Techniques for call authentication

US 10,506,426 B1
Filed: 07/19/2019
Issued: 12/10/2019
Est. Priority Date: 07/19/2019
Status: Active Grant

First Claim

Patent Images

1. A method for performing peer to peer authentication of calls including the steps of:

receiving, by an authentication server, an incoming call data stream from a first mobile phone device, the incoming call data stream comprising an incoming call number of a another phone device and an encrypted payload comprising a cryptogram retrieved from a contactless card associated with the first mobile phone device, the cryptogram comprising a Message Authentication Code (MAC) cryptogram formed from a message and a dynamic key generated using a counter of the contactless card;

authenticating, by the authentication server, the incoming call data stream using stored information related to the first mobile phone device, the stored information including an expected counter for the first mobile device,wherein the authentication server maintains and modifies a copy of the dynamic key using the expected counter, the expected counter updated concurrently with the counter of the contactless cardand provides a validation of the first mobile phone device from the authentication server by comparing the cryptogram to a result generated by applying the copy of the dynamic key associated with the first mobile phone device; and

selectively establishing a call connection between the first mobile phone device and the another phone device in response to validation of the first mobile phone device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments described herein are directed towards authenticating calls by using one or more keys associated with a specific user. In examples, the user is the sender of a call. In various embodiments, when a call is made, an identifying payload is encrypted using a private key associated with the user. The encrypted identifying payload is appended to the call data stream. The identifying payload may be decrypted with a public key. In embodiments, the identifying payload may be verified. In various embodiments, further authentication methods may be performed by using an object such as a contactless card to provide one or more components of the identifying payload and/or keys. In embodiments, a connection may be made between the sender and the intended recipient of a call based on the verification of the identifying payload.

547 Citations

15 Claims

1. A method for performing peer to peer authentication of calls including the steps of:
- receiving, by an authentication server, an incoming call data stream from a first mobile phone device, the incoming call data stream comprising an incoming call number of a another phone device and an encrypted payload comprising a cryptogram retrieved from a contactless card associated with the first mobile phone device, the cryptogram comprising a Message Authentication Code (MAC) cryptogram formed from a message and a dynamic key generated using a counter of the contactless card;
  
  authenticating, by the authentication server, the incoming call data stream using stored information related to the first mobile phone device, the stored information including an expected counter for the first mobile device,wherein the authentication server maintains and modifies a copy of the dynamic key using the expected counter, the expected counter updated concurrently with the counter of the contactless cardand provides a validation of the first mobile phone device from the authentication server by comparing the cryptogram to a result generated by applying the copy of the dynamic key associated with the first mobile phone device; and
  
  selectively establishing a call connection between the first mobile phone device and the another phone device in response to validation of the first mobile phone device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the step of authenticating further includes the steps of:
    - retrieving a public key of the incoming call number from a data storage device;
      
      decrypting the encrypted payload using the public key of the incoming call number to produce a decrypted payload comprising an identifier; and
      
      comparing the identifier of the decrypted payload to an expected identifier associated with the incoming call number to determine the match.
  - 3. The method of claim 2 wherein message includes a shared secret and the stored information includes a copy of the shared secret.
  - 4. The method of claim 3, wherein the encrypted payload is encrypted using a private key associated with the first mobile phone device and the method includes the step of decrypting the encrypted payload to extract the cryptogram using a public key associated with the first mobile device.
  - 5. The method of claim 4, wherein the private key comprises the dynamic key 3.
  - 6. The method of claim 1 further including the step of prepending a voice message to the incoming call data stream, the voice message including information uniquely associated with an owner of the first mobile phone device.
  - 7. The method of claim 1 further including the step of prepending biometric information associated with the first mobile phone device to the incoming call data stream, the biometric information including information uniquely associated with an owner of the first mobile phone device.
  - 8. The method of claim 1 wherein the message includes the counter, a shared secret, a header or a combination thereof.

9. A system for authenticating calls between devices comprises:
- an interface configured to receive an incoming call data stream from a first mobile phone device, the incoming call data stream comprising an incoming call number associated with another phone device and an encrypted payload comprising a cryptogram retrieved from a contactless card associated with the first mobile phone device, wherein the cryptogram is a Message Authentication Code (MAC) cryptogram formed from a message and a dynamic key generated using a counter retrieved from the contactless card;
  
  a processor coupled to the interface;
  
  a non-volatile memory having program code stored thereon, the program code operable when executed upon by the processor to validate the incoming call data stream by comparing the cryptogram to a result generated by applying a copy of the dynamic key, maintained concurrently with the dynamic key using an expected counter of the contactless card, to stored information related to the first mobile phone device; and
  
  a communication interface coupled to the processor and configured to selectively establish a call connection between the first mobile phone device and the another phone device in response to validation of the incoming call data stream.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9 wherein the encrypted payload is encrypted using a private key associated with the first mobile phone device and the non-volatile memory is further configured to store a public key associated with the incoming call number, and wherein the program code is further operable to:
    - decrypt the encrypted payload using the public key of the incoming call number to produce a decrypted payload comprising an identifier; and
      
      compare the identifier of the decrypted payload to an expected identifier associated with the incoming call number to determine the match.
  - 11. The system of claim 10, wherein the system comprises an Interactive Voice Response system disposed between the first mobile phone device and the another phone device to limit access to the another phone device to validated callers.
  - 12. The system of claim 11, wherein the Interactive Voice Response system comprises the interface, the non-volatile memory, the program code and the communication interface.
  - 13. The system of claim 10 further including the step of prepending a voice message to the incoming call data stream, the voice message including information uniquely associated with an owner of the first mobile phone device.
  - 14. The system of claim 10 wherein the private key comprises a dynamic key of the first mobile phone device.
  - 15. The system of claim 13 wherein the communication interface is further configured to selectively establish a call connection between the first mobile phone device and the another phone device in response a second match between the voice message and an expected voice message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Rule, Jeffrey, Bhatt, Gaurang, Guo, Rocky, Cuan, Lukiih
Primary Examiner(s)
Sivji, Nizar N

Application Number

US16/517,074
Time in Patent Office

144 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04M 1/72412   using two-way short-range w...

H04M 15/06   Recording class or number o...

H04M 15/48   Secure or trusted billing, ...

H04M 2203/6045   Identity confirmation

H04M 2203/6063   Authentication using cards

H04M 2250/04   including near field commun...

H04M 2250/14   including a card reading de...

H04M 3/42042   Notifying the called party ...

H04M 3/493   Interactive information ser...

H04Q 2213/13095   PIN / Access code, authenti...

H04Q 2213/13339   Ciphering, encryption, secu...

H04Q 3/0029   Provisions for intelligent ...

H04Q 3/72   Finding out and indicating ...

H04W 12/03   Protecting confidentiality,...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

H04W 12/108 : Source integrity

H04W 12/12 : Detection or prevention of ...

H04W 12/50 : Secure pairing of devices

View All

Techniques for call authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

547 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for call authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

547 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links