GB2510378A - Simultaneously providing caller ID information and encrypted caller ID information for Telephony caller authentication - Google Patents

Simultaneously providing caller ID information and encrypted caller ID information for Telephony caller authentication Download PDF

Info

Publication number
GB2510378A
GB2510378A GB1301781.9A GB201301781A GB2510378A GB 2510378 A GB2510378 A GB 2510378A GB 201301781 A GB201301781 A GB 201301781A GB 2510378 A GB2510378 A GB 2510378A
Authority
GB
United Kingdom
Prior art keywords
identification information
caller
caller identification
carrier signal
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1301781.9A
Other versions
GB201301781D0 (en
Inventor
Andrew Stewart Feltham
Elizabeth Jane Maple
Simon James Maple
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to GB1301781.9A priority Critical patent/GB2510378A/en
Publication of GB201301781D0 publication Critical patent/GB201301781D0/en
Publication of GB2510378A publication Critical patent/GB2510378A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/57Arrangements for indicating or recording the number of the calling subscriber at the called subscriber's set
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/57Arrangements for indicating or recording the number of the calling subscriber at the called subscriber's set
    • H04M1/575Means for retrieving and displaying personal data about calling party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/42025Calling or Called party identification service
    • H04M3/42034Calling party identification service
    • H04M3/42042Notifying the called party of information on the calling party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/42025Calling or Called party identification service
    • H04M3/42034Calling party identification service
    • H04M3/42059Making use of the calling party identifier

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A method of providing Caller ID information in a telephone call, the method comprising: encrypting 104 Caller Identification information; initiating 108 the telephone call, said initiating comprising: providing 108a a voice carrier signal including the caller ID information; and simultaneously providing 108b a data carrier signal including the encrypted caller ID information. Aspects of the invention include the receiving device receiving (204) the telephone call; decrypting (206) the encrypted caller identification information at the recipient device; and verifying the identity of at least an unknown caller at the recipient device by at least one of verifying the authenticity of a certificate used to encrypt the caller identification information; and comparing (208) the decrypted caller identification information with the caller identification information from the voice carrier signal. A telephony device (500) implementing such an authentication method is also disclosed.

