RU53085U1 - ACCESS SYSTEM FOR USERS ACCESS TO PRIVATE DATA THROUGH A COMPUTER NETWORK - Google Patents

Abstract

The utility model relates to the field of telecommunications and is intended to provide users with access to closed data through a computer network with the possibility of enhanced user identification. The technical results to which this utility model is aimed is to simplify the hardware, reduce the required memory capacity of users' computers and servers, while improving reliability and Security Unambiguous user identification can be provided simply by his mobile number the phone that the carrier transmits when registering the user on the server. The opening of a closed resource is carried out without interim verification. If necessary, the user's personal data can be disclosed by the mobile operator. At the same time, the user remains anonymous when visiting the server.

Description

The utility model relates to the field of telecommunications and is intended to provide users with access to closed data through a computer network with the possibility of advanced user identification on servers located in various segments of computer networks built on TCP / IP family protocols, including as individuals or legal entities . Basic authentication in networks built on the TCP / IP protocol family is limited by the IP address and port number of the user's computer. If a user logs on to the same server from different computers, or using intermediary servers, it is impossible to uniquely identify the user of the client computer that accesses the server computer. It is also very difficult to collect information about the personal data of server users, and at the same time observe the anonymity of users of various server resources operating in computer networks. However, identification is necessary in order to have accurate statistics of server users, to restrict access to server resources by age and other criteria, to restrict access to closed data to a certain circle of users, in order to obtain payment for the use of paid resources, in litigation in Conflict situations where proof of a visit or not a server visit by a specific person is required. Such identification can be provided, for example, using a mobile phone

A number of access control systems are known in which user identification is carried out using mobile communications. For example, when authentication requires initial registration on the server and then to the registered number during authorization on the server, a question is sent which requires an unambiguous answer, which greatly complicates the equipment and requires increased memory resources for storing various information related to authentication, which leads to a limitation in the number served users. In other identification systems, a call is made to a communication operator with confirmation of information transmitted by the user. Such systems have insufficient protection in the event of a time gap between the receipt of the transmitted information by the user and its confirmation, since unauthorized access to this information is possible, for example, in the event of a hack.

The closest analogue of the claimed utility model is a system for providing users with access to closed data through a computer network (during operations when paying for goods and services), which includes a first server containing means for receiving a user's request and transmitting it to a second server - an authentication server, including itself means for receiving a user request, means for generating and transmitting an authentication code to a user, a storage device storing user identifiers means for receiving messages associated with a service center of a mobile operator, means for comparing a code received from a user with a message sent through a service center of a mobile operator with an authentication code transmitted to said user (French patent FR 2815203). The advantage of this system is that it provides the ability to authenticate using mobile

communication of various types, the means of identification is the SIM card of a mobile phone. However, this system also requires initial registration on the user's personal computer, that is, installation of a special certificate on this computer from the server. Additional authentication via mobile communication is required if an access request is made from an anonymous computer. Moreover, the use of a SIM card as an identifier requires an appropriate amount of memory to store information about a particular mobile communication system and other information relating to the specified card itself, which is redundant for user identification. In addition, access to classified information is carried out through intermediate equipment, which also contains authentication means, which overloads the system and reduces its reliability.

The technical results that this utility model aims to achieve are to simplify the hardware, reduce the required memory size of user computers and servers, provided that the reliability and security of the servers in global and local area networks are increased, since a unique user identification can be provided simply by his mobile phone number , which is transmitted by the telecom operator when registering the user on the server. The opening of a closed resource is carried out without interim verification. If necessary, the user's personal data can be disclosed by the mobile operator. At the same time, the user remains anonymous when visiting the server.

The technical result is achieved in that in a system for providing access to users to closed data through a computer network, including a first server, comprising means for receiving a user request and transmitting it to a second server - an authentication server,

including means for receiving a user request, means for generating and transmitting an authentication code to a user, a storage device storing user identifiers, message receiving means associated with a service center of a mobile operator, means for comparing a code received from a user with a message sent through an operator service center mobile communication, with the authentication code transmitted to the said user, the specified comparison tool is associated with installed on the server authentication by means of redirecting a user’s request to a resource server containing private data installed by the first server, and only their mobile phone numbers are used as identifiers of users who have access to closed data.

