WO2001015379A1 - Apparatus and method for receiving identification information via a first and a second communication network - Google Patents

Apparatus and method for receiving identification information via a first and a second communication network Download PDF

Info

Publication number
WO2001015379A1
WO2001015379A1 PCT/IL2000/000450 IL0000450W WO0115379A1 WO 2001015379 A1 WO2001015379 A1 WO 2001015379A1 IL 0000450 W IL0000450 W IL 0000450W WO 0115379 A1 WO0115379 A1 WO 0115379A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
identification information
mebuffer
name
user
Prior art date
Application number
PCT/IL2000/000450
Other languages
French (fr)
Inventor
Guy Edelist
Original Assignee
Secucell Ltd.
Kirichenko, Oleg
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Secucell Ltd., Kirichenko, Oleg filed Critical Secucell Ltd.
Priority to AU61793/00A priority Critical patent/AU6179300A/en
Publication of WO2001015379A1 publication Critical patent/WO2001015379A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Definitions

  • the present invention relates to apparatus and methods for authentication. 5
  • servers are secured by providing two blank fields, "user name” and "secret password", in interfaced software. Each user selects or is assigned a secret password which is known only to him or her. The server stores this password in 0 association with the user's name. Only if the user succeeds in entering both user name and secret password is he allowed access to the server.
  • hackers sometimes enter another person's name and then scan rapidly through all possible passwords until the person's password is identified.
  • GSM global system for mobile communications
  • cellular telephone networks 5 are described at an Internet site entitled http://www/gsmworld.com. 133 countries are currently covered by a GSM network.
  • GSM has a two-way messaging feature which allows subscribers to send non-verbal messages to one another.
  • the present invention seeks to provide an improved method for remote verification.
  • a dual network verification method comprising accepting first identification information identifying an individual user via a computer network; accepting second identification information identifying the individual user via a telephone network; and, if said first identification information matches said second identification information, authorizing said user to perform a restricted activity.
  • the restricted activity preferably comprises gaining access to a restricted computerized system.
  • the telephone network supports a caller identification function transmitting a name of a caller over the telephone network to a recipient of a call initiated by the caller
  • the method also comprises a set-up step including storing a name 5 of the individual user, in association with first and second passwords, wherein said name is identical to the name employed by said caller identification function
  • the first identification information accepting step comprises accepting, via the computer network, said name and said first password
  • the second identification information accepting step comprises: accepting, via the telephone network, said second password
  • the if-authorizing step comprises determining, for each incoming call whose name matches a name entered over the computer network, whether the first and second passwords received via the computer network and telephone network respectively correspond to one another.
  • said telephone network comprises a GSM cellular telephone network.
  • a dual network verification method including accepting first identification information identifying an individual user via a first network, accepting second ident'fication information identifying the individual user via a second network and, if the first identification information matches the second identification information, authorizing the user to perform a restricted activity.
  • the restricted activity comprises gaining access to a restricted computerized system.
  • the second network supports a caller identification function transmitting a name of a caller over the second network to a recipient of a call initiated by the caller
  • the method also including a set-up step including storing a name of the individual user, in association with first and second passwords, wherein said name is identical to the name employed by said caller identification function
  • the first identification information accepting step comprises accepting, via the first network, the name and the first password
  • the second identification information accepting step includes accepting, via the second network, the second password, and receiving, via the caller identification function of the second network, the name of the individual user
  • the if-authorizing step comprises determining, for each incoming call whose name matches a name entered over the first network, whether the first and second passwords received via the first network and the second network respectively correspond to one another.
  • a dual network verification system operative in conjunction with first and second networks, the system including a first identifier operative to accept first identification information identifying an individual user via the first network, a second identifier operative to accept second identification information identifying the individual user via the second network and a user authorization unit operative to authorize the user to perform a restricted activity if said first identification information matches said second identification information.
  • the first network comprises a computer network.
  • the second network includes a telephone network.
  • the telephone network comprises a cellular telephone network.
  • the telephone network includes a messaging telephone network.
  • the messaging telephone network includes a two-way messaging telephone network.
  • the two-way messaging cellular telephone network includes a GSM network.
  • the restricted activity includes accessing a restricted network node via the first network.
  • the method also includes the step of sending a warning to the user, if said first identification information does not match said second identification information.
  • Fig. 1 A is a simplified flowchart illustration of set-up by a gateway preparatory to a GSM-Internet based dual network verification working session provided in accordance with a preferred embodiment of the present invention
  • Fig. 1 B is a simplified flowchart illustration of set-up by a user's workstation preparatory to a GSM-Internet based dual network verification working session provided in accordance with a preferred embodiment of the present invention
  • Fig. 2A is a simplified flowchart illustration of operations performed by the gateway in the course of a GSM-Internet based dual network verification working session provided in accordance with a preferred embodiment of the present invention
  • Fig. 2B is a simplified flowchart illustration of operations performed by the user's workstation in the course of a GSM-Internet based dual network verification working session provided in accordance with a preferred embodiment of the present invention
  • Fig. 3 is a simplified block diagram of a GSM-Internet based dual network verification system constructed and operative in accordance with a preferred embodiment of the present invention and suitable for implementing the dual network verification method of Figs. 1A - 2B;
  • Fig. 4 is a simplified self-explanatory diagram of a first protocol for a general dual network verification system, in which thin lines denote password routes provided by the protocol and heavy lines denote networks;
  • Fig. 5 is a simplified self-explanatory diagram of a second protocol for a general dual network verification system, in which thin lines denote password routes provided by the protocol and heavy lines denote networks;
  • Fig. 6 is a simplified self-explanatory diagram of a preferred system for remote-access registration of a first time user
  • Fig. 7 is a simplified self-explanatory flowchart of a preferred mode of operation of the apparatus of Fig. 6.
  • Appendix A is a computer listing of a preferred software embodiment of a client constructed and operative in accordance with a preferred embodiment of the present invention
  • Appendix B is a computer listing of a preferred software embodiment of a server constructed and operative in accordance with a preferred embodiment of the present invention and useful in conjunction with the computer listing of Appendix B.
  • Fig. 1 A is a simplified generally self-explanatory flowchart illustration of set-up by a gateway preparatory to a GSM-Internet based dual network verification working session provided in accordance with a preferred embodiment of the present invention.
  • Fig. IB is a simplified generally self-explanatory flowchart illustration of set-up by a user's workstation preparatory to a GSM-Internet based dual network verification working session provided in accordance with a preferred embodiment of the present invention.
  • the terms "password” and "username” are used generally interchangeably.
  • Fig. 2A is a simplified flowchart illustration of operations performed by the gateway in the course of a GSM-Internet based dual network verification working session provided in accordance with a preferred embodiment of the present invention.
