KR20140118568A - System, apparatus, method and computer readable recording medium for phone call participant authentication - Google Patents

System, apparatus, method and computer readable recording medium for phone call participant authentication Download PDF

Info

Publication number
KR20140118568A
KR20140118568A KR1020130034731A KR20130034731A KR20140118568A KR 20140118568 A KR20140118568 A KR 20140118568A KR 1020130034731 A KR1020130034731 A KR 1020130034731A KR 20130034731 A KR20130034731 A KR 20130034731A KR 20140118568 A KR20140118568 A KR 20140118568A
Authority
KR
South Korea
Prior art keywords
party
caller
information
data
call
Prior art date
Application number
KR1020130034731A
Other languages
Korean (ko)
Inventor
크시슈토프 야츠키비츠
Original Assignee
삼성전자주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 삼성전자주식회사 filed Critical 삼성전자주식회사
Priority to KR1020130034731A priority Critical patent/KR20140118568A/en
Publication of KR20140118568A publication Critical patent/KR20140118568A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/66Substation equipment, e.g. for use by subscribers with means for preventing unauthorised or fraudulent calling
    • H04M1/667Preventing unauthorised calls from a telephone set
    • H04M1/67Preventing unauthorised calls from a telephone set by electronic means
    • H04M1/673Preventing unauthorised calls from a telephone set by electronic means the user being required to key in a code

Abstract

The present invention relates to a system, apparatus, method, and computer readable recording medium for phone call participants authentication in order to authenticate telephone call participants. The apparatus, according to an embodiment of the present invention, includes the following elements: a communication processing unit for a telephone call between the participants; and a control unit for transmitting predefined inquiry data to a device of a participant if a telephone call is requested from the device of the participant and the status of a call request from the communication processing unit is confirmed for receiving reply data corresponding to the query data from the device of the participant, and for allowing the participant to authenticate whether the telephone call is reliable through the received reply data.

Description

TECHNICAL FIELD [0001] The present invention relates to a telephone call participant authentication system, an apparatus, a method, and a computer readable recording medium.

The present invention relates to an authentication apparatus, and more particularly, to a telephone call participant authentication system, apparatus, method and computer-readable recording medium for authenticating a telephone call participant.

It is important to verify the identity of the caller or caller in the phone call. Recently, spam calls are increasing, and phone calls to make prank calls or even to harass others are causing inconvenience to telephone callers.

Organizations that provide partial or complete access to services through telephones, such as banks, to address caller identity issues have introduced procedures for identifying caller identity based on password, password, and personal information questions " This process usually requires a human operator to verify the client's answer from the service provider's perspective.

General users must respond to the caller ID service, and users can attempt to perceive themselves through voices. Other conventional solutions for such party verification can be categorized as follows.

First, speaker recognition based on biometric information is possible. The most popular idea is to use speech samples to recognize the caller. The stored samples are compared with the samples provided by the user at the start of the call. At this time, whether or not the user is authenticated is determined according to the comparison result.

Second, reliable third party services are possible. For example, as a verification system integrated into a communications network, a network node directly connected to the caller provides additional information about itself. At this time, the receiver can confirm the call source by processing the inserted node information and the caller ID. Also, as a method of using a selective sign language service integrated into a network, a caller must first register with a service providing caller account information in order to use the service. At this time, before the call starts, the selective sign language service requests that the caller provide the registered information to prove his or her identity. In addition, the caller name is authenticated using an authentication certificate issued by the registrar. At this time, a caller who wants to be identified by the other party may request such a certificate. Accordingly, the call recipient can confirm the provided certificate to confirm the identity of the caller and set an authentication dialogue with the caller.

Third, there is a solution using a camera. For example, in a system based on the image capture unit, the photograph of the caller is taken just before the call begins. At this time, the picture is transmitted to and displayed on the receiver, and the receiver can accept or reject the call based on the received picture.

Fourth, there is a location based confirmation method. For example, as a solution based on LBS (Location Based Service) information of a caller to be collected by a server, the other party can request location information from an LBS server which is a part of a communication network structure. At this time, the caller can specify the level of privacy of his LBS data to modify the accuracy of the information provided to the recipients. Also, as a method using the caller ID information extended with location data, this method simply adds another field describing the terminal location to the caller ID message. At this point, the receiver uses available location data sources and adds them with the caller ID. Also, as a method of transmitting location information during a conversation of devices during a call request, the location data is requested by the recipient and provided according to the privacy level by the call initiator.

Fifth, there may be other methods. For example, as a solution based on an additional secure communication channel, this channel ensures that the transmitted data can not be manipulated. On the other hand, when the device starts connection from outside the network on the safety channel, a first time stamp is generated. Other timestamps occur after the connection is established. At this time, unconditional access to the service is allowed only if the difference between the timestamps is within the predefined window. On the other hand, limited access is allowed if a secure channel is not used. In addition, for example, a system for blocking spam calls based on CAPTCHA (Completely Automated Public Tutor test to tell Computers and Humans Apart), wherein user devices convert specific number information into voice information and transmit the converted information to the call terminal Lt; / RTI > At this time, the device will allow communication only when the specific number information is correctly inputted from the call terminal.

Meanwhile, the various authentication methods have the following problems.

