Method and device for secure phone banking

US 8,571,188 B2
Filed: 12/15/2006
Issued: 10/29/2013
Est. Priority Date: 12/15/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method operational on a mobile communication device, comprising:

initiating a call to a tele-services station, wherein an authentication key has been pre-arranged between the mobile communication device and the tele-services station;

receiving a pseudorandom authentication challenge from the tele-services station in response to initiating the call;

sending an authentication response to the tele-services station, wherein the authentication response is a function of the pseudorandom authentication challenge and the authentication key;

requesting sensitive information from the tele-services station; and

receiving the requested sensitive information from the tele-services station if the authentication response is accepted by the tele-services station.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A small form-factor security device is provided that may be inserted in series with a telephone line to encrypt dual tone multi-frequency (DTMF) tones from a telephone to prevent unauthorized disclosure of sensitive information. A receiving device decrypts the encrypted DTMF tones to receive the original information sent by the telephone. The security device acts as a second factor in a two-factor authentication scheme with a tele-services security server that authenticates the security device.

23 Citations

View as Search Results

17 Claims

1. A method operational on a mobile communication device, comprising:
- initiating a call to a tele-services station, wherein an authentication key has been pre-arranged between the mobile communication device and the tele-services station;
  
  receiving a pseudorandom authentication challenge from the tele-services station in response to initiating the call;
  
  sending an authentication response to the tele-services station, wherein the authentication response is a function of the pseudorandom authentication challenge and the authentication key;
  
  requesting sensitive information from the tele-services station; and
  
  receiving the requested sensitive information from the tele-services station if the authentication response is accepted by the tele-services station.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising:
    - sending a user identifier to the tele-services station, wherein the user identifier is further used to authenticate the mobile communication device.
  - 3. The method of claim 1 wherein the mobile communication device is a mobile phone and the tele-services station is associated with a financial institution.
  - 4. The method of claim 1 further comprising:
    - generating a session key based on the pseudorandom authentication challenge and the authentication response; and
      
      decrypting the sensitive information using the session key.
  - 5. The method of claim 1, wherein the sensitive information is received as a plurality of dual tone multi-frequency (DTMF) tones.
  - 6. The method of claim 5, further comprising:
    - decrypting the received DTMF tones to obtain the sensitive information.
  - 7. The method of claim 6, wherein decrypting the received DTMF tones includesconverting a first DTMF tone into a first symbol by selecting a first translation table from a plurality of translation tables based on the pseudorandom authentication challenge and the authentication key;
    - translating the first DTMF tone into a first symbol using the selected first translation table;
      
      converting a second DTMF tone into a second symbol by selecting a second translation table from the plurality of translation tables based on the pseudorandom authentication challenge and the authentication key; and
      
      translating the second DTMF tone into a second symbol using the selected second translation table.
  - 8. The method of claim 7, wherein the second translation table is obtained by shuffling symbols in the first translation table.
  - 9. The method of claim 1, further comprising:
    - transmitting sensitive information to the tele-services station by encrypting the transmitted sensitive information a plurality of dual tone multi-frequency (DTMF) tones.
  - 10. The method of claim 9, wherein encrypting the plurality of DTMF tones includesselecting a first translation table from a plurality of translation tables based on the pseudorandom authentication challenge and the authentication key;
    - converting a first symbol into a first DTMF tone using the selected first translation table;
      
      selecting a second translation table from the plurality of translation tables based on the pseudorandom authentication challenge and the authentication key;
      
      converting a second symbol into a second DTMF using the selected second translation table.

11. A mobile communication device, comprising:
- means for initiating a call to a tele-services station, wherein an authentication key has been pre-arranged between the mobile communication device and the tele-services station;
  
  means for receiving a pseudorandom authentication challenge from the tele-services station in response to initiating the call;
  
  means for sending an authentication response to the tele-services station, wherein the authentication response is a function of the pseudorandom authentication challenge and the-authentication key;
  
  means for requesting sensitive information from the tele-services station; and
  
  means for receiving the requested sensitive information from the tele-services station if the authentication response is accepted by the tele-services station.
- View Dependent Claims (12, 13)
- - 12. The device of claim 11 further comprising:
    - means for sending a user identifier to the tele-services station, wherein the user identifier is further used to authenticate the mobile communication device.
  - 13. The device of claim 11 further comprising:
    - means for generating a session key based on the pseudorandom authentication challenge and the authentication response; and
      
      means for decrypting the sensitive information using the session key.

14. A mobile communication device, comprising:
- a communication module for communicating over a wireless communication network; and
  
  a processing circuit coupled to the communication module, the processing circuit configured toinitiate a call to a tele-services station, wherein an authentication key has been pre-arranged between the mobile communication device and the tele-services station;
  
  receive a pseudorandom authentication challenge from the tele-services station in response to initiating the call;
  
  send an authentication response to the tele-services station, wherein the authentication response is a function of the pseudorandom authentication challenge and the-authentication key;
  
  request sensitive information from the tele-services station; and
  
  receive the requested sensitive information from the tele-services station if the authentication response is accepted by the tele-services station.
- View Dependent Claims (15)
- - 15. The device of claim 14 wherein the processing circuit is further configured togenerate a session key based on the pseudorandom authentication challenge and the authentication response;
    - anddecrypt the sensitive information using the session key.

16. A non-transitory machine-readable medium having one or more instructions operational on a security device for securing information transmitted by a telephone, which when executed by a processor causes the processor to:
- initiate a call to a tele-services station, wherein an authentication key has been pre-arranged between the mobile communication device and the tele-services station;
  
  receive a pseudorandom authentication challenge from the tele-services station in response to initiating the call;
  
  send an authentication response to the tele-services station, wherein the authentication response is a function of the pseudorandom authentication challenge and the-authentication key;
  
  request sensitive information from the tele-services station; and
  
  receive the requested sensitive information from the tele-services station if the authentication response is accepted by the tele-services station.
- View Dependent Claims (17)
- - 17. The non-transitory machine-readable medium of claim 16 having one or more instructions which when executed by a processor causes the processor to further:
    - generate a session key based on the pseudorandom authentication challenge and the authentication response; and
      
      decrypt the sensitive information using the session key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Gantman, Alexander, Rose, Gregory G., Choi, Jae-Hee, Noerenberg, John W. II
Primary Examiner(s)
Ramakrishnaiah, Melur

Application Number

US11/611,825
Publication Number

US 20080144787A1
Time in Patent Office

2,510 Days
Field of Search

379/90.01, 379/93.02, 379/93.03, 379/142.05, 235/379, 235/380, 235/375, 235/492, 235/382, 705/14, 705/42, 705/44, 705/70, 705/75, 705/72, 705/67
US Class Current

379/90.01
CPC Class Codes

H04L 9/00   Cryptographic mechanisms or...

H04M 1/505   signals generated in digita...

H04M 1/68   Circuit arrangements for pr...

H04M 11/00   Telephonic communication sy...

H04M 2203/609   Secret communication

H04M 3/16   with lock-out or secrecy pr...

Method and device for secure phone banking

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Method and device for secure phone banking

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others