  • Fig. 2B is a simplified generally self-explanatory flowchart illustration of operations performed by the user's workstation in the course of a GSM-Internet based dual network verification working session provided in accordance with a preferred embodiment of the present invention.
  • the terms "user's workstation”, “user's PC 'client'", “user” and “workstation” are used generally interchangeably.
  • Fig. 3 is a simplified block diagram of a GSM-Internet based dual network verification system constructed and operative in accordance with a preferred embodiment of the present invention and suitable for implementing the dual network verification method of Figs. 1A - 2B.
  • Wired network 20 also termed herein "fixed network" 20 connects a multiplicity of computers thereby allowing users to access data in remote servers. Any suitable network implementation and protocol may be employed, such as Internet, to connect the computers together and allow them access to the servers.
  • Server 30 is a gate to other computers or to sensitive stored data and therefore it is important to prevent sabotage to server 30 by users.
  • Server 30, also termed herein
  • gateway 30 may comprise a large system such as an IBM mainframe or a small system such as an IBM PC.
  • the server 30 is a subscriber to a cellular network 60 to which the user also subscribes.
  • step 360 the gateway 30 sends a code to the user via the GSM device which the gateway's database indicates to correspond to that user. If the user is illegitimate, i.e. is not the holder of the GSM device indicated in the gateway's database, then the illegitimate user will not be capable of returning the code to the gateway and will be denied access to the protected computer system 70 because the "if statement of step 370 will not be fulfilled.
  • the newcode is generated for each individual verification session and is stored temporarily only for that session, since it will be replaced for the next verification session.
  • the newcode confirmation of step 370 comprises accessing a newcode from the database, using the telephone number of the sending GSM device as the accessing key, and verifying that the accessed newcode is the same as the newcode received.
  • Fig. 4 is a simplified self-explanatory diagram of a first protocol for a general dual network verification system, in which thin lines denote password routes provided by the protocol and heavy lines denote networks.
  • Fig. 5 is a simplified self-explanatory diagram of a second protocol for a general dual network verification system, in which thin lines denote password routes provided by the protocol and heavy lines denote networks.
  • Fig. 6 is a simplified self-explanatory diagram of a preferred system for remote-access registration of a first time user.
  • Fig. 7 is a simplified self-explanatory flowchart of a preferred mode of operation 5 of the apparatus of Fig. 6.
  • a particular advantage of a preferred embodiment of the present invention is that one of the user's passwords is entered not via the user's client computer but rather by manually keying in the password on the keypad of the cellular phone. This prevents a would-be hacker from rapidly scanning through all possible passwords as is possible
  • the illustrated embodiment is suitable for computer network subscribers who are also GSM subscribers. However, it is appreciated that, more generally, the present invention is suitable for subscribers of any two networks each of which is not completely secure.
  • the role of the GSM network may be replaced even by 15 a conventional telephone network and more preferably, by any other messaging cellular or "stationary" (non-cellular) telephone network.
  • the GSM module associated with the protected site contacts the subscriber over the GSM network, sends him or her a password which the subscriber's computer then sends back through the Internet.
  • the 0 subscriber may contact the site-associated GSM module in which case the site-associated GSM module must typically receive a large volume of messages per unit time.
  • each of 5 the two (or more) passwords which are being used to authenticate the user are communicated between the user and the gateway over different routes, as seen by comparing Figs. 4 and 5.
  • These routes, taken together, typically utilize both networks, as seen in each of Figs. 4 and 5.
  • the routes are as shown in the illustrated embodiments. 0
  • the first password is sent, during set-up. over the first (e.g.
  • the gateway-subscriber contact over the network 5 may be initiated by the subscriber rather than by the gateway.
  • the passwords may be sent from the gateway to the subscriber, during set-up or during an authentication session, over different routes than those described.
  • the passwords may be sent from the subscriber to the gateway, during an authentication session, over different routes than those described.
  • any other suitable protocol may be employed which uses both networks in order to provide two different routes for transferring passwords between the user and the gateway.
  • the term "gateway" is used herein to refer to any functionality that provides any type of selective access, based on authentication, to any type of restricted commodity such as a body of information or a service.
  • Appendix A is a computer listing of a preferred software embodiment of a client constructed and operative in accordance with a preferred embodiment of the present invention
  • Appendix B is a computer listing of a preferred software embodiment of a server constructed and operative in accordance with a preferred embodiment of the present invention and useful in conjunction with the computer listing of Appendix B.
  • Run Visual Basic in the client workstation create a new project, termed "client” inside the Visual Basic environment, and insert the three files of Appendix A into the project, using the following three commands respectively: “add form”, “add module” and “add resource”.
  • In the "file” menu select the "make.exe file” option in order to generate executable files for the client and for the server.
  • the user via external means, and the telephone number of the user's GSM module, and keys this information into a "username" field and an associated "GSM phone number” field.
  • the server the "secret data” field, in the present embodiment
  • s/he enters his username in response to a suitable prompt and confirms by clicking or pressing ENTER.
  • the system then automatically transfers the username for verification by the server which then either provides or refuses to provide access to the "secret data” field.
  • the content of the "secret data” field appears on the screen of the user's workstation, if and only if the user is verified by the server.
  • the three wire cable typically comprises two female DB9 connectors.
  • the first wire connects pin 5 of the two DB9 connectors.
  • the second wire connects pin 2 of the first DB9 connector to pin 3 of the second DB9 connector.
  • the third wire connects pin 3 of the first DB9 connected to pin 2 of the second DB9 connector.
  • the software components of the present invention may, if desired, be implemented in ROM (read-only memory) form.
  • the software components may, generally, be implemented in hardware, if desired, using conventional techniques.
  • CCCS Left (MEBuffer, 2) ' Central Service address len.
  • CCCS Mi ⁇ (MEBuffer, 3, FS * 2 )
  • Msg. type is not SMS-DELIVER. 5379 frmClient - 3 End If
  • MEBuffer R_gnt (MEBuffer, Len (MEBuf er) - 2)
  • CCCS Lef 'MEBuffer, 2)
  • bCnc Val t "Sri" + CCCS) ' originating address len. in semi-octets
  • MEBuffer Rign (MEBu er, Len (MEBuffer) - 1)
  • SSSS Lef (MEBuffer, 1)
  • MEEuffer Rignt (MEBuffer, Len (MEBuffer) - 1)
  • DDDS DDDS & SSSS & CCCS Next
  • MEBuffer Righ (MEBuf er, Len (MEBuf er) - 1)
  • DDDS DDDS 4 SSSS 4 CCCS S ' read Mounth
  • CCCS Left (MEBu fer, 1)
  • MEBuffer Rignt (MEBu fer, Len (MEBuf er) - 1)
  • SSSS Left (ME3uffer, 1)
  • MEBuffer Rign (MEBuffer, Len (MEBuf er) - 1)
  • DDDS DDD$ 4 SSSS 4 CCCS 4 " " ' read Hour
  • MEBuffer Right (MEBu fer, Len (MEBuffer) - 1)
  • SSSS Left (MEBuffer, 1)
  • MEBuffer Rignt (MEBuffer, Len (MEBuffer) - 1)
  • SSSS Lef (MEBuffer, 1)
  • MEBuffer Rignt (MEBuffer, Len (MEBuffer) - 1)
  • DDDS DDDS 4 SSSS 4 CCCS 4 " : " ' read Sec
  • MEBuffer Right (MEBuffer, Len (MEBuffer) - 1)
  • SSSS Left (ME3uffer, 1)
  • MEBuffer Rignt (MEBuf er, Len (MEBuffer) - 1)
  • DDDS DDDS 4 SSSS 4 CCCS ' eat T me Zone
  • MEBuffer MEBuffer 4 SSSS End If
  • MEBuffer MEBuffer S SSSS Loop Until InStr (MEBuffer, vbCrLf)
  • NOC Val ("4H" S CCCS)
  • CN2 - CN2 ⁇ [2 - (8 - CharNmb))
  • ChPo t ChPomt + 2
  • StrmgOut ⁇ trmgOut 4 SSSS
  • CCCS Mid (Strmgln, ChPoint, 1)
  • ChPoint ChPoint + 1 Loop
  • SSSS SSSS 4 M ⁇ d(Addr ⁇ tr, ⁇ %, 1)
  • SSSS SSSS 4 Mid (AddrStr, ⁇ % - 1, 1)
  • strPDU strPDU 4 "A7"
  • CCCS Chr(13) 4 Chr(lO) & Chr(62) s hr(32)
  • MEBuffer MEBuffer 4 SSSS End If Loop Until InStr (MEBuffer, CCCS)
  • MEBuffer MEBuffer 4 SSSS End If If InStr (MEBuffer, "CMS ERROR") Then
  • Width 2535 379 frmServer - 3
  • Public strDate As String Public strFromAddr As String Public strToA ⁇ cr As String Public strMsg As String
  • CCCS M ⁇ d ( StrmgIn, ChPomt, 2 )
  • NOC Val ( "4H” 4 CCCS )
  • StrmgOut StrmgOut s SSSS
  • CN2 CN2 ⁇ (2 ⁇ (8 - CharNmb))
  • ChPoint ChPoint -t 2
  • BBuff ( ⁇ *) BBuff( ⁇ ) ⁇ 2
  • CCCS Mid(StringIn, ChPoint, 1)
  • ChPoint ChPoint + 1 Loop

