central unit:

(a) receiving at least said call request code;
(b) transmitting said command code;
(c) receiving at least said second password code;
(d) determining whether said second password correlates to a current password;
(e) granting access to said two-way communication system if said second password correlates to said current password.
6. In a two-way communication system having a central unit and a plurality of subscriber units each having at least an identification code and a first password code stored therein, a method of controlling access to the two-way communication system comprising the steps of:
in at least one of said plurality of subscriber units:
(a) receiving a command code and generating a random number and a second password code in response thereto;
(b) transmitting at least second password code and said identification code;
at said central unit;
(a) transmitting said command code;
(b) receiving at least said second password code.
7. In a two-way communication system having a central unit and a plurality of subscriber units each having at least an identification code stored therein, a method of controlling access to the two-way communication system comprising the steps of:
in at least one of said plurality of subscriber units:
(a) generating a first random number as a first password code;
(b) transmitting at least said first password code and said identification code;
(c) generating a second random number as a second password code in response to a control signal;
(d) transmitting at least said second password code and said identification code; and, (e) receiving a channel grant code.
8. In a two-way communication system having central unit and a plurality of subscriber units each having at least an identification code stored therein, a method of controlling access to the two-way communication system comprising the steps of:
in at least one of said plurality of subscriber units:
(a) generating a first random number as a first password code;
(b) transmitting at least said first password code and said identification code;
(c) generating a second random number as a second password code in response to a control signal;
(d) transmitting at least said second password code and said identification code; and (e) receiving a channel grant code;
at said central unit:
(a) receiving said first password code;
(b) receiving said second password code.
9. The method of claim 4 or 8, which includes the central unit steps of:
(al) storing said first received password code, and operating thereafter using said first received password code as a current password code;
(c) storing said second received password code, and operat-ing thereafter using said first received password code as a previous password code, and using said second received password code as said current password code.
10. The method of claims 5 or 6, which includes the central unit step of: (cl) storing said second received password code, and operating thereafter using said first received password code as a previous password code, and using said second received password code as a current password code.
11. The method of claim 5 or 8, which includes the central unit step of: (c) transmitting a channel grant code.
12. The method of claim 4 or 8, which includes the central unit steps of:
(al) storing said first password code as a current password;
(c) storing said first password code as a prior password;
and, storing said second password code as said current password.
13. In a two-way communication system having a plurality of subscriber units each having at least an identification code and a first password code stored therein and at least one central unit designating said first password code as a current password code, a method of controlling access to the two-way communica-tion system comprising the steps of:
in at least one of said plurality of subscriber units;
(a) transmitting at least said call request code;
(b) receiving a command code and generating a second password code in response thereto;
(c) transmitting at least said second password code and said identification code;
at said at least one central unit:
(a) receiving at least said call request code;
(b) transmitting said command code;
(c) receiving at least said second password code;
(d) determining whether said second password correlates to a current password;
(e) determining whether said second password correlates to a prior password;
(f) granting access to said two-way communication system when said second password correlates with said current password or does not correlate to said prior password and does not correlate to said current password, else denying access to said two-way communication system.
14. In a two-way communication system having a plurality of subscriber units each having at least an identification code and a first password code stored therein and at least one central unit having stored therein at least one current password and at least one prior cross-referenced to said identification codes of said plurality of subscriber units, a method of controlling access to the two-way communication system comprising the steps of:
at said at least one central unit:
(a) receiving at least a password code and an identification code to provide a received password;
(b) determining whether said received password correlates to a current password;
(c) determining whether said received password correlates to a prior password;
(d) granting access to said two-way communication system if said received password correlates to said current password or does not correlate to said prior password and does not correlate to said current password, else denying access to said two-way communication system.
CA000588046A 1988-04-04 1989-01-12 Method and apparatus for controlling access to a communication system Expired - Fee Related CA1314956C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US07/176,951 US4992783A (en) 1988-04-04 1988-04-04 Method and apparatus for controlling access to a communication system
US176,951 1988-04-04

Publications (1)

Publication Number Publication Date
CA1314956C true CA1314956C (en) 1993-03-23

Family

ID=22646568

Family Applications (1)

Application Number Title Priority Date Filing Date
CA000588046A Expired - Fee Related CA1314956C (en) 1988-04-04 1989-01-12 Method and apparatus for controlling access to a communication system

Country Status (4)

Country Link
US (1) US4992783A (en)
EP (1) EP0336079A3 (en)
JP (1) JPH0213035A (en)
CA (1) CA1314956C (en)