Description

TELEPHONY CALLER AUTHENTICATION
FIELD OF THE INVENTION
The present invention re'ates to a method of authenticating the identity ofa cafler in a telephone call between a caller device and a recipient device, the method comprising including caller identification information in a voice carrier signal from the caller device.
The present invention ifirther relates to a telephony device for use in such a method.
BACKGROUND
Ill modern society, many financial transactions are now performed electronically, e.g. using credit or debit cards, by performing transactions over the Internet and/or by using mobile telephony protocols to name but a few examples. The authenticity of such transactions is typically ensured by thc USC of somc ycrification data that can only be known to the user, c.g.
(selected characters from) passwords and so on.
Nevertheless, such transactions can be sensitive to fraud, e.g. because credit or debit card details have been stolen or because the security of user authentication information has been compromised. Fortunately, many financial institutions, e.g. banks, perfoim rigorous security checks on most financial transactions, and contact a customer in case a particular transaction cannot be trusted. Such contact is typically performed by telephone, with the call being initiatcd by an employee of the financial institution asking thc customer to divulgc details of the customer's security information in order to verify the ideiltity of the customer.
However, such contact itself is susceptible to fraud. A customer may be contacted maliciously over the telephone by a caller posing as an employee of a financial institution in order to obtain the security details of the customer with the intention to defraud the customer by engaging in financial transactions using the customer's funds. It can be very difficult to detect such malicious calls. The caller ID may be withheld, or may be fraudulently altered (spoofed), as is known per se; see e.g.: http://www.docdronnersorc/wikilindex.plip'hitle=AN] and Caller II) Spooling. Although a vigilant customer may verify the identity of the caller by requesting a phone number that the customer can call back and subsequently contact the financial institution to veri' if the provided phone number can be trusted, this is rather cumbersome and does not avoid the risk of a customer erroneously trusting the identity of a malicious caller.
Attempts have been made to facilitate the recipient of a call to establish the authenticity of the caller. For instance, US 2011/0026699 Al discloses a service that handles incoming telephone calls without bothering the telephone subscriber. The service permits a call to go through to a subscriber if the service determines that the call is not unwanted and the caller has been unauthenticated. The authentication is based on challenging the caller to prove its identity rather than relying on caller ID displays. Prospective callers pre-register with the service providing caller account information. When a caller is issued a challenge, the caller may prove its authenticity by supplying the challenge back to the service along with its registered information. Although this service avoids a subscriber being subjected to unwanted and fraudulent calls, a disadvantage of this approach is that it requires active implementation by a service provider and several process steps before a caller can be connected to a subscriber.
BRIEF SUMMARY OF THE INVENTION
The present invention seeks to provide a more straightforward method of authenticating the identity of a caller in a telephone call between a caller device and a recipient device.
The present invention further seeks to provide a telephony device that can implement at least certain aspects of this method.
According to an aspect of the present invention, there is provided a method of providing caller identification information in a telephone call, the method comprising encrypting caller identification information; initiating the telephone call, said initiating comprising: providing a voice carrier signal including the caller identification information; and simultaneously providing a data carrier signal including the encrypted caller identification information.
This allows a recipient of such a call to authenticate the identity of the caller by comparison of the encrypted caller identification information provided in the data carrier signal, e.g. in the form of a message, with the unencrypted caller identification information provided in the voice carrier signal, thus facilitatillg a straightforward caller identification authentication method does not require service provider intervention.
In a preferred cmbodimcnt, thc caflcr idcntification information is encrypted using a privatc key.
According to another aspect of the present invention there is provided a method of authenticating the identity of a caller in a telephone call between a caller device and a recipient device, the method comprising receiving a telephone call initiated by a caller device in accordance with the aforementioned method of providing caller identification information in a telephone call; decrypting the encrypted caller identification information at the recipient device; and vcrifring thc identity of at lcast an unknown caller at the rccipicnt dcvicc by at least one of verifying the authenticity of a certificate used to encrypt the caller identification information; and comparillg the decrypted caller identification information with the caller identification information from the voice earner signal.
