WO2022173354A1 - Method for validating the identity of parties to a call - Google Patents

Method for validating the identity of parties to a call Download PDF

Info

Publication number
WO2022173354A1
WO2022173354A1 PCT/SE2022/050141 SE2022050141W WO2022173354A1 WO 2022173354 A1 WO2022173354 A1 WO 2022173354A1 SE 2022050141 W SE2022050141 W SE 2022050141W WO 2022173354 A1 WO2022173354 A1 WO 2022173354A1
Authority
WO
WIPO (PCT)
Prior art keywords
party
identification
identity
parties
validating
Prior art date
Application number
PCT/SE2022/050141
Other languages
French (fr)
Inventor
Lisa HASSELGREN
Jens BJÖRKANDER
Original Assignee
Securifid Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Securifid Ab filed Critical Securifid Ab
Publication of WO2022173354A1 publication Critical patent/WO2022173354A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/66Substation equipment, e.g. for use by subscribers with means for preventing unauthorised or fraudulent calling
    • H04M1/663Preventing unauthorised calls to a telephone set
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/57Arrangements for indicating or recording the number of the calling subscriber at the called subscriber's set
    • H04M1/575Means for retrieving and displaying personal data about calling party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/66Substation equipment, e.g. for use by subscribers with means for preventing unauthorised or fraudulent calling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/42025Calling or Called party identification service
    • H04M3/42034Calling party identification service
    • H04M3/42042Notifying the called party of information on the calling party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/60Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/60Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
    • H04M2203/6027Fraud preventions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/60Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
    • H04M2203/6045Identity confirmation