Abstract

A dual network verification method including accepting first identification information identifying an individual user via a first network, accepting second identification information identifying the individual user via a second network, and if the first identification information matches the second identification information, authorizing the user to perform a restricted activity.

Description

APPARATUS & METHOD FOR RECEIVING IDENTIFICATION INFORMATION VIA A FIRST AND A SECOND COMMUNICATION NETWORK I I I UIM V IA A HRST AND A
The present invention relates to apparatus and methods for authentication. 5
BACKGROUND OF THE INVENTION
Conventionally, servers are secured by providing two blank fields, "user name" and "secret password", in interfaced software. Each user selects or is assigned a secret password which is known only to him or her. The server stores this password in 0 association with the user's name. Only if the user succeeds in entering both user name and secret password is he allowed access to the server.
However, hackers sometimes enter another person's name and then scan rapidly through all possible passwords until the person's password is identified.
GSM ("global system for mobile communications") cellular telephone networks 5 are described at an Internet site entitled http://www/gsmworld.com. 133 countries are currently covered by a GSM network. GSM has a two-way messaging feature which allows subscribers to send non-verbal messages to one another.
The disclosures of all publications mentioned in the specification and of the publications cited therein are hereby incorporated by reference. 0
SUMMARY OF THE INVENTION The present invention seeks to provide an improved method for remote verification.
There is thus provided in accordance with a preferred embodiment of the present 5 invention a dual network verification method comprising accepting first identification information identifying an individual user via a computer network; accepting second identification information identifying the individual user via a telephone network; and, if said first identification information matches said second identification information, authorizing said user to perform a restricted activity. 0 The restricted activity preferably comprises gaining access to a restricted computerized system.
Preferably, the telephone network supports a caller identification function transmitting a name of a caller over the telephone network to a recipient of a call initiated by the caller, the method also comprises a set-up step including storing a name 5 of the individual user, in association with first and second passwords, wherein said name is identical to the name employed by said caller identification function; the first identification information accepting step comprises accepting, via the computer network, said name and said first password; the second identification information accepting step comprises: accepting, via the telephone network, said second password; and receiving, via the caller identification function of the telephone network, the name of the individual user; and the if-authorizing step comprises determining, for each incoming call whose name matches a name entered over the computer network, whether the first and second passwords received via the computer network and telephone network respectively correspond to one another.
Preferably, said telephone network comprises a GSM cellular telephone network. There is also provided, in accordance with a preferred embodiment of the present invention, a dual network verification method including accepting first identification information identifying an individual user via a first network, accepting second ident'fication information identifying the individual user via a second network and, if the first identification information matches the second identification information, authorizing the user to perform a restricted activity. r'urtlrr in accordance with a preferred embodiment of the present invention, the restricted activity comprises gaining access to a restricted computerized system.
Still further in accordance with a preferred embodiment of the present invention, the second network supports a caller identification function transmitting a name of a caller over the second network to a recipient of a call initiated by the caller, the method also including a set-up step including storing a name of the individual user, in association with first and second passwords, wherein said name is identical to the name employed by said caller identification function, wherein the first identification information accepting step comprises accepting, via the first network, the name and the first password, wherein the second identification information accepting step includes accepting, via the second network, the second password, and receiving, via the caller identification function of the second network, the name of the individual user, and wherein the if-authorizing step comprises determining, for each incoming call whose name matches a name entered over the first network, whether the first and second passwords received via the first network and the second network respectively correspond to one another.
Additionally provided, in accordance with another preferred embodiment of the present invention, is a dual network verification system operative in conjunction with first and second networks, the system including a first identifier operative to accept first identification information identifying an individual user via the first network, a second identifier operative to accept second identification information identifying the individual user via the second network and a user authorization unit operative to authorize the user to perform a restricted activity if said first identification information matches said second identification information.
Further in accordance with a preferred embodiment of the present invention, the first network comprises a computer network.
Still further in accordance with a preferred embodiment of the present invention, the second network includes a telephone network.
Additionally in accordance with a preferred embodiment of the present invention, the telephone network comprises a cellular telephone network.
Still further in accordance with a preferred embodiment of the present invention, the telephone network includes a messaging telephone network. Additionally in accordance with a preferred embodiment of the present invention, the messaging telephone network includes a two-way messaging telephone network.
Still further in accordance with a preferred embodiment of the present invention, the two-way messaging cellular telephone network includes a GSM network.
Additionally in accordance with a preferred embodiment of the present invention, the restricted activity includes accessing a restricted network node via the first network.
Further in accordance with a preferred embodiment of the present invention, the method also includes the step of sending a warning to the user, if said first identification information does not match said second identification information.
BRIEF DESCRIPTION OF THE DRAWINGS AND APPENDICES
The present invention will be understood and appreciated from the following detailed description, taken in conjunction with the drawings and appendices in which:
Fig. 1 A is a simplified flowchart illustration of set-up by a gateway preparatory to a GSM-Internet based dual network verification working session provided in accordance with a preferred embodiment of the present invention;
Fig. 1 B is a simplified flowchart illustration of set-up by a user's workstation preparatory to a GSM-Internet based dual network verification working session provided in accordance with a preferred embodiment of the present invention;
Fig. 2A is a simplified flowchart illustration of operations performed by the gateway in the course of a GSM-Internet based dual network verification working session provided in accordance with a preferred embodiment of the present invention;
Fig. 2B is a simplified flowchart illustration of operations performed by the user's workstation in the course of a GSM-Internet based dual network verification working session provided in accordance with a preferred embodiment of the present invention; Fig. 3 is a simplified block diagram of a GSM-Internet based dual network verification system constructed and operative in accordance with a preferred embodiment of the present invention and suitable for implementing the dual network verification method of Figs. 1A - 2B;
Fig. 4 is a simplified self-explanatory diagram of a first protocol for a general dual network verification system, in which thin lines denote password routes provided by the protocol and heavy lines denote networks; Fig. 5 is a simplified self-explanatory diagram of a second protocol for a general dual network verification system, in which thin lines denote password routes provided by the protocol and heavy lines denote networks;