First, the semiautomatic caller identification method is not substantially automatic. Therefore, at a certain level, a person is needed, and there is a discomfort such as re-storing the password and answering it. Also, it takes a long time and the verification process can take several minutes

The way to use caller ID is unsafe and unreliable because caller ID theft is possible. In addition, the manual speech recognition method has a high possibility of occurrence of errors, and is disadvantageous in that it is unsafe from spoofing using voice modulation software. Further, there is a problem that it is difficult or impossible to identify a caller who does not know, or the caller has to identify himself / herself because of poor voice quality.

Among the above methods, the automatic speech recognition methods are likely to cause errors because they can give false positives and true negatives, and the problem that the speech recognition software is unsafe from spoofing have.

Also, reliable third-party methods require complex network structure changes, and camera-based methods are unsafe due to fake pictures and require a lot of data to be transmitted. there is a problem. Further, if the image quality is not sufficiently good, there is a problem that identification is difficult or impossible.

On the other hand, location-based methods are complex because they require a GPS (Global Positioning System) device to provide accurate position data, and are unsafe due to fake position data. Also, there is a problem that location information is not reliable during caller verification and can not be trusted. Moreover, there is a problem that it is complicated because it requires an additional secure channel, and it is unreliable because the time difference is wide and inaccurate.

Finally, the CAPTCHA method has a disadvantage in that it is complicated because it requires speech synthesis software, and the caller has to listen to the message received and respond by pressing the appropriate keys, which is inconvenient. In addition, there is a problem that it is not reliable because it is helpful only in checking automatic spam messages, and it is not safe because it may deceive the speech recognition software.

Accordingly, there is a need for a method for solving the above problems and for effectively authenticating callers.

An embodiment of the present invention provides a telephone call participant authentication system, an apparatus, a method, and a computer-readable recording medium capable of authenticating a call participant by exchanging information between two communication devices using a predefined protocol.

Also, an embodiment of the present invention provides a telephone call participant authentication system, an apparatus, a method, and a computer readable recording medium capable of authenticating a call participant by determining whether the call participant is a reliable caller using the caller sort information stored in the apparatus to provide.

According to an aspect of the present invention, a telephone call participant authentication apparatus includes a communication processing unit for performing a process for telephone conversation between callers, and a call request receiving unit for receiving a call request from the communication partner apparatus and confirming a call request status from the communication processing unit , And transmits preset query data to the device of the other party's party, receives answer data corresponding to the inquiry data from the device of the other party's party, and determines from the received answer data whether the corresponding party is a trusted party And a control unit for processing to authenticate the user.

The apparatus may further include a storage unit for storing identification information of at least one party, and the control unit may process the inquiry data so that the inquiry data is encrypted with the identification information of the other party.

The identification information may be a public key for the caller.

The answer data received by the control unit may be data encrypted with the private key of the other party.

The control unit may exchange identification information with a device of the other party's party before performing authentication on the other party's party when a call is requested from the device of the other party and the status of the call request is confirmed from the communication processing unit.

The storage unit may include caller classification information that classifies the callers according to the reliability of the caller.

The caller classification information may include white list information including information about the trusted caller, black list information including information about the untrusted caller, And gray list information including information on the caller.

The caller classification information may be updated by receiving the caller classification information of the other party.

The query data may be data arbitrarily selected from a plurality of previously stored query data.

As a result of the authentication by the control unit, when the relative party is a trusted party from the received answer data, the corresponding party can be added to the whitelist.

As a result of the authentication by the control unit, if the relative party is an untrusted party from the received answer data, the corresponding party can be added to the black list.

If it is determined that the identification information of the other party is not included in any of the list information of the whitelist information, the blacklist information, and the gray list information, the control unit may add the relative caller to the gray list information have.

According to another aspect of the present invention, a telephone call participant authentication system includes: requesting a call to a second device, receiving encrypted query data from the second device, decrypting the received query data with its own private key A first device for encrypting reply data corresponding to the inquiry data with its own private key and transmitting the reply data to the second device; and a second device for transmitting the preset query data to the second device when the call is requested from the first device, Receiving the encrypted reply data from the first device, decrypting the encrypted answer data with a public key of the first device party, encrypting the encrypted response data with the public key of the first device party, And a second device for authenticating whether or not the device is authentic.

According to another aspect of the present invention, a method for authenticating a telephone call participant includes the steps of receiving a call from a device of a correspondent party, transmitting preset query data to the device of the correspondent party when a call request status is confirmed, Receiving an answer data corresponding to the inquiry data from the device of the other party, and authenticating whether the other party is a trusted party from the received answer data.

The method may further include a step of storing identification information of at least one party, and the method may further include the step of encrypting the inquiry data with the identification information of the other party.

The identification information may be a public key for the caller.

And decrypting the answer data using the public key of the other party after receiving the answer data.

The method may further include exchanging identification information with the device of the other party before performing the authentication on the other party.

The method may further include storing caller classification information that classifies the callers according to the reliability of the caller.

The caller classification information includes white list information including information on a trusted party, blacklist information including information on an untrusted party, and information on a party that can not be trusted And at least one list information among the gray list information including the gray list information.

The caller classification information may be updated by receiving the caller classification information of the other party.

The query data may be data arbitrarily selected from a plurality of previously stored query data.

And adding the corresponding party to the whitelist if the corresponding party is a trusted party from the received answer data.

And adding the corresponding party to the black list if the corresponding party is an untrusted party from the received answer data.

The method further includes adding the relative party to the gray list information if the identification information of the other party is not included in any of the list information of the white list information, the black list information, and the gray list information .

