US20140016780A1 - Method and device for secure phone banking - Google Patents
Method and device for secure phone banking Download PDFInfo
- Publication number
- US20140016780A1 US20140016780A1 US14/025,533 US201314025533A US2014016780A1 US 20140016780 A1 US20140016780 A1 US 20140016780A1 US 201314025533 A US201314025533 A US 201314025533A US 2014016780 A1 US2014016780 A1 US 2014016780A1
- Authority
- US
- United States
- Prior art keywords
- telephone
- dtmf
- symbol
- security device
- received
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/42—Systems providing special services or facilities to subscribers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/68—Circuit arrangements for preventing eavesdropping
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M11/00—Telephonic communication systems specially adapted for combination with other electrical systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/16—Automatic or semi-automatic exchanges with lock-out or secrecy provision in party-line systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/26—Devices for calling a subscriber
- H04M1/30—Devices which can set up and transmit only one digit at a time
- H04M1/50—Devices which can set up and transmit only one digit at a time by generating or selecting currents of predetermined frequencies or combinations of frequencies
- H04M1/505—Devices which can set up and transmit only one digit at a time by generating or selecting currents of predetermined frequencies or combinations of frequencies signals generated in digital form
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M2203/00—Aspects of automatic or semi-automatic exchanges
- H04M2203/60—Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
- H04M2203/609—Secret communication
Definitions
- Various examples relate generally to telephone accessory devices and, more particularly, to a device and method for securing dual tone multi-frequency (DTMF) tones during transmission from a telephone.
- DTMF dual tone multi-frequency
- Possession of the encryption device can simultaneously form a second factor of authentication for the customer, further enhancing security.
- a method operational on a small form-factor telephone security device for securing DTMF tones during transmission.
- Dual tone multi-frequency (DTMF) tones are received from a telephone over a first communication interface.
- the DTMF tones received from the telephone are encrypted and the encrypted DTMF tones are sent to a security server over a second communication interface.
- An activation signal may be received from the security device, and as a result, the security device may be placed into an active mode of operation.
- active mode of operation the security device may be configured to encrypt DTMF tones received from the telephone and allow voice signals to pass through the security device unchanged.
- a passive mode of operation the security device may pass DTMF tones from the telephone through unchanged between the first communication interface to a second communication interface.
- the security device may be positioned proximate the telephone and coupled in series between the telephone and the security server and may be powered upon a call being initiated between the telephone and the security server.
- an authentication challenge may be received from the security server.
- an authentication response is formulated and sent to the security server.
- a confirmation may be received from the security server indicating that the security server has successfully authenticated the security device.
- a first DTMF tone received over the first communication interface is converted into a first symbol.
- a translation table is pseudorandomly selected from a plurality of translation tables.
- the first symbol is converted into a second symbol using the selected translation table and the second symbol is, in turn, converted into a second DTMF tone.
- the second DTMF tone is transmitted as the encrypted DTMF tone.
- the selected translation table is generated by obtaining pseudorandom number from a keystream generated at the security device and shuffling symbols in a base translation table based on the pseudorandom number to obtain the selected translation table.
- DTMF tones received over the first communication interface are converted into associated symbols within a set of symbols.
- An associated translation table is pseudorandomly selected from a plurality of translation tables for each DTMF tone received.
- the associated symbol for each DTMF tone received is then translated into an encrypted symbol based on its associated translation table.
- the security device may detect the telephone number called by the telephone. If the telephone number is recognized as an associated secure institution, the security device encrypts DTMF tones received from the telephone. Otherwise, DTMF tones received from the telephone are passed to the security server unchanged.
- a small form-factor telephone security device including a first and second communication interfaces and a processing circuit.
- the first communication interface allows the security device to communicate with a telephone while the second communication interface allows the security device to communicate with a security server.
- the processing circuit is coupled between the first communication interface and the second communication interface and may be configured to (a) receive dual tone multi-frequency (DTMF) tones from the telephone, (b) receive an activation signal from the security device; (c) place the security device into an active mode of operation once the activation signal is received, (d) encrypt the received DTMF tones; and/or (e) send the encrypted DTMF tones to the security server.
- DTMF dual tone multi-frequency
- the security device passes DTMF tones through unchanged between the first communication interface and a second communication interface.
- the security device may also include (a) a DTMF tone detector coupled to the processing circuit to detect when a DTMF tone is received over the first communication interface; and/or (b) a DTMF encryption interface coupled to the processing circuit to assist the processing circuit in converting a received DTMF tone into an encrypted DTMF tone.