Fig. 6 is a simplified self-explanatory diagram of a preferred system for remote-access registration of a first time user; and Fig. 7 is a simplified self-explanatory flowchart of a preferred mode of operation of the apparatus of Fig. 6.
Attached herewith are the following appendices which aid in the understanding and appreciation of one preferred embodiment of the invention shown and described herein: Appendix A is a computer listing of a preferred software embodiment of a client constructed and operative in accordance with a preferred embodiment of the present invention;
Appendix B is a computer listing of a preferred software embodiment of a server constructed and operative in accordance with a preferred embodiment of the present invention and useful in conjunction with the computer listing of Appendix B.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever.
Fig. 1 A is a simplified generally self-explanatory flowchart illustration of set-up by a gateway preparatory to a GSM-Internet based dual network verification working session provided in accordance with a preferred embodiment of the present invention.
Fig. IB is a simplified generally self-explanatory flowchart illustration of set-up by a user's workstation preparatory to a GSM-Internet based dual network verification working session provided in accordance with a preferred embodiment of the present invention. In the illustrated embodiment, the terms "password" and "username" are used generally interchangeably.
Fig. 2A is a simplified flowchart illustration of operations performed by the gateway in the course of a GSM-Internet based dual network verification working session provided in accordance with a preferred embodiment of the present invention.
Fig. 2B is a simplified generally self-explanatory flowchart illustration of operations performed by the user's workstation in the course of a GSM-Internet based dual network verification working session provided in accordance with a preferred embodiment of the present invention. In the illustrated embodiment, the terms "user's workstation", "user's PC 'client'", "user" and "workstation" are used generally interchangeably.
Fig. 3 is a simplified block diagram of a GSM-Internet based dual network verification system constructed and operative in accordance with a preferred embodiment of the present invention and suitable for implementing the dual network verification method of Figs. 1A - 2B.
Wired network 20, also termed herein "fixed network" 20, connects a multiplicity of computers thereby allowing users to access data in remote servers. Any suitable network implementation and protocol may be employed, such as Internet, to connect the computers together and allow them access to the servers.
Server 30, is a gate to other computers or to sensitive stored data and therefore it is important to prevent sabotage to server 30 by users. Server 30, also termed herein
"gateway" 30, may comprise a large system such as an IBM mainframe or a small system such as an IBM PC. The server 30 is a subscriber to a cellular network 60 to which the user also subscribes.
As indicated in Fig. 2A, step 360, the gateway 30 sends a code to the user via the GSM device which the gateway's database indicates to correspond to that user. If the user is illegitimate, i.e. is not the holder of the GSM device indicated in the gateway's database, then the illegitimate user will not be capable of returning the code to the gateway and will be denied access to the protected computer system 70 because the "if statement of step 370 will not be fulfilled.
Typically, the newcode is generated for each individual verification session and is stored temporarily only for that session, since it will be replaced for the next verification session. Typically the newcode confirmation of step 370 comprises accessing a newcode from the database, using the telephone number of the sending GSM device as the accessing key, and verifying that the accessed newcode is the same as the newcode received.
Fig. 4 is a simplified self-explanatory diagram of a first protocol for a general dual network verification system, in which thin lines denote password routes provided by the protocol and heavy lines denote networks.
Fig. 5 is a simplified self-explanatory diagram of a second protocol for a general dual network verification system, in which thin lines denote password routes provided by the protocol and heavy lines denote networks.
Fig. 6 is a simplified self-explanatory diagram of a preferred system for remote-access registration of a first time user.
Fig. 7 is a simplified self-explanatory flowchart of a preferred mode of operation 5 of the apparatus of Fig. 6.
A particular advantage of a preferred embodiment of the present invention is that one of the user's passwords is entered not via the user's client computer but rather by manually keying in the password on the keypad of the cellular phone. This prevents a would-be hacker from rapidly scanning through all possible passwords as is possible
I o when passwords are entered via computer.
The illustrated embodiment is suitable for computer network subscribers who are also GSM subscribers. However, it is appreciated that, more generally, the present invention is suitable for subscribers of any two networks each of which is not completely secure. In particular, the role of the GSM network may be replaced even by 15 a conventional telephone network and more preferably, by any other messaging cellular or "stationary" (non-cellular) telephone network.
In the illustrated embodiment, the GSM module associated with the protected site contacts the subscriber over the GSM network, sends him or her a password which the subscriber's computer then sends back through the Internet. Alternatively, however, the 0 subscriber may contact the site-associated GSM module in which case the site-associated GSM module must typically receive a large volume of messages per unit time.
More generally, it is appreciated that in an authentication protocol constructed and operative in accordance with a preferred embodiment of the present invention, each of 5 the two (or more) passwords which are being used to authenticate the user are communicated between the user and the gateway over different routes, as seen by comparing Figs. 4 and 5. These routes, taken together, typically utilize both networks, as seen in each of Figs. 4 and 5. However, it is not necessarily the case that the routes are as shown in the illustrated embodiments. 0 In other words, it is not necessarily the case that the first password is sent, during set-up. over the first (e.g. computer) network to the user, and during use, the user sends the first password back to the gateway, and during use, the gateway generates a second password and sends it over the second (e.g. telephone) network to the user who returns it over the first network. Alternatively, the gateway-subscriber contact over the network 5 may be initiated by the subscriber rather than by the gateway. Also, the passwords may be sent from the gateway to the subscriber, during set-up or during an authentication session, over different routes than those described. Also, the passwords may be sent from the subscriber to the gateway, during an authentication session, over different routes than those described. Similarly, any other suitable protocol may be employed which uses both networks in order to provide two different routes for transferring passwords between the user and the gateway. The term "gateway" is used herein to refer to any functionality that provides any type of selective access, based on authentication, to any type of restricted commodity such as a body of information or a service.
Appendix A is a computer listing of a preferred software embodiment of a client constructed and operative in accordance with a preferred embodiment of the present invention;
Appendix B is a computer listing of a preferred software embodiment of a server constructed and operative in accordance with a preferred embodiment of the present invention and useful in conjunction with the computer listing of Appendix B.
To run the embodiment of Appendices A and B, which are written in Visual Basic Version 5.0:
Open a folder in the client workstation and create three new files for the client, called "frmclient.frm", "smsmodule.bas" and "frmclient.rc". Code the contents of these three files, as set forth in Appendix A, into these three files respectively.
Similarly, open a folder in the server workstation and create three new files for the server, called "frmserver.frm", "smsmodule.bas" and "frmserver.rc". Code the contents of these three files, as set forth in App ndix B, into these three files respectively.