Definitions

  • the present invention relates to a method for validating the identity of parties in a conversation. Furthermore, the invention relates to a software product and a communications unit.
  • identification preferably takes place by the calling and receiving parties introducing themselves verbally. Over time, the number of fake phone calls, with the intent to commit fraud or obtain information, have increased.
  • the calling party may in certain cases present known and/or obtained information in order to appear familiar with the party, and thus gain their trust.
  • the calling party can identify him- or herself as belonging to an organization such as the Swedish Tax Agency or the police and in this way appear to have a certain authority, which may influence the called party to participate in the conversation.
  • certain age groups such as the elderly with a high level of trust in society's authorities, can also be made to take part in the conversation and provide sensitive information.
  • patent document US 10,341 ,485 B1 discloses a computer-based method for authenticating the calling party's identity by communicating keys to the called party from an external server, where the keys are presented on the called party's mobile phone which can be compared with keys of the calling party in order to validate the authenticity/identity of the calling party.
  • the patent document does not describe a mutual validation of identity.
  • One purpose of the present invention is to solve the problems identified above.
  • the present invention relates to a method for validating the identity of parties to a call, where at least one first party, using a first communications equipment, and at least one second party, using a second communications equipment, wherein the first party or the second party initiate a call and where the first party can use an identification system to identify him- or herself electronically, and where the second party can validate the identity of the first party.
  • a method for validating the identity of parties in a conversation the following applies; that the second party can identify him- or herself electronically with an identification system and where the first party can validate the second party's identity.
  • the identification system is an e-identification.
  • the e-identification for at least one party is a national, international or regional e-identification or e-service identification.
  • the identification system is a secure login method.
  • the secure login method is a login method that relies on two-factor authentication.
  • the validation takes place through text presented on a screen arranged on the communications equipment.
  • the present invention further relates to a software product for device in a communications equipment characterized in that the software product comprises program code arranged to be executed by a microprocessor in the communications equipment and wherein the program code comprises software instructions arranged to perform a method for validating the identity of parties to a call, where at least a first party, using a first communications equipment, and at least one second party, using a second communications equipment, initiates a call and where the first party can identify himself electronically with an identification system and where the second party can validate the identity of the first party.
  • the second party can identify him- or herself electronically with an identification system and the first party can validate the second party's identity, and the identification system is an e-identification, and the e- identification is Swedish e-identification or e-service identification, and the identification system is a secure login method and the secure login method is a login method that relies on two-factor authentication, and the validation takes place through text presented on a screen arranged on the communications equipment.
  • the communications equipment is a mobile phone.
  • the present invention further concerns a communications equipment characterized in that the software product according to what is stated above is arranged in the communications equipment.
  • Fig. 1 shows the method steps for the validation of the contacting and receiving parties according to one embodiment of the invention.
  • Fig. 2 shows an embodiment example for a method for validation of the contacting and receiving parties according to one embodiment of the invention.
  • the invention relates to a computer-implemented method for validating identity of a contacting and/or receiving party to a call, preferably a telephone call.
  • a communications device such as a mobile phone, is used for communication between the parties.
  • the receiving communication device is preferanbly a mobile phone of a smartphone type, but may also be an iPad or a computer outfitted with telecommunications software and/or hardware, whereby the contacting communication device in such cases may be a computer arranged with software and/or hardware for computer communications but may also be a mobile phone of a smartphone type.
  • the receiving communications unit receives an incoming call, initiated by the contacting communications unit, in a telecommunications and/or data communications network.
  • An incoming call initiated by the communications system of the contacting party, also called the calling party, generally communicates a number of data packets including information about the incoming call, also referred to as the calling ID.
  • the caller ID can, for instance, be found in Telecommunication Standardization Sector (ITU-T) Recommendation Q.731.3.
  • ITU-T Telecommunication Standardization Sector
  • the caller ID is not secure to use as identification information as it is possible to falsify a Caller ID and there are various forms of services for falsifying Caller IDs, also known as Caller ID Spoofing.
  • an improved solution is needed to be able to securely identify both calling and receiving parties in a telephone system.
  • E-identification is an electronic identification for use mainly on the
  • the process for e-identification involves several different functions which are interconnected with one another, where a user is in possession of an e-identification that he or she uses to identify him- or herself electronically when accessing a service.
  • an e-identification issuer provides the user with an e-identification and provides the required support functions.
  • a provider of identity certificates performs an electronic identification of the user, i.e. ensures that the user is who he or she claims to be.
  • This function falls within the issuer's responsibility.
  • the issuer can also be called an "identity provider" or an IdP.
  • an e- service provider is the one who trusts the identity card that is issued, and can be both a private and public actor.
  • the operator that provides the service can also be called a "service provider" or SP.
  • Swedish e-identification is the Swedish state's own quality marking for e-identification and may consist of additional variants of e-identification than the variants that are currently available; BankID, Freja elD Plus and the e- identification AB Svenska Pass.
  • An e-identification can be implemented through an e-service that requires e-identification. The method steps for e-identification are as follows:
  • the user chooses which e-identification solution the user wants to use in the e-service. In Sweden, this is usually BankID.
  • the e-service forwards the user to the provider of the identity certificate.
  • the user can activates his or her e-identification in various ways, such as by launching the BankID app on their mobile phone, and proves his or her identity to the provider of the identity certificate, usually by entering a six-digit code. This is referred to as the user authenticating him- or herself to the provider.
  • the provider of identity certificates performs several checks of the user's e- identification, e.g. To ensure that the e-identification is valid, that it has not been deactivated and that the specified code is correct.
  • the prover of identity certificates makes out an identity certificate for the e- service.
  • the certificate is normally provided by means of the user’s web browser.
  • the e-service ensures that the certificate is valid, and is from a provider which is trusted by the e-service.
  • the certificate contains the information necessary to allow the user to log on to the e-service, such as a personal identity number.
  • the e-service also gives the user the correct permissions, which is referred to as authorization.
  • An e-identification is used when a certain level of trust is required, the trust framework for Swedish e-identification describes three levels of trust for e-identification, 2, 3 and 4. There is also a trust level 1 that only requires e.g. a name, which is not further touched upon in this application text.
  • trust levels 2, 3 and 4 users are required to identify their identity, e.g. through two- factor authentication.
  • Two-factor authentication means that at least two independent factors are required to verify an identification.
  • Two of the following factors are used as a basis for two-factor authentication: Something that the user knows (for example, a password), Something that the user has (for example, a mobile phone), Something that the user is (for example, the user's fingerprint, the user's face shape or other so-called biometric characteristics).