The present invention utilizes the principle that in telephone calls, voice and data carrier signals can be communicated simultaneously, as for instance is disclosed in h and: http:/!pocketnowcom/tech-news!simu1taneousvoice-data-coniing4ocdma.
By encrypting a caller ID at the caller's end, e.g. using a private key, including this encrypted caller ID in the digital data carrier signal, e.g. as a message, and decrypting the encrypted caller ID at thc rccipient's end, e.g. using a public key and comparing thc decrypted caller ID with the caller ID in the voice carrier signal, a recipient of a phone call can verify the identity of a caller without the caller requiring some form of subscription and authentication with a service provider, thus simplifying the authentication process without sacrificing robustness of the verification process.
The authenticity of the caller may additionally or instead be established by verifying the authenticity ofa certificate used to encrypt the caller identification information in the recipient device. This embodiment further increases the robustness of the authentication method of the present invention, as the call may be considered unauthenticated even if the caller IDs in the voice and data streams appear to match. It is noted that the verification of the authenticity of such digital certificates is well-known per se; see for instance: http:/!cn.wikipcdia.org/wiki/Chain of trust.
In a preferred embodiment, the method further comprises generating a warning message on the recipient device if the authenticity of the caller cannot be verified, e.g. in the form of an audible (warning) signal, a visual (warning) signal or as a (warning) message on a display of the recipient device to warn the user that the call cannot be trusted, which information can be aid the user in deciding whether to terminate the call. In an alternative embodiment, in a scenario where the authenticity of said certificate cannot be verified and/or where decrypted caller identification information docs not match the caller identification information in the voice carrier signal, the method may further comprise automatically terminating the call by the recipient device such that the user is not at risk of divulging sensitive information.
In an cmbodiment, the step of comparing thc dccrypted caller identification information with the caller identification information from the voice carrier signal is performed prior to the call being answered by a user of the recipient device.
In an alternative embodiment, the step of comparing the decrypted caller identification information with the caller identification information from the voice carrier signal is performed after the call being answered by a user of the recipient device.
According to anothcr aspcct of the prcscnt invention, there is providcd a computer program product comprising a computer-readable storage medium, said medium comprising computer program code for implementing the steps of an embodiment of the method of the present invention when executed on a processor of a telephony device. This inter alia has the advantage that existing telephony devices, e.g. 3G or 4G mobile phones, may be retrofitted with an embodiment of the method of the present invention.
According to yet another aspect of the present invention, there is provided a telephony device comprising a processor adapted to simultaneously transmit and/or simultaneously receive a voice carrier signal and a digital data carrier signal, wherein the processor is further adapted to perform at least one of: (a) encrypting caller identification information identifying the telephony device; and simultaneously transmitting a voice carrier signal including the unencrypted caller identification information and a digital data carrier signal including the encrypted caller identification information; and (b) verify the identity of at least an unknown caHer at thc rccipicnt dcvicc by dccrypting thc cncryptcd callcr identification information and performing at least one of verifying the authenticity ofa certificate used to encrypt the cafler identification information; and comparing the decrypted caller identification information with the caller identification information from the voice carrier signal. Such a telephony device provides a more robust protection against fraudulent telephone calls, as a secure identification of the identity of the caller can be provided and/or detected using such a telephony device.
In an embodiment, the processor is adapted to perform both steps (a) and (b).
Ill a particularly suitable embodiment, the processor is adapted to encrypt the caller ideiltification information using a private key; and/or decrypt the encrypted caller identification information using a public key.
The processor preferably is further adapted to generate a waning message on the recipient device if the authenticity of the caller cannot be verified, thereby allowing the user to decide whether to proceed with the call, e.g. by providing the user with some warning signal, or instead terminate the call.
Alternatively, the processor may be further adapted to automatically terminate a call if the decrypted caller identification information does not match the caller identification information in thc rcccivcd voice carrier signal and/or if a certificate of the encrypted caller idcntification information cannot be verified.
BRIEF DESCRIPTION OF THE DRAWINGS
Preferred embodiments of the present invention will now be described, by way of example only, with reference to the following drawings, in which: FIG. 1 depicts a flow chart of an embodiment of a method to generate a telephone call that allows the recipient of the call to verify the identity of the caller; FIG.2 depicts a flow chart of an embodiment of a method of the present invention; FIG.3 depicts a flow chart of another embodiment of a method of the present invention; and FIG.4 schematically depicts an embodiment of a telephony device according to the present invention.
