System, Method and Apparatus for Authenticating Calls
First Claim
1. A method for authenticating a calling device comprising the steps of:
- receiving a call from the calling device;
sending a first authentication request to the calling device;
receiving a first authentication response from the calling device, wherein the first authentication response comprises a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key;
extracting the caller identification and the called number from the encrypted data using the shared secret encryption key;
determining whether the extracted caller identification and the extracted called number are valid; and
transferring the call to a called device whenever the extracted caller identification and the extracted called number are valid.
22 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a system, method and apparatus for authenticating calls that is a robust Anti-vishing solution. The present invention can identify Caller ID spoofing, verify dialed number to detect man-in-the middle and verify called party against dialed digits to detect impersonation. This solution can handle calls coming from any phone any where with little impact on user experience. Two separate solutions are tailored for smart phones (communication devices capable of running application software) and traditional phones to reduce the impact to user experience while providing robust verification.
86 Citations
20 Claims
-
1. A method for authenticating a calling device comprising the steps of:
-
receiving a call from the calling device; sending a first authentication request to the calling device; receiving a first authentication response from the calling device, wherein the first authentication response comprises a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key; extracting the caller identification and the called number from the encrypted data using the shared secret encryption key; determining whether the extracted caller identification and the extracted called number are valid; and transferring the call to a called device whenever the extracted caller identification and the extracted called number are valid. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus for authenticating a calling device comprising:
-
a communications interface; and a processor communicably coupled to the communications interface, wherein the processor (a) receives a call from the calling device, (b) sends a first authentication request to the calling device, (c) receives a first authentication response from the calling device, wherein the first authentication response comprises a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key, (d) extracts the caller identification and the called number from the encrypted data using the shared secret encryption key, (e) determines whether the extracted caller identification and the extracted called number are valid, and (f) transfers the call to a called device whenever the extracted caller identification and the extracted called number are valid.
-
-
7. A system for authenticating a calling device comprising:
-
a communications network communicably coupled to the calling device; a controller communicably coupled to the communications network wherein the controller comprises a communications interface communicably coupled to the communications network and a processor communicably coupled to the communications interface, and wherein the processor (a) receives a call from the calling device, (b) sends a first authentication request to the calling device, (c) receives a first authentication response from the calling device, wherein the first authentication response comprises a calling device encrypted data generated by the calling device using a caller identification, a called number and a shared secret encryption key, (d) extracts the caller identification and the called number from the encrypted data using the shared secret encryption key, (e) determines whether the extracted caller identification and the extracted called number are valid, and (f) transfers the call to a called device whenever the extracted caller identification and the extracted called number are valid; and wherein the calling device (a) initiates the call, (b) receives the first authentication request, (c) generates the calling device encrypted data, and (d) sends the first authentication response. - View Dependent Claims (8)
-
-
9. A method for authenticating a user of a calling device comprising the steps of:
-
receiving a call from the calling device; terminating the call; placing a new call to the calling device; prompting the user to speak one or more words and depress one or more keys on the calling device; receiving the spoken words and one or more signals associated with the depressed keys; comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the user, the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys; and transferring the new call to a called device whenever the user is authenticated as a result of the comparison. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus for authenticating a user of a calling device comprising:
-
a communications interface; and a processor communicably coupled to the communications interface, wherein the processor (a) receives a call from the calling device via the communications interface, (b) terminates the call, (c) places a new call to the calling device via the communications interface, (d) prompts the user to speak one or more words and depress one or more keys on the calling device, (e) receives the spoken words and one or more signals associated with the depressed keys via the communication interface, (f) authenticates the user by comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the user, the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys, and (g) transfers the new call to a called device whenever the user is authenticated.
-
-
20. A system for authenticating a user of a calling device comprising:
-
a communications network communicably coupled to the calling device; a controller communicably coupled to the communications network wherein the controller comprises a communications interface communicably coupled to the communications network and a processor communicably coupled to the communications interface; and wherein the processor (a) receives a call from the calling device via the communications interface, (b) terminates the call, (c) places a new call to the calling device via the communications interface, (d) prompts the user to speak one or more words and depress one or more keys on the calling device, (e) receives the spoken words and one or more signals associated with the depressed keys via the communication interface, (f) authenticates the user by comparing one or more biometric parameters of the received spoken words with a stored voice biometric template for the user, the received spoken words with the prompted words and the received signals with the signals associated with the prompted keys, and (g) transfers the new call to a called device whenever the user is authenticated.
-
Specification