Run Visual Basic in the client workstation, create a new project, termed "client" inside the Visual Basic environment, and insert the three files of Appendix A into the project, using the following three commands respectively: "add form", "add module" and "add resource". Run Visual Basic in the server workstation and create a new project, termed "server" inside the Visual Basic environment and insert the three files of Appendix B into the project, using the following three commands respectively: "add form", "add module" and "add resource". Build the project in each of the client and the server in the Visual Basic environment. In the "file" menu, select the "make.exe file" option in order to generate executable files for the client and for the server.
Connect a first GSM module to the COM1 serial port of the server and a second GSM module to the COM1 serial port of the client (user workstation 10). Connect the server's COM2 port to the client's COM2 port, e.g. using a three-wire cable as described below. Run the executable files of the client and of the server. In the embodiment of Appendices A and B, the information protected by the server resides in a field termed "secret data". Data may be stored in the "secret data" field by entering that data via the server workstation into the "secret data" field. To enter a new user into the server's database, the server operator receives a username, e.g. from the user via external means, and the telephone number of the user's GSM module, and keys this information into a "username" field and an associated "GSM phone number" field. When the user so entered wishes to gain access to the information protected by the server (the "secret data" field, in the present embodiment), s/he enters his username in response to a suitable prompt and confirms by clicking or pressing ENTER. The system then automatically transfers the username for verification by the server which then either provides or refuses to provide access to the "secret data" field. In the illustrated embodiment, the content of the "secret data" field appears on the screen of the user's workstation, if and only if the user is verified by the server.
The three wire cable typically comprises two female DB9 connectors. The first wire connects pin 5 of the two DB9 connectors. The second wire connects pin 2 of the first DB9 connector to pin 3 of the second DB9 connector. The third wire connects pin 3 of the first DB9 connected to pin 2 of the second DB9 connector.
It is appreciated that the software components of the present invention may, if desired, be implemented in ROM (read-only memory) form. The software components may, generally, be implemented in hardware, if desired, using conventional techniques.
It is appreciated that the particular embodiment described in the Appendices is intended only to provide an extremely detailed disclosure of the present invention and is not intended to be limiting.
It is appreciated that various features of the invention which are, for clarity, described in the contexts of separate embodiments may also be provided in combination in a single embodiment. Conversely, various features of the invention which are, for brevity, described in the context of a single embodiment may also be provided separately or in any suitable subcombination.
It will be appreciated by persons skilled in the art that the present invention is not limited to what has been particularly shown and described hereinabove. Rather, the scope of the present invention is defined only by the claims that follow: Appendix A
© SecuCell LTD.
1999
Apparatus and method for dual network security.
15379 frmClient - 1
Option Explicit
Const REQUEST = "R" Const ANSWER = "A"
Const NOACCESΞ_ = 1
Dim PCBuffer As String
Dim bEOR As Boolean Dim bOK As Boolean
Private SUD cmdE.-_ t_Cl_.ckO
If MSComml . PortOpen = True Then
MSComrru . PortOpen = False End If If MSComm2. PortOpen = True Then
MSComm2. PortOpen = False End If End , End Sue
Private Sub Form_ oad O
MSComml. PortOpen = True MSCorπml . RThresnold = 1 MSComm2. PortOpen = True MSComm2. RThresnold = 0 lbStatus. Caption = '* Checking GSM Module presence..."
' initialize GM-12 If SendCιr. ("ATVl") = False Then
MsgBox "Error m ATV1"
Figure imgf000012_0001
End If If SendCmd ("ATEO") = False Then
MsgBox "Error in ATEO"
Figure imgf000012_0002
End If If Ser.dCmd("AT-^CMEE=l") = False Then
MsgBox "Error in +CMEE"
Figure imgf000012_0003
End If If SendCmd ("AT+CPMS=""ME ) = False Then
MsgBox "Error m +CPMS"
Exit SUD End If MEBuffer = "" lbStatus. Caption = " GSM Module OK"
End Sub
Private Sub txtUser_KeyPress (KeyAscn As Integer) If KeyAscii = 13 Then
MSComm2. Output = REQUEST
MSCorπm2.Output = t tUser.Text lbStatus . Caption = " Waiting for entry code..."
If SendCmdA("AT+CNMI=3, 1") = False Then lbStatus. Caption = " Error in GSM Module'" End If End If End SUD
Function SendCmd (C d As String) As Boolean MEBuffer = "" bEOR = False MSComml .Output = Cmd _ Chr(13) 379 frmClient - 2
Do
DoEvents Loop Until bEOR SendCmd = bOK bOK = False End Function
Function SendCmd Cmd As String) As Boolean Dim Char As String
MEBuffer = ""
MSComml. Output = Cmd & Chr(13)
Do
DoEvents
Char = MSComml. Input
If Char <> "" Then
ME3uffer = MEBuffer £ Char End If
If InSt (MEBuffer, "ERROR" & vbCrLf) Then SenαCmαA = False Ex t Function ind If
If InStr (MEBuffer, "+CME ERROR: ") Then SendCmdA = False Exit Function End If Loop Until Righ (MEBuffer, 4) = "OK" & vbCrLf SendCmdA - True End Function Sub Ea CRLFO D :. S".r$ MEBuffer = "" Do
DoEvents
SSSS = MSComml . Input
If SSSS <> "" Then
MEBuffer = MEBuffer & SSS$ End If Loop Until MEBuffer = vbCrLf End Sub
Public Sub ProcessPDUO
' 07 917952140230F2 040B917952846157F50000993002510533000141 (PDU)
Dim FΞ As Long
Dim CCCS, DDDS, SSSS
Dim DigBuf As Integer
Dim Temp As Integer
Dim bCnt As Byte
Dim ι_ strDate = "" strFromAddr = "" strMsg = " "
CCCS = Left (MEBuffer, 2) ' Central Service address len.
FΞ = Val ("SH" -l- CCCS)
' read Central Service Address
CCCS = Miα (MEBuffer, 3, FS * 2 )
' type of CSA address
DigBuf = Val (Left (MEBuffer, 2))
' cut Central Service Address MEBuffer = Right (MEBuf er, Len (MEBuf er) - (FS * 2 + 2))
' read Message Type
CCCS = Left (MEBuffer, 2)
Temp = ValO'SH" + CCCS) ' Message Type
If Temp And 3 Then
'MsgBox "Msg. type is not SMS-DELIVER." 5379 frmClient - 3
Figure imgf000014_0001
End If
'bMoreToSenα = Temp And 4 ' More Msg To Send Flag If Temp And 64 Then
'MsgBox "Msg. with header."
Figure imgf000014_0002
End If
' reaα originating address
MEBuffer = R_gnt (MEBuffer, Len (MEBuf er) - 2) CCCS = Lef 'MEBuffer, 2) bCnc = Val t "Sri" + CCCS) ' originating address len. in semi-octets
' eat adαr. len. ana type MEBuffer = R. n (MEBuffer, Len (MEBuffer) - 4)
DDDS = ""
For ιi = 1 To oCnt Step 2
CCCS = Lef 'MEBuffer, 1!
MEBuffer = Rign (MEBu er, Len (MEBuffer) - 1) SSSS = Lef (MEBuffer, 1)
MEEuffer = Rignt (MEBuffer, Len (MEBuffer) - 1) DDDS = DDDS & SSSS & CCCS Next
ΞtrFromAddr = Tri (Ξt (Val (DDDS) ) ) ' eat PID
MEBuffer = Rign (MEBuffer, Len (MEBuffer) - 2) ' read Data Coαmg Scneme CCC$ = Left (MEBuffer, 2)
MEBuffer = Rignt (MEBuffer, Len (MEBuffer) - 2) If Val (CCCS) Then GoTo ErrDo DDDS = "" ' read Year
CCCS = Left (MEBuffer, 1)
MEBuffer = Right (MEBuf er, Len (MEBuffer) * - 1) SSS$ = Left (MEBuffer, 1)
MEBuffer = Righ (MEBuf er, Len (MEBuf er) - 1) DDDS = DDDS 4 SSSS 4 CCCS S ' read Mounth CCCS = Left (MEBu fer, 1)
MEBuffer = Right (MEBuffer, Len (MEBuffer) - 1) SSSS = Left (MEBuffer, 1)
MEBuffer = Right (MEBuffer, Len (MEBuf er) - 11 DDDS = DDDS 4 SSSS 4 CCCS S ", " ' read Day
CCCS = Left (MEBuffer, 1)
MEBuffer = Rignt (MEBu fer, Len (MEBuf er) - 1) SSSS = Left (ME3uffer, 1)
MEBuffer = Rign (MEBuffer, Len (MEBuf er) - 1) DDDS = DDD$ 4 SSSS 4 CCCS 4 " " ' read Hour
CCCS = Left (MEBuffer, 1)
MEBuffer = Right (MEBu fer, Len (MEBuffer) - 1) SSSS = Left (MEBuffer, 1)
MEBuffer = Right (MEBuffer, Len (MEBuf er) - 1) DDDS = DDDS 4 SSSS 4 CCCS 4 ":" ' read Mm
CCCS = Left (MEBuffer, 1)
MEBuffer = Rignt (MEBuffer, Len (MEBuffer) - 1) SSSS = Lef (MEBuffer, 1)
MEBuffer = Rignt (MEBuffer, Len (MEBuffer) - 1) DDDS = DDDS 4 SSSS 4 CCCS 4 " : " ' read Sec
CCCS = Left (MEBuffer, 1)
MEBuffer = Right (MEBuffer, Len (MEBuffer) - 1) SSSS = Left (ME3uffer, 1)
MEBuffer = Rignt (MEBuf er, Len (MEBuffer) - 1) DDDS = DDDS 4 SSSS 4 CCCS ' eat T me Zone MEBuffer = Right (MEBuffer, Len (MEBu fer) - 2) strDate = Forma (DDDS) 379 frmClient - 4
' read Numcer Of Characters
CCCS = Left (MEBuffer, 2)
MEBuffer = Right (MEBuffer, Len (MEBuffer) - 2)
Temp = Val("4H" 4 CCCS) strMsg = Trim (TextUnConvert (Temp, MEBuffer))
Figure imgf000015_0001
ErrDo :
MsgBox "Invalid PDU. "
Exit Sub End Sub
Sub ProcessNe Msg O Dim l1
Dim FS As Long Dim SSSS Dim MMMS Dim MIndex Dim d%
Dim MEBufferT As String Dim sEName As String
MEBufferT = MEBuffer
' disable unsolicited results
If SendCmdA ("AT+CNMI=3, 0") = False Then
MsgBox "Error in +CNMI"