DETATLED DESCRIPTION OF THE EMBODIMENTS
It should be understood that the Figures are merely schematic and are not drawn to scale, It should also be understood that the same reference numerals are used throughout the Figures to indicate the same or similar parts.
In the context of the present application, where embodiments of the present invention constitute a method, it should be understood that such a method is a process for execution by a computer, i.e. is a computer-implementable method. The various steps of the method therefore reflect various parts of a computer program, e.g. various parts of one or more algorithms.
The various embodiments of the methods of the present invention may be stored in the form of computer program code on a computer program product comprising a computer-readable storage medium. The computer-readable storage medium may be any medium that can be accessed by a computer for the retrieval of digital data from said medium. Non-limiting examples of a computer-readable storage medium include a CD, DYD, flash memory card, a USB memory stick, a random access memory, a read-only memory, a computer hard disk, a storage area network, a network server, an Internet server and so on. The computer program code may be executed by at least one processor of a telephony device to implement the steps of a particular embodiment of the methods of the present invention.
FIG. 1 depicts a flow chart of an embodiment of a method 100 of the present invention for providing caller identification information in a telephone call. The method 100 starts in step 102, after which caller identification information, e.g. a caller ID such as the telephone number associated with the caller device is encrypted in any suitable manner, e.g. using a private encryption key, in step 104. The encrypted caller identification information may optionally be incorporated in a message in step 106. As it is well-known per se how to encrypt information such as the caller identification information, this will not be explained in further detail for the sake of brevity only.
Next, the telephone call is initiated in step 108, which comprises the sub-steps of generating a voice carrier signal including the caller identification information in step lOSa and generating a data carrier signal including the encrypted caller identification information in step I 08b, e.g. in the form of a message. The sub-steps 108a and 108b are typicafly performed simultaneously. The signals are transmitted to the targeted recipient device of the initiated phone call as is well-known per se. For instance, the concept of simultaneous voice and data transmission is readily available in mobile communication standards such as 30 and 40 standards as previously mentioned; see e.g. http://pocketnow.com/tech-news/simultaneous voice-data-coming-to-cdma.
Upon the call being answered, the method may continue to provide the voice carrier signal until the call is terminated as checked in step 110, after which the method ends in step 112. It is pointed out for the avoidance of doubt that the continued provision of the voice carrier signal does not imply that the caller identification information is continuously present in this signal. Typically, the caller identification information is only present in the voice carrier signal during initiation of the call, e.g. between the first and second rings, as is well-known per se.
The uncncryptcd caller identification information in the voice carrier signal and the encrypted caller identification information in the data carrier signal may be processed by a recipient device of the phone call in order to authenticate the identity of the caller. An embodiment of such an authentication method is shown in FIG. 2. The method 200 starts in step 202, after which the method proceeds to step 204 in which the telephone call initiated in accordance with the method as shown in FIG. 1 is received in step 204. To this end, the recipient telephony device should be capable of simultaneously receiving a voice carrier signal and a data carrier signal. A non-limiting example of a suitable recipient telephony device is a device compatible with 3G and/or 4G communication standards, e.g. a mobile phone, a smart phone, a tablet device and so on.
Step 204 comprises a sub-step 204a in which the recipient device receives the voice carrier signal including the caller identification information and a sub-step 204b in which the recipient device receives the data carrier signal including the encrypted caller identification information. These sub-steps are preferably performed simultaneously, as previously explained. In step 206, the recipient device extracts the encrypted caller identification information from the data carrier signal and decrypts the encrypted caller identification information, e.g. using a public key provided by the caller. Such a public key may be stored on the recipient device in any suitable manner.
Tn step 208, the decrypted caller identification information is compared with the cafler identification information from the voice carrier signal. If the caller identification information from the different signals does not match, e.g. different caller IDs are detected or no encrypted caller identification information could be found in the data canier signal, the recipient device may conclude that the identity of the caller cannot be verified, in which case the method may proceed to step 212 in which the call is automatically terminated. On the other hand, in case of matching caller identification information, the caller can be trusted, i.e. his identity has been verified, thc method may procccd to step 210 by allowing the tclcphone call to continue until the user of the recipient device terminates the call in step 212, after which the method 200 terminates ill step 214.
