System, method and apparatus for authenticating calls

US 9,197,746 B2
Filed: 02/05/2009
Issued: 11/24/2015
Est. Priority Date: 02/05/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method for authenticating a calling device comprising the steps of:

receiving a call from the calling device to a called device, at a controller, wherein the controller intercepts the call from the calling device to the called device;

sending a first authentication request for the call from the controller to the calling device;

receiving, at the controller, a first authentication response for the call from the calling device, wherein the first authentication response for the call comprises calling device encrypted data generated by the calling device, wherein the calling device encrypted data includes a hash of a caller identification for the calling device and a called number using a shared secret key;

extracting, by the controller, the caller identification and the called number from the encrypted data using the shared secret encryption key;

determining, by the controller, whether the extracted caller identification and the extracted called number are valid; and

transferring, by the controller, the call to the called device in response to determining that the extracted caller identification and the extracted called number are valid.

View all claims

22 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a system, method and apparatus for authenticating calls that is a robust Anti-vishing solution. The present invention can identify Caller ID spoofing, verify dialed number to detect man-in-the middle and verify called party against dialed digits to detect impersonation. This solution can handle calls coming from any phone any where with little impact on user experience. Two separate solutions are tailored for smart phones (communication devices capable of running application software) and traditional phones to reduce the impact to user experience while providing robust verification.

Citations

10 Claims

1. A method for authenticating a calling device comprising the steps of:
- receiving a call from the calling device to a called device, at a controller, wherein the controller intercepts the call from the calling device to the called device;
  
  sending a first authentication request for the call from the controller to the calling device;
  
  receiving, at the controller, a first authentication response for the call from the calling device, wherein the first authentication response for the call comprises calling device encrypted data generated by the calling device, wherein the calling device encrypted data includes a hash of a caller identification for the calling device and a called number using a shared secret key;
  
  extracting, by the controller, the caller identification and the called number from the encrypted data using the shared secret encryption key;
  
  determining, by the controller, whether the extracted caller identification and the extracted called number are valid; and
  
  transferring, by the controller, the call to the called device in response to determining that the extracted caller identification and the extracted called number are valid.
- View Dependent Claims (2, 3, 4)
- - 2. The method as recited in claim 1, wherein:
    - the first authentication request for the call includes a controller generated encryption key;
      
      the first authentication response for the call includes a calling device generated encryption key; and
      
      wherein the calling device encrypted data is generated using the caller identification, a calling number, the called number, the controller generated encryption key, the calling device generated encryption key and the shared secret encryption key.
  - 3. The method as recited in claim 1, further comprising the steps of:
    - registering the calling device; and
      
      creating the shared secret encryption key.
  - 4. The method as recited in claim 1, wherein the messages are exchanged using in-band communication channels, out-of-band communication channels, or a combination thereof.

5. A system for authenticating a calling device comprising:
- a controller communicably coupled to a communications network wherein the controller comprises a communications interface communicably coupled to the communications network and a processor communicably coupled to the communications interface, and wherein the processor (a) receives a call from the calling device that is directed to a called device using a called number, wherein the call is intercepted by the controller, (b) sends a first authentication request to the calling device, (c) receives a first authentication response from the calling device, wherein the first authentication response comprises calling device encrypted data generated by the calling device comprising a hash of a caller identification, the called number and a shared secret encryption key, (d) extracts the caller identification and the called number from the encrypted data using the shared secret encryption key, (e) determines whether the extracted caller identification and the extracted called number are valid, and (f) transfers the call to the called device whenever the extracted caller identification and the extracted called number are valid.
- View Dependent Claims (6)
- - 6. The system as recited in claim 5, wherein the calling device further comprises an anti-vishing agent.

7. A method for authenticating a calling device comprising the steps of:
- trapping by an agent on the calling device the called number;
  
  receiving a call from the calling device to a called device, at a controller, wherein the controller intercepts the call from the calling device to the called device;
  
  sending a first authentication request for the call from the controller to the calling device;
  
  receiving, at the controller, a first authentication response for the call from the calling device, wherein the first authentication response for the call comprises calling device encrypted data generated by the calling device, wherein the calling device encrypted data includes a hash of a caller identification for the calling device and a called number using a shared secret key;
  
  extracting, by the controller, the caller identification and the called number from the encrypted data using the shared secret encryption key;
  
  determining, by the controller, whether the extracted caller identification and the extracted called number are valid; and
  
  transferring, by the controller, the call to the called device in response to determining that the extracted caller identification and the extracted called number are valid, wherein the step of transferring the call to the called device whenever the extracted caller identification and the extracted called number are valid comprises the steps of;
  
  in response to determining that the extracted caller identification and the extracted called number are valid, sending a second authentication request for the call to the calling device, wherein the second authentication request for the call comprises controller device encrypted data generated by a controller using the calling number, the called number, the controller generated encryption key, the calling device generated encryption key and the shared secret encryption key;
  
  receiving a second authentication response for the call from the calling device;
  
  transferring the call to the called device whenever the second authentication response for the call indicates success; and
  
  terminating the call whenever the second authentication response for the call indicates failure.
- View Dependent Claims (8, 9, 10)
- - 8. The method as recited in claim 7, wherein:
    - the first authentication request for the call includes a controller generated encryption key;
      
      the first authentication response for the call includes a calling device generated encryption key and the calling device encrypted data; and
      
      wherein the calling device encrypted data is generated using the caller identification, a calling number, the called number, the controller generated encryption key, the calling device generated encryption key and the shared secret encryption key.
  - 9. The method as recited in claim 7, further comprising the steps of:
    - registering the calling device; and
      
      creating the shared secret encryption key.
  - 10. The method as recited in claim 7, wherein the messages are exchanged using in-band communication channels, out-of-band communication channels, or a combination thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arlington Technologies, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
Avaya Incorporated
Inventors
Kurapati, Srikrishna, Mohan, Rajesh, Sadhasivam, Karthikeyan, Tyagi, Satyam
Primary Examiner(s)
Patel, Nirav B

Application Number

US12/366,630
Publication Number

US 20090217039A1
Time in Patent Office

2,483 Days
Field of Search

738168-170, 380/248, 380/249, 380/270, 455/420, 455410-413, 713168-170, 379/207.12, 379/93.24, 370352-356
US Class Current

1/1
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 63/126   the source of the received ...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

H04L 9/3215   using a plurality of channe...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3273   for mutual authentication n...

H04M 2203/6054   Biometric subscriber identi...

H04M 3/436   Arrangements for screening ...

System, method and apparatus for authenticating calls

First Claim

22 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and apparatus for authenticating calls

First Claim

22 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links