Meanwhile, the information on the telephone call participant authentication method may be stored in a computer-readable recording medium. Such a recording medium includes all kinds of recording media in which programs and data are stored so that they can be read by a computer system. Examples of the storage medium include a ROM, a Random Access Memory, a CD, a DVD, a magnetic tape, a floppy disk, an optical data storage device, an embedded multimedia card (eMMC) And the like, and may also be implemented in the form of a carrier wave (for example, transmission over the Internet). Such a recording medium may also be distributed over a networked computer system so that computer readable code in a distributed manner can be stored and executed.

As described above, the authentication method of the call participant according to the embodiment of the present invention does not affect the performance of the apparatus and the authentication speed is fast.

In addition, the authentication method according to the embodiment of the present invention is more secure than the conventional various authentication methods. In addition, it is convenient because the call is not disconnected for authentication, it is easy to use and there is no need for the caller to reveal the telephone number.

In addition, the authentication method according to the embodiment of the present invention can be performed even once, and it is simple to use because no additional service or third party is required for authentication. In addition, the security level can be adjusted and the single user characteristic can be used in many devices, so the application is flexible.

1 illustrates a telephone call participant authentication system in accordance with an embodiment of the present invention.
2 is a block diagram showing a detailed configuration of each communication apparatus according to an embodiment of the present invention;
3 is a block diagram illustrating a detailed configuration of a telephone call participant authentication apparatus according to an embodiment of the present invention;
4 is a signal flow diagram illustrating an authentication procedure for a phone call participant between devices in accordance with an embodiment of the present invention.
Figures 5A-5C are flow charts illustrating a procedure for approving and authenticating parties in a device in accordance with an embodiment of the present invention.
6 is a flow diagram illustrating a caller information exchange procedure during a trusted telephone call in accordance with an embodiment of the present invention.
Figures 7A and 7B are flow diagrams illustrating a party categorization procedure based on information provided by other trusted parties according to an embodiment of the present invention.

The following detailed description of the invention refers to the accompanying drawings, which illustrate, by way of illustration, specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention. It should be understood that the various embodiments of the present invention are different, but need not be mutually exclusive. For example, certain features, structures, and characteristics described herein may be implemented in other embodiments without departing from the spirit and scope of the invention in connection with one embodiment. It should also be understood that the position or arrangement of individual components within each disclosed embodiment may be varied without departing from the spirit and scope of the present invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is to be limited only by the appended claims, along with the full scope of equivalents to which the claims are entitled, if properly explained. In the drawings, like reference numerals refer to the same or similar functions throughout the several views.

One embodiment of the present invention discloses a telephone call participant authentication system, apparatus and method that can authenticate a call participant by exchanging information between two communications devices using a predefined protocol. Also, an embodiment of the present invention can authenticate a call participant by determining whether the caller is a reliable caller using caller classification information stored in the device.

For example, most current voice communication devices such as smart phones and the like provide a method for installing software. Thus, certain software may be included as part of the device firmware. At this time, the software may change how it operates at the call level of a voice communication device (e.g., a phone including a smart phone, etc.). This particular function can be used for seamless information exchange between communication devices during a telephone conversation or just before the actual conversation is started. Accordingly, the authentication and authentication of the communication device according to the embodiment of the present invention can be realized by designing a communication protocol between the devices. However, the present invention is not limited to such an implementation method. For example, a caller authentication method according to an embodiment of the present invention may require two communication devices to exchange information using a predefined protocol during a call.

According to an embodiment of the present invention, before the caller is properly authenticated, the caller should preferably be approved in some way (e.g. voice recognition, password, personal question, etc.). Accordingly, a specific caller (hereinafter, referred to as an 'verifier' in the present invention) of a call participant can call another caller (hereinafter referred to as 'applicant' in the present invention) If determined to trust, the particular caller (i.e., authenticator) can identify another caller (i.e., the applicant) in a single operation (e.g., an operation to select an appropriate call option provided by the existing software). Therefore, according to the embodiment of the present invention, authentication of the party can be performed in the following manner.

1. Both parties send their identification information (e.g., public key) to each other at start-up.

2. At some point, the authenticator decides that he or she trusts the applicant and informs the applicant.

3. The authenticator already owns the identity of the applicant (eg public key). At this time, the callers can selectively exchange additional secret information (e.g., biometric data and passwords) needed to verify the identity.

4. The authenticator stores the public key for the applicant and related data in a white list. The applicant can now end the call and is treated as a trusted caller from then on.

On the other hand, after the information of the party of the caller (for example, the public key of the party) is stored in the whitelist as described above, immediately before the conversation at the next conversation is started, .

1. Both parties send their identification information (e.g., public key) to each other at the beginning of the call. In the following description, a public key will be described as an example of the identification information. However, the identification information corresponding to the embodiment of the present invention is not limited to the public key. At this time, if the caller does not transmit the public key, it can be determined that the protocol is not supported and can be processed as a permanent gray list member. In such a case, the authentication procedure may be skipped and the authenticator may be notified.

2. On the other hand, if there is a party's public key, the authenticator examines it. If the caller's public key is present in a black list, the applicant is an untrusted caller. Thus, the authenticator can recognize this fact and refuse the call. If the public key of the talker does not exist in any list (i.e., it does not exist anywhere in the whitelist and the blacklist), the public key of the talker may be added to the gray list. At this time, the callers of the greylist are not authenticated, and the authenticator notifies that the caller is an untrusted person.