In an cmbodiment, steps 206 and 208 arc pcrformcd prior to the uscr answcring thc cafl, such that the call may be terminated without exposing the user to a potentially fraudulent caller.
Alternatively, steps 206 and 208 may be performed after the user has answered the call. This for instance avoids the risk of a call from a genuine caller being refused because for some reason the genuine caller is incapable of providing the correct encryption information. In this embodiment, it may also be desirable to avoid automatic termination of the call by the recipient device and instead prompt a user that no successful authentication of the caller could be achieved, in which case the user may decide to terminate the call instead. This will be explained in morc detail with the aid of FIG. 3.
Another advantageous variation to the method of FIG. 2 is that the decryption step 206 may include a verification of the authenticity of the certificate used to encrypt the caller ideiltification information in the voice carrier signal. This for instance can be used to detect if the encrypted caller identification information has been forged, thus avoiding the risk that a caller may be falsely trusted due to matching caller identification information in the voice and data carrier signals. In this embodiment, step 208 maybe omitted altogether if it is determined that the certificate used to encrypt the caller identification information in the voice canier signal cannot be verified or otherwise trusted, in which case the call may be immediately terminated in step 212 or the user alternatively maybe prompted that the identity of the caller could not be verified.
FIG. 3 depicts an embodiment of an authentication method in which the user is responsible for terminating the call upon a caller authentication failure. The method 300 comprises the same steps as the method 200 in FIG. 2, such that the steps that have already been described in the detailed description of FIG. 2 will not be described again for the sake of brevity only.
FIG. 3 differs from FIG. 2 in that in case of non-matching caller identification information as determined in step 208 (or the detection of an unverified certificate used to generate the encrypted caller identification information in the voice carrier signal in step 206 as previously explained), the method proceeds to step 302 in which the user is warned that the identity of the caller could not be authenticated.
Such a warning may be provided in any suitable form. For instance, the warning may be an audible warning signal, such as a change in ring tone prior to the user answering the call or a warning sound generated after the user has answered the call, a visual signal such as flashing light or display or a warning message on the display of the recipient device, a sensory warning signal such as a vibration pattern, and so on.
Upon being confronted with such a warning signal, the user may decide whether or not to continue with the call in step 304. The user may for instance want to continue the call because the user has reason to trust the caller anyway, e.g. because the call was expected, because the user recognizes the voice of the caller, and so on, in which case the method proceeds to step 210. Alternatively, the user may decide to terminate the call, in which case the method proceeds to step 212.
In addition to the embodiments discussed above, the method of the present invention may further comprise generating a reporting message upon a failure to authenticate the identity of a caller and automatically forwarding the waming message to a further recipient such as a regulatory body or an authority to report this failure to allow the further recipient to take appropriate actions, e.g. track down the caller for further investigation and/or prosecution, prohibit the caller from making further spoof calls, and so on. To this end, the warning message may include the various caller authentication information provided by the caller to assist the further recipient in their investigations.
At this point it is notcd that the various embodiments of the present invention arc particularly suitable for confidential communications between a service provider and a client, where the service provider is seeking to contact the client, e.g. in the case of a financial service provider wishing to qucry a particu'ar transaction of the client, c.g. a potcntiafly fraudulent transaction on a debit or credit card. Tn such a scenario, the client receiving the call from the (financial) service provider can safely provide confidential information to the employee of the service provider as the embodiments of the method of the present invention provide the client with the reassurance that the identity of the caller has been authenticated.
FIG. 4 schematically depicts a telephony device 500 adapted to implement one or more embodiments of the present invention. The telephony device 500 typically comprises at least one processor 510, a data carricr 520 including callcr idcntification information, e.g. a SIM card comprising the phone number of the telephony device 500, an antenna 530 for transmitting and/or receiving a telephone call, a microphone 540, a loud speaker 550 and a display screen 560. The telephony device 500 may of course include additional components such as a kcy pad, a LED indicator, a camcra, a scroH bafl and so on.
