System, Method and Apparatus for Authenticating Calls

US 20090217039A1
Filed: 02/05/2009
Published: 08/27/2009
Est. Priority Date: 02/05/2008
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a calling device comprising the steps of:

receiving a call from the calling device;

sending a first authentication request to the calling device;

receiving a first authentication response from the calling device, wherein the first authentication response comprises a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key;

extracting the caller identification and the called number from the encrypted data using the shared secret encryption key;

determining whether the extracted caller identification and the extracted called number are valid; and

transferring the call to a called device whenever the extracted caller identification and the extracted called number are valid.

View all claims

22 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a system, method and apparatus for authenticating calls that is a robust Anti-vishing solution. The present invention can identify Caller ID spoofing, verify dialed number to detect man-in-the middle and verify called party against dialed digits to detect impersonation. This solution can handle calls coming from any phone any where with little impact on user experience. Two separate solutions are tailored for smart phones (communication devices capable of running application software) and traditional phones to reduce the impact to user experience while providing robust verification.

86 Citations

View as Search Results

20 Claims

1. A method for authenticating a calling device comprising the steps of:
- receiving a call from the calling device;
  
  sending a first authentication request to the calling device;
  
  receiving a first authentication response from the calling device, wherein the first authentication response comprises a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key;
  
  extracting the caller identification and the called number from the encrypted data using the shared secret encryption key;
  
  determining whether the extracted caller identification and the extracted called number are valid; and
  
  transferring the call to a called device whenever the extracted caller identification and the extracted called number are valid.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as recited in claim 1, wherein:
    - the first authentication request includes a controller generated encryption key;
      
      the first authentication response includes a calling device generated encryption key and the calling device encrypted data; and
      
      wherein the calling device encrypted data is generated using the caller identification, the calling number, the called number, the called device generated encryption key, the caller device generated encryption key and the shared secret encryption key.
  - 3. The method as recited in claim 1, wherein the step of transferring the call to the called device whenever the extracted caller identification and the extracted called number are valid comprises the steps of:
    - sending a second authentication request to the calling device, wherein the second authentication request comprises a controller device encrypted data generated by a controller using the calling number, the called number, the called device generated encryption key, the caller device generated encryption key and the shared secret encryption key;
      
      receiving a second authentication response from the calling device;
      
      transferring the call to the called device whenever the second authentication response indicates success; and
      
      terminating the call whenever the second authentication response indicates failure.
  - 4. The method as recited in claim 1, further comprising the steps of:
    - registering the calling device; and
      
      creating the shared secret encryption key.
  - 5. The method as recited in claim 1, wherein the messages are exchanged using in-band communication channels, out-of-band communication channels, or a combination thereof.

6. An apparatus for authenticating a calling device comprising:
- a communications interface; and
  
  a processor communicably coupled to the communications interface, wherein the processor (a) receives a call from the calling device, (b) sends a first authentication request to the calling device, (c) receives a first authentication response from the calling device, wherein the first authentication response comprises a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key, (d) extracts the caller identification and the called number from the encrypted data using the shared secret encryption key, (e) determines whether the extracted caller identification and the extracted called number are valid, and (f) transfers the call to a called device whenever the extracted caller identification and the extracted called number are valid.

7. A system for authenticating a calling device comprising:
- a communications network communicably coupled to the calling device;
  
  a controller communicably coupled to the communications network wherein the controller comprises a communications interface communicably coupled to the communications network and a processor communicably coupled to the communications interface, and wherein the processor (a) receives a call from the calling device, (b) sends a first authentication request to the calling device, (c) receives a first authentication response from the calling device, wherein the first authentication response comprises a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key, (d) extracts the caller identification and the called number from the encrypted data using the shared secret encryption key, (e) determines whether the extracted caller identification and the extracted called number are valid, and (f) transfers the call to a called device whenever the extracted caller identification and the extracted called number are valid; and
  
  wherein the calling device (a) initiates the call, (b) receives the first authentication request, (c) generates the calling device encrypted data, and (d) sends the first authentication response.
- View Dependent Claims (8)
- - 8. The system as recited in claim 7, wherein the calling device further comprises an anti-vishing agent.