3. The authenticator sends it to the applicant using a public key to encrypt any questions (for example, a simple formula).

4. If the applicant is an untrusted party, the applicant does not have the true applicant's private key and will not understand the question sent by the authenticator. Otherwise, the applicant decrypts the question with his or her private key and sends the signed response to the authenticator.

5. The authenticator can verify the above-mentioned response by selectively using the previously stored personal information of the applicant.

6. If the answer is incorrect or unintelligible, the applicant is an unreliable caller. Thus, the authenticator can recognize this fact and reject the call by, for example, moving the applicant from the whitelist to the blacklist in a single operation. Otherwise, the applicant is normally authenticated and conversation can be started.

7. During a conversation, each device may exchange their whitelist and blacklist to update the caller record.

On the other hand, it is possible to randomly extract questions and perform authentication according to an embodiment of the present invention, so that a potential sniffer can not collect all possible encoded questions and related correct answers.

As described above, devices in which the caller authentication software is installed can exchange black lists and whitelists during a call. This information can be used not only to generate a list of new parties but also to record the party's trustworthiness. The data from the other party helps to determine whether one party should trust another party. Meanwhile, the following exemplary scenario may be applied according to the embodiment of the present invention.

1. The speaker C1 of the first device calls the speaker C2 of the second device

2. During the exchange of information, it is revealed that the untrusted party U (e.g., the party of the second device) has moved from his whitelist to the blacklist. The other common and trusted three callers were also moved.

3. The speaker C1 of the first device can recognize this fact. At this time, if the speaker C1 of the first device wants to delete the speaker U whose authenticity has not been confirmed before the conversation from the whitelist, You can ask.

By doing so, information about an untrusted cheater can be gradually spread over the network. This can prevent abuse when an untrusted party wishes to obtain the victim's private key.

As another example, the following exemplary scenario may be applied in accordance with an embodiment of the present invention.

1. Caller C calls a caller U that is not stored in a category (e.g., a classified list)

2. During a call or prior to a call, the caller C can confirm the determination of the trusted callers regarding the unstored caller (U).

3. If the unsaved caller U is trusted and most of the other trusted callers also trust him, the caller C may decide to add him to the whitelist. On the other hand, if other callers do not generally trust the unstored caller U, this will cause the caller C to be more cautious and suspicious about the caller U that is not stored, Quot ;. < / RTI >

Meanwhile, according to the embodiment of the present invention, the entire process of authentication, the categorization of callers, and the exchange of caller information can be performed seamlessly. All of these processes can be performed simultaneously by two devices (e.g., two callers trust each other) or by one of them and do not rely on a call initiator.

As mentioned above, the authentication process can be extended to other security levels based on biometric or other secret data verification. Preferably, the data is not available on the phone itself for security reasons. It is desirable that the data exist to provide the actual owner with the necessary information (e.g., a secret password or biometric scanner output), which can be particularly useful when the risk of phone stolen is large.

On the other hand, if the user wants to use more than one phone or wants to change his old phone to a new one, his identity along with all the lists can be extracted and used in another device.

In addition, if the caller identification information (e.g., public key) is lost or changed for any reason (lost / stolen / broken / formatted phone, identity theft), the user must dial the previous trusted numbers, We have to convince them to believe him again. You can use another public key at this time.

Meanwhile, according to an embodiment of the present invention, for the basic implementation of the present invention, the same key can be used to sign outgoing messages and decrypt received messages. Thus, under certain circumstances, a hostile party may be at risk of using an authentication dialogue to decrypt data previously encrypted by a victim. Therefore, if such a risk occurs, it is desirable to proceed with the following procedure.

1. The authentication protocol requires a question that corresponds to the actual answer.

2. Authentication Dialogue While the devices are not transmitting data encrypted with their public key, the attacker gets the data encrypted with the victim's public key and provides it as a question.

3. The victim signs the question with his / her private key in response and sends it to the attacker.

On the other hand, if the attacker does not own the original private key, the authentication fails. However, he can still decode the data. Therefore, the problem can be solved by the following method.

1. Generally, it is not desirable to create an authentication answer equivalent to a question. Therefore, the problem can be solved simply by forbidding such question-and-answer in the authentication dialogue.

2. Another way to solve the problem is to limit the applicant from providing encrypted data as an authentication challenge. This can be accomplished by introducing a specific question format and performing question identification.

3. You can use a different key for encryption and signing.

Meanwhile, the terms used in the present invention can be defined as follows.

- caller: a typical phone call participant

- initiator: the initiator of the call initiated the call

- receipient: the telephone call participant who received the call

- verifier: a person who performs authentication by marking another party as a trusted party

- Applicant: A person who is identified as a trusted person and who identifies himself / herself and requests authentication.

Caller record: a record indicating a single caller, the caller record including a public key, optional personal information required to perform the authentication, and optional caller information from other contacts (e.g., And the like).

- white list: list of trusted callers

- black list: list of untrusted callers

- gray list: list of known but not categorized callers

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings, so that those skilled in the art can easily carry out the present invention.

First, a system and an apparatus according to an embodiment of the present invention will be described with reference to FIGS. 1 to 3, and a method according to an embodiment of the present invention will be described in detail with reference to FIGS.

