Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2000-04-24
2004-11-02
Barrón, Gilberto (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S172000, C713S182000, C713S183000, C380S268000
Reexamination Certificate
active
06813716
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to telecommunications and more particularly to security techniques for calling cards.
The emergence of telephone company calling cards has caused significant changes in the way telephone company customers make phone calls while away from the home or office. The burdensome practice of rounding up large quantities of coins needed for long distance calls has been alleviated by the use of telephone calling cards.
The process of making calls using a calling card includes entering the called number, an account number (often the phone number of the card holder) and a personal identification number or “PIN” into a telephone keypad device. This enables a calling card customer to make one or more calls from that location. Charges for those calls are subsequently billed to the customer's calling card account.
Unfortunately, along with the conveniences and other advantages brought about by the advent of telephone calling cards, significant problems arose. Calling card account numbers along with valid PINs, (the combination of which is to be hereinafter referred to as “calling card access codes”), have become valuable commodities to persons in our society who engage in theft and fraud. It is well known that illegally obtained calling card access codes are sold to others. Typically, once calling card access codes are illegally obtained, they are rapidly communicated to a multitude of people who fraudulently use the stolen codes. Often, many calls are completed before the telephone company discovers the misuse and deactivates the stolen access codes. Consequently, the telecommunications industry has reported substantial revenue losses through fraudulent use of telephone access codes.
Account numbers by themselves are generally not regarded as confidential. They often comprise the area code and telephone number of the calling card account customer. However, the Personal Identification Number (usually comprised of 4 digits) is considered confidential. It is the combination of the account number and the PIN that is particularly vulnerable to misuse.
One form of misappropriation of the access codes is “out-of-network” theft. Sometimes, this is accomplished by stealing the physical card itself, or by simply examining a card that contains an account number and PIN directly on its face. Other times, a thief obtains the access codes by eavesdropping on a calling card customer (typically, with the aid of high powered surveillance equipment), or capturing the sequence of numbers as they are entered into the telephone keypad (e.g., looking at the keypad as the customer dial).
Another form of misappropriation of access codes is “in-network” theft. This can occur in two ways. The first is electronic eavesdropping by “hackers” of the telephone network. The second is unscrupulous telephone company insiders who have access to the codes.
One solution to “in-network” theft is to use cryptography techniques to encrypt calling card access codes prior to transporting them across the telephone network. The access codes are subsequently decrypted only within secure internal telephone company computer systems. Only the encrypted versions of the telephone access codes are transported over the telephone network, thereby preventing “in-network theft” by hackers.
Encryption/decryption techniques, however, present several problems. First, implementation of encryption/decryption techniques may require changes to many methods and procedures used by a telecommunications carrier. Second, the solution requires the maintenance, management and security of “encryption keys”. Third, this solution only addresses “in-network” theft from the point of encryption on. If a customer always enters the same sequence of digits, the telephone company and the customers are still subject to capturing of the signal sequence transmitted by the customer, whether by hackers or by out-of-network spies.
SUMMARY OF THE INVENTION
The security problem of calling cards is substantially reduced by eliminating the practice of a customer providing the same information to the telephone company each time the calling card is used. This is accomplished via a randomly sequenced table lookup that is based on information that is randomly selected and associated with a given ID. Illustratively, a calling card is issued with a table having a plurality of entries, with each entry comprising one or more (telephone keypad) characters. The entries in the table are the randomly selected information. The party also receives an associated ID. When wishing to make a call, the customer enters his/her ID. That ID is communicated to the service provider, based on that ID the provider retrieves from a database a table of the information that the customer has, and proceeds to request that the customer enter information pursuant to a random selection by the service provider. A person who intends to fraudulently obtain service (henceforth, a “bogus customer”) cannot take advantage of captured information because the next time an interaction with the customer takes place, the random selection would require the customer to input a different sequence of digits. Only the holder of the table of information and of the associated ID can, thus, receive service.
REFERENCES:
patent: 5251259 (1993-10-01), Mosley
patent: 5284364 (1994-02-01), Jain
patent: 5458713 (1995-10-01), Ojster
patent: 5613012 (1997-03-01), Hoffman et al.
patent: 5818930 (1998-10-01), Mark
patent: 5825871 (1998-10-01), Mark
patent: 5870723 (1999-02-01), Pare et al.
patent: 6011847 (2000-01-01), Follendore, III
patent: 6298336 (2001-10-01), Davis et al.
patent: 6325284 (2001-12-01), Walker et al.
patent: 6338140 (2002-01-01), Owens et al.
patent: 6466671 (2002-10-01), Maillard et al.
patent: 6615264 (2003-09-01), Stoltz et al.
AT&T Corp.
Barrón Gilberto
Brendzel Henry
Zand Kambiz
LandOfFree
Secure calling card and authentication process does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure calling card and authentication process, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure calling card and authentication process will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3346980