GoTo ExitLbl End If
FΞ = InStr (MEBufferT, "+CMTI: ") ' find memory type MMM$ = Mid (MEBufferT, FS + 8, 2) ' find memory index MIndex = Val (Mid (MEBufferT, FS + 12, 2))
' Set-up memory for reading
'MSComml. Output = "AT-.CPMS=" & SSSS 4 Chr(13)
If SendCmdA ("AT+CPMS=" £ " 4 MMMS 4 "•••") = False Then
MsgBox "Error in +CPMS"
GoTo ExitLbl End If
' reaα message
MSComml. Output = "AT+CMGR=" 4 Str(MIndex) 4 Chr(13)
EatCRLF
MEBuffer = ""
Do
DoEvents
SSSS = MSComml. Input
If SSSS <> "" Then
MEBuffer = MEBuffer 4 SSSS End If
If InStr (MEBuffer, "ERROR" 4 VbCrLf) Then MsgBox "Error in +CMGR" GoTo ExitLbl Elself InSt (MEBuffer, "+CME ERROR: ") Then MsgBox "Error in +CMGR" GoTo ExitLbl End If Loop Until InStr (MEBuffer, "+CMGR:") And InStr (MEBu fer, vbCrLf)
FΞ = InStr (SSSS, "+CMGR: ") d% = Val (Mid (MEBuffer, FS + 7, 1))
If d_ <> 0 Then
MsgBox "Old Message."
GoTo ExitLbl ' old message End If
New message frmClient - 5
MEBuffer = "" Do
DoEvents
SSSS = MSComml. Input
If SΞΞS <> "" Then
MEBuffer = MEBuffer S SSSS Loop Until InStr (MEBuffer, vbCrLf)
ProcessPDU
SSSS = strMsg
'Get coαe lbStatus . Caption = ΞΞSS 4 " entry code had been received. Sending its back to server.
MΞComm2.Output = "A"
MSComml .Output = strMsg 4 Chr(13)
MSComm . InBufferCount = 0
MMMS = "Access: "
SΞΞS = ""
Do
SSSS = SSSS 4 MMMS
DoEvents
MMMS = MSComm2. Input
If MMMS = Chr(ll) Then lbStatus = "ACCESS DENIED"
Figure imgf000016_0001
End If Loop Until MMMS = Chr(13)
If ΞSSS <> "" And Left (SSSS, 1) <> Chr(ll) Then txtData = SSSS lbStatus = "OK" End If ExitLbl : End Sub
Private Sub MΞComml_OnComm( ) Dim Char As String
Char = MSComml . Input
Figure imgf000016_0002
MEBuffer = MEBuffer 4 Char
If InStr (MEBuffer, "OK" 4 vbCrLf) Then ' OK bOK = True bEOR = True Elself InStr (MEBuffer, "ERROR" 4 vbCrLf) Then ' OK bEOR = True Elself InStr (MEBuffer, "+CMΞ ERROR: ") Then ' ME Error bEOR = True End If
1 Check unsolicited results If InStr (MEBuffer, "+CMTI: ") Then ' new msg
MΞComml.RThreshold = 0 Do
DoEvents
Char = MSComml . Input
If Char <> "" Then
MEBuffer = MEBuffer 4 Char
End If Loop Until Right (MEBuffer, 2) = vbCrLf
ProcessNewMsg
MΞCo mi .RThreshold = 1 End If
End SUD frmClient - 1
VERSION 5.00
Object = "(648A5603-2C6E-101B-82B6-000000000014}#1.1#0"; "MΞCOMM32.OCX"
Begin VB.Form frmClient
Caption = "PCl ent"
ClientHeight = 4290
ClientLeft = 60
ClientTop = 345
ClientWiαth = 5970
LmkTopic = "Forml"
ScaieHeignt = 4290
ScaleWidtr. = 5970
ΞtartUpPosition = 3 'Windows Default
Begin VB.CommamdButton cmαExit
Caption = "Exit"
Height = 615
Left = 120
Taolnαex = 5
Top = 240
Width = 735
Enα
Begin MΞCommL b. .MSCoimm MΞComm2
'Left = 5040
Top = ι320
ExtentX = 100s
ExtentY = 1005
Version = 327680
CommPort = _.
DTREnable = 0 'False
InputLen = 1
End
Begin MSCorr- _.ib. MSComm MSComml
Left = 5040
Top = 360
_ExtentX = 1005
__ExtentY = 1005
Version = 327680
DTREnable = 0 ' False
InputLen = 1
RThreshold = 1
End
Begin VB.TextβOM txtData
Height = 735
Left = 120C
Tablnαex = 2
Top = 2160
Widtn = 3375
End
Begin VB.TextBox txtU :ser
Alignment = 2 ' Center
Height = 375
Left = 1200
Tablndex = 1
Top = 960
Width = 3375
End
Begin VB. abel lbStatus
BorderΞtyle = 1 ' Fixed Single
Height = 975
Left = 240
Taolndex = 4
Top = 3120
Widtn = 5535
End
Begin VB. Label Label2
Alignment = 2 'Center
Caption = "Data: "
BegmProperty Font
Name = "MS Sans Serif"
Figure imgf000017_0001
Charset 177
Weight 400 frmClient - 2
Underline 0 'False
Italic 0 ' False
Stπkethrough 0 'False
EndProperty
Height = 375
Left = 1800
Tablndex = 3
Top = 1680
Width ~ 2175
End
erif"
Figure imgf000018_0001
End
379
SMSModule - 1
Public MEBuffer As String Public bRanαom As Boolean Public cPassword_l As String Public cPASΞWORD As String Public cFROMADDR As String
PuDl c strDate As String Public strFromAαdr As String Public strToAdαr As String Public strMsg As String
Dim BBuf (0 Ti 160) As Byte
Public Function TextUnConvert (NumOfChar As Integer, Strmgln As String) As String Dim CharNmD As Integer, NOC As Integer, ChPomt As Integer Dim CNl As 3yte, CN2 As Byte, MASK As Byte, MASK2 As Byte Dim Temυ As Integer Dim SSSS, CCCS
ΞtrmgOut = ""
If Strmgln = "" Then Exit Function
CharNmb = 1 ChPomt = 1 CN2 = 0 Do
CCC^ = MidfStπngln, ChPomt, 2)
NOC = Val ("4H" S CCCS)
Temp = NOC * (2 Λ (CharNmb - 1))
CNl = CByte(Temp And 255)
CNl = CNl And 127
CNl = CNl Or CN2
SSSS = Chr(CNl)
StπngOut = Str gOut 4 SSSS
MASK = 255 \ (2 Λ CharNmb)
MASK = Not MASK
CN2 = CByte(NOC) And MASK
CN2 =- CN2 \ [2 - (8 - CharNmb))
CharNrt--. = CharNmb + 1
ChPo t = ChPomt + 2
If CharNmD = 8 Then
SSSS = Chr(CN2)
StrmgOut = ΞtrmgOut 4 SSSS
CharNmD = 1
CN2 = 0 End If
NumOfChar = NumOfChar - 1 Loop Until NumOfChar = 0
TextUnConvert = StrmgOut End Function
Sub RotateBBuff (ByVal CNl As Byte) Dim ι%
Dim Flag As Boolean Dim Temp As Byte
If CNl Mod 2 Then
Flag = True Else
Flag = False End If
For 1. = 0 To 159
Temp = BBuff (i s ) BBuf f (ι -> l = BBuff d e ) \ 2 If Flag = True Then
BBuf f , ι _ ) = BBuff ( ι - ) Or 128 SMSModule - 2
Else
BBuff (ι ) = BBuff (ι%) And 127 End If If Temp Mod 2 Then
Flag = True Else
Flag = False End If Next
End Sub
Function Beg BBuff ( ) As Integer Dim ι% For ι5 = 0 To 159
If BBuf (ι%) = -1 Then BegmBBuff = iS - 1
Figure imgf000020_0001
End If Next
End Function
Public Fui.ct_.on TextConvert (Strmgln As String) As String
Dim ι%
Dim CharNmb As Integer, NOC As Integer, ChPomt As Integer
Dim CNl As Byte, CN2 As Byte, BufLen As Integer
Dim Temp As Integer
Dim SSSS, CCCS
Dim StrmgOut As String
StπnσOut = ""
If Str gln = "" Then Exit Function
ChPoint = 1 NOC = 0 BufLen -- J Do
CCCS = Mid (Strmgln, ChPoint, 1)
CNl = A≤c(CCCS) And 127
Figure imgf000020_0002
For i% = 1 To 7
RotateBBuff (CNl)
CNl = CNl \ 2
NOC = NOC + 1
If (NOC Mod 8) = 0 Then BufLen = BufLen + 1 Next
ChPoint = ChPoint + 1 Loop
ChPoint = (Len(StnπgΙn) - 1) Mod 8 For is = 1 To ChPoint
RotateBBuff (0)
NOC = NOC + 1
If (NOC Mod 8) = 0 Then BufLen = BufLen + 1 Next ι% = BufLen - 1 Do
CNl = BBuff(lϊ) \ 16
CN2 = BBuff (1%) And 15
CCCS = Hex (CNl) 4 Hex(CN2)
StrmgOut = StrmgOut 4 CCCS ι% = i s - 1 Loop Until i . < 0 TextConvert = StrmgOut End Function Appendix B.
© SecuCell LTD.
1999
Apparatus and method for dual network security.
frmServer - 1
Option Explicit Const REQUEST = "R" Const ANSWER = "A" Const NOACCEΞS_ = 11 Dim MEBuffer As String Dim PCBuffer As String Dim bEOR As Boolean Dim bOK As Boolean Dim bFlag As Boolean Dim PCode As Integer Dim User As Integer Private Sub cmdExιt_Clιck ( )
If MΞComm2. PortOpen = True Then MSComm2. PortOpen = False
Enα If
If MSComml . PortOpen = True Then MSComml . PortOpen = False
End If
End
End SUD
Private Sub cmdTest_Clιck ()
Dim PCode As Integer
Randomize
PCoαe = Int((1000 * Rnd) + 1) lbUser(O) = "Sending code " 4 Str(PCode) 4 " ..."
SendMsg Str(PCode), txtPhone(O)
End Sub
Private Sub Form_Load()
If MSComml . PortOpen = False Then
MSComml. PortOpen = True End If If MSComm2. PortOpen = False Then
MSComm2. PortOpen = True End If lbStatus. Caption = " Waiting for request..."
1 initialize GM-12 If SendC dpATVl") = False Then
MsgBox "Error m ATV1" End If If SendCmd ("ATEO") = False Then
MsgBox "Error ATEO" End If If SendCmd ( "AT+CMEE=1") = False Then
MsgBox "Error in +CMEE" End If
If SendCmd ( "AT+CPMS=" "ME' ) = False Then
MsgBox "Error m +CPMΞ" End If
MEBuffer = "" End Sub
Private Sub MSComml_OnComm() Dim Char As String
Char = MSComml . Input
If Char = "" Then Exit Sub
MEBuffer = MEBuffer 4 Char
If InStr (MEBuffer, "OK" 4 vbCrLf) Then ' OK bOK = True bEOR = True Elself InStr (MEBuffer, "ERROR" 4 vbCrLf) Then ' OK bEOR = True Elself InStr (MEBuffer, "+CMΞ ERROR: ") Then ' ME Error bEOR = True End If End Ξub 15379 rrmServer - 2
Function SendCmd (Cmd As String) As Boolean
MEBuffer = "" bEOR = False
MSComml. Output = Cmd 4 Chr(13)
Do
DoEvents
Loop Until bEOR
SendCmd = bOK bOK = False End Function Function SenαCmdAfCmd As Ξtrmg) As Boolean
Dim Char As String
MEBuffer = ""
MSComml. Output = Cmd 4 Chr(13)
Do
DoEvents
Char = MSComml . Input
If Char <> "" Then
MEBuffer = MEBuffer S Char End If
If InSt (MEBuffer, "ERROR" 4 vbCrLf) Then SendCmdA = False Exit Function End If
If InSt (MEBuffer, "+CME ERROR: ") Then SendCmdA = False Exit Function End If Loop Until Right (MEBuffer, 4) = "OK" 4 VbCrLf SendCmdA = True End Function Sub FlashCOMBuffer O Dim SSSS
Do Until MSComml . InBuff -Count = 0 DoEvents
SSSS = MSComml . Input Loop End Sub
Public Function SendMsg (MsgStr As String, AddrStr As String) As Boolean Dim CCCS, SSSS Dim StrPDU As String Dim Temp A>- Integer Dim lϊ Dim FS As Long
On Error GoTo ErrLable
MSComml . RThreshold = 0
' default ΞCA strPDU = "00"
' type SUBMIT, Reject duplicates, Validity format-relative, no Status Report strPDU = strPDU 4 "11" 'B'xxl 0,0 0 01'
' Msg. reference strPDU = strPDU 4 "01"
' Destination Address Length
If AddrStr = "" Or IsNumeric (AddrStr) = False Then
SSSS = "Invalid phone number"
Err. Raise (1) End If
AddrStr = Tπ (AαdrStr) CCCS = He (Len (AddrStr) ) If Len (CCCS) = 1 Then CCCS = "0" 4 CCCS End If StrPDU = strPDU 4 CCCS