In an embodiment, the telephony device 500 is a caller device. In this embodiment, the processor 510 is adapted to encrypt the caller identification information from the data carrier 520 and to initiate a telephone call to a selected recipient of the call by generating a voice carrier signal including the caller identification information in unencrypted form and a data carrier signal including the caller identification information in encrypted form, e.g. comprised in a message sent through the data carrier signal. The voice carrier signal and the data carrier signal arc typically transmitted simultaneously, e.g. through antenna 530, using a suitablc communication standard. Non-limiting examples of such suitable standards are 3G and 4G. It is of course well-known per se to include caller identification information, e.g. a caller ID such as the phone number of the caller, as metadata in the voice carrier signal, such that this will not be explained in further detail for the sake of brevity. In this embodiment, the user of the telephony device 500 may use a private key to generate the encrypted caller identification information, with the recipient of the call being provided with a public key to enable the recipient to decrypt the encrypted caller identification information.
In an alternative embodiment, the telephony device 500 is the recipient device. In this embodiment, the processor 510 is adapted to simultaneously receive the voice carrier signal including the unencrypted caller identification information and the data carrier signal including the encrypted caller identification information to verify the identity of an unknown caller at the recipient device (as previously explained, verification of a known caller may be skipped). In an embodiment, the processor 510 is adapted to verify the identity of an unknown caller by decrypting the encrypted caller identification information and verifying the authenticity of a certificate used to encrypt the caller identification information. In an alternative embodiment, the processor 510 is adapted to veri1v the identity of an unknown caller by comparing the decrypted caller identification information with the caller identification information from the voice carrier signal. In yet another embodiment, the processor 510 is adapted to first verify the authenticity of a certificate used to encrypt the caller identification information, and to subsequently compare the decrypted caller identification information with the caller identification information from the voice carrier signal if the certificate has been authenticated.
In an embodiment, the processor 510 may be further adapted to automatically terminate the call if the identity of an unknown user cannot be authenticated. Alternatively, the processor 510 may be further adapted to provide a user of the telephony device with said comparison result, e.g. in the form of a warning signal to inform the user that the identity of the caller could not be authenticated. Such a warning signal may take any suitable form, e.g. a change in ring tone, a warning sound generated on the loud speaker 550, a visual waming sign such as a flashing LED, a warning message on the display 560, a vibration through the casing of the telephony device 500, and so on.
In an embodiment, the processor 510 may be adapted to verify, i.e., authenticate, the identity of the caller prior to the recipient answering the call, in which case a waming signal may be generated to discourage the user from answering the call. In an alternative embodiment, the processor 510 may be adapted to verify, i.e., authenticate, the identity of the caller after the recipient has answered the call, in which case a warning signal may be generated to encourage the user to terminate the call.
The processor 510 of the recipient telephony device 500 may further be adapted to compare the caller identification information from the voice carrier signal against a list comprising the caller identification information of users known or familiar to the recipient, e.g. an address list. In this embodiment, the processor 510 may skip the verification or authentication of the identity of the caller if it has been found that thc caller identification information from the voice carrier signal matches caller identification infbnnation in said list.
It is noted that although the telephony device 500 has been described in terms of a caller device and a recipient device, it should be understood that the telephony device 500 may be able to act as a caller device as well as a recipient device, in which case the pmcessor 510 is adapted to encrypt caller identification information as well as to authenticate the identity of the initiator of an incoming call by decrypting the encrypted caller identification information and verif'ing the certificate used to encrypt the caller identification information and/or compare the decrypted caller identification information with the caller identification information in the voice carrier signal.
The telephony device 500 may be a mobile phone, e.g. a smart phone, which may be capable of communicating in accordance with the 30 or 40 communication standards, although it should be understood that the present invention is not limited to mobile telephony only.
While particular embodiments of the present invention have been described herein for purposes of illusiration, many modifications and changes will become apparent to those skilled in the art. Accordingly, the appended claims are intended to encompass all such modifications and changes as fall within the true spirit and scope of this invention.