1 is a diagram illustrating a telephone call participant authentication system according to an embodiment of the present invention. Referring to FIG. 1, the first device 110 and the second device 120 are installed with a call program 111 and 121, respectively, and can perform telephone call related functions with each other. At this time, detailed description of various hardware or software functions necessary for telephone conversation will be omitted. The first device 110 or the second device 120 may be a wired phone, a smart phone, a laptop computer, a digital broadcasting terminal, an MP3 player, a personal digital assistant (PDA) Player, navigation, and the like, and any device can be applied to an apparatus according to an embodiment of the present invention, as long as it is an apparatus including a function capable of communicating. (IMT-2000) terminal, a WCDMA terminal, a UMTS (Universal Mobile Telecommunication Service) terminal, a PDA (Personal Digital Assistant), a PMP (Portable Multimedia Player) A Digital Multimedia Broadcasting (DMB) terminal, an E-Book, a portable computer (Notebook, Tablet), a digital camera, a desktop personal computer, or the like.

Meanwhile, according to the embodiment of the present invention, a caller authentication program 112 may be installed in at least one of the devices 110 and 120. [ At this time, the caller authentication programs 112 and 122 store and update the caller authentication information 113 and 123 according to the embodiment of the present invention, and perform caller authentication in cooperation with the call programs 111 and 121 can do. Therefore, when a call is started through the call programs 111 and 121, the caller authentication programs 112 and 122 operate before the call or during the call, and perform the caller authentication procedure according to the embodiment of the present invention.

The caller authentication information 113 and 123 includes information for authenticating each of the callers and includes identification information of the caller (e.g., public key of the caller, private key of the caller, etc.), classification information (e.g., White list, black list, gray list, etc.).

Therefore, when the first device 110 and the second device 120 initiate a call according to the embodiment of the present invention, the caller authentication programs 112 and 122 operate and the caller authentication information 113 and 123 ), Performs the party authentication in various ways, and reflects the authentication result in the party authentication information (113, 123).

2 is a block diagram illustrating a detailed configuration of each communication apparatus according to an embodiment of the present invention. Referring to FIG. 2, an apparatus according to an embodiment of the present invention basically includes components capable of providing a call function, and further includes configurations capable of authenticating a caller according to an embodiment of the present invention .

The communication processing unit 250 processes communication functions between devices. For example, when the apparatus is a wireless communication apparatus, it may include an RF processing unit and the like. The RF processor may include an RF transmitter for up-converting and amplifying a frequency of a transmitted signal, and an RF receiver for low-noise amplifying the received signal and down-converting the frequency of the received signal. The apparatus may further include a data processing unit, a transmitter for encoding and modulating the transmitted signal, and a receiver for demodulating and decoding the received signal. Accordingly, the data processing unit may include a modem and a CODEC. The codec may include a data codec for processing packet data and an audio codec for processing audio signals such as voice.

The audio processing unit 210 performs a function of reproducing a received audio signal output from the audio codec of the data processing unit or transmitting a transmitted audio signal generated from a microphone to the audio codec of the data processing unit.

The input unit 220 includes keys for inputting numeric and character information, and function keys for setting various functions, and may include any type of input method such as a button, a touch screen, a gesture recognition, and an iris recognition.

The display unit 230 displays a video signal output from an image processing unit (not shown) as a screen, and displays user data output from the control unit 240. In this case, the display unit 230 may include an LCD controller, a memory capable of storing image data, and an LCD display device. Here, when the LCD is implemented by a touch screen method, the LCD may operate as an input unit 220, and the display unit 230 may display keys such as the input unit 220.

In addition, when the display unit 230 is implemented as a touch screen, when the touch screen unit is used, the touch screen unit includes a touch screen panel (TSP) including a plurality of sensor panels, The panel may include an electrostatic sensor panel capable of recognizing a hand touch and an electromagnetic induction sensor panel capable of sensing a fine touch such as a touch pen.

The storage unit 260 may include a program memory and a data memory. The program memory may store programs for controlling programs for controlling the general operation of the apparatus and various programs and data for performing the speaker authentication according to the embodiment of the present invention. The storage unit 260 stores public key information 261, private key information 262, authentication program information 263, caller record information 264, caller classification information 265 ), And the like. At this time, the caller classification information 265 may be a whitelist 265a, a blacklist 265b, a gray list 265c, or the like.

The control unit 240 functions to control the overall operation of the apparatus. For example, the control unit 240 controls an operation related to authentication of a caller according to an embodiment of the present invention, including an operation related to a call.

3 is a block diagram illustrating a detailed configuration of a telephone call participant authentication apparatus according to an embodiment of the present invention. 3, when the first device 110 calls the second device 120 to request a call, and the second device 120 performs the caller authentication for the first device 110 , The telephone call participant authentication device in each device 110, 120 can be configured as shown. For example, the first device 110 may include a query receiving unit 311, a query decrypting unit 312, an answer encrypting unit 313, and an answer transmitting unit 314, A query transmission unit 324, an answer reception unit 325, an answer decryption unit 326 and a caller authentication unit 327. The call state verification unit 321, the query generation unit 322, the query encryption unit 323, the query transmission unit 324, And the like.

First, when a call is made from the first device 110 to the second device 120, the call status checking unit 321 of the second device 120 confirms a call request from the first device 110. [ At this time, the second device 120 performs the caller authentication for the first device 110 according to the embodiment of the present invention.

