IDENTITY AND CONTENT AUTHENTICATION FOR PHONE CALLS

US 20180294959A1
Filed: 03/30/2018
Published: 10/11/2018
Est. Priority Date: 04/05/2017
Status: Active Grant

First Claim

Patent Images

1. A method for call authentication comprising:

an enrollment protocol that ensures users control the number they claim to own;

a handshake protocol that mutually authenticates the calling parties; and

a call integrity protocol that ensures the security of the voice channel and the content it carries.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for call authentication are provided. A method can include an enrollment protocol that ensures users control the number they claim to own, a handshake protocol that mutually authenticates the calling parties, and a call integrity protocol that ensures the security of the voice channel and the content it carries. A server can act as either an endpoint or intermediary between user clients and client-server architecture can be employed. All protocols can include end-to-end cryptography and the enrollment protocol can issue a certificate that binds the identity of the client to a phone number.

157 Citations

20 Claims

1. A method for call authentication comprising:
- an enrollment protocol that ensures users control the number they claim to own;
  
  a handshake protocol that mutually authenticates the calling parties; and
  
  a call integrity protocol that ensures the security of the voice channel and the content it carries.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein a server acts as either an endpoint or intermediary between user clients.
  - 3. The method according to claim 1, wherein all of the protocols implement end-to-end cryptography.
  - 4. The method according to claim 1, wherein the enrollment protocol issues a certificate that binds the identity of the client to a phone number.
  - 5. The method according to claim 4, wherein the enrollment protocol includes:
    - establishing a client C and an enrollment server S;
      
      (message
      
           1) C sending an enrollment request with S'"'"'s identity, C'"'"'s identity information, C'"'"'s phone number, and C'"'"'s public key;
      
      (message
      
           2) S sending a nonce (NNet), the identities of C and S and the phone numbers of C and S with a timestamp to ensure freshness, liveness, and to provide a “
      
      token”
      
      for the particular authentication session;
      
      (message
      
           3) S confirming that C controls the phone number it claims by S placing a call to C'"'"'s claimed phone number, and S transmitting a nonce over the voice channel when a call is answered;
      
      (message
      
           4) C sending both N_Netand N_Audioalong with the IDs of server, client, a timestamp, and a signature covering all other fields; and
      
      (message
      
           5) S replying with a signed certificate issued to C.
  - 6. The method according to claim 5, wherein the enrollment protocol includes an out-of-band process for verifying identity of certificates (particularly high-value certificates), authentication of supporting documentation, and/or CNAM3 lookpups.
  - 7. The method according to claim 1, wherein the handshake protocol includes a first phase indicating to a server and the calling party that a call is imminent and a second phase of authenticating both parties on the call and establishing shared secrets.
  - 8. The method according to claim 1, wherein the call integrity protocol includes exchanging content authentication information for the duration of the call using digests of call audio authenticated with HMACs.

9. A method of authentication, comprising:
- performing an enrollment protocol between a client and a server to ensure that a user controls a phone number and to issue a certificate to the user;
  
  performing a handshake protocol between two calling parties including a caller and a callee through the server to authenticate the two calling parties; and
  
  performing a call integrity protocol to ensure security of a voice channel and a content it carries.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 10. The method according to claim 9, wherein the certificate the enrollment protocol binds an identity of the client to the phone number.
  - 11. The method according to claim 10, wherein the identity includes at least one of a name, an organization, and pertinent information.
  - 12. The method according to claim 11, wherein the enrollment protocol comprises:
    - sending an enrollment request with the server'"'"'s identity, the client'"'"'s identity, the client'"'"'s phone number, and the client'"'"'s public key by the client;
      
      sending a nonce N_Net, the identities of the client and the server, and the phone numbers of the client and the server with a timestamp by the server;
      
      sending the nonce N_Netand an audio nonce N_Audioby the client; and
      
      replying with a signed certificate issued to the client by the server.
  - 13. The method according to claim 12, wherein the server provides a token during sending the nonce N_Net.
  - 14. The method according to claim 9, wherein the handshake protocol comprises a first phase indicating imminent call between the server and the calling parties, and a second phase authenticating the calling parties.
  - 15. The method according to claim 14, wherein the first phase comprises:
    - indicating by the caller to the server that the caller want to place a call;
      
      informing by the server to the callee that an authenticated voice call is coming; and
      
      informing by the server to the caller whether the callee is using the authenticated voice call.
  - 16. The method according to claim 15, wherein the caller and the callee compute independently messages and send the messages in parallel during the second phase of the handshake protocol.
  - 17. The method of according to claim 16, wherein the messages contain all information necessary for a Diffie-Hellman Key establishment authenticated with a signature key in a certificate of the caller and the callee.
  - 18. The method of according to claim 9, wherein the call integrity protocol confirms that the voice channel is established and confirms when a call ends.
  - 19. The method of according to claim 18, wherein the call integrity protocol comprises:
    - sending a message indicating that a voice call is complete, and including a timestamp and a hash message authentication code (HMAC) of the timestamp by the caller and the callee;
      
      sending other audio digests by the caller and the callee after the voice call begins; and
      
      sending a call concluded message containing a timestamp with an HMAC.

20. A method of authentication, comprising:
- performing an enrollment protocol between a client and a server to ensure that a user controls a phone number and to issue a certificate to the user;
  
  performing a handshake protocol between two calling parties including a caller and a callee through the server to authenticate the two calling parties; and
  
  performing a call integrity protocol to ensure security of a voice channel and a content it carries,wherein the enrollment protocol comprises;
  
  sending an enrollment request with the server'"'"'s identity, the client'"'"'s identity information, the client'"'"'s phone number, and the client'"'"'s public key by the client;
  
  sending a nonce N_Net, the identities of the client and the server, and the phone numbers of the client and the server with a timestamp by the server;
  
  sending the nonce N_Netand an audio nonce N_Audioby the client; and
  
  replying with a signed certificate issued to the client by the server,wherein the handshake protocol comprises;
  
  indicating by the caller to the server that the caller want to place a call;
  
  informing by the server to the callee that an authenticated voice call is coming; and
  
  informing by the server to the caller whether the callee is using the authenticated voice call, andwherein the call integrity protocol comprises;
  
  sending a message indicating that a voice call is complete, and including a timestamp and a hash message authentication code (HMAC) of the timestamp by the caller and the callee;
  
  sending other audio digests by the caller and the callee after the voice call begins; and
  
  sending a call concluded message containing a timestamp with an HMAC.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
University of Florida Research Foundation, Incorporated (State University System of Florida)
Original Assignee
University of Florida Research Foundation, Incorporated (State University System of Florida)
Inventors
Traynor, Patrick G., Reaves, Bradley G., Blue, Logan E., Vargas, Luis, Abdullah, Hadi, Shrimpton, Thomas

Granted Patent

US 10,764,043 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0823   using certificates cryptogr...

H04L 65/1076   Screening of IP real time c...

H04L 9/0844   with user authentication or...

H04L 9/3242   involving keyed hash functi...

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

H04W 12/04   Key management, e.g. using ...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/06   Authentication

H04W 12/069   using certificates or pre-s...

H04W 12/106   Packet or message integrity

H04W 12/48   using secure binding, e.g. ...

IDENTITY AND CONTENT AUTHENTICATION FOR PHONE CALLS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

157 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

IDENTITY AND CONTENT AUTHENTICATION FOR PHONE CALLS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

157 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links