Techniques for call authentication
First Claim
1. A method for performing peer to peer authentication of calls including the steps of:
- receiving, by an authentication server, an incoming call data stream from a first mobile phone device, the incoming call data stream comprising an incoming call number of a another phone device and an encrypted payload comprising a cryptogram retrieved from a contactless card associated with the first mobile phone device, the cryptogram comprising a Message Authentication Code (MAC) cryptogram formed from a message and a dynamic key generated using a counter of the contactless card;
authenticating, by the authentication server, the incoming call data stream using stored information related to the first mobile phone device, the stored information including an expected counter for the first mobile device,wherein the authentication server maintains and modifies a copy of the dynamic key using the expected counter, the expected counter updated concurrently with the counter of the contactless cardand provides a validation of the first mobile phone device from the authentication server by comparing the cryptogram to a result generated by applying the copy of the dynamic key associated with the first mobile phone device; and
selectively establishing a call connection between the first mobile phone device and the another phone device in response to validation of the first mobile phone device.
1 Assignment
0 Petitions
Accused Products
Abstract
Various embodiments described herein are directed towards authenticating calls by using one or more keys associated with a specific user. In examples, the user is the sender of a call. In various embodiments, when a call is made, an identifying payload is encrypted using a private key associated with the user. The encrypted identifying payload is appended to the call data stream. The identifying payload may be decrypted with a public key. In embodiments, the identifying payload may be verified. In various embodiments, further authentication methods may be performed by using an object such as a contactless card to provide one or more components of the identifying payload and/or keys. In embodiments, a connection may be made between the sender and the intended recipient of a call based on the verification of the identifying payload.
547 Citations
15 Claims
-
1. A method for performing peer to peer authentication of calls including the steps of:
-
receiving, by an authentication server, an incoming call data stream from a first mobile phone device, the incoming call data stream comprising an incoming call number of a another phone device and an encrypted payload comprising a cryptogram retrieved from a contactless card associated with the first mobile phone device, the cryptogram comprising a Message Authentication Code (MAC) cryptogram formed from a message and a dynamic key generated using a counter of the contactless card; authenticating, by the authentication server, the incoming call data stream using stored information related to the first mobile phone device, the stored information including an expected counter for the first mobile device, wherein the authentication server maintains and modifies a copy of the dynamic key using the expected counter, the expected counter updated concurrently with the counter of the contactless card and provides a validation of the first mobile phone device from the authentication server by comparing the cryptogram to a result generated by applying the copy of the dynamic key associated with the first mobile phone device; and selectively establishing a call connection between the first mobile phone device and the another phone device in response to validation of the first mobile phone device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for authenticating calls between devices comprises:
-
an interface configured to receive an incoming call data stream from a first mobile phone device, the incoming call data stream comprising an incoming call number associated with another phone device and an encrypted payload comprising a cryptogram retrieved from a contactless card associated with the first mobile phone device, wherein the cryptogram is a Message Authentication Code (MAC) cryptogram formed from a message and a dynamic key generated using a counter retrieved from the contactless card; a processor coupled to the interface; a non-volatile memory having program code stored thereon, the program code operable when executed upon by the processor to validate the incoming call data stream by comparing the cryptogram to a result generated by applying a copy of the dynamic key, maintained concurrently with the dynamic key using an expected counter of the contactless card, to stored information related to the first mobile phone device; and a communication interface coupled to the processor and configured to selectively establish a call connection between the first mobile phone device and the another phone device in response to validation of the incoming call data stream. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
Specification