' Destination Address Type 1/15379 frmServer - 3 strPDU = strPDU 4 "91"
' Destination Address
If Len (AddrStr) Mod 2 Then
AddrStr = AddrStr 4 "F" End If
SSSS = "" x i = 2
Do
SSSS = SSSS 4 Mιd(AddrΞtr, ι%, 1) SSSS = SSSS 4 Mid (AddrStr, ι% - 1, 1)
1% = 1- -r 2
Loop Until I. > Len (AddrStr) strPDU = strPDU 4 SSΞS ' Protocol Identifier strPDU = strPDU 4 "00" ' Data Coding Scheme strPDU = strPDU 4 "00" Α7" ' Validity Period (12 hours) strPDU = strPDU 4 "A7"
' User Data Length
Temp = Len (MsgStr) strPDU = strPDU 4 (Hex (Temp \ 16)) strPDU = strPDU 4 (He (Temp And 15))
CCCS = TextConvert (MsgStr 4 Chr(0)) strPDU = strPDU 4 CCCS
Temp = Len(str?DU) - 2
Temp = Temp v 2
MEBuffer = ""
MSComml . Output = "AT-K_MGS=" & Str(Temp) S Chr$(13)
CCCS = Chr(13) 4 Chr(lO) & Chr(62) s hr(32)
Do
DoEvents
SSSS = MSComml. Input
If SSSS <> "" Then
MEBuffer = MEBuffer 4 SSSS End If Loop Until InStr (MEBuffer, CCCS)
MSComml. Output = strPDU 4 Chr(26)
MEBuffer = "" Do
DoEvents
SΞΞS = MSComml . Input
If SΞΞS <> "" Then
MEBuffer = MEBuffer 4 SSSS End If If InStr (MEBuffer, "CMS ERROR") Then
Err. Raise 1 End If Loop Until InStr (MEBuffer, "OK" 4 vbCrLf)
SendMsg = True Exit Function
ErrLable:
SendMsg = False End Function Private Sub MSComm2_OnCorπm()
Dim Char As String Dim Smpl As Integer Dim CCCS 15379 frmServer - 4
MSComm2. InputLen = 1 Char = MSComm2. Input
Figure imgf000025_0001
PCBuf er = ""
If Char = REQUEST Then
Randomize
PCode = Int((1000 * Rnd) + 1)
Do
DoEvents Loop Until MΞComm2.InBufferCount > 0 MSComm . InputLen = 0 DoEvents DoEvents PCBuffer = MΞComm . Input
MSComm2. RThreshold = 0 SendMsg Str (PCode), txtMomtor Select Case PCBuffer
Case txtUser(O)
User = 0 lbUser(O) = "Sending code " 4 Str (PCode) s " ..."
If SendMsg (St (PCode) , txtPhoie (0) .Text) = False Then
MsgBox "Unable Lo send me' sage."
Exit Sub End If
Case txtUser(l)
User = 1 lbUser(l) = "Sending code " 4 Str(PCode) &
SendMsg Str(PCode), txtPhone;!)
Case txtUser(2)
User = 2 lbUser(2) = "Sending code " £ Str(PCode) &
SendMsg Str(PCode), txtPhoπe(2)
End Select
MΞComm2. RThreshold = 1 lbStatus = "Request"
Delay bFlag = False Timerl . Enaoleα = True bFlag = False MSComm . InputLen = 1
Figure imgf000025_0002
End If If Char = ANSWER Then
If bFlag = False Then Timerl . Enabled = False SSSS = ""
Do Until Char = Chr(13) Char = MSComm . Input SSSS = SSSS 4 Char DoEvents Loop
txtData.Text 4 Chr(13)
Figure imgf000025_0003
MΞComm2. Output = Chr (NOACCEΞS_) lbStatus = "Invalid code" ' do something else End If End If lbStatus = "Waiting for request..." lbUser(User) = "Idle"
End If 15379 frmServer
End Sub
Private Sub Tιmerl_Tιme ( ) bFlag = True
MSComm2. Output = Chr (NOACCESS_) lbStatus = "No replay from user" lbUser(User) = "Idle"
Timerl . Enabled = False
' do something else End Sub SUD Dela O bFlag = False
Tιmer2.Enabled = True
Do Until bFlag = True
DoEvents
Loop End Sub Private Sub Tιmer2_Tιmer 0 bFlag = True End Sub
5379 frmServer
VERSION 5.00
Object = "(648A5603-2C6E-101B-82B6-000000000014)#1.1#0"; "MSC0MM32.OCX" Begin VB.Form frmServer
Caption = "PΞerver"
ClientHeight = 6075
ClientLeft = 60
ClientTop = 345
ClientWidth = 7290
LmkTopic = "Forml"
ScaleHeight = 6075
ScaleWidth = 7290
StartUpPosition = 3 'Windows Default
Begin VB. Timer ' Timer ->
Enabled = 0 'False
Interval = 9999
Left = 5880
Top = 3960
End
Begin VB . CommandButton cmdTest
Caption = "test"
Height = 495
Left = 6240
Tablndex = 17
Top = 3480
Width = 735
End
Begin VB . TextBox txtMonitor
Hei ht = 285
Left = 360
Tablndex = 16 iext = "97254756103"
Top = 2160
Width = 2655
End
Begin VB. Timer Timerl
Enabled = 0 ' False
Interval = 9999
Left = 5880
Top = 2640
End
Begin V . TextBox txtData
"Height = 735
Left = 360
Tablndex = 13
Text = "1234"
Top = 3120
Width = 5055
End
Begin VB. TextBox txtPhσne
Height = 285
Index = 2
Left = 2520
Tablndex = 7
Top = 5520
Width = 2535
End
Begin VB. TextBox txtPhone
Height = 285
Index = 1
Left = 2520
Tablndex = 6
Top = 5040
Width = 2535
End
Begin VB. TextBox txtPtlone
Height = 285
Index = 0
Left = 2520
Tablndex = 5
Text = "97254816755"
Top = 4560 79 frmServer - 2
Width = 2535
End
Begin VB. TextBox txtUser
Height = 285
Index = 2
Left = 360
Tablndex = 4
Top = 5520
Width = 1935
End
Begin VB. TextBox txtUser
Height = 285
Index = 1
Left = 360
Tablndex = 3
Top = 5040
Width = 1935
End
Begin VB. extBox txt ser
Height = 285
Index = 0
Left - 360
Tablndex = 2
Top = 4560
Width = 1935
End
Begin MSCommLib.MSComm MΞComm2
Left - 5&ao
Top - 1»20
_ExtentX = 1005
_ExtentY - ._υ05
Version = 327680
CommPort = 2
DTREnable = 0 ' False
InputLen = 1
RThreshold = 1
End
Begin VB. CommandButtoni cmdExit
Caption = "Exit"
Height = 375
Left = 5880
Tablndex = 1
Top = 360
Width = 1095
End
Begin MSCommLib.MSComm MΞComml
Left = 5880
Top = 1080
_ExtentX = 1005
_ExtentY = 1005
Version = 327680
DTREnable = 0 'False
InputLen = 1
RThreshold = 1
End
Begin VB. Label Labial4
Caption = "Monitor: "
BegmProperty Font
Name "MΞ Ξans Senf
Figure imgf000028_0001
Charset 177
Weignt 400
Underline 0 'False
Italic 0 'False
Ξtπkethrough 1 = 0 'False
EndProperty
Height = 375
Left = 360
TabIndex = 15
Top = 1680
Width = 2535 379 frmServer - 3
End
Begin VB. Label Label3
Caption = "Data:
BegmProperty Font
Name "MSi Sans Serif
Size 13. 5
Charset 177
Weight 400
Underline 0 'False
Italic 0 'False
Stπkethirougn 0 'False
EndProperty
Heignt = 375
Left = 360
Tablndex = 14
Top = 2640
Width = 2535
End
Begin VB. Label IbUser
Caption = "Idle"
Height = 255
Index = 2
Left = 5160
Tablndex = 12
Top = 5520
Width = 1935
Enα
Begin VB. Label IbUser caption = "Idle"
Height = 255
Index = 1
Left = 5160
Tablndex = 11
Top = 5040
Width = 1935
End
Begin VB. abel IbUser
Caption = "Idle"
Height = 255
Index = 0
Left = 5160
Tablndex = 10
Top = 4560
Width = 1935
End
Begin VB. Label Label2
Alignment = 2 'Center
Caption = "GSM Phone"
BegmProperty Font
Name "MS Sans Serif"
Figure imgf000029_0001
Charset 177
Weight 400
Underline 0 False
Italic 0 False
Ξtπkethrough = 0 False
EndProperty
Heignt = 375
Left = 2760
Tablndex = 9
Top = 4080
Width = 1935
End
Begin VB. abel Labell
Alignment = 2 'Center
Caption = "User"
BegmProperty Font
Name = "MS Sans Serif"
Figure imgf000029_0002
Charset = 177
Weight = 400 frmServer - 4
Underline 0 'False
Italic 0 'False
Strikethrough 0 ' False
EndProperty
Height = 375
Left = 360
Tablndex = 8
Top = 4080
Width — 1935
End
Begin VB.Lanel lbStatus
E
Figure imgf000030_0001
End
ΞMSModule - 1
Public MEBuffer As String Public bRandom As Boolean Public cPassword_l As String Public cPASΞWORD As String Public cFROMADDR As String
Public strDate As String Public strFromAddr As String Public strToAαcr As String Public strMsg As String
Dim BBuff (0 To 160) As Byte
Public Function TextUnConvert (NumO Char As Integer, Strmgln As String) As Ξtrmg Dim CharNmD As Integer, NOC As Integer, ChPoint As Integer Dim CNl As Byte, CN2 As Byte, MASK As Byte, MASK2 As Byte Dim Temp As Integer Dim SSSS, CCCS
StrmgOut = ""
If Strmgln = "" Then Exit Function
CharNmb = 1 ChPoint = 1 CN2 = 0 Do
CCCS = Mιd ( StrmgIn, ChPomt, 2 )
NOC = Val ( "4H" 4 CCCS )
Temp = NOC * (2 Λ (CharNmb - 1))
CNl = CBytefTemp And 255)
CNl = CNl And 127
CNl = CNl Or CN2
SSSS = Chr(CNl)
StrmgOut = StrmgOut s SSSS
MASK = 255 \ (2 Λ CharNmb)
MASK = Not MASK
CN2 = CByte(NOC) And MASK
CN2 = CN2 \ (2 Λ (8 - CharNmb))
CharNmD = CharNmb + 1
ChPoint = ChPoint -t 2
If CharNmb = θ Then SSSS = Chr(CN2) StrmgOut = StrmgOut 4 SSSS CharNmb = 1 CN2 = 0
End If
NumOfChar = NumOfChar - 1 Loop Until NumOfChar = 0
TextUnConvert = StrmgOut End Function
Sub RotateBBuff (ByVal CNl As Byte) Dim ι%
Dim Flag As Boolean Dim Temp As Byte
If CNl Mod 2 Then
Flag = True Else
Flag = False End If
For 1% = 0 To 159
Temp = BBuff (l*)
BBuff (ι*) = BBuff(ιβ) \ 2
If Flag = True Then
BBuffli.) = BBuff(i-) Or 128 379
SMSModule - 2
Else
BBuff (ι ) = BBuff (i%) And 127 End If If Temp Mod 2 Then
Flag = True Else
Flag = False End If Next
End Sub
Function BegmBBuff () As Integer Dim ι% For is = 0 To 159
If BBuff (iϊ) = -1 Then BegmBBuff = x % - 1
Figure imgf000032_0001
End If Next
End Function
Public Function TextConvert (Strmgln As String) As String
Dim i.
Dim CharNmb As Integer, NOC As Integer, ChPoint As Integer
Dim CNl As Byte, CN2 As Byte, BufLen As Integer
Dim Temp As Integer
Dim SSSS, CCCS
Dim StrmgOut As String
StrmgOut = ""
If Strmgln = "" Then Exit Function
ChPoint = 1 NOC = 0 BufLen = 0 Do
CCCS = Mid(StringIn, ChPoint, 1)
CNl = Asc(CCCS) And 127
If CNl = 0 Then Exit Do
For 1. = 1 To 7
RotateBBuff (CNl)
CNl = CNl \ 2
NOC = NOC + 1
If (NOC Mod 8) = 0 Then BufLen = BufLen + 1 Next
ChPoint = ChPoint + 1 Loop
ChPoint = (Len (Strmgln) - 1) Mod 8 For ι% = 1 To ChPoint
RotateBBuff (0)
NOC = NOC + 1
If (NOC Mod 8) = 0 Then BufLen = BufLen + 1 Next ι% = BufLen - 1 Do
CNl = BBuff (ι%) \ 16
CN2 = BBuff dS) And 15
CCCS = He (CNl) 4 Hex(CN2)
StrmgOut = StrmgOut 4 CCCS ι% = ι% - 1 Loop Until i s < 0 TextConvert = StrmgOut End Function