Claims (15)

  1. CLAIMSA method (100) of providing caller identification information in a telephone call, the method comprising: encrypting (104) caller identification information; initiating (108) the telephone call, said initiating comprising: providing (1 08a) a voice carrier signal including the caller identification information; and simultaneously providing (108b) a data carrier signal including the encrypted caller identification information.
  2. 2. The method (100) of claim 1, further comprising encrypting (104) thc caller identification information using a private key.
  3. 3. A method (200, 300) of authenticating the identity of a caller in a telephone call between a caller device (500) and a recipient device (500), the method comprising: receiving (204) a telephone call initiated by a caller device (500) in accordance with the method (100) of claim 1 or 2; decrypting (206) the encrypted caller identification information at the recipient device; and veri'ing the identity of at least an unknown caller at the recipient device by at least one of: verifying the authenticity of a certificate used to encrypt the caller identification information; and comparing (208) the decrypted caller identification information with the caller identification information from the voice carrier signal.
  4. 4. The method (300) of claim 3, further comprising generating (302) a warning message on the recipient device if the authenticity of the caller cannot be verified.
  5. 5. The method (200) of claim 3, further comprising further comprising automatically terminating (212) the call by the recipient device if the authenticity of the caller cannot be verified.
  6. 6. The method (200, 300) of any of claims 3-5, further comprising decrypting (206) the encrypted caller identification information using a public key.
  7. 7. The method (200, 300) of claim 6, wherein the method comprises the steps of verif'ing the authenticity ofa certificate used to encrypt the caller identification information in the recipient device prior to comparing (208) the decrypted caller identification information with the caller identification information from the voice carrier signal at the recipient device (500).
  8. 8. The method (200, 300) of any of claims 3-7, wherein the step of comparing (208) the decrypted caller identification information with the caller identification information from the voice carrier signal is performed prior to the call being answered by a user of the recipient device.
  9. 9. The method (200, 300) of any of claims 3-8, wherein the step of comparing (208) the decrypted caller identification information with the caller identification information from the voice carrier signal is performed afler the call has been answered by a user of the recipient device.
  10. 10. The method (100, 200, 300) of any of claims 1-9, wherein the encrypted caller identification information is embedded (106) in a message.
  11. 11. A computer program product comprising a computer-readable storage medium, said medium comprising computer program code for implementing the method (100, 200, 300) of any of claims 1-10 when executed on a processor of a telephony device.
  12. 12. A telephony device (500) comprising a processor (510) adapted to simultaneously transmit and/or simultaneously receive a voice carrier signal and a digital data carrier signal, wherein the processor is further adapted to perform at least one of: (a) encrypting caller identification information identifying the telephony device; and simultaneously transmitting a voice carrier signal including the uncncryptcd caller identification information and a digital data carrier signal including the encrypted caller identification information; and (b) verify the identity of at least an unknown caller at the recipient device by decrypting the encrypted caller identification information and performing at least one of: verifying the authenticity of a certificate used to encrypt the caller identification information; and S comparing the decrypted eaHer identification information with the cafler identification information from the voice carrier signal.
  13. 13. The telephony device (500) of claim 12, wherein the processor (510) is further adapted to encrypt the caller identification information using a private key.
  14. 14. The telephony device of claim 12 or 13, wherein the processor (510) is further adapted to decrypt the encrypted caller identification information using a public key.
  15. 15. The telephony device 500) of any of claims 12-14 at least adapted to perform step (b), IS wherein the processor (510) is further adapted to generate a warning message if the authenticity of the caller cannot be verified.
GB1301781.9A 2013-02-01 2013-02-01 Simultaneously providing caller ID information and encrypted caller ID information for Telephony caller authentication Withdrawn GB2510378A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1301781.9A GB2510378A (en) 2013-02-01 2013-02-01 Simultaneously providing caller ID information and encrypted caller ID information for Telephony caller authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1301781.9A GB2510378A (en) 2013-02-01 2013-02-01 Simultaneously providing caller ID information and encrypted caller ID information for Telephony caller authentication