The first server may comprise a storage device storing user identifiers for which access to closed data is prohibited.

The first and second servers can be made both as a single and in the form of two different hardware and software.

The drawing shows a structural diagram of a system for providing users with access to closed data through a computer network.

The system includes a first server 1 comprising means 2 for receiving a request from a user computer 3 and transmitting it to the authentication server 4. The latter includes means 5 for receiving a user request, means 6 for generating and transmitting an authentication code to a user, a storage device 7 storing user identifiers, which are used as the numbers of their mobile phones, message receiving means 8, associated with a service center 9 of a mobile operator, means 10 for comparing the code received from the user with a message sent through the service center 9 of the mobile operator with authentication

code passed to said user. The comparator 10 is associated with the means 11 for redirecting the user's request to the first server 1, which includes the means 12 for opening a closed resource for the user's computer at the specified request.

The first server 1 contains a storage device 13 that stores user identifiers for which access to private data is prohibited.

Some definitions.

A server is an electronic computing device incorporating software that allows it to receive and send commands from remote electronic computing devices connected to it via global (for example, the Internet) or local area networks. The server can be stored in various forms, including coded, user identifiers (user numbers served by the mobile operator, and other identifying user information, if necessary). Based on this information, restrictions may be imposed on access to the server from which the request for user authentication came, or, on the contrary, permission to access the server.

User - a person directly managing a remote client computer, having means a mobile communication device registered with a mobile operator.

Mobile communication device - any device (for example, a mobile phone) capable of receiving and sending signals from mobile communication networks such as NMT, GSM, CDMA, WCDMA, the IMT-2000 protocol family and the like.

The system operates as follows.

When accessing the closed resources of the server by the user through a computer 3 having a connection to the server 1, the server redirects the user request to the authentication server 4.

Authentication server 4 offers the user a code (any combination of characters that can be typed using a device connected to a mobile operator, or any file that the user can send using a device connected to a mobile operator, or an empty value) and the number registered with the user's mobile operator to which the user must send the code.

The user sends to the number indicated by the authentication server 4, a code using various technologies available from the mobile operator with which his communication device is registered (for example, a mobile phone), or, one of the options, simply makes a call to the number indicated by the authentication server 4 .

The authentication server 4 has a connection to the service center 9 of the mobile operator, with which the authentication server 4 can receive various information from subscribers of the mobile operator. In addition, the mobile operator transmits, in addition to the message with the code (or an empty message), the telephone of the subscriber who sent the message. The authentication server 4, having received a message from the user, enters the mobile phone number transmitted by the mobile operator as the user identifier, and redirects the user to the closed resource 12 of the server 1, which was accessed by the user's computer 3. If the mobile phone number from which the message arrived does not have access rights to the private resources of server 1, then the authentication server 4 does not redirect the user to server 1.

Server 1 receives the request from the authentication server 4 as trusted and opens the resource 12 for the user's computer 13.

Claims (4)

1. A system for providing users with access to closed data through a computer network, which includes a first server containing means for receiving a user request and transmitting it to the second server, an authentication server, including means for receiving a user request, means for generating and transmitting an authentication code to the user, storing a device storing user identifiers, a means of receiving messages associated with a service center of a mobile operator, a means of comparing the code, receive data from the user in a message sent through the service center of the mobile operator, with an authentication code transmitted to the said user, characterized in that the said means of comparison is connected with the means for redirecting the user’s request to the resource opener installed on the first server containing closed data, while only the numbers of their mobile phones are used as identifiers of users who have the right to access closed data phone on the market. 2. The system according to claim 1, characterized in that the first server comprises a storage device storing user identifiers for which access to closed data is prohibited. 3. The system according to claim 1, characterized in that the first server and the authentication server are a single hardware-software tool. 4. The system according to claim 1, characterized in that the first server and the authentication server represent two different hardware and software.