  • a password i.e. something that the user knows
  • a mobile phone with an installed BankID application i.e. something the user has.
  • Atrusted and functional authentication system is a prerequisite for the implementation of the present invention.
  • e-identification can be used, preferably an identification system that is not linked to personal identification.
  • various forms of secure login methods can be used to connect an individual, who is employed or in other ways linked to a company or an organization, to the specific organization/company. The individual can then identify him- or herself electronically without using an identification system based on a personal identification, such as a BankID.
  • the identification system is a secure login method.
  • a variant of a secure login method is two-invoice authentication.
  • companies and organizations can use e-service identification as an identification system, such as that offered by Freja elD.
  • An e-service credential is a personal organizational credential that binds the user to an organization and does not contain the holder's personal identification number. A person using an e-service identification is instead often identified by means of service ID number.
  • Fig. 1 shows a method for validating the identification 10 of the contacting and receiving party.
  • a contacting party initiates a communication process in order to perform an information exchange with a receiving party.
  • a contacting party may be associated with an authority, such as the police, healthcare system or the Swedish Social Insurance Agency, or the contacting party may be associated with a company or organization that handles sensitive information, such as a bank or fund manager.
  • the method step by the name of “The receiving party accepts communication initiated by the contacting party 14” occurs once the contacting party has initiated communication, which causes the receiving party to accept communication, preferably by answering an incoming telephone call.
  • the method for validating the contacting and receiving party's identification 10 is interrupted and the contacting party can initiate a new attempt at a later time.
  • the receiving party After the receiving party has accepted the incoming communication, one of the parties can request that the parties identify themselves, as shown in the method step “Contacting and/or receiving party requesting identification 16”. Accordingly, the contacting party may quest that the parties identify themselves, in order to ensure that the communication is delivered to the right person.
  • the party connected to the method for validating the identification of the contacting and receiving initiates the possibility of carrying out identification, which is shown in the method step “Party connected to identification service initiates identification process 18”.
  • Each party can now identify him- or herself as shown in the method step “Each party identifies with the selected e-identification 20”.
  • e-identification is BankID, but may also entail other services for e-identification, including identification systems such as secure login methods.
  • each party can verify the identity of the counterparty as shown in the method steps, “The receiving party can validate the contacting party's identity 22” and “The contacting party can validate the receiving party's identity 24”.
  • the validation can be carried out by each party, on each communication device, visually receiving a confirmation that the other party has identified him- or herself, and information about the other party such as name and the organization with which the other party is associated.
  • the information exchange can be initiated, as shown in the method step “Information exchange can be carried out 26”. Based on the information regarding each respective party's identity, each respective party has carried out a validation of each respective party's identity, which means that the information exchange can be initiated.
  • the exchange of information can relate to verbal information in the form of a conversation, but can also involve the transfer of digital information such as image material, reports and/or journals.
  • the call can be terminated as shown in the method step “End of communication 28”, which is usually performed when the call is terminated and the connected communication session is terminated.
  • FIG. 2 shows an embodiment of a method for validating the contacting and receiving parties, where a contacting party 102 contacts a receiving party 104.
  • the contacting party uses a communications unit 106, shown in Figure 2 as a computer equipped with a headset that can be used by the contacting party 102.
  • the receiving party 104 uses a communications unit 108, in Figure 2 shown as a mobile phone of smartphone type.
  • the two communications units 106, 108 connect to a network 110 which is preferably a mobile telephone network and/or a computer network to which a connection can be established wirelessly or in another fashion, such as by means of a network cable.
  • connection to the network takes place by means of a protocol suitable for communications, such as TCP/IP, 2G, 3G, 4G, 5G, or another protocol that enables connection of a mobile device to preferably a digital packet-based network.
  • the network also includes services and functions such as various forms of identification services or other services including application programs, server programs and data storage, as well as protocols, identification information or other information arranged in at least one database 112. All services and databases are preferably arranged in a computer cloud and include software on the web, also called SaaS, software as a service, Web 2.0 and other technical development where the Internet is used to meet the IT needs of users, e.g.
  • the contacting party 102 may initiate identification with a software provided on the communications unit 106 or a service provided on the communications unit 106.
  • the receiving party 104 will then be asked to identify itself with the selected identification solution, by means of a service provided on communications unit 108, The contacting party 102 will simultaneously identify him- or herself through the selected identification solution on communications unit 106.
  • a suitable identification solution is thus provided on the respective communications unit 102 and 106.
  • the receiving party 104 can validate the identity of the contacting party 102.
  • the receiving party 104 may validate the identity of the contacting party 102 before the receiving party 104 chooses to identify him- or herself.
  • the contacting party 102 may validate the identity of the called party/receiving party 104 once the receiving party 104 identifies with the authentication solution on the communications unit 108. Once each party's identity has been validated, information exchange can be initiated.
  • a public authority such as the police
  • the police need to talk to am individual, e.g. someone who has witnessed a crime
  • the police preferably call from a computer with, for example, IP telephony or VoIP or software such as a computerized caller, also referred to as a dialer.
  • the receiving party the individual, receives the call from the police on their mobile phone of smartphone type.
  • One of the parties can then request a mutual identification of the other party and the calling party, the police, who is connected to a service for validating the identities of the calling and receiving parties at that time, initiates the service in order for it to be used on the computer from which the police are making the call.
  • the police will identify themselves with an identification service, such as BankID, and in the same way, the called private person identifies him- or herself with an identification service such as BankID on his or her mobile phone.
  • the police can identify themselves with a secure login method.
  • the individual has an application installed on their mobile phone that uses BankID for identification and presents the other party, in this case the police, with identification information on the mobile phone.
  • Each party can validate the identity of the other party through the information in the form of text presented in each application.
  • calls may be initiated where information can be exchanged under circumstances where each party's identity is clear.
  • a record of the conversation in combination with identity parameters can be stored in a database so that it can later be used as, for example, evidence in a trial or in another way.
  • a software, application can be downloaded to a mobile phone from any of the usual services for distributing applications such astheApp Store, Google Play or Microsoft Store or other service for distributing software applications.
  • the downloaded application can use an identification solution from another party, preferably from a trusted and established party in the relevant market. According to one example, BankID is used for identification/e-identification.
  • a software or software application is installed or otherwise made available to at least one contacting party and/or receiving party where the software or software application performs method of validating the identification of the contacting and receiving party as described above.