9. A method for authenticating a user of a calling device comprising the steps of:
- receiving a call from the calling device;
  
  terminating the call;
  
  placing a new call to the calling device;
  
  prompting the user to speak one or more words and depress one or more keys on the calling device;
  
  receiving the spoken words and one or more signals associated with the depressed keys;
  
  comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the user, the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys; and
  
  transferring the new call to a called device whenever the user is authenticated as a result of the comparison.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. The method as recited in claim 9, further comprising the step of providing a notification to the calling device prior to terminating the call.
  - 11. The method as recited in claim 9, further comprising the step of playing a stored message to the user to authenticate the called device, wherein the stored message was previously recorded by the user during a registration process.
  - 12. The method as recited in claim 11, wherein the registration process comprises the steps of:
    - prompting the user to speak a message;
      
      recording and storing the message; and
      
      creating and storing the voice biometric template based on the user'"'"'s voice.
  - 13. The method as recited in claim 11, wherein the registration process comprises the step of periodically changing the stored message by prompting the user to speak a new message, recording the new message, and replacing the stored message with the new message.
  - 14. The method as recited in claim 11, wherein the stored message is not played to the user until the user is authenticated.
  - 15. The method as recited in claim 9, further comprising the steps of:
    - terminating the new call whenever the user is not authenticated;
      
      orproviding one or more notifications to the called device whenever the user is not authenticated.
  - 16. The method as recited in claim 9, wherein the authentication method prevents caller ID spoofing, man-in-the-middle attacks, record and replay attacks, called device impersonation, or a combination thereof.
  - 17. The method as recited in claim 9, wherein:
    - the one or more words and the one or more keys are randomly generated;
      
      the one or more keys are selected from one or more digits of a telephone number of the called device;
      
      orthe one or more keys are selected from the 0-9, * and # keys.
  - 18. The method as recited in claim 9, wherein:
    - the authentication method is an automated process executed by a controller operated by the called device, a network provider, a service provider, a facility provider or a call center;
      
      the controller comprises a computer, a server, a switch, a PBX, or a gateway; and
      
      the calling device comprises a phone, a computer, a PDA or other communications device.

19. An apparatus for authenticating a user of a calling device comprising:
- a communications interface; and
  
  a processor communicably coupled to the communications interface, wherein the processor (a) receives a call from the calling device via the communications interface, (b) terminates the call, (c) places a new call to the calling device via the communications interface, (d) prompts the user to speak one or more words and depress one or more keys on the calling device, (e) receives the spoken words and one or more signals associated with the depressed keys via the communication interface, (f) authenticates the user by comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the user, the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys, and (g) transfers the new call to a called device whenever the user is authenticated.

20. A system for authenticating a user of a calling device comprising:
- a communications network communicably coupled to the calling device;
  
  a controller communicably coupled to the communications network wherein the controller comprises a communications interface communicably coupled to the communications network and a processor communicably coupled to the communications interface; and
  
  wherein the processor (a) receives a call from the calling device via the communications interface, (b) terminates the call, (c) places a new call to the calling device via the communications interface, (d) prompts the user to speak one or more words and depress one or more keys on the calling device, (e) receives the spoken words and one or more signals associated with the depressed keys via the communication interface, (f) authenticates the user by comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the user, the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys, and (g) transfers the new call to a called device whenever the user is authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arlington Technologies, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
Sipera Systems Inc (Avaya Incorporated)
Inventors
Sadhasivam, Karthikeyan, Mohan, Rajesh, Kurapati, Srikrishna, Tyagi, Satyam

Granted Patent

US 9,197,746 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 63/126   the source of the received ...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

H04L 9/3215   using a plurality of channe...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3273   for mutual authentication n...

H04M 2203/6054   Biometric subscriber identi...

H04M 3/436   Arrangements for screening ...

System, Method and Apparatus for Authenticating Calls

First Claim

22 Assignments

0 Petitions

Accused Products

Abstract

86 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System, Method and Apparatus for Authenticating Calls

First Claim

22 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others