That is, according to the embodiment of the present invention, the first device 110 and the second device 120 exchange their public key public keys, and in the query generation unit 322 of the second device 120, (110) query data for authenticating the caller. At this time, the query data can be generated by randomly selecting from a plurality of query data. The query encryption unit 323 encrypts the generated query data using the public key of the first device 110 speaker. The query transmission unit 324 transmits the query data encrypted through the query encryption unit 323 to the first device 110.

Meanwhile, the query receiving unit 311 of the first device 110 receives the query data transmitted from the second device 120, and decodes the received query data through the query decryption unit 312. At this time, the query decryption unit 312 decrypts the query data using the private key of the first device 110 caller. The answer encrypting unit 313 encrypts response data corresponding to the decrypted query data with the private key of the first party 110 caller. The reply transmitting unit 314 transmits the reply data encrypted through the reply encrypting unit 313 to the second device 120. [

The answer receiving unit 325 of the second device 120 receives the encrypted answer data from the first device 110 and the answer decryption unit 326 receives the answer data from the first device 110 And decrypts it using the public key. The caller authentication unit 327 refers to the answer data decrypted through the answer decryption unit 326 to authenticate whether the caller is a reliable caller. Meanwhile, according to the embodiment of the present invention, when the corresponding party is authenticated as a trusted party by the party authentication unit 327, the corresponding party can be registered in the whitelist. For example, by storing the identification information (e.g., the public key) of the caller in the whitelist, it can be recognized as a reliable caller at a later call.

In the meantime, the respective components of the apparatus are separately shown in the drawings to show that they can be functionally and logically separated, and do not necessarily mean physically separate components or separate codes.

In this specification, each functional unit (or module) may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware. For example, each functional unit may refer to a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and may be a code physically connected to the functional unit, But can be easily deduced to the average expert in the field of the invention.

Hereinafter, a telephone call participant authentication procedure according to various embodiments of the present invention will be described in detail with reference to FIGS.

4 is a signal flow diagram illustrating an authentication procedure for a telephone call participant between devices in accordance with an embodiment of the present invention. Referring to FIG. 4, when a call request (S401) is transmitted from the first device 110 to the second device 120, the second device 120 according to the embodiment of the present invention transmits a call request Perform the party authentication procedure. Accordingly, the second device 120 encrypts the query data using the public key of the first device (S402) and transmits it to the first device 110 (S403).

The first device 110 decrypts the transmitted query data with its own private key (S404). Then, the response data corresponding to the decrypted query data is encrypted again with its own private key (S405), and transmitted to the second device 120 (S406).

The second device 120 decrypts the encrypted reply data transmitted from the first device 110 with the public key of the first device 110 (S407). Then, the decrypted answer data is checked to confirm whether the user is a trusted user (S408). If the user is a trusted user, a reliable conversation with the first device 110 is started (S409).

Figures 5A-5C are flow diagrams illustrating a procedure for granting and authenticating parties in a device in accordance with an embodiment of the present invention.

Referring to FIG. 5A, when a telephone call between the devices is started (S501), it is checked whether the devices support the protocol for caller authentication according to the embodiment of the present invention (S502). If it is determined that at least one device does not support the protocol, a standard conversation S503 is performed.

On the other hand, if both devices support the protocol, exchange public keys with each other (S504). At this time, if the exchanged public key exists in the whitelist (S505), the authentication procedure is performed according to the method described above with reference to FIG. 4 by using the public key. That is, the query data selected at random using the speaker's public key is encrypted (S506), and then transmitted to the partner device. On the other hand, if the callee holds the private key (S507), the authentication process proceeds according to the step A of FIG. 5B.

Referring to FIG. 5B, the encrypted query data is decrypted through the private key held by the user (S512), and the answer data corresponding to the decrypted query data is again encrypted with the private key (S513). At this time, if additional security matters are not needed, proceed to step E of FIG. 5C. On the other hand, if additional security concerns are required, the randomly selected question data for the private data is encrypted (S515) using the public key of the caller. At this time, if the callee does not hold the private key, the process proceeds to step B of FIG. 5C. If the callee has the private key, it is confirmed whether the callee knows the answer (S517). If the caller does not know the answer, the process proceeds to step F of FIG. 5C. If the caller knows the answer, the process proceeds to step E of FIG. 5C.

On the other hand, if the callee does not hold the private key in step S507 of FIG. 5A, the process proceeds to step B of FIG. 5C.

Referring to FIG. 5C, if the caller does not have a private key, the caller can not provide a correct answer (S518). Accordingly, the corresponding caller is recorded in the black list (S519), and a user warning (S520) is performed. Accordingly, the calling party recognizes that the calling party is an untrusted user. If the user does not accept the conversation and rejects the conversation (S521), the conversation ends (S522).

On the other hand, if the user accepts the conversation (S521) despite the user warning, the conversation with the unreliable user (S523) proceeds. At this time, when the user is trusted again during the call with the user (S524), the caller is moved to the whitelist and the additional information is exchanged (S525). Accordingly, a reliable call (S526) with the corresponding party proceeds thereafter.

At this time, if it is determined not to trust the communication partner again in the communication with the user (S527), the corresponding caller is recorded in the black list (S528), and the process may proceed to the step D again or the communication may be terminated .

Returning to step S505 of FIG. 5A, if the public key does not exist in the whitelist and exists in the gray list (S508), the unreliable call is in progress (S509) because the caller is an untrusted party, Step C of FIG.

On the other hand, if the public key is present in the black list (S510), the process can proceed to step D of FIG. 5C. Finally, when the public key does not exist in any list, the public key is added to the gray list (S511), and the unreliable communication (S509) with the corresponding calling party can be performed.

FIG. 6 is a flow diagram illustrating a caller information exchange procedure during a trusted telephone call in accordance with an embodiment of the present invention. Referring to FIG. 6, first, the information of the callers is obtained from the caller (S601). At this time, the information of the callers can be provided from the information stored in the device of the caller. That is, the information stored in the storage unit of the calling party, and stores the information in its own storage unit.

If it is determined that the caller is a common trusted caller who has been transferred to the black list (S602), the user can be notified of a suspicious caller (S603) . At this time, if the user ignores the notification (S604), the conversation may be resumed (S606). On the other hand, if the notification is not ignored, the suspicious caller is moved to the black list or the gray list (S605), and the conversation may be resumed (S606).

Meanwhile, if the corresponding party is a new trusted party (S607), or if the party is a whitelist, the user can be notified of a trusted call (S608). At this time, if the user ignores the notification (S609), the conversation may be resumed (S606). On the other hand, if the notification is not ignored, the reliable caller may be added to the whitelist or moved to the whitelist (S610), and the conversation may be resumed (S606).

7A and 7B are flowcharts illustrating a party categorization procedure based on information provided by other trusted parties according to an embodiment of the present invention. Referring to FIG. 7A, if the caller exists in the whitelist (S701), it is determined whether another trusted party trusts the corresponding party (S702). As a result of the confirmation, if another trusted party trusts the corresponding party, the call may be continued (S709).

On the other hand, if it is determined in step S704 that the other trusted party does not trust the caller, the call is notified to the user (S703). On the other hand, if the warning is not ignored, the caller can be moved to a black list or a gray list (S705). Then, if the call is rejected (S706), the call ends (S707), and if the call is not rejected, the call continues (S709).

On the other hand, in step S701, the speaker does not exist in the whitelist, but if the speaker is present in the gray list (S708), the process proceeds to step A of FIG. 7B. However, if the caller does not exist in the gray list, the call can be continued (S709).

Referring to FIG. 7B, if the caller exists in the gray list in step S708 of FIG. 7A, the process proceeds to step A to determine whether another trusted party trusts the corresponding party (S710). If it is determined that the caller is not trusted, the call is continued (S711).

On the other hand, if it is determined as a result of the determination in step S712 that the corresponding party is trusted, the user is notified in step S712. At this time, if the user disregards this (S713), the call can be continued. On the other hand, if the warning is not ignored, the caller is moved to the whitelist (S714), and conversation (S715) can be continued as a reliable conversation.

Meanwhile, the telephone call participant authentication method according to an exemplary embodiment of the present invention may be implemented in the form of a program command that can be executed through various computer means and recorded in a computer readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions recorded on the medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Includes hardware devices that are specially configured to store and execute program instructions such as magneto-optical media and ROM, RAM, flash memory, embedded multimedia cards (eMMC), and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

As described above, the present invention has been described with reference to particular embodiments, such as specific elements, and specific embodiments and drawings. However, it should be understood that the present invention is not limited to the above- And various modifications and changes may be made thereto by those skilled in the art to which the present invention pertains.

Accordingly, the spirit of the present invention should not be construed as being limited to the embodiments described, and all of the equivalents or equivalents of the claims, as well as the following claims, belong to the scope of the present invention .

110: first device 111, 121: call program
112, 122: Caller authentication program 113, 123: Caller authentication information
120: second device 210: audio processor
220: input unit 230: display unit
240: control unit 250: communication processing unit
260: storage unit 261: public key information
262: Private key information 263: Authentication program information
264: caller record information 265: caller classification information
265a: white list 265b: black list
265c: gray list 311: query receiver
312: query decryption unit 313:
314: Answer transmission unit 321: Call status confirmation unit
322: Query generation unit 323: Query encryption unit
324: query transmission unit 325:
326: Answers decryption unit 327:

Claims (26)