Abstract

The invention relates to a method for validating the identity of parties to a call, where at least one first party, using a first communications equipment, and at least one second party, using a second communications equipment, initiate a call and where the first party can use an identification system to identify him- or herself electronically, and where the second party can validate the identity of the first party. The invention further relates to a software product and a piece of communications of equipment.

Description

METHOD FOR VALIDATING THE IDENTITY OF PARTIES TO A CALL
TECHNICAL FIELD
[0001] The present invention relates to a method for validating the identity of parties in a conversation. Furthermore, the invention relates to a software product and a communications unit.
BACKGROUND OF THE INVENTION, PROBLEM AREA AND KNOWN TECHNOLOGY
[0002] In the case of communication by telephone, preferably mobile telephony, as the fixed telephone network has rapidly decreased in scope, identification preferably takes place by the calling and receiving parties introducing themselves verbally. Over time, the number of fake phone calls, with the intent to commit fraud or obtain information, have increased. In certain cases, the calling party may in certain cases present known and/or obtained information in order to appear familiar with the party, and thus gain their trust. In particular, the calling party can identify him- or herself as belonging to an organization such as the Swedish Tax Agency or the Police and in this way appear to have a certain authority, which may influence the called party to participate in the conversation. In particular, certain age groups, such as the elderly with a high level of trust in society's authorities, can also be made to take part in the conversation and provide sensitive information.
[0003] There is thus a need to be able to validate the identity of the parties in a telephone call.
[0004] The invention described in patent document US 10,341 ,485 B1 discloses a computer-based method for authenticating the calling party's identity by communicating keys to the called party from an external server, where the keys are presented on the called party's mobile phone which can be compared with keys of the calling party in order to validate the authenticity/identity of the calling party. The patent document does not describe a mutual validation of identity.
[0005] Solution to the above problems and further problems with associated solutions are described below.
THE INVENTION AND ITS PURPOSE
[0006] One purpose of the present invention is to solve the problems identified above.
[0007] The present invention relates to a method for validating the identity of parties to a call, where at least one first party, using a first communications equipment, and at least one second party, using a second communications equipment, wherein the first party or the second party initiate a call and where the first party can use an identification system to identify him- or herself electronically, and where the second party can validate the identity of the first party.
[0008] According to additional aspects regarding a method for validating the identity of parties in a conversation, the following applies; that the second party can identify him- or herself electronically with an identification system and where the first party can validate the second party's identity. that the identification system is an e-identification. that the e-identification for at least one party is a national, international or regional e-identification or e-service identification. that the identification system is a secure login method. that the secure login method is a login method that relies on two-factor authentication. that the validation takes place through text presented on a screen arranged on the communications equipment.
[0009] The present invention further relates to a software product for device in a communications equipment characterized in that the software product comprises program code arranged to be executed by a microprocessor in the communications equipment and wherein the program code comprises software instructions arranged to perform a method for validating the identity of parties to a call, where at least a first party, using a first communications equipment, and at least one second party, using a second communications equipment, initiates a call and where the first party can identify himself electronically with an identification system and where the second party can validate the identity of the first party.
[0010] Furthermore, the second party can identify him- or herself electronically with an identification system and the first party can validate the second party's identity, and the identification system is an e-identification, and the e- identification is Swedish e-identification or e-service identification, and the identification system is a secure login method and the secure login method is a login method that relies on two-factor authentication, and the validation takes place through text presented on a screen arranged on the communications equipment.
[0011] According to additional aspects regarding a software product for a device in a communications equipment, the following applies: the communications equipment is a mobile phone. [0012] The present invention further concerns a communications equipment characterized in that the software product according to what is stated above is arranged in the communications equipment.
LIST OF FIGURES
[0013] The invention will be described below by reference to the figures that are included there:
Fig. 1 shows the method steps for the validation of the contacting and receiving parties according to one embodiment of the invention.
Fig. 2 shows an embodiment example for a method for validation of the contacting and receiving parties according to one embodiment of the invention.
DETAILED DESCRIPTION OF EMBODIMENT
[0014] The invention relates to a computer-implemented method for validating identity of a contacting and/or receiving party to a call, preferably a telephone call. A communications device, such as a mobile phone, is used for communication between the parties. In cases where an authority calls an individual, the receiving communication device is preferanbly a mobile phone of a smartphone type, but may also be an iPad or a computer outfitted with telecommunications software and/or hardware, whereby the contacting communication device in such cases may be a computer arranged with software and/or hardware for computer communications but may also be a mobile phone of a smartphone type. The receiving communications unit receives an incoming call, initiated by the contacting communications unit, in a telecommunications and/or data communications network. Communication and connection takes place through a wireless method or by means of a cable, such as a telecommunications network or data network. [0015] An incoming call, initiated by the communications system of the contacting party, also called the calling party, generally communicates a number of data packets including information about the incoming call, also referred to as the calling ID. The caller ID can, for instance, be found in Telecommunication Standardization Sector (ITU-T) Recommendation Q.731.3. However, the caller ID is not secure to use as identification information as it is possible to falsify a Caller ID and there are various forms of services for falsifying Caller IDs, also known as Caller ID Spoofing. Thus, an improved solution is needed to be able to securely identify both calling and receiving parties in a telephone system.
Identification system
[0016] In order to be able to confirm that a person really is who they claim to be, an identification is used. Traditionally an identity document was used, containing a photo linked to an identity. As more and more services are performed digitally or remotely, various forms of electronic identification, e- identification, including e-leg, elD, or e-ID, have been developed. [0017] E-identification is an electronic identification for use mainly on the
Internet, but other electronic networks can also use e-identification. With the help of an e-identification, you can identify yourself, log in and sign agreements and approve transactions on the websites of various authorities, banks and other companies.
[0018] In Sweden, e-identifications to private individuals are issued by several Swedish banks through different variants of a service called BankID. The Telia e-identification service is issued by Telia to companies. Furthermore, Inera, together with the Swedish Social Insurance Agency, issues e-identification for civil servants in the public sector (Efos), such as county councils. Expisoft issues e-identification to companies, for identification vis-a-vis authorities. Other e-identifications are Freja elD and AB Svenska Pass. The work of establishing an elD for employees in an organization, also called e-service identification, that allows them to identify themselves as something other than individuals, is ongoing and is e.g. described in the report “elD for medarbetare - Forstudierapport inom byggblock Identitet i regeringsuppdraget Att etablera en forvaltningsgemensam infrastruktur for informationsutbyte”. Case number: 2019-582, Agency for Digital Government, 12/14/2020 which is incorporated into the present description text by way of reference. The invention is not limited to the Swedish e-identification, the e-identification could be any national, international or regional e-identification system.
[0019] The process for e-identification involves several different functions which are interconnected with one another, where a user is in possession of an e-identification that he or she uses to identify him- or herself electronically when accessing a service. Where an e-identification issuer provides the user with an e-identification and provides the required support functions. And where a provider of identity certificates performs an electronic identification of the user, i.e. ensures that the user is who he or she claims to be. For those e- identification issuers that have the quality label “Svensk e-legitimation” (Swedish e-identification), this function falls within the issuer's responsibility. The issuer can also be called an "identity provider" or an IdP. And where an e- service provider is the one who trusts the identity card that is issued, and can be both a private and public actor. The operator that provides the service can also be called a "service provider" or SP. [0020] Swedish e-identification is the Swedish state's own quality marking for e-identification and may consist of additional variants of e-identification than the variants that are currently available; BankID, Freja elD Plus and the e- identification AB Svenska Pass. [0021] It is a prerequisite that there is a complete chain of agreements that regulates all responsibilities from the provider of the e-service to the user to ensure that the e-identification process is credible. [0022] An e-identification can be implemented through an e-service that requires e-identification. The method steps for e-identification are as follows:
1 . The user chooses which e-identification solution the user wants to use in the e-service. In Sweden, this is usually BankID.
2. The e-service forwards the user to the provider of the identity certificate.
3. The user can activates his or her e-identification in various ways, such as by launching the BankID app on their mobile phone, and proves his or her identity to the provider of the identity certificate, usually by entering a six-digit code. This is referred to as the user authenticating him- or herself to the provider.
4. The provider of identity certificates performs several checks of the user's e- identification, e.g. To ensure that the e-identification is valid, that it has not been deactivated and that the specified code is correct.
5. The prover of identity certificates makes out an identity certificate for the e- service. The certificate is normally provided by means of the user’s web browser.
6. The e-service ensures that the certificate is valid, and is from a provider which is trusted by the e-service. The certificate contains the information necessary to allow the user to log on to the e-service, such as a personal identity number. In connection with this step, the e-service also gives the user the correct permissions, which is referred to as authorization.
[0023] An e-identification is used when a certain level of trust is required, the trust framework for Swedish e-identification describes three levels of trust for e-identification, 2, 3 and 4. There is also a trust level 1 that only requires e.g. a name, which is not further touched upon in this application text. For trust levels 2, 3 and 4, users are required to identify their identity, e.g. through two- factor authentication. Two-factor authentication means that at least two independent factors are required to verify an identification. Two of the following factors are used as a basis for two-factor authentication: Something that the user knows (for example, a password), Something that the user has (for example, a mobile phone), Something that the user is (for example, the user's fingerprint, the user's face shape or other so-called biometric characteristics). When it comes to BankID in a mobile phone, this relies on a password, i.e. something that the user knows, and a mobile phone with an installed BankID application, i.e. something the user has. Atrusted and functional authentication system is a prerequisite for the implementation of the present invention.
[0024] In cases where a company or an organization is one of the parties to the method of identification validation, optional forms of e-identification can be used, preferably an identification system that is not linked to personal identification. For example, various forms of secure login methods can be used to connect an individual, who is employed or in other ways linked to a company or an organization, to the specific organization/company. The individual can then identify him- or herself electronically without using an identification system based on a personal identification, such as a BankID. In such cases, the identification system is a secure login method. A variant of a secure login method is two-invoice authentication. [0025] As an alternative, companies and organizations can use e-service identification as an identification system, such as that offered by Freja elD. An e-service credential is a personal organizational credential that binds the user to an organization and does not contain the holder's personal identification number. A person using an e-service identification is instead often identified by means of service ID number.
[0026] Fig. 1 shows a method for validating the identification 10 of the contacting and receiving party. In a first method step called “The contacting party initiates communication to a receiving party 12”, a contacting party initiates a communication process in order to perform an information exchange with a receiving party. For example, a contacting party may be associated with an authority, such as the police, healthcare system or the Swedish Social Insurance Agency, or the contacting party may be associated with a company or organization that handles sensitive information, such as a bank or fund manager. The method step by the name of “The receiving party accepts communication initiated by the contacting party 14” occurs once the contacting party has initiated communication, which causes the receiving party to accept communication, preferably by answering an incoming telephone call. In the event that the receiving party does not accept the incoming call, e.g. if the receiving party is busy with something else, the method for validating the contacting and receiving party's identification 10 is interrupted and the contacting party can initiate a new attempt at a later time. After the receiving party has accepted the incoming communication, one of the parties can request that the parties identify themselves, as shown in the method step “Contacting and/or receiving party requesting identification 16”. Accordingly, the contacting party may quest that the parties identify themselves, in order to ensure that the communication is delivered to the right person. When either of the parties requests that identification of the parties be carried out, the party connected to the method for validating the identification of the contacting and receiving initiates the possibility of carrying out identification, which is shown in the method step “Party connected to identification service initiates identification process 18”. Each party can now identify him- or herself as shown in the method step “Each party identifies with the selected e-identification 20”. One example of e-identification is BankID, but may also entail other services for e-identification, including identification systems such as secure login methods.