- the processing circuit may be further configured to (a) convert a first DTMF tone received over the first communication interface into a first symbol; (b) pseudorandomly select a translation table from a plurality of translation tables; (c) translate the first symbol into a second symbol by using the selected translation table; (d) convert the second symbol into a second DTMF tone; and/or (e) send the second DTMF tone as the encrypted DTMF tone.
- the processing circuit may be configured to (a) obtain a pseudorandom number from a keystream generated at the security device; and/or (b) shuffle symbols in a base translation table based on the pseudorandom number to obtain the selected translation table.
- a small form-factor telephone security device comprising: (a) means for receiving dual tone multi-frequency (DTMF) tones from a telephone over a first communication interface; (b) means for receiving an activation signal from the security device; (c) means for placing the security device into an active mode of operation once the activation signal is received. (d) means for encrypting the DTMF tones received from the telephone; (e) means for sending the encrypted DTMF tones to a security server over a second communication interface; and/or (f) means for passing DTMF tones through unchanged between the first communication interface to a second communication interface in a passive mode of operation.
- DTMF dual tone multi-frequency
- the security device may include (a) means for converting a first DTMF tone received over the first communication interface into a first symbol; (b) means for pseudorandomly selecting a translation table from a plurality of translation tables; (c) means for translating the first symbol into a second symbol using the selected translation table; (d) means for converting the second symbol into a second DTMF tone; and/or (e) means for sending the second DTMF tone as the encrypted DTMF tone.
- a machine-readable medium having one or more instructions operational on a security device for securing information transmitted by a telephone which when executed by a processor causes the processor to: (a) receive dual tone multi-frequency (DTMF) tones from the telephone over a first communication interface; (b) encrypt the DTMF tones received from the telephone; and/or (c) sending the encrypted DTMF tones over a second communication interface.
- the security device may be placed into an active mode of operation if an activation signal is received, wherein activation mode received DTMF tones are converted to encrypted DTMF tones. Otherwise, the security device passes DTMF tones through unchanged between the first communication interface to a second communication interface in a passive mode of operation.
- the security device may also be authenticated with a receiving device coupled to the second communication interface.
- a pseudorandom number is generated and a translation table is selected from a plurality of translation tables based on the pseudorandom number.
- a first DTMF tone received from the telephone is translated into a second DTMF tone based on the selected translation table.
- a method operational on a telephone security server is also provided for facilitating securing of DTMF signals during transmission.
- a call is received from a dual tone multi-frequency (DTMF)-enabled telephone.
- An activation signal is sent to a security device associated with the DTMF-enabled telephone to activate encryption of DTMF tones from the telephone.
- Encrypted DTMF tones are received from the security device.
- the received DTMF tones are then decrypted to obtain information sent by the telephone. Decrypting a received DTMF tone may result in obtaining part of a number entered by a user of the telephone.
- the security device may be positioned proximate the telephone and coupled in series between the telephone and the security server.
- the security server may send an authentication challenge to the security device.
- An authentication response may be received from the security device.
- a confirmation may then be sent to the security device if the authentication response is valid for the authentication challenge.
- a symbol encryption algorithm may be synchronized between the security server and the security device.
- Decrypting the received DTMF tones may include (a) converting a first DTMF tone into a first symbol; (b) translating the first symbol into a second symbol using a pseudorandomly selected symbol-to-symbol reverse translation table; and/or converting the second symbol into a second DTMF tone.
- a telephone security server comprising a communication module, a DTMF decryption module, and a processing circuit.
- the communication module may allow receiving telephone calls from dual tone multi-frequency (DTMF) enabled telephones.
- the DTMF decryption module may serve to decrypt encrypted DTMF tones.
- the processing circuit may be configured to (a) receive a call from the DTMF-enabled telephone; (b) send an activation signal to the security device associated with the DTMF-enabled telephone to activate encryption of DTMF tones from the telephone; (c) receive encrypted DTMF tones from a security device associated with a DTMF-enabled telephone; and/or (d) decrypt the received DTMF tones to obtain information sent by the telephone.
- the security server may also include an authentication module configured to authenticate the security device.
- the processing circuit may be further configured to (a) convert a first DTMF tone into a first symbol; (b) translate the first symbol into a second symbol using a pseudorandomly selected symbol-to-symbol reverse translation table; and/or (c) convert the second symbol into a second DTMF tone.
- a telephone security server comprising: (a) means for receiving a call from a dual tone multi-frequency (DTMF)-enabled telephone; (b) means for sending an activation signal to a security device associated with the DTMF-enabled telephone to activate encryption of DTMF tones from the telephone; (c) means for receiving encrypted DTMF tones from the security device; and/or (d) means for decrypting the received DTMF tones to obtain information sent by the telephone.