Publications (2)

Publication Number Publication Date
GB201301781D0 GB201301781D0 (en) 2013-03-20
GB2510378A true GB2510378A (en) 2014-08-06

Family

ID=47988530

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1301781.9A Withdrawn GB2510378A (en) 2013-02-01 2013-02-01 Simultaneously providing caller ID information and encrypted caller ID information for Telephony caller authentication

Country Status (1)

Country Link
GB (1) GB2510378A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150237201A1 (en) * 2014-02-20 2015-08-20 International Business Machines Corporation Telephone Caller Authentication
CN104917906A (en) * 2015-04-24 2015-09-16 北京搜狗科技发展有限公司 Information obtaining method, information recommending method, electronic equipment and network server
GB2553107A (en) * 2016-08-22 2018-02-28 Incall Ltd Method of verification
CN109040480A (en) * 2018-09-16 2018-12-18 刘兴丹 A kind of method, apparatus of anti-swindle checking real name register information

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114947879A (en) * 2022-04-06 2022-08-30 苏州无双医疗设备有限公司 Implant device, handheld device and implant system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001026391A1 (en) * 1999-10-01 2001-04-12 Koninklijke Philips Electronics N.V. Selective telephone caller identification service
US6324271B1 (en) * 1999-08-17 2001-11-27 Nortel Networks Limited System and method for authentication of caller identification
WO2007055723A2 (en) * 2005-11-07 2007-05-18 Cisco Technology, Inc. Method and apparatus to provide cryptographic identity assertion for the pstn
WO2009070529A1 (en) * 2007-11-27 2009-06-04 Alibaba Group Holding Limited Verifying user identity using a reverse caller id process
WO2011154221A1 (en) * 2010-06-11 2011-12-15 International Business Machines Corporation System, method and computer program product for filtering telephone communications

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6324271B1 (en) * 1999-08-17 2001-11-27 Nortel Networks Limited System and method for authentication of caller identification
WO2001026391A1 (en) * 1999-10-01 2001-04-12 Koninklijke Philips Electronics N.V. Selective telephone caller identification service
WO2007055723A2 (en) * 2005-11-07 2007-05-18 Cisco Technology, Inc. Method and apparatus to provide cryptographic identity assertion for the pstn
WO2009070529A1 (en) * 2007-11-27 2009-06-04 Alibaba Group Holding Limited Verifying user identity using a reverse caller id process
WO2011154221A1 (en) * 2010-06-11 2011-12-15 International Business Machines Corporation System, method and computer program product for filtering telephone communications

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150237201A1 (en) * 2014-02-20 2015-08-20 International Business Machines Corporation Telephone Caller Authentication
US9288062B2 (en) * 2014-02-20 2016-03-15 International Business Machines Corporation Telephone caller authentication
CN104917906A (en) * 2015-04-24 2015-09-16 北京搜狗科技发展有限公司 Information obtaining method, information recommending method, electronic equipment and network server
GB2553107A (en) * 2016-08-22 2018-02-28 Incall Ltd Method of verification
GB2553107B (en) * 2016-08-22 2022-07-20 Incall Ltd Method of verification
CN109040480A (en) * 2018-09-16 2018-12-18 刘兴丹 A kind of method, apparatus of anti-swindle checking real name register information

Also Published As

Publication number Publication date
GB201301781D0 (en) 2013-03-20

Similar Documents

Publication Publication Date Title
US9654976B2 (en) Telephone caller authentication
US11856132B2 (en) Validating automatic number identification data
CN105354507B (en) A kind of data safety time slot scrambling under cloud environment
US9444816B2 (en) Continuous voice authentication for a mobile device
CN111404696B (en) Collaborative signature method, security service middleware, related platform and system
US20110026699A1 (en) Method and system for authenticating telephone callers and avoiding unwanted calls
GB2510378A (en) Simultaneously providing caller ID information and encrypted caller ID information for Telephony caller authentication
CN104065648B (en) A kind of data processing method of voice call
CN108401494B (en) Method and system for transmitting data
ES2968820T3 (en) Call authentication techniques
US8635454B2 (en) Authentication systems and methods using a packet telephony device
WO2016115972A1 (en) Method, system and apparatus for safe data transfer
KR101078373B1 (en) System for authenticating a caller and Method thereof
US9686270B2 (en) Authentication systems and methods using a packet telephony device
US10601820B2 (en) Method and apparatus to identify and authorize caller via ultrasound
CN104038932B (en) A kind of safety equipment
EP3852330A1 (en) Telephone call authentication
WO2018157211A1 (en) Securely verifying voice communication
US20240340311A1 (en) System and Method for Validating Source and Authenticity of Incoming Communications Received by a User Device
TWI459786B (en) Multi-channel active identityauthentication system and related computer program product and method
US20230319058A1 (en) Method of authenticating a caller
KR20150089960A (en) Authentication method, digital system, and authentication system thereof
KR101584219B1 (en) Authentication method, digital system, and authentication system thereof
CN104066081B (en) A kind of data handling system of voice call
BR102015027719B1 (en) SECURITY METHOD FOR USER AUTHENTICATION VIA PUBLIC TELEPHONE USING DTMF SIGNAL

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)