Families Citing this family (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5239294A (en) * 1989-07-12 1993-08-24 Motorola, Inc. Method and apparatus for authenication and protection of subscribers in telecommunication systems
US5390245A (en) * 1990-03-09 1995-02-14 Telefonaktiebolaget L M Ericsson Method of carrying out an authentication check between a base station and a mobile station in a mobile radio system
US5572193A (en) * 1990-12-07 1996-11-05 Motorola, Inc. Method for authentication and protection of subscribers in telecommunications systems
US5214423A (en) * 1991-04-22 1993-05-25 Motorola, Inc. Random number generation using volatile RAM
US5163097A (en) * 1991-08-07 1992-11-10 Dynamicserve, Ltd. Method and apparatus for providing secure access to a limited access system
US5201000A (en) * 1991-09-27 1993-04-06 International Business Machines Corporation Method for generating public and private key pairs without using a passphrase
CA2078195C (en) * 1991-11-27 1999-03-09 Jack Kozik Arrangement for detecting fraudulently identified mobile stations in a cellular mobile telecommunications network
US5260988A (en) * 1992-02-06 1993-11-09 Motorola, Inc. Apparatus and method for alternative radiotelephone system selection
US5559505A (en) * 1992-05-20 1996-09-24 Lucent Technologies Inc. Security system providing lockout for invalid access attempts
US5287519A (en) * 1992-09-17 1994-02-15 International Business Machines Corp. LAN station personal computer system with controlled data access for normal and unauthorized users and method
US5604744A (en) 1992-10-05 1997-02-18 Telefonaktiebolaget Lm Ericsson Digital control channels having logical channels for multiple access radiocommunication
US5603081A (en) * 1993-11-01 1997-02-11 Telefonaktiebolaget Lm Ericsson Method for communicating in a wireless communication system
SE500565C2 (en) * 1992-10-26 1994-07-18 Ericsson Telefon Ab L M Method of providing random access in a mobile radio system
US5267314A (en) * 1992-11-17 1993-11-30 Leon Stambler Secure transaction system and method utilized therein
DE4242151C1 (en) * 1992-12-14 1994-03-24 Detecon Gmbh Protecting mobile radio, e.g. telephone, against unauthorised use - comparing authentication parameter from input code to stored parameter, only allowing use if they match.
TW234224B (en) * 1993-04-19 1994-11-01 Ericsson Ge Mobile Communicat
US5594429A (en) * 1993-10-27 1997-01-14 Alps Electric Co., Ltd. Transmission and reception system and signal generation method for same
CN1116888A (en) * 1993-11-01 1996-02-14 艾利森电话股份有限公司 Layer 2 protocol in a cellular communication system
BR9405702A (en) * 1993-11-01 1995-11-28 Ericsson Telefon Ab L M Processes for obtaining a report on the status of frames comprising a transmitted message to determine the ownership of frames for communication in a radio communication system and to identify to which mobile station a plurality of linked frames is being sent to base station and mobile station
US5440758A (en) * 1994-04-12 1995-08-08 Motorola, Inc. Method of preventing unauthorized access to a wireless communication system
US5613215A (en) * 1994-04-21 1997-03-18 Motorola, Inc. Method of transmitting security codes to communication units
US5625870A (en) * 1994-06-10 1997-04-29 Uniden America Corporation Fraud control for radio fleets in a land mobile radio system
US5668876A (en) * 1994-06-24 1997-09-16 Telefonaktiebolaget Lm Ericsson User authentication method and apparatus
US5463617A (en) * 1994-09-30 1995-10-31 Grube; Gary W. Method for providing caller interrupt in a time division multiplexed wireless communication system
US6175557B1 (en) 1994-10-31 2001-01-16 Telefonaktiebolaget Lm Ericsson (Publ) Layer 2 protocol in a cellular communication system
US5828956A (en) * 1994-12-30 1998-10-27 Sony Electronics, Inc. Programmable cellular telephone and system
US6018656A (en) * 1994-12-30 2000-01-25 Sony Corporation Programmable cellular telephone and system
US6690796B1 (en) 1995-05-17 2004-02-10 The Chamberlain Group, Inc. Rolling code security system
DE69637072T2 (en) * 1995-05-17 2008-01-10 The Chamberlain Group, Inc., Elmhurst ROLLING CODE SECURITY SYSTEM
US6980655B2 (en) * 2000-01-21 2005-12-27 The Chamberlain Group, Inc. Rolling code security system
US6320493B1 (en) * 1995-06-05 2001-11-20 Advance Security Inc. Remote control security system for automobile issuing a fixed basic code and two variable codes
US5790892A (en) * 1995-09-29 1998-08-04 International Business Machines Corporation Information handling system for modifying coherency response set to allow intervention of a read command so that the intervention is not allowed by the system memory
DE19643658C1 (en) 1996-10-22 1998-03-26 Siemens Ag Cordless mobile communications device calling method
US5953652A (en) * 1997-01-24 1999-09-14 At&T Wireless Services Inc. Detection of fraudulently registered mobile phones
US6571290B2 (en) 1997-06-19 2003-05-27 Mymail, Inc. Method and apparatus for providing fungible intercourse over a network
US8516132B2 (en) 1997-06-19 2013-08-20 Mymail, Ltd. Method of accessing a selected network
US6781968B1 (en) 1997-09-08 2004-08-24 Marc Arnold Wireless communication system, apparatus and method using an atmospheric platform having a wideband trunkline
AU8567798A (en) 1998-06-19 2000-01-05 Netsafe, Inc. Method and apparatus for providing connections over a network
JP2000215131A (en) * 1999-01-22 2000-08-04 Canon Inc Information processor, network system, information managing method and storage medium
US6802000B1 (en) * 1999-10-28 2004-10-05 Xerox Corporation System for authenticating access to online content referenced in hardcopy documents
US7353274B1 (en) * 2000-05-09 2008-04-01 Medisys/Rjb Consulting, Inc. Method, apparatus, and system for determining whether a computer is within a particular location
GB2362543B (en) * 2000-05-16 2003-12-03 Sagem Assembly of a cellular telephone and means for connection to a computer network
US7676681B2 (en) * 2003-06-17 2010-03-09 Veratad Technologies, Llc Method, system, and apparatus for identification number authentication
US8302164B2 (en) * 2004-07-22 2012-10-30 Facebook, Inc. Authorization and authentication based on an individual's social network
US8422667B2 (en) 2005-01-27 2013-04-16 The Chamberlain Group, Inc. Method and apparatus to facilitate transmission of an encrypted rolling code
US9148409B2 (en) 2005-06-30 2015-09-29 The Chamberlain Group, Inc. Method and apparatus to facilitate message transmission and reception using different transmission characteristics
JP4247216B2 (en) * 2005-08-23 2009-04-02 株式会社東芝 Information processing apparatus and authentication control method
CN100584054C (en) * 2006-01-26 2010-01-20 华为技术有限公司 System and method for carrying out authentication via cipher
JP4800068B2 (en) * 2006-02-23 2011-10-26 富士通株式会社 Password management device, password management method, password management program
US7882525B2 (en) * 2007-04-23 2011-02-01 Microsoft Corporation Data collection for a comprehensive program guide
US10652743B2 (en) 2017-12-21 2020-05-12 The Chamberlain Group, Inc. Security system for a moveable barrier operator
US11074773B1 (en) 2018-06-27 2021-07-27 The Chamberlain Group, Inc. Network-based control of movable barrier operators for autonomous vehicles
US11423717B2 (en) 2018-08-01 2022-08-23 The Chamberlain Group Llc Movable barrier operator and transmitter pairing over a network
US10997810B2 (en) 2019-05-16 2021-05-04 The Chamberlain Group, Inc. In-vehicle transmitter training