- DTMF dual tone multi-frequency
- the security server may also include (a) means for sending an authentication challenge to the security device; (b) means for receiving an authentication response from the security device; (c) means for sending a confirmation to the security device if the authentication response is valid for the authentication challenge; (d) means for converting a first DTMF tone into a first symbol; (e) means for translating the first symbol into a second symbol using a pseudorandomly selected symbol-to-symbol reverse translation table; and/or (f) means for converting the second symbol into a second DTMF tone.
- a machine-readable medium having one or more instructions operational on a telephone security server for securing information transmitted from a telephone as dual tone multi-frequency (DTMF) tones, which when executed by a processor causes the processor to: (a) receive a call from the telephone; (b) send an activation signal to a security device associated with the telephone to activate encryption of DTMF tones from the telephone; (c) authenticate a security device associated with the telephone; (d) receive encrypted DTMF tones from the security device; and/or (e) decrypt the received DTMF tones to obtain information sent by the telephone. Additional instructions may (a) convert the encrypted DTMF tones into digital symbols; (b) obtain a symbol-to-symbol reverse translation table for each of the digital symbols; and/or (c) translate each digital symbol using the reverse translation table.
- DTMF dual tone multi-frequency
- FIG. 1 illustrates a system in which a security device may be coupled along a communication line to a telephone to secure certain communications between the telephone and a secure server.
- FIG. 2 is a flow diagram illustrating a method for securing certain communications between the telephone and the security server belonging to issuing institution of FIG. 1 .
- FIG. 3 illustrates a block diagram of one example of a tele-services security server that may enable securing DTMF tones during transmission.
- FIG. 4 illustrates a method operational on a security server for securing DTMF tones from a telephone device.
- FIG. 5 illustrates a block diagram of one example of a security device that may be configured to protect DTMF tones during transmission.
- FIG. 6 illustrates a method operational on a security device for securing DTMF tones from a telephone device.
- FIG. 7 is a block diagram of a mobile communication device configured to authenticate itself with a security server.
- FIG. 8 is a flow diagram illustrating a method for authenticating a mobile communication device to a tele-services station over a communication network.
- FIG. 9 illustrates a block diagram of a combinational combiner for securing plaintext symbols by pseudorandomly selecting a translation table for each symbol to be encrypted.
- FIG. 10 illustrates an example of a symbol-to-symbol translation table for translating a plaintext symbol into an encrypted symbol.
- FIG. 11 illustrates one example of how plaintext symbols may be encrypted using different translation tables to obtain encrypted symbols.
- FIG. 12 illustrates an algorithm for selecting a translation table from a plurality of possible permutations for a set of n symbols, where n is a positive integer.
- FIG. 13 is a block diagram illustrating another encryption scheme that may achieve symbol authentication by using multiple translation tables to encrypt a single plaintext symbol.
- FIG. 14 illustrates how multiple translation tables may be used to encrypt each plaintext symbol to obtain a corresponding encrypted symbol.
- FIG. 15 illustrates an example of how two translation tables may be employed to translate or encrypt a plaintext symbol into an encrypted symbol.
- FIG. 16 illustrates a method for performing plaintext encryption according to one example.
- FIG. 17 is a block diagram illustrating how encrypted symbols may be decrypted by using one or more reverse translation tables to obtain a single plaintext symbol.
- FIG. 18 illustrates a method for performing plaintext encryption according to one example.
- FIG. 19 is a block diagram illustrating an encryption module according to one example.
- FIG. 20 is a block diagram illustrating a decryption module according to one example.
- examples may be described as a process that is depicted as a flowchart, a flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged.
- a process is terminated when its operations are completed.
- a process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc.
- a process corresponds to a function
- its termination corresponds to a return of the function to the calling function or the main function.
- a storage medium may represent one or more devices for storing data, including read-only memory (ROM), random access memory (RAM), magnetic disk storage mediums, optical storage mediums, flash memory devices, and/or other machine readable mediums for storing information.
- ROM read-only memory
- RAM random access memory
- magnetic disk storage mediums magnetic disk storage mediums
- optical storage mediums flash memory devices
- machine readable medium includes, but is not limited to portable or fixed storage devices, optical storage devices, wireless channels, and various other mediums capable of storing, containing, or carrying instruction(s) and/or data.
- various configurations may be implemented by hardware, software, firmware, middleware, microcode, or a combination thereof.
- the program code or code segments to perform the described tasks may be stored in a machine-readable medium such as a storage medium or other storage means.
- a processor may perform the defined tasks.
- a code segment may represent a procedure, a function, a subprogram, a program, a routine, a subroutine, a module, a software package, a class, or a combination of instructions, data structures, or program statements.