[0027] Once identification has been performed, each party can verify the identity of the counterparty as shown in the method steps, “The receiving party can validate the contacting party's identity 22” and “The contacting party can validate the receiving party's identity 24”. The validation can be carried out by each party, on each communication device, visually receiving a confirmation that the other party has identified him- or herself, and information about the other party such as name and the organization with which the other party is associated. When each party is satisfied with the information presented regarding identity, association or other information, the information exchange can be initiated, as shown in the method step “Information exchange can be carried out 26”. Based on the information regarding each respective party's identity, each respective party has carried out a validation of each respective party's identity, which means that the information exchange can be initiated. The exchange of information can relate to verbal information in the form of a conversation, but can also involve the transfer of digital information such as image material, reports and/or journals. When the information exchange is completed, the call can be terminated as shown in the method step “End of communication 28”, which is usually performed when the call is terminated and the connected communication session is terminated.
[0028] Fig. 2 shows an embodiment of a method for validating the contacting and receiving parties, where a contacting party 102 contacts a receiving party 104. The contacting party uses a communications unit 106, shown in Figure 2 as a computer equipped with a headset that can be used by the contacting party 102. The receiving party 104 uses a communications unit 108, in Figure 2 shown as a mobile phone of smartphone type. The two communications units 106, 108 connect to a network 110 which is preferably a mobile telephone network and/or a computer network to which a connection can be established wirelessly or in another fashion, such as by means of a network cable. The connection to the network takes place by means of a protocol suitable for communications, such as TCP/IP, 2G, 3G, 4G, 5G, or another protocol that enables connection of a mobile device to preferably a digital packet-based network. The network also includes services and functions such as various forms of identification services or other services including application programs, server programs and data storage, as well as protocols, identification information or other information arranged in at least one database 112. All services and databases are preferably arranged in a computer cloud and include software on the web, also called SaaS, software as a service, Web 2.0 and other technical development where the Internet is used to meet the IT needs of users, e.g. by using a web browser and and relying on it to run a program that is located on a foreign server, meaning that the user does not need to update, install or back up any information. [0029] The contacting party 102 may initiate identification with a software provided on the communications unit 106 or a service provided on the communications unit 106. The receiving party 104 will then be asked to identify itself with the selected identification solution, by means of a service provided on communications unit 108, The contacting party 102 will simultaneously identify him- or herself through the selected identification solution on communications unit 106. A suitable identification solution is thus provided on the respective communications unit 102 and 106. Furthermore, through information presented on the communication unit 108, the receiving party 104 can validate the identity of the contacting party 102. The receiving party 104 may validate the identity of the contacting party 102 before the receiving party 104 chooses to identify him- or herself. The contacting party 102 may validate the identity of the called party/receiving party 104 once the receiving party 104 identifies with the authentication solution on the communications unit 108. Once each party's identity has been validated, information exchange can be initiated.
DESCRIPTION OF FUNCTIONS
[0030] When a public authority, such as the police, need to talk to am individual, e.g. someone who has witnessed a crime, the police call the individual. The police preferably call from a computer with, for example, IP telephony or VoIP or software such as a computerized caller, also referred to as a dialer. The receiving party, the individual, receives the call from the police on their mobile phone of smartphone type. One of the parties can then request a mutual identification of the other party and the calling party, the police, who is connected to a service for validating the identities of the calling and receiving parties at that time, initiates the service in order for it to be used on the computer from which the police are making the call. Once the service has been initiated, the police will identify themselves with an identification service, such as BankID, and in the same way, the called private person identifies him- or herself with an identification service such as BankID on his or her mobile phone. As an alternative, the police can identify themselves with a secure login method. The individual has an application installed on their mobile phone that uses BankID for identification and presents the other party, in this case the police, with identification information on the mobile phone. Each party can validate the identity of the other party through the information in the form of text presented in each application.
[0031] Once identity validation has been completed, calls may be initiated where information can be exchanged under circumstances where each party's identity is clear. As another example, a record of the conversation in combination with identity parameters can be stored in a database so that it can later be used as, for example, evidence in a trial or in another way.
EXAMPLES OF EMBODIMENTS [0032] A software, application, can be downloaded to a mobile phone from any of the usual services for distributing applications such astheApp Store, Google Play or Microsoft Store or other service for distributing software applications. The downloaded application can use an identification solution from another party, preferably from a trusted and established party in the relevant market. According to one example, BankID is used for identification/e-identification.
[0033] A software or software application is installed or otherwise made available to at least one contacting party and/or receiving party where the software or software application performs method of validating the identification of the contacting and receiving party as described above.
ALTERNATIVE DESIGN TYPES [0034] The invention is not limited to the types of design specifically shown, but can be varied in different ways within the framework of the claims. [0035] For instance, it is understood that the choice of identification solution, e-identification solution, means of communication, and suppliers of identity certificates may be varied depending on the technical development and the current implementation.

Claims

Claims
1 . Method for validating the identity of parties to a call, characterized in that at least one first party, using a first communications equipment, and at least one second party, using a second communications equipment, wherein the first party or the second party initiate a call and where the first party can use an identification system to identify him- or herself electronically, and where the second party can validate the identity of the first party.
2. Method for validating the identity of parties to a call according to claim 1 , characterized in that the second party can identify him- or herself electronically with an identification system and where the first party can validate the second party's identity.
3. Method for validating the identity of parties to a call according to any of claims 1-2, characterized in that the identification system is an e-identification.
4. Method for validating the identity of parties to a call according to claim 3, characterized in that the e-identification for at least one party is a national, international or regional e-identification or e-service identification.
5. Method for validating the identity of parties to a call according to any of claims 1-2, characterized in that the identification system is a secure login method.
6. Method for validating the identity of parties to a call according to claim 5, characterized in that the e-identification for at least one party is a login method that makes use of two-factor authentication.
7. Method for validating the identity of parties to a call according to one of the preceding claims, characterized in that the validation takes place through text presented on a screen arranged on the communications equipment.
8. Software product for a device in a piece of communications equipment characterized in that the software product comprises program code arranged to be executed by a microprocessor in the communications equipment and in that the program code comprises software instructions arranged to perform the method of claims 1-7.
9. Software product for a device in a piece of communications equipment according to claim 8, characterized in that the communications equipment is a mobile phone.
10. Communications equipment characterized in that the software product according to claim 9 is arranged in the communications equipment.
PCT/SE2022/050141 2021-02-11 2022-02-09 Method for validating the identity of parties to a call WO2022173354A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE2130046-2 2021-02-11
SE2130046A SE2130046A1 (en) 2021-02-11 2021-02-11 METHOD FOR VALIDATING THE IDENTITY OF PARTIES IN A CONVERSATION

Publications (1)

Publication Number Publication Date
WO2022173354A1 true WO2022173354A1 (en) 2022-08-18

Family

ID=82838497

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2022/050141 WO2022173354A1 (en) 2021-02-11 2022-02-09 Method for validating the identity of parties to a call

Country Status (2)

Country Link
SE (1) SE2130046A1 (en)
WO (1) WO2022173354A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2466333A (en) * 2009-10-16 2010-06-23 Mobix Ltd Method for authenticating a user to a computer server and the server to the user, thus enabling an authenticated conversation or message session.
US9544424B1 (en) * 2015-12-28 2017-01-10 Cisco Technology, Inc. Trust enabled communication system
US20170264443A1 (en) * 2016-03-14 2017-09-14 Arizona Board Of Regents On Behalf Of Arizona State Univeristy Systems and methods for authenticating caller identity and call request header information for outbound telephony communications
US10149156B1 (en) * 2015-12-18 2018-12-04 Amazon Technologies, Inc. Trusted caller identification
US10341485B1 (en) * 2018-05-16 2019-07-02 Fmr Llc Caller identity and authentication service
US10778839B1 (en) * 2018-03-30 2020-09-15 NortonLifeLock, Inc. Detecting and preventing phishing phone calls through verified attribute analysis

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2466333A (en) * 2009-10-16 2010-06-23 Mobix Ltd Method for authenticating a user to a computer server and the server to the user, thus enabling an authenticated conversation or message session.
US10149156B1 (en) * 2015-12-18 2018-12-04 Amazon Technologies, Inc. Trusted caller identification
US9544424B1 (en) * 2015-12-28 2017-01-10 Cisco Technology, Inc. Trust enabled communication system
US20170264443A1 (en) * 2016-03-14 2017-09-14 Arizona Board Of Regents On Behalf Of Arizona State Univeristy Systems and methods for authenticating caller identity and call request header information for outbound telephony communications
US10778839B1 (en) * 2018-03-30 2020-09-15 NortonLifeLock, Inc. Detecting and preventing phishing phone calls through verified attribute analysis
US10341485B1 (en) * 2018-05-16 2019-07-02 Fmr Llc Caller identity and authentication service

Also Published As

Publication number Publication date
SE2130046A1 (en) 2022-08-12

Similar Documents

Publication Publication Date Title
CN108881290B (en) Block chain based digital certificate use method, system and storage medium
US6934858B2 (en) System and method of using the public switched telephone network in providing authentication or authorization for online transactions
US7865173B2 (en) Method and arrangement for authentication procedures in a communication network
US20080181380A1 (en) Proxy for authenticated caller name
EP1721256B1 (en) Use of public switched telephone network for capturing electronic signatures in on-line transactions
US20090172776A1 (en) Method and System for Establishing and Managing Trust Metrics for Service Providers in a Federated Service Provider Network
US20200396221A1 (en) Providing access control and persona validation for interactions
US20070006286A1 (en) System and method for security in global computer transactions that enable reverse-authentication of a server by a client
US8302175B2 (en) Method and system for electronic reauthentication of a communication party
CA2662033A1 (en) Transaction authorisation system & method
CN1411224A (en) Safe identification method of PC customer's terminal
KR20100038990A (en) Apparatus and method of secrity authenticate in network authenticate system
CN112565294A (en) Identity authentication method based on block chain electronic signature
US8619962B2 (en) High-assurance teleconference authentication
RU2689441C1 (en) System and method of monitoring communication, and/or detecting scammers, and/or authenticating statements/allegations of belonging to any organization
WO2022173354A1 (en) Method for validating the identity of parties to a call
JP2019219993A (en) Authentication system
JP2008242641A (en) Authentication approval system
Lupu Securing Web Accounts by Graphical Password and Voice Notification
Fujii et al. Telelogin: a two-factor two-path authentication Technique Using Caller ID
EP2840766B1 (en) Method for trusted communication and communication system allowing trusted communication
CN112632520A (en) Method and system for real-name registration of group telephone service
JP2013020287A (en) Authentication device, authentication system, authentication method, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22753065

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22753065

Country of ref document: EP

Kind code of ref document: A1