Telephonic communications – With usage measurement – Call charge metering or monitoring
Reexamination Certificate
1999-05-03
2002-09-03
Smith, Creighton (Department: 2642)
Telephonic communications
With usage measurement
Call charge metering or monitoring
C902S026000, C235S379000
Reexamination Certificate
active
06445780
ABSTRACT:
The domain of this invention is remote services.
More precisely, the invention relates to a method and a system by which a telephone call control center, to which separate service providers are related, quickly and reliably identifies the service providers's customers calling the call control center through telephone equipment (or any terminal emulating this function) connected to a communications network. Many companies offer after sales (or before sales) technical assistance to their customers from their homes or sites on which their customers use the products or software that they sell. Other companies (transporter, shows, travel agents, etc.), setup remote reservation services. More and more products (remote purchase) or services (advice, financial information, etc.) may be purchased and occasionally delivered using the telephone communication network. These companies often appoint call control centers to manage and/or reroute telephone calls concerning them.
The problem that arises is to prevent a dishonest user from accessing the call control center without being authorized to do so, without paying the corresponding costs, or from claiming that he did not request the services that were debited to him by the call control center or directly by services from related service providers.
To solve this problem it has been proposed to use access keys generated by the customer using a multimedia terminal or peripheral equipment. Apart from their costs, these solutions are not very practical and take a long time to set up. The problem that arises can only really be solved if a solution is known to another problem —how to design a method and system that is convenient to use and that can be quickly and economically installed. Ease of use and time savings are major problems for any product aimed at the general public, and cannot be ignored.
It has been proposed (document WO 96 04741 in the name of Andrew MARK) to use a card emitting DTMF type encrypted acoustic signals. Thus, the holder of a card of this type can couple it to the microphone in the telephone handset to automatically transfer his identifiers to the computer services. Since these identifiers are encrypted, it may be thought that a third party will be incapable of understanding the contents. However, there is nothing to stop the signals emitted by the card from being recorded, and a defrauder in possession of this type of recording could substitute himself for the card holder.
Therefore the solution proposed by A. MARK, transposed to the case of a telephone call control center, in order to quickly and securely identify customers of service providers related to this call control center, would not prevent a dishonest user from accessing services offered by the call control center or by related service providers without authorization.
The objectives of this invention are achieved, and the problems that arise with techniques according to prior art are solved according to the invention by means of a method comprising the following steps:
the services offered by service providers and/or the call control center provide each of their customers with a card, the same size as a credit card, customized by identifiers specific to each customer and to each card,
the said card emits short acoustic DTMF type identification signals, at least partly encrypted and varying for each operation, when the customer uses it,
the said acoustic identification signals are received by the microphone in the telephone equipment (and any terminal emulating this function) and are converted to electronic signals before being transmitted through the communications network to the call control center's computer service,
the transmitted signals and the customer and card identification data stored by the computer service are processed and electronically compared by the call control center's computer service.
Thus with this method, the call control center can verify that the caller actually has an authentic card and not a computer artifice. He can also identify the card holder as being a person authorized to use the services offered by related service providers. Consequently if the results are conform, the customer is immediately connected to the voice server or the receptionist of the call control center and/or the service provider expected by the customer. Furthermore, defrauders cannot determine identification data since they were automatically transmitted in encrypted form. Furthermore, with the recorded acoustic signals in any form whatsoever, a defrauder will be unable to identify himself to the call control center and benefit from its services. The acoustic identification signals are different for each operation, in other words every time that the card is used.
Preferably the said card:
also counts the number of times C(p,n) that it is used,
emits acoustic signals representing the number of times C(p,n) that it has been used,
encrypts acoustic signals as a function of the number of times C(p,n) that it has been used.
Also preferably, the said computer means for processing and electronically comparing the transmitted signals and the customer and card identification data held by the call control center's computer service,
store the number of times C(p,m) that the card has been used at the time of the last validated operation,
compare the number of times C(p,n) that the card has been used at the time of the current operation, with the memorized number of times C(p,m),
refuse the current operation if C(p,n) is less than or equal to C(p,m) and continue verifying the current operation if C(p,n) is greater than C(p,m),
recalculate electronic signals S′(p,n) as a function of identification data and the number of times C(p,n) that the card was used, during the current operation, and then compare them with the transmitted electronic signals S (p,n). If the values agree, the customer may then immediately be connected to the services offered by the service provider related to the call control center.
In other words, the value C(p,n) is the number of times the card has been activated, while the value C(p,m) is the number of times the card had been activated as of the last successful validation.
It is emphasized that activation of the card and validation of the card are two different events. Activation is executed by the card; validation also involves the computer system.
Although activation of the card is necessary to initiate the validation process (validation cannot occur without activation), it is possible to activate the card without performing validation. For example, the activation button (if present) may be pressed accidentally, the validation process may fail due to technical difficulties, etc.
Each time the card is activated, C(p,n) increments, whether or not the card is in communication with the computer means (that is, whether or not validation is even possible). Each time an attempt is made to validate the card, C(p,n) is compared to C(p,m). When the card is successfully validated, C(p,m) is reset to correspond with C(p,n).
Because activation may take place without validation, C(p,n) may increment without C(p,m) changing. However, because C(p,m) only changes upon a successful validation (at which time it is reset to correspond with C(p,n)), C(p,m) cannot be greater than C(p,n).
Any attempt at validation using a value of C(p,n) that is not greater than that of C(p,m) is considered fraudulent, and is denied.
In order to increase security of the method, in one variant embodiment, the method also comprises a step in which the customer uses a keypad associated with the microphone and/or the card to send a pin code. After transmission to the call control center's computer service through the communications network, this pin code is processed and compared with the customer's pin code held by the call control center's computer service.
Thus the call control center can check that the caller is actually the person authorized to be connected to the service provider(s) related to the call control center. A stolen card cannot
Gayet Alain
Moulin Jean
Rosset Franck
Fintel S.A.
Smith Creighton
LandOfFree
Method and system for ensuring the security of telephone... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for ensuring the security of telephone..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for ensuring the security of telephone... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2865846