- a code segment may be coupled to another code segment or a hardware circuit by passing and/or receiving information, data, arguments, parameters, or memory contents. Information, arguments, parameters, data, and the like, may be passed, forwarded, or transmitted via a suitable means including memory sharing, message passing, token passing, and network transmission, among others.
- the methods disclosed herein may be implemented in hardware, software, or both.
- DSP digital signal processor
- ASIC application specific integrated circuit
- FPGA field programmable gate array
- a general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine.
- a processor may also be implemented as a combination of computing components, e.g., a combination of a DSP and a microprocessor, a number of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
- a software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
- a storage medium may be coupled to the processor such that the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor.
- One feature provides a small form-factor security device that may be inserted in series with a customer's phone line, which acts as a second factor in a two-factor authentication scheme and encrypts DTMF tones, thereby preventing disclosure of sensitive information.
- the device does not interfere with the normal operation of the phone.
- the device may include a small-form factor enclosure which may also offer a branding opportunity for banks and payment services with which they are associated.
- the device may be powered from the phone line to which it is coupled. In one configuration, a plurality of such devices may be chained or cascaded along a phone line to provide secure communications with multiple different parties (e.g., banks).
- Another feature provides an efficient encryption method that safeguards the security of encrypted symbols.
- Each plaintext symbol is encrypted by using a separate pseudorandomly selected translation table.
- the translation tables may be efficiently generated on-the-fly based on a pseudorandom number and a symbol shuffling algorithm.
- a receiving device may similarly generate reverse translation tables on-the-fly to decrypt received encrypted symbols.
- FIG. 1 illustrates a system in which a security device 102 may be coupled along a communication line to a telephone 104 to secure certain communications between the telephone 104 and a secure server 108 .
- the security device 102 may be a small-form factor device that can be connected in-line or in series on a telephone line between a telephone 104 and a communication network 106 .
- the security device 102 may be coupled to the telephone line near or adjacent to a telephone 104 .
- the security device 102 may be associated with an account and/or an issuing institution 108 (e.g., bank, credit card company, etc.).
- an issuing institution 108 e.g., bank, credit card company, etc.
- a bank may issue such security device 102 to its customers, each security devices being uniquely associated with a customer or a customer's account.
- the issuing institution 108 may have a security server 110 that facilitates telephonic transactions with customers.
- FIG. 2 is a flow diagram illustrating a method for securing certain communications between the telephone 104 and the security server 110 belonging to issuing institution 108 of FIG. 1 .
- the security device 102 may have an active mode of operation and an inactive (passive) mode of operation.
- the security device 102 is used to call someone other than the issuing institution 108 (e.g., security server 110 )
- it is inactive and the call just passes through the security device 102 , including DTMF tones, unchanged.
- the security server 110 e.g., security server 110
- the activation signal may be sufficiently long and/or unique (e.g., have enough digits or symbols) to be reasonably sure that the security device 102 is not likely to be triggered by coincidence. In one example, this activation signal may not actually carry any information but merely triggers or activates the security device 102 to switch from an inactive (passive) mode to active mode. For instance, the activation signal may be a short piece of music or tone that is recognized by the security device 102 .
- the security device 102 listens for and recognizes the activation signal (e.g., a unique set of DTMF tones) from the security server 110 and changes to active mode 212 . In one example, upon receiving the activation signal, the security device 102 may start encrypting all DTMF tones from the telephone to the security server 110 .
- a challenge-response scheme may be implemented between the security device 102 and security server 110 .
- the security server 110 may send a random challenge to the security device 214 .
- the security device 102 receives the challenge, generates a reply (e.g., identifier and response to challenge) 216 , and sends the reply to the security server 110 .
- the reply may include an identifier, associated with the security device 102 , and a response to the challenge.
- the security device 102 may also generate a session key that may be used to encrypt subsequent DTMF tones from the telephone 104 to the security server 110 .
- the reply informs the security server 110 that it is communicating with an associated security device.
- the security server 110 may use the identifier to look-up a particular customer's accounts 220 , thereby saving the customer the trouble of identifying themselves manually (e.g., avoids having the customer entering their account number).
- the security server 110 may also verify that the response is correct based on the random challenge and an authentication key 222 , provisioned in both the security device 102 and security server 110 , to authenticate the user. Note that since the security device 102 is located in close proximity to the user's telephone (e.g., inside the user's home), an attacker would have to steal it to initiate an attack.
- the security server 110 calculates the same session key 226 as the security device 102 calculates 224 . If the security server 110 disagrees with the reply it receives from the security device 102 (or does not receive a response at all), the call may be diverted to an alternative path for more stringent identification and/or authentication. That is, the security device 102 may calculate its response based on the received random challenge and the authentication key. The security server 110 can then verity the received response by calculating a local response (based on the random challenge and authentication key) and compares it to the received response from the security device 102 .
- the security server 110 sends a confirmation that is authenticated 228 using the newly derived session key. This confirmation informs the security device 102 to start encrypting DTMF tones coming from the telephone 104 . If there is a problem with the confirmation from the security server (e.g., it is not received by the security device 102 within a certain maximum time, or the confirmation fails, etc.), the security device 102 may generate a warning signal to the user. For example, a light may flash (or come ON) or an alarm may sound if the challenge-response authentication fails. Additionally, a light (e.g., light emitting diode—LED) may glow to indicate the security device 102 is active and/or the challenge-response is successfully authenticated.
- a warning signal For example, a light may flash (or come ON) or an alarm may sound if the challenge-response authentication fails. Additionally, a light (e.g., light emitting diode—LED) may glow to indicate the security device 102
- the session key may be used by the security device 102 to encrypt transmissions from telephone 104 to the security server.
- the security device intercepts DTMF tones coming from the telephone 232 and transmits encrypted DTMF tones instead 234 .
- DTMF tones from the telephone 104 may be translated into different DTMF tones which are then sent to the security server 110 .
- DTMF tones may be converted to digital symbols by the security device 102 which are then encrypted and sent to the security server 110 .
- the security device 102 also passes anything else (non-DTMF tones or signals) in both directions without modifying or encrypting it.
- the security server 110 can use the session key to decrypt DTMF tones received from the telephone via the security device 236 .
- the security device 102 may be configured to recognize a particular telephone number(s) associated with a particular issuing institution 108 . When the security device 102 recognizes that the telephone has dialed the particular telephone number, it may automatically switch to active mode and/or encrypt all DTMF tones from the telephone to the security server 110 .
- the security device 102 may continue to encrypt DTMF tones from the telephone 104 until the call is terminated, at which point the security device 102 switches back to inactive mode where it allows all DTMF tones to pass through unchanged.
- the security device 102 may have a small form factor and may be easily plugged into a telephone line.
- a user may have multiple security devices, associated with a single institution or account, to enable the user to securely access an account from different locations (e.g., home, office, etc.).
- a user may also have multiple security devices associated with various different institutions and/or accounts. These multiple security devices may be coupled in series along a telephone line.
- An inactive security device in a chain merely passes signals to the next security device in the chain. If a security device in the chain is activated by a security server, then it encrypts DTMF tones from the telephone.
- a security device 102 may serve multiple users from one telephone or location.
- the security server may identify that the security device is associated with a plurality of users or accounts. To distinguish between each user, the security server may send a voice prompt requesting the user to enter a PIN or other identifier that identifies a particular user or account.
- FIG. 3 illustrates a block diagram of one example of a tele-services security server that may enable securing DTMF tones during transmission.
- the security server 302 may include a processing circuit 304 , such as a small and/or low-power microprocessor.
- the security server 302 may be include a first communication module 306 used to couple the security server 302 to a communication network.
- An authentication module 308 allows the security server 302 to authenticate a security device with which it communicates.
- a DTMF decryption module 308 allows the security server 302 to decrypt encrypted DTMF tones received from the security device.
- FIG. 4 illustrates a method operational on a security server for securing DTMF tones from a telephone device.
- a call is received from a DTMF-enabled telephone 402 .
- An activation signal is sent to a security device associated with the DTMF-enabled telephone 404 .
- the security device may be located near in proximity to the DTMF-enabled telephone.
- the security device is then authenticated by the security server. For instance, a challenge signal is sent to the security device 406 .
- the security server determines whether a response is received from a security device 408 . If not, then it may be assumed that no security device is present on the telephone line 410 . Otherwise, the security server determines whether the received response can be successfully authenticated 412 .
- a session key is generated 416 .
- a confirmation message authenticated by the session key is sent to the security device 418 .
- the security server may receive encrypted DTMF tones from the security device 420 .
- the security server may then decrypt the received DTMF tones to obtain information sent by the telephone 422 .
- Such DTMF tones may represent confidential information (e.g., account number, password, PIN, etc.) that is protected from eavesdroppers during transmission by encrypting the original DTMF tones.
- FIG. 5 illustrates a block diagram of one example of a security device that may be configured to protect DTMF tones during transmission.
- the security device 502 may include a processing circuit 504 , such as a small and/or low-power microprocessor.
- the security device 502 may be powered by a telephone line to which it is coupled.
- a first communication interface A 506 may be used to couple the security device 502 to a telephone.
- a second communication interface B 508 may be used to couple the security device 502 to a communication network.
- the security device 502 lets all DTMF tones pass through unchanged.
- the processing circuit 504 may be configured to listen for an activation signal (e.g., from a security server).
- a DTMF detector 510 may be configured to detect a DTMF activation signal to switch the security device to an active mode of operation. In active mode, the security device 502 may be configured to respond to an authentication challenge from a security server.
- the DTMF detector 510 may also be configured to detect DTMF tones received via communication interface A 506 (e.g., coming from a telephone). If one or more DTMF tones are detected, the DTMF tones are encrypted or otherwise modified by a DTMF encryption module 512 . The encrypted DTMF tones are then transmitted through the communication interface B 508 to a security server.
- DTMF tones received via communication interface A 506 (e.g., coming from a telephone). If one or more DTMF tones are detected, the DTMF tones are encrypted or otherwise modified by a DTMF encryption module 512 . The encrypted DTMF tones are then transmitted through the communication interface B 508 to a security server.
- FIG. 6 illustrates a method operational on a security device for securing DTMF tones from a telephone device.
- the security device is powered upon a call being initiated between a telephone and a security server 602 . That is, since the communication line is energized when a call is made, the security device may draw its power from the communication line.
- the security device In a passive mode of operation, the security device allows DTMF tones to pass through unchanged between a first communication interface and a second communication interface 604 .
- the first communication interface may be coupled to the telephone and the second communication interface may be coupled to a second communication interface.
- the security device monitors transmissions to determine whether a (DTMF) activation signal is received from a security server 606 .
- the security device continues operating in passive mode unless an activation signal is received. If a DTMF activation signal is received, the security device changes to an active mode of operation 608 .
- the security device may also listen for other signals from the security server 610 .
- the security device may receive a challenge from the security server 612 .
- the security device replies with a response to the challenge 614 . If the response is valid, the security device may receive a confirmation indicating that the security server has successfully authenticated the security device 616 .
- the security device listens for DTMF tones from the telephone. If DTMF tones are received from the telephone (to which the security device is coupled) over the first communication interface 618 , the received DTMF tones are encrypted into different DTMF tones 620 . In one example, DTMF tones from the telephone may be translated into different DTMF tones which are then sent to the security server. In another configuration, DTMF tones may be converted to digital symbols by the security device 102 which are then encrypted and sent to the security server. The encrypted DTMF tones are then sent to the security server over the second communication interface 622 .
- the security device continues to encrypt DTMF tones from the telephone until the call ends, at which time the security device returns to passive mode 624 .
- the security device 102 prevents unencrypted DTMF tones from the telephone from passing to the security server.
- the security device 102 may disconnect all inputs (.e.g., transmissions) from the telephone the network while active. In this case there may be some provision for either the customer or the security server to reconnect the inputs (e.g., allow transmissions from the security device 102 ), for example, if the customer needs to talk to a representative.
- FIG. 7 is a block diagram of a mobile communication device configured to authenticate itself with a security server.
- the mobile communication device 702 includes a processing circuit 704 coupled to a communication module 706 and a user input interface 708 .
- the communication module 706 enables the mobile communication device 702 to communicate over a wireless communication network 710 .
- the processing circuit 704 may be configured to authenticate itself with one or more security servers during a call.
- the mobile communication device may be configured with an authentication key and/or a user identifier that allows a bank or financial institution to authenticate the user of the mobile communication device 702 .
- the authentication key and/or user identifier may be provided beforehand (e.g., during setup or configuration) by the bank or financial institution.
- the processing circuit 704 may also request a PIN, password, and/or other input from a user to complete an authentication procedure.
- FIG. 8 is a flow diagram illustrating a method for authenticating a mobile communication device 802 to a tele-services station 804 over a communication network.
- the mobile communication device 802 may be a mobile phone and the tele-services station 804 may include a security server associated with a banking or financial institution.
- the mobile communication device 802 and tele-services station 804 may each have the same authentication key.
- the mobile communication device may initiate a call to an issuing institution 806 associated with the tele-services station.
- the issuing institution may be a bank or financial institution, for example.
- the tele-services station sends a random authentication challenge 808 to the mobile communication device.
- the mobile communication device then generates a response based on the random challenge and the authentication key 809 and sends the response and (possibly) a user identifier to the tele-services station 810 .
- the tele-services station then verifies whether the response from the mobile communication device is correct 812 . This may be done by the tele-services station calculating a verification value based on its authentication key and the random authentication challenge and comparing it to the response received from the mobile communication device.
- an authentication confirmation 814 may be sent to the mobile communication device.
- the mobile communication device may request sensitive information (e.g., bank account records, etc.) from the tele-services station 816 . If the mobile communication device is successfully authenticated, the tele-services station then provides the requested sensitive information to the mobile communication device 818 . In this manner, a mobile communication device (e.g., mobile phone) may be authenticated by a tele-services station to secure the transmission of sensitive information during a call.
- sensitive information e.g., bank account records, etc.
- One type of threat addressed by the security device and/or methods described herein is an eavesdropping attack.
- an attacker may attach a recorder to the telephone wires to listen to the DTMF tones associated with numbers entered by a user on the telephone. These DTMF tones may identify the bank being called, the user's customer and/or account numbers, private identification number (PIN), social security number, among other private and/or confidential information. The attacker may then use this information to perform fraudulent transactions from the user's account.
- the security device described herein defeats such an attack by encrypting the DTMF tones and providing further authentication.
- the security device may turn On a security indicator (e.g., light) after a “start encrypting” signal (i.e., authenticated confirmation) is received from the receiving institution.
- the caller e.g., customer
- the caller merely checks the security indicator to make sure that the security device is encrypting its tones before entering any sensitive or confidential information.
- Another type of attack may be a session hijacking attack where the attacker waits until the user has established communications with the intended receiver (e.g., bank), thus activating the security indicator, and then takes over the call. The attacker may then pretend that something went wrong with the call and ask the user to verbally provide sensitive information. Alternatively, the attacker may ask the user to enter specific responses (that are already known to the attacker) to try to establish a tone-by-tone encryption pattern, and then use the tone-by-tone conversions to encrypt their own response to the bank. To address this type of attack, the tone-by-tone encryption may be altered or modified on a pseudorandom basis, rotational basis, and/or other basis that inhibits discovery of a number-to-tone relationship.
- the intended receiver e.g., bank
- the security device may be configured to perform message authentication and session key derivation by using, for example, a Message Authentication Code (MAC) function.
- MAC Message Authentication Code
- a security server may authenticate a caller's security device by splitting the output from a single invocation of MAC K (Challenge). For instance, a typical MAC function may return 128 bits of output, which may be represented as 32 DTMF tones.
- the security server may send the first 16 DTMF tones (representing part of the MAC) to the security device, and, in response, the security device sends back the other 16 DTMF tones (representing the other part of the MAC). In this manner, both the security server and security device may prove to each other that they are authorized or legitimate.
- the response may include additional information.
- Another feature provides an efficient cryptographic method that safeguards the security of encrypted symbols.
- Each plaintext symbol is encrypted by using a separate pseudorandomly selected translation table.
- the translation tables may be efficiently generated on-the-fly based on a pseudorandom number and a symbol shuffling algorithm.
- a receiving device may similarly generate reverse translation tables on-the-fly to decrypt received encrypted symbols.
- a telephone security device may convert DTMF tones into digital values, encrypt the digital values by using a pseudorandomly selected translation table for each digital value.
- the encrypted digital values may then be transmitted to a security server (e.g., tele-services station), either in digital form or as DTMF tones associated with the encrypted digital values.
- a security server e.g., tele-services station
- stream encryption may use a keystream generated by a block cipher, such as Advanced Encryption Standard (AES) in counter mode, Output Feedback (OFB), or Ciphertext Feedback (CFB) modes.
- AES Advanced Encryption Standard
- OFB Output Feedback
- CFB Ciphertext Feedback
- the MAC function may be implemented with a block cipher in CBC-MAC mode. This may be advantageous if, for example, the security device had AES implemented in hardware.
- a stream cipher such as Non-linear SOBER (NLS).
- NLS Non-linear SOBER
- a stream cipher may also be used as a MAC function, albeit with low efficiency, by using the data to be encrypted as a key or nonce input, then generating an output keystream. Since the length of the keystream generated may be as long as desired, both the Response and Session Key may be generated in a single call.
- Conventional stream encryption (whether using a true stream cipher or a block cipher in streaming mode) usually proceeds by generating a keystream of pseudo-random numbers and combining them with the plaintext (i.e., digital representations of the DTMF tones) to form an encrypted output or ciphertext.
- the keystream and plaintext are combined using an Exclusive-OR (XOR) operation, because it is self-inversive.
- XOR Exclusive-OR
- a conventional DTMF-enabled telephone has ten or more keys, each key having a unique tone. Thus, XOR operations cannot be used to encrypt said DTMF tones with a keystream.
- the DTMF tones associated with telephone keys may be converted into (or associated with) different digital symbols that may be added to pseudorandom numbers/symbols obtained from the keystream to generate an encrypted symbol or ciphertext.