Claims

1. A dual network verification method comprising: accepting first identification information identifying an individual user via a first network; accepting second identification information identifying the individual user via a second network; and if said first identification information matches said second identification information, authorizing said user to perform a restricted activity.
2. A method according to claim 1 wherein said restricted activity comprises gaining access to a restricted computerized system.
3. A method according to claim 1 wherein the second network supports a caller identification function transmitting a name of a caller over the second network to a recipient of a call initiated by the caller, the method also comprising a set-up step including storing a name of the individual user, in association with first and second passwords, wherein said name is identical to the name employed by said caller identification function; wherein said first identification information accepting step comprises accepting, via the first network, said name and said first password; wherein said second identification information accepting step comprises: accepting, via the second network, said second password; and receiving, via the caller identification function of the second network, the name of the individual user; and wherein said if-authorizing step comprises determining, for each incoming call whose name matches a name entered over the first network, whether the first and second passwords received via the first network and the second network respectively correspond to one another.
4. A dual network verification system operative in conjunction with first and second networks, the system comprising: a first identifier operative to accept first identification information identifying an individual user via the first network; a second identifier operative to accept second identification information identifying the individual user via the second network; and a user authorization unit operative to authorize the user to perform a restricted activity if said first identification information matches said second identification information.
5. A system according to claim 4 and also comprising a first network including a computer network.
6. A system according to claim 4 and also comprising a second network including a telephone network.
7. A system according to claim 6 wherein said telephone network comprises a cellular telephone network.
8. A system according to claim 6 wherein said telephone network comprises a messaging telephone network.
9. A system according to claim 8 wherein said messaging telephone network comprises a two-way messaging telephone network.
10. A system according to claim 9 wherein said two-way messaging cellular telephone network comprises a GSM network.
1 1. A method according to claim 1 wherein said restricted activity comprises accessing a restricted network node via said first network.
12. A method according to claim 1 and also comprising the step of sending a warning to the user, if said first identification information does not match said second identification information.
PCT/IL2000/000450 1999-08-25 2000-07-27 Apparatus and method for receiving identification information via a first and a second communication network WO2001015379A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU61793/00A AU6179300A (en) 1999-08-25 2000-07-27 Apparatus and method for receiving identification information via a first and a second communication network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US38254699A 1999-08-25 1999-08-25
US09/382,546 1999-08-25

Publications (1)

Publication Number Publication Date
WO2001015379A1 true WO2001015379A1 (en) 2001-03-01

Family

ID=23509445

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2000/000450 WO2001015379A1 (en) 1999-08-25 2000-07-27 Apparatus and method for receiving identification information via a first and a second communication network

Country Status (2)

Country Link
AU (1) AU6179300A (en)
WO (1) WO2001015379A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2419067A (en) * 2004-10-06 2006-04-12 Sharp Kk Deciding whether to permit a transaction, based on the value of an identifier sent over a communications channel and returned over a secure connection
US8650103B2 (en) 2001-10-17 2014-02-11 Ebay, Inc. Verification of a person identifier received online
US9455954B2 (en) 2004-05-04 2016-09-27 Heidelberger Druckmaschinen Ag Remote diagnosis system and method and printing machine having the system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2733068A1 (en) * 1995-04-14 1996-10-18 G C Tech ELECTRONIC PAYMENT METHOD FOR PERFORMING TRANSACTIONS RELATED TO THE PURCHASE OF GOODS ON A COMPUTER NETWORK
WO1998002991A1 (en) * 1996-07-12 1998-01-22 Ulrich Seng Key distribution process between two units in an isdn/internet connection
US5729594A (en) * 1996-06-07 1998-03-17 Klingman; Edwin E. On-line secured financial transaction system through electronic media
WO1999037103A1 (en) * 1998-01-14 1999-07-22 Nokia Networks Oy An access control method for a mobile communications system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2733068A1 (en) * 1995-04-14 1996-10-18 G C Tech ELECTRONIC PAYMENT METHOD FOR PERFORMING TRANSACTIONS RELATED TO THE PURCHASE OF GOODS ON A COMPUTER NETWORK
US5729594A (en) * 1996-06-07 1998-03-17 Klingman; Edwin E. On-line secured financial transaction system through electronic media
WO1998002991A1 (en) * 1996-07-12 1998-01-22 Ulrich Seng Key distribution process between two units in an isdn/internet connection
WO1999037103A1 (en) * 1998-01-14 1999-07-22 Nokia Networks Oy An access control method for a mobile communications system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8650103B2 (en) 2001-10-17 2014-02-11 Ebay, Inc. Verification of a person identifier received online
US9455954B2 (en) 2004-05-04 2016-09-27 Heidelberger Druckmaschinen Ag Remote diagnosis system and method and printing machine having the system
GB2419067A (en) * 2004-10-06 2006-04-12 Sharp Kk Deciding whether to permit a transaction, based on the value of an identifier sent over a communications channel and returned over a secure connection

Also Published As

Publication number Publication date
AU6179300A (en) 2001-03-19

Similar Documents

Publication Publication Date Title
US6145084A (en) Adaptive communication system enabling dissimilar devices to exchange information over a network
US6334056B1 (en) Secure gateway processing for handheld device markup language (HDML)
EP3008935B1 (en) Mobile device authentication in heterogeneous communication networks scenario
EP1058872B2 (en) Method, arrangement and apparatus for authentication through a communications network
US6078908A (en) Method for authorizing in data transmission systems
CA2200508C (en) Security for controlled access systems
US6515575B1 (en) Method of authenticating user and system for authenticating user
TW532024B (en) System for distributed network authentication and access control
US20040152446A1 (en) Method for providing network access to a mobile terminal and corresponding network
US20030050918A1 (en) Provision of secure access for telecommunications system
KR20000016949A (en) Method and apparatus for providing access control to local services of mobile devices
WO2001080525A1 (en) Network access security
JP2006318489A (en) Method and device for confirming authentication of id of service user
US20050081066A1 (en) Providing credentials
US5978478A (en) Terminal adapter
FI109254B (en) Method, system and device for verification
FI116654B (en) A method for user authentication
EP0645688A1 (en) Method for the identification of users of telematics servers
KR100353207B1 (en) Instant messenger system and instant message transfer method using phone number as instant messenger address
WO2001015379A1 (en) Apparatus and method for receiving identification information via a first and a second communication network
US20130337773A1 (en) Method and device for transmitting a verification request to an identification module
JPH1127750A (en) Access authentication method, connection controller and communication system
EP2204030B1 (en) Transmission of messages
FI115284B (en) Method and arrangement for terminal authentication
EP1146712A1 (en) Authentication in telecommunication system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP