FR2678459A1 - Method of authenticating a subscriber making a call, for telephone billing - Google Patents

Abstract

In order to establish a telephone communication, the caller dials on the keyboard of a subscriber telephone instrument, successively a personal telephone number (NTP), a dialled confidential code (CCN) and a telephone number of a called subscriber (NTA). The dialled confidential code (CCN) is enciphered (g) by a confidentiality enciphering circuit into a confidential enciphered dialled code (CCNC). The personal telephone number (NTP), the enciphered dialled confidential code (CCNC) and the telephone number of the called subscriber (NTA) are then sent to a telephone exchange. The enciphered dialled confidential code (CCNC) is deciphered (g-1) within the exchange (1). Authentication consists in verifying that the personal telephone number (NTP) is not a prohibited number, deciphering (f) the personal telephone number (NTP) into an authentic confidential code (CCA) and checking that the authentic confidential code (CCA) is equal to a dialled confidential code (CCN). If the authentication is validated, the cost of the telephone communication is billed to the caller designated by the personal telephone number (NTP).

Description

Method for authenticating a subscriber caller for
telephone pricing
The present invention relates to a method of authenticating a subscriber calling person during a request for communication to the telephone network by means of any subscriber telephone equipment, particularly which is not located at the domicile of the calling person. .

 According to the prior art, a communication cost for a given subscriber equipment is only attributable to the subscriber himself, that is to say to the telephone number assigned to the subscriber telephone line serving the equipment, not a caller actually making the phone call. This limitation "physical" (line), and not alogical (person), of the allocation of communication costs offers two types of disadvantage.

 First of all, concerning security, it is difficult to prevent the equipment or subscriber station from being used by an unauthorized person. Communication costs are then charged to the subscriber independently of the calling party.

 Devices making it possible to remedy the aforementioned drawback, essentially consisting in refusing any access to the telephone network when the calling person ignores a confidential code assigned to the telephone number of the equipment, induce a limitation of the use of said equipment and therefore a lack flexibility to access the telephone network.

 The present invention aims to remedy the aforementioned drawbacks by simultaneously integrating flexibility and security, both antagonists according to the prior art.

To this end, a method of authenticating a calling person during a request for communication to the telephone network by means of any subscriber telephone equipment connected to a telephone exchange of said network,
said communication request consisting in composing a message further comprising a personal telephone number and a numbered confidential code transmitted by the equipment,
said method comprising comparing the personal telephone number with prohibited telephone numbers, in order not to satisfy said request when the personal telephone number is identical to one of the prohibited numbers,
is characterized in that the method further comprises, a decryption of the personal telephone number as a function of a predetermined authentication key in order to deduce therefrom an authentic confidential code, and a comparison of said authentic confidential code with said confidential code numbered so that the exchange establishes the requested communication when the codes compared are identical.

 Advantageously, in order to avoid any fraudulent detection of the numbered confidential code during the transmission thereof between the equipment and the exchange, the method according to the invention comprises, in the equipment, encryption of said confidential code numbered according to a confidentiality key identical to said subscriber telephone number called in order to deduce therefrom an encrypted numbered confidential code transmitted from the equipment to the exchange and in the exchange, a reverse decryption of the previous encryption, relating to the numbered confidential code encrypted as a function of the confidentiality key in order to retrieve the numbered confidential code to compare it with the authentic confidential code.

 Other characteristics and advantages of the present invention will appear more clearly on reading the following description with reference to the corresponding appended drawings in which - FIG. 1 shows a general organization of a node of the telephone network according to the prior art - FIG. 2 is a variant of FIG. 1 relating to a pricing method used for certain telephone services; - Figs. 3A and 3B represent algorithms such as implemented in deferred telephone charge payment services according to the prior art - FIG. 4 is a functional diagram of a node of the telephone network for the implementation of the method according to the invention - FIG. 5 shows an algorithm of the calling person authentication method according to the invention; and - Fig. 6 is a time diagram relating to encryption key modifications implemented in the method according to the invention.

 Beforehand, it is pointed out that the terms encryption / decryption of confidentiality and the terms encryption / decryption of authentication used below respectively designate two distinct and independent encryption / decryption modes.

 With reference to FIG. 1, a node of the telephone network consists of a connecting telephone exchange 1, which is connected to I telephone equipment, such as telephone subscriber stations llo to 11I-lr by individual telephone lines d 'subscriber 120 to 12I-1 respectively. The exchange 1 is also connected to M remote telephone exchanges by inter-exchange links 130 to 13M-1 For a given subscriber equipment lli, where i is an integer between 0 and 1-1, K people Pi, 1 to Pi, K are permanently served by the telephone exchange 1 via the telephone equipment lli and the subscriber line 12i. K designates a number of people effectively having access to the subscriber equipment lli and able to establish telephone communication through the exchange 1.

 A management center 14 is associated with the central office 1. The management center 14 produced in the form of a computer system assigns communication cost invoices for each subscriber equipment 11o to 11I-1 connected to the central office 1. The role of the management center is mainly to record the totality of the communication costs for each subscriber equipment llo to llI ~ 1 or associated subscriber line 120 to 12I-1 during a predetermined period, and to issue corresponding invoices.

 During a telephone call made for example by means of the subscriber equipment 11i, a communication cost is charged to the corresponding subscriber independently of the natural person Pi, 1 to Pi, K who actually made the call. This, as pointed out in the preamble to the description, poses two types of problems - security: fraudsters can abuse subscriber equipment which they do not own; - flexibility: currently existing security devices limit the use of the telephone network.

 A deferred telephone tax payment service of the type used in France, called PASTEL (registered trademark), only partially solves the two above-mentioned problems by authorizing a limited number of subscribers. A schematic representation of a telephone network node for the implementation of such a telephone service is shown in FIG. 2 and consists essentially in relation to FIG. 1 by adding a storage unit 2. Each PASTEL telephone service subscriber has a personal telephone card 3 which can include a microcircuit 31.

Two variants exist for using the service, namely automatic establishment of communications and establishment of communications by operator.

 The first variant is used by service subscribers in public card or coin-operated payphones. Concerning public card payphones, the subscriber inserts his personal microcircuit card 3 into a card reader insertion slot and is invited to number on a keyboard a confidential CCN code which is assigned to him by the telephone network operator. Regarding public coin-operated telephone booths, the service subscriber dials an invitation request number (3610) beforehand, then is invited to dial an identification number from their personal telephone card and, as before, a confidential code CCN.

 In the second variant, concerning the establishment of a communication by operator, the subscriber to the PASTEL service previously numbers an invitation request number by operator (3650).

The operator then successively asks him for the identification number of his card and a confidential code.

Whatever the variants described above, two pieces of information
- the card identification number, and
- the numbered confidential code, are necessary to authorize or refuse communication to a subscriber according to the algorithms shown in Figs. 3A and 3B.

 The algorithm of FIG. 3A relates to the authentication of a subscriber in the case of the use of a microcircuit telephone card used in public telephone boxes.

Initially according to this variant, after insertion of the personal telephone card 3 by the subscriber into the card insertion slot, the reader reads in the microcircuit 31 an identification number of the card in binary code. A CCN confidential code composed by the subscriber is transmitted to the microcircuit 31 to be compared with an authentic CCA confidential code stored in said microcircuit. If the comparison is signaled correctly by the microcircuit, a communication is established. At the end of the communication resulting from the handset being hung up by the subscriber, the identification number of the card read is also transmitted to the management center 14 for deferred pricing. Even if this variant does not use the storage unit 2 shown in FIG.

2, it is conceivable that such a method is not applicable to the entire telephone network for reasons of cost of card readers.

 According to the second variant, shown in FIG. 2B, in which the calling person does not use a microcircuit card, the storage unit 2 is then implemented. The caller, after having previously dialed an invitation request number (3610, 3650) is invited to dial, or communicate to the operator, the card identification number and the CCN confidential code. In the case of an invitation request without operator, the variant with operator being of the same type, the confidential code composed by the subscriber and the identification number read are then transmitted to the exchange 1. Interface means in the central office 1 exchange signals according to a predetermined protocol with the storage unit 2 and interrogate the latter. The storage unit 2 associates with the respective identification number of each currently valid telephone card, an authentic confidential code CCA. Thus, the authentication of the subscriber by the central office 1 consists in comparing the numbered confidential code CCN and the authentic confidential code CCA in the storage unit and in authorizing and refusing a communication respectively if there is equality and difference between both codes.

 The extension of the PASTEL service according to this second variant, in adapted form, to all of the telephone network subscribers so that a communication cost is effectively charged to the calling natural person Pi, k, where k is an integer between 1 and K, and not to the subscriber of the line 12i, would pose problems of dimensioning and management of the storage unit 2 according to this second variant.

Indeed, a memory for massaging a disk or magnetic tape, in such a storage unit 2 must have a size proportional to the total number of subscribers of the service since the latter stores for each card identification number, an authentic confidential code.
CCA. Those skilled in the art will readily understand that the size of such an information storage unit then increases access times and reduces information security if the network operator extends such a service to all of the subscribers of the telephone network.

In the banking sector, and more specifically with regard to electronic payment by bank chip card, the problem relating to the size of the mass memory for authentication of the bank card is resolved. Such a mass memory only contains identification numbers of prohibited cards. This mass memory is commonly called a "black list". However, the card authentication principle then used regarding the verification of the validity of the confidential code cannot be extended to the telephone network. In fact, during a service request by means of an electronic payment terminal (distributor of tickets) by a person with a bank card, two checks are carried out
- Check that the card's identification number does not belong to the black list, and
- Control of the validity of a confidential code entered by the person taking into account an encrypted confidential code stored in the chip. The encrypted confidential code stored in the chip is decrypted into an authentic code which is compared with the entered confidential code.

 An application of such a method to the telephone network in order to charge a call cost to a calling person independently of the subscriber telephone equipment would consist in transmitting to the telephone exchange his own identification number (which is here a number of telephone), then an encrypted confidential code and finally a confidential code entered on the keypad of the telephone equipment.

However, the sending, before a communication, of the encrypted confidential code would require a smart card reader for each subscriber equipment since indeed for a communication, the authentication of the calling person must be independent of the equipment of 'subscriber.

 The extension of a card device for all the subscribers of the telephone network is unrealistic essentially for reasons of cost of the smart card reader.

 With reference to Figs. 4 to 6, the authentication method of a subscriber calling person for pricing according to the invention is now described.

 According to a preferred embodiment, a node of the telephone network for implementing the method according to the invention essentially comprises the telephone exchange 1, a confidentiality decryption circuit 62, and an authentication and management decryption module 7.

 Each subscriber telephone equipment llo to him ~ 1 is locally connected to one end of the telephone line 120 to 12I-1 through a confidentiality encryption circuit 610 to 61I-1, while the other end of the telephone line is connected to the central office 1 through the confidentiality decryption circuit 62.

The authentication and management encryption module 7 linked to the central office 1 is also linked to a centralized file server of prohibited or terminated telephone numbers 8.

 The algorithm shown in Fig. 5 presents the different steps of authenticating a calling person during a communication request to the telephone network shown in Fig. 4.

A subscriber caller Pi, k having access to the subscriber telephone equipment lli initializes, after having taken the line 12i by lifting the handset from the equipment (step EO), a communication request by dialing (step El) on the equipment keyboard
-its NTP personal telephone number (which may be different from the telephone number assigned to the equipment itself),
- a confidential code numbered CCN, and
- a telephone number of a subscriber called recipient NTA.

 The personal telephone number NTP as well as the authentic confidential code can be stored in an appropriate circuit of the subscriber equipment lli and transmitted in the form of a combination of two voice frequencies in the telephone line 12i following a predetermined action. such as picking up the handset, thus simplifying the telephone call procedure according to the invention when the calling person is actually the owner of the line.

An authentic CCA confidential code is assigned to each subscriber by the telephone network operator. This confidential code results from a decryption of authentication of the personal telephone number
NTP by a decryption algorithm, as will be seen below.

 The confidentiality encryption circuit 61i and the confidentiality decryption circuit 62 being optional, reference is first made to a first variant not comprising these two circuits.

In this variant, the equipment is conventionally connected to the central office 1 through the telephone line 12i in which the personal telephone number NTP, the confidential numbered code CCN and the telephone number of a subscriber called NTA are successively transmitted in the form of a message, each number digit being for example in the form of one of the known combinations of two voice frequencies generated by the keyboard of the equipment lli.

The authentication and management decryption module 7 receives, through the central, successively two of the three numbers
NTP, CCN and NTA which are the NTP personal telephone number and the CCN numbered confidential code (step E2). The personal telephone number is compared with prohibited or terminated telephone numbers stored in the file 8 (step E3). The latter has stored telephone numbers whose corresponding subscribers no longer have access to the telephone network due, for example, to unpaid invoices or termination of subscription, or change of address.

 In a first case, if the personal telephone number belongs to the list of prohibited numbers in file 8, the communication request is not satisfied and the communication is not established by the central office 1 which deletes the NTP numbers and NTA in its recorder and which returns a number tone not accessible to the equipment lli.

 In a second case, if the personal telephone number NTP does not belong to the list of prohibited numbers, the authentication and management decryption module 7 then decrypts the personal telephone number NTP according to the key decryption algorithm secret authentication Kn (step E4). This key parameters a predetermined function f and the inverse function f-l thereof, that is to say transforms a function f into a function fKn depending on the parameter Kn. In the aforementioned case where it is an authentication of subscriber calling person, the key Kn can also configure a non-reversible decryption function.

The authentic CCA confidential code established by decryption from the NTP personal telephone number is thus deduced from the following relationship
CCA = fKn (NTP).

 The authentic confidential code CCA is then compared with the confidential code numbered CCN (step E5). If the two codes CCA and CCN are not identical, the communication is not established by the central office 1. Otherwise, the communication between the calling person and the called subscriber is established normally through the central office 1.

 Transmission directly on line 12i of the NTP personal telephone number and the CCN numbered confidential code induces confidentiality problems. Indeed, fraudulent detection of the confidential code numbered CCN is easily achievable in the telephone line 12i, particularly at the ends thereof or when the line is overhead.

The confidentiality encryption circuit 61i and the confidentiality decryption circuit 62 are then implemented in the steps
El and E2 to avoid such fraud, according to a second variant.

In step E1, the confidential code numbered CCN is encrypted by the confidentiality encryption circuit 61i into a confidential code numbered encrypted CCNC before being transmitted in line 12i. Confidentiality encryption preferably consists in that the confidential code numbered CCN is encrypted by a second decryption algorithm represented by a function g and the confidentiality key of which is the telephone number of the subscriber called NTA, ie
CCNC = gNTA (CCN) the encrypted numbered confidential code.

 Thus, even if the CCNC encrypted numbered confidential code transmitted in line 12i is detected, it is not possible on the one hand to deduce therefrom an authentic CCA confidential code, and on the other hand to reuse the encrypted number confidential code CCNC for subscriber calls other than that requested by the calling party Pi, k at the time of the fraud. This considerably reduces the interest of fraud.

NTP personal phone number, encrypted PIN
CCNC and the telephone number of the subscriber called NTA are transmitted on line 12i and received by the confidentiality decryption circuit 62. The latter deciphers (step E2) the encrypted numbered confidential code
CCNC from a function Fy-i inverse of the encryption function g with as key the telephone number of the subscriber called NTA received.

The confidential code numbered CCN = gllir <CCNC) is thus recovered.

 By way of example, the two encryption algorithms represented by the functions f and g according to the invention may be of the type of the encryption algorithm DES (Data Encryption Standard) of IBM (International Business Machine), the digits of the numbers and codes being processed in digital form.

 In order to avoid that an ill-intentioned person successively dials confidential code numbers CCN to search for the authentic confidential code CCA, each personal number NTP dialed in any of the subscriber equipment 11 to 11 is associated with a control variable respective VNTp in the authentication and management decryption module 7. Each variable VNTp is reset to zero at the end of a predetermined period PJ, every twenty four hours for example, and is incremented by one for each invalid numbered confidential code following the same personal NTP number (step E6).

When the variable VNTp is greater than a predetermined threshold
SV, typically equal to 3 (step E7), the NTP telephone number is then entered in the file of prohibited numbers 8, and any subsequent call preceded by the transmission of the NTP number is then systematically refused in step E3.

 Of course, the size of the file of prohibited numbers 8 gradually increases as the number of canceled subscriptions, unpaid invoices, etc. increases. To limit the size of the file 8, the decryption key Kn is changed by subscription renewal period PR, for example each year n. However, in order to avoid the renewal of the authentic confidential CCA codes of all subscribers to the service on the same date, each CCA code is notified on the anniversary date of subscription to the subscriber.

 Fig.6 illustrates one such method for modifying the authentication decryption key. In this figure, the symbols "o" and "* 'denote anniversary dates for two separate subscribers. Clearly for a given year n, the key Kn corresponding to this year and the key Kn-1 corresponding to the year previous nl are simultaneously valid. Thus, for a given year n, in order to adapt the authentication decryption module 7 to this double validity of keys, the latter deciphers (step E4) the personal telephone number NTP by the function of decryption f configured consecutively by the two valid keys: Kn and Kan ~ 1 then compares (step E5) the two authentic confidential codes CCAn and CCA, -1 resulting from the two decryptions with the confidential code numbered CCN. Communication is established when the code CCN is identical to one of the two authentic codes, the steps following this comparison are those indicated above when only one Kn key is valid at any one time.

It should also be noted that the authentication decryption may only be carried out relative to a second part of the authentic confidential code CCA. The first part of the CCA code can consist of one or two digits determining an allocation number
NAT to the subscriber of the NTP number. This NAT number allows the operator to modify all of the authentic CCA confidential code allocated to the subscriber, following modifications for example requested by the subscriber, regardless of the renewal subscription periods. Authentication decryption is then performed on the whole (NTP + NAT) to deduce the second part of authentic confidential code
Corresponding CCA.

 Thus, according to this last variant, the NTP number is considered to be the NTP + NAT set in the algorithm of Fig. 5.

 In all the variants described above, the cost of a communication is imputed to the calling natural person Pi, k taking into account the personal telephone number numbered NTP This imputation of the cost is carried out at the level of the authentication and management decryption module 7.

The method described above may not be used when the owner of the line so wishes. To this end, provision can be made for a systematic request for the personal telephone number NTP and the confidential code numbered CCN for a conventional use consisting in numbering only the telephone number of the subscriber called.
NTA.

 In this case, if a person Pi, k who is not the holder of the line wishes to make a telephone call, the person calls an operator attached to the authentication and management decryption module 7 which authenticates said person according to the method according to the invention.

Equivalent embodiments of the method according to the invention can also be realized at a local level of the telephone network. An exemplary embodiment relates to the case in which a plurality of telephone equipment is connected to a private branch exchange to be connected to a common telephone line. In such a case, it can be provided that, in addition to the personal telephone number NTP which is common to the plurality of telephone equipment, each calling person also dials an extension number NP. Each person is therefore assigned an authentic CCA confidential code deduced from the decryption of the personal telephone number NTP and the extension number
NP. Thus the authentication according to the invention is carried out locally at the level of the private branch exchange.

Claims (4)

 1 - Method for authenticating a calling person (Pi, k) during a request for communication to the telephone network by means of any subscriber telephone equipment (him) connected to a telephone exchange (1) of said network ,  said communication request consisting in composing a message comprising, in addition, a personal telephone number (NTP) and a numbered confidential code (CCN) transmitted by the equipment (it),  said method comprising comparing the personal telephone number (NTP) with prohibited telephone numbers (8), so as not to satisfy said request when the personal telephone number is identical to one of the prohibited numbers,  characterized in that the method further comprises a decryption (f) of the personal telephone number (NTP) as a function of a predetermined authentication key (Kn) in order to deduce therefrom an authentic confidential code (CCA) and a comparison of said authentic confidential code (CCA) with said numbered confidential code (CCN) so that the exchange (1) establishes the requested communication when the compared codes are identical.  2 - Method according to claim 1, for which the message of the access request includes a subscriber telephone number called (NTA), characterized in that it comprises, in the equipment (him), encryption (g) of said numbered confidential code (CCN) as a function of a confidentiality key identical to said called subscriber telephone number (NTA) in order to deduce therefrom an encrypted numbered confidential code (CCNC) transmitted from the equipment to the central office, and in the central office (1), a decryption (g'l) opposite to the previous encryption, relating to the encrypted numbered confidential code (CCNC) as a function of the confidentiality key (NTA) in order to retrieve the numbered confidential code (CCN) to compare it to the authentic confidential code (CCA).  3 - Method according to claim 1 or 2, characterized in that, when the authentic and numbered confidential codes (CCA, CCN) are different, a variable (VNTp) assigned to the personal telephone number (NTP) is incremented by unit, then is compared to a predetermined threshold (SV) so that the personal telephone number (NTP) is a prohibited number (8) when said variable exceeds said threshold, said variable (VNTp) being reset to zero by predetermined period (PJ ).  4 - Method according to any one of claims 1 to 3, characterized in that the authentication key (Kn) is periodically modified for each calling person, and in that, during a first period (n), the encryption personal telephone code (NTP) consists in deciphering it according to the key (Kn) for the first period (n) and the key (kan ~ 1) for a second period (n-1) preceding the first period in order to deduce therefrom first and second authentic confidential codes (CCAn, CCAn1) respectively, said numbered confidential code (CCN) being compared with the first and second authentic codes so that the exchange (1) establishes the requested communication when the numbered code is identical to one of the authentic codes.