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3983337A (en) * 1973-06-21 1976-09-28 Babbco, Ltd. Broad-band acoustic speaker
US4310720A (en) * 1978-03-31 1982-01-12 Pitney Bowes Inc. Computer accessing system
US4268715A (en) * 1978-05-03 1981-05-19 Atalla Technovations Method and apparatus for securing data transmissions
US4218738A (en) * 1978-05-05 1980-08-19 International Business Machines Corporation Method for authenticating the identity of a user of an information system
US4602129A (en) * 1979-11-26 1986-07-22 Vmx, Inc. Electronic audio communications system with versatile message delivery
US4581486A (en) * 1979-11-26 1986-04-08 Vmx, Inc. Electronic audio communications system with user accessible message groups
US4295039A (en) * 1979-12-03 1981-10-13 International Business Machines Corporation Method and apparatus for achieving secure password verification
US4445712A (en) * 1980-01-14 1984-05-01 Id Code Industries, Inc. Identification devices and methods
US4348696A (en) * 1980-09-08 1982-09-07 Beier Galen C Television viewing control device
CA1171945A (en) * 1981-04-16 1984-07-31 Mitel Corporation Voice recognizing telephone call denial system
GB2120821B (en) * 1982-05-18 1985-08-29 Weyfringe Limited Label printer
DE3244049C2 (en) * 1982-11-27 1986-06-26 Kiekert GmbH & Co KG, 5628 Heiligenhaus Central locking system for a motor vehicle
US4626845A (en) * 1983-02-28 1986-12-02 Epic Systems, Inc. Subscriber validation system
US4590470A (en) * 1983-07-11 1986-05-20 At&T Bell Laboratories User authentication system employing encryption functions
US4623919A (en) * 1983-08-11 1986-11-18 Welch James D Method and system for controlling access to transmitted modulated electromagnetic wave carried information
US4654481A (en) * 1983-10-04 1987-03-31 Cellutron Corporation Security system for cordless extension telephones
US4630201A (en) * 1984-02-14 1986-12-16 International Security Note & Computer Corporation On-line and off-line transaction security system using a code generated from a transaction parameter and a random number
DE3420460A1 (en) * 1984-06-01 1985-12-05 Philips Patentverwaltung Gmbh, 2000 Hamburg METHOD FOR DETECTING THE UNAUTHORIZED USE OF AN IDENTIFICATION ASSIGNED TO A MOVABLE RADIO STATION IN A RADIO TRANSMISSION SYSTEM
DE3431726A1 (en) * 1984-08-29 1986-03-13 Philips Kommunikations Industrie AG, 8500 Nürnberg Telecommunications network, in particular mobile radio network, with network-uniformly changeable keys
DE3439120A1 (en) * 1984-10-25 1986-05-07 Philips Kommunikations Industrie AG, 8500 Nürnberg Method for identifying a subscriber station of a telecommunications network
US4672533A (en) * 1984-12-19 1987-06-09 Noble Richard G Electronic linkage interface control security system and method
US4802217A (en) * 1985-06-07 1989-01-31 Siemens Corporate Research & Support, Inc. Method and apparatus for securing access to a computer facility
JPS6231231A (en) * 1985-08-02 1987-02-10 Nec Corp Password collating system
NL8701069A (en) * 1987-05-06 1988-12-01 Nederlanden Staat Password authentication system for mobile communications

Also Published As

Publication number Publication date
US4992783A (en) 1991-02-12
JPH0213035A (en) 1990-01-17
EP0336079A3 (en) 1990-12-19
EP0336079A2 (en) 1989-10-11

Similar Documents

Publication Publication Date Title
CA1314956C (en) Method and apparatus for controlling access to a communication system
US4964163A (en) Method and apparatus for controlling access to a communication system
CA1261395A (en) Method for dynamically regrouping subscribers on a communications system
EP0817518A2 (en) Method for controlled access to a secured system
US5014345A (en) Method for dynamically regrouping subscribers on a communications system
CA2258888C (en) Method and apparatus for monitoring link activity to prevent system deadlock in a dispatch system
US4962449A (en) Computer security system having remote location recognition and remote location lock-out
CA1306503C (en) Shared data/voice communication system with programmable data priority
JP4545948B2 (en) Method and apparatus for providing fair access to users with different signal delays in a group communication system
US6295284B1 (en) Method and apparatus for providing fair access in a group communication system
US5960362A (en) Method and apparatus for access regulation and system protection of a dispatch system
US5103445A (en) Method of adapting a mobile radio communication system to traffic and performance requirements
US5625869A (en) System for preventing unauthorized use of a micro cellular system operating in coexistence with a cellular system
US5572193A (en) Method for authentication and protection of subscribers in telecommunications systems
US6832082B1 (en) Initialization of handsets in a multi-line wireless phone system for secure communications
JP4263748B2 (en) Method and apparatus for efficient system access within a dispatch system
JPH02502958A (en) Improved signaling method for configuring trunk communications
US5267299A (en) Automatic answering telephone apparatus with device to detect a remote control password
WO1995015623A1 (en) A method for controlling a radio unit
US5638055A (en) Communication resource allocation by interrupt status
AU677975B2 (en) Call set-up in a transmission trunking radio system
US5613215A (en) Method of transmitting security codes to communication units
JPS5829669B2 (en) Mobile communication user-only method
CA1326510C (en) Trunked radio repeater system
Taylor et al. TACS-A demand assignment system for FLEETSAT

Legal Events

Date Code Title Description
MKLA Lapsed
MKLA Lapsed

Effective date: 20000323