A communication processing unit for performing processing for telephone conversation between callers; And
When a call is requested from a device of the other party and the status of the call request is confirmed from the communication processing unit, preset query data is transmitted to the device of the other party, and answer data corresponding to the inquiry data is received And a control unit for processing from the received answer data to verify whether the other party is a trusted party.
2. The apparatus of claim 1,
And a storage unit for storing identification information for at least one party,
Wherein,
And the inquiry data is encrypted with the identification information of the other party.
The information processing apparatus according to claim 2,
And a public key for the caller.
4. The method according to claim 3,
Wherein the data is encrypted with a private key for the other party.
The apparatus of claim 1,
Wherein when a call is requested from the device of the other party and the status of the call request is confirmed from the communication processing unit, the device of the other party exchanges the identification information with the device of the other party before performing the authentication on the other party.
The apparatus according to claim 2,
Wherein the caller identification information includes caller classifying information that classifies the callers according to whether the caller is trusted or not.
7. The method of claim 6,
At least one of gray list information including white list information including information on a trusted party, black list information including information on an untrusted party, and information on a party that can not be trusted Wherein the list information includes one list information.
7. The method of claim 6,
Wherein the communication party identification information is updated by receiving the party classification information of the other party.
The method according to claim 1,
And the data is arbitrarily selected from a plurality of pre-stored query data.
8. The method of claim 7, further comprising:
And adds, from the received answer data, the caller to the whitelist if the caller is a trusted caller.
8. The method of claim 7, further comprising:
And adds, from the received answer data, the caller to the blacklist if the other party is an untrusted party.
[8] The method of claim 7,
And adds the relative party to the gray list information when the identification information of the other party is not included in any of the white list information, the black list information, and the gray list information.
A second device that receives encrypted query data from the second device, decrypts the received query data with its own private key, and encrypts answer data corresponding to the inquiry data with its own private key To the second device; And
Wherein when the call is requested from the first device, preset query data is encrypted with the public key of the first device conversation and transmitted to the first device, the encrypted response data is received from the first device, And a second device for decrypting the data with a public key of the first device party to authenticate whether the first device party is a trusted party.
Receiving a call from a device of the other party,
Transmitting preset query data to the device of the other party when the state of the call request is confirmed;
Receiving response data corresponding to the inquiry data from the apparatus of the other party;
And authenticating whether the relative party is a trusted party from the received answer data.
15. The method of claim 14,
Further comprising the step of storing identification information for at least one party,
And encrypting the query data with the identification information of the other party.
16. The method according to claim 15,
And a public key for the caller.
17. The method of claim 16, further comprising: after receiving the answer data,
Further comprising the step of decrypting the answer data with a public key of the other party.
15. The method of claim 14,
Further comprising the step of exchanging identification information with the device of the other party before performing the authentication on the other party.
16. The method of claim 15,
Further comprising the step of storing the caller classification information in which the callers are classified according to the reliability of the caller.
20. The method of claim 19,
At least one of gray list information including white list information including information on a trusted party, black list information including information on an untrusted party, and information on a party that can not be trusted Wherein the list information includes one list information.
20. The method of claim 19,
Wherein the caller identification information is updated by receiving caller classification information of the other party.
15. The method according to claim 14,
And the data is arbitrarily selected from a plurality of previously stored query data.
21. The method according to claim 20,
Further comprising the step of adding, from the received answer data, the caller to the whitelist if the caller is a trusted caller.
21. The method according to claim 20,
Further comprising the step of adding, from the received answer data, the caller to the blacklist if the caller is an untrusted caller.
21. The method of claim 20,
Further comprising the step of adding the relative party to the gray list information when the identification information of the other party is not included in any of the list information of the white list information, the black list information, and the gray list information. How to authenticate call participants.
A computer-readable recording medium recording a program for performing each step of the method according to any one of claims 14 to 25 on a computer.
KR1020130034731A 2013-03-29 2013-03-29 System, apparatus, method and computer readable recording medium for phone call participant authentication KR20140118568A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020130034731A KR20140118568A (en) 2013-03-29 2013-03-29 System, apparatus, method and computer readable recording medium for phone call participant authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020130034731A KR20140118568A (en) 2013-03-29 2013-03-29 System, apparatus, method and computer readable recording medium for phone call participant authentication

Publications (1)

Publication Number Publication Date
KR20140118568A true KR20140118568A (en) 2014-10-08

Family

ID=51991389

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020130034731A KR20140118568A (en) 2013-03-29 2013-03-29 System, apparatus, method and computer readable recording medium for phone call participant authentication

Country Status (1)

Country Link
KR (1) KR20140118568A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102445251B1 (en) * 2021-09-07 2022-09-20 주식회사 흥지연 Method for detecting illegal goods and sellers and apparatus and system therefor

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102445251B1 (en) * 2021-09-07 2022-09-20 주식회사 흥지연 Method for detecting illegal goods and sellers and apparatus and system therefor

Similar Documents

Publication Publication Date Title
US10958645B2 (en) Ad hoc one-time pairing of remote devices using online audio fingerprinting
US9444816B2 (en) Continuous voice authentication for a mobile device
US10074374B2 (en) Ad hoc one-time pairing of remote devices using online audio fingerprinting
KR101658501B1 (en) Digital signature service system based on hash function and method thereof
US8099761B2 (en) Protocol for device to station association
US7552322B2 (en) Using a portable security token to facilitate public key certification for devices in a network
JP5968367B2 (en) Confirming the authenticity of voice mail participants in the telephone network
US9313031B2 (en) Telephone caller authentication
CN104852911B (en) Safe verification method, apparatus and system
JP2002026899A (en) Verification system for ad hoc wireless communication
CA2813855A1 (en) Methods and systems for conducting smart card transactions
US20070211867A1 (en) Method and apparatus for token distribution in session for future polling or subscription
CN105577619B (en) Client login method, client and system
JP2009075688A (en) Program and method for managing information related with location of mobile device and cryptographic key for file
CN112020716A (en) Remote biometric identification
CN108696361A (en) Configuration method, generation method and the device of smart card
KR20100029102A (en) Identity assertion
KR20140118568A (en) System, apparatus, method and computer readable recording medium for phone call participant authentication
US11323263B2 (en) Sharing of secret information for accessing a wireless computing network
CN109257177B (en) Key generation method, system, mobile terminal, server and storage medium
WO2016030832A1 (en) Method and system for mobile data and communication security
JP2008177928A (en) Communication system and sender information display method
KR101587156B1 (en) Message processing apparatus and user terminal capable of deferentiating between normal message and abnormal message and method thereof
CN113595740A (en) Data transmission method and device, electronic equipment and storage medium
CN108985039A (en) Identity identifying method, device, terminal device and server-side

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination