Browse Prior Art Database

LOCATION IDENTIFICATION to PREVENT UNAUTHORIZED, USER-IMPLEMENTED, DIAL-IN PORTS to COMPUTERS

IP.com Disclosure Number: IPCOM000039789D
Original Publication Date: 1987-Aug-01
Included in the Prior Art Database: 2005-Feb-01
Document File: 4 page(s) / 55K

Publishing Venue

IBM

Related People

Cina, VJ: AUTHOR [+3]

Abstract

This article discloses a means to prevent the utilization of unauthorized dial-in ports to a computer. Access to mainframe computers by means of telephone dial-in ports provides users of those systems with substantially greater system availability and productivity. Dial-in ports, however, represent a risk to the security of programs and data stored and executed in these computers. The risk is presented by the opportunity that dial-in ports present to unauthorized users to gain access to these computing systems. The conventional solution to this problem is the use of a dial back system. Dial back systems only allow access from locations whose telephone numbers are stored on the mainframe.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 37% of the total text.

Page 1 of 4

LOCATION IDENTIFICATION to PREVENT UNAUTHORIZED, USER- IMPLEMENTED, DIAL-IN PORTS to COMPUTERS

This article discloses a means to prevent the utilization of unauthorized dial-in ports to a computer. Access to mainframe computers by means of telephone dial-in ports provides users of those systems with substantially greater system availability and productivity. Dial-in ports, however, represent a risk to the security of programs and data stored and executed in these computers. The risk is presented by the opportunity that dial-in ports present to unauthorized users to gain access to these computing systems. The conventional solution to this problem is the use of a dial back system. Dial back systems only allow access from locations whose telephone numbers are stored on the mainframe. However, terminals which are located within the same premises as the host, and are connected to the host by coaxial cable or other hard wires, are not suspect or tested by any system such as dial back. The safety of the assumption that these in-house terminals are not available to outside, unauthorized users, is degraded by the common practice of using personal computers (PCs) as in-house terminals. If a user equips such a terminal with an auto-answer modem, and executes the appropriate software on the PC terminal, then as unsecured dial-up port will have been created. An unauthorized user can then access the mainframe through this dial-in port. It is the purpose of this disclosure to teach the means by which it can be made impossible to build such an unauthorized dial-in port by means of electronic identification of a site, a user, and the source of this identifying information. The building block on which this system is based is the ABYSS (A Basic Yorktown Security System) processor. This secure computing system is described in detail in [1] and [2], and in the reference. For the purpose of this disclosure, it is sufficient to understand that an ABYSS processor provides a coprocessor system for a PC. This coprocessor has the property that programs which are executed in this coprocessing system are inaccessible for modification either by external hardware or software. Programs executing on an ABYSS coprocessor are able to communicate with the attached PC and can provide services to the programs executing on the PC. The problem of eliminating the creation of dial-in ports by users amounts to the problem of confirming that a user is at the site of the terminal. This means that some technical methods must be provided for identifying a site, identifying a user, and assuring that the source of the identifying information is not forged. Each of these problems will be discussed in turn. It is possible to give a site an electronically detectable "identity." This can be accomplished by using any communications medium that is local to the site. An "identity signal" can be sent through this medium to each terminal in the authorized site. The information carried by...