- an active attacker knowing the position of a particular digit may be able to change that number by subtracting from the transmitted ciphertext number. For instance, an attacker knowing that for a particular DTMF tone the input was a “1” but the output was a “7”, may determine that the pseudorandom number generated for this tone was a “6” and can then correctly encrypt any character of their choosing for that particular digit position.
- One feature provides for using a keystream to obtain or generate a pseudorandomly selected or generated translation table for each plaintext symbol to be encrypted. Instead of taking a pseudorandom number from the keystream and changing the plaintext the same way (e.g., by adding modulo n), one feature provides for translating each plaintext symbol in an input stream by pseudorandomly selecting one of a plurality of translation tables. Translation tables may provide different possible permutations of a set of numbers or symbols. This is herein referred to as a combinational combiner.
- FIG. 9 illustrates a block diagram of a combinational combiner for securing plaintext symbols by pseudorandomly selecting a translation table for each symbol to be encrypted.
- a cipher generator 902 is used to generate a keystream Si 904 of pseudorandom numbers/symbols.
- the pseudorandom numbers of keystream 904 are used to generate or obtain a different translation table 906 , from a plurality of possible translation tables, for each plaintext input symbol Pi 908 in an input stream.
- an encrypted output symbol Ci 910 is generated.
- Such translation operation defines a permutation of the plaintext input symbols 908 under the control of the keystream 904 .
- the translation table 906 may be represented as a vector of n elements and the translation of a plaintext input symbol 908 may be done by looking up the pth element of the translation table 906 .
- the reverse translation may be done either by creating a table of the inverse permutation, or by searching the table for the entry containing symbol Ci, and returning its index as p.
- a permutation may be chosen at random from the set of all such permutations, and used as the translation table 906 to translate the plaintext input symbol Pi 908 into the encrypted output symbol Ci 910 (also referred to as ciphertext).
- Ci 910 also referred to as ciphertext
- a pseudorandomly selected translation table is selected for each plaintext symbol in an input stream. Then an attacker who sees the encrypted symbol Ci 910 and knows that it corresponds to a particular plaintext symbol still knows nothing about the correspondence between other plaintext symbols and corresponding encrypted symbols.
- each DTMF tone received by a security device from a telephone is converted to (or associated with) a digital plaintext symbol.
- the plaintext symbol is then translated by a translation table (obtained based on one or more pseudorandom numbers from the keystream) to obtain an encrypted symbol.
- the encrypted symbol is then transmitted to a security server (either in digital form or as a DTMF tone corresponding to the encrypted symbol) where it is decrypted by a reverse translation table.
- the reverse translation table may be generated or obtained by having synchronized cipher generators at both the security device and security server that generate the same keystream.
- the cipher generators may be synchronized by using the same seed (e.g., session key, etc.).
- a plurality of translation tables may be pre-generated and/or stored by the security device and/or security server. Rather than generating a new translation table (i.e., a permutation of the input symbols) on-the-fly, the translation tables may be pre-generated and stored.
- the pseudorandom values/symbols of the keystream 904 may be used to select one of the pre-generated translation tables for each plaintext symbol to be encrypted.
- the pre-generated translation tables may define every permutation or a subset of permutations for a set of n plaintext symbols.
- the translation table used may be generated on-the-fly by using the keystream and pseudorandomly shuffling symbols to form the translation table. Note that these solutions are equivalent, in the sense that it there will be n! tables, and the amount of keystream needed to select one of these tables is the same as the amount needed to create such a table by shuffling.
- FIG. 10 illustrates an example of a symbol-to-symbol translation table 1002 for translating a plaintext symbol into an encrypted symbol.
- sixteen (16) plaintext symbols translate to a different encrypted symbol.
- the binary representation is shown in this example to merely illustrate that the sixteen plaintext symbols may be encrypted using four-bit encrypted symbols.
- a different number of bits may be used for each symbol. For example, for up to two hundred fifty-six (256) plaintext symbols, eight (8) bits may be extracted from the keystream to generate each encrypted symbol.
- Another feature provides for a one-to-one correspondence between plaintext symbols and encrypted symbols within a particular translation table. That is, no two plaintext symbols convert to the same encrypted symbol within a particular translation table. This allows a decrypting device to accurately decrypt an encrypted symbol into its original plaintext symbol.
- a symbol-to-symbol reverse translation table may be generated to reverse the symbol-to-symbol translation of an encryption device and thereby decrypt received encrypted symbols.
- FIG. 11 illustrates one example of how plaintext symbols 1102 may be encrypted using different translation tables 1104 to obtain encrypted symbols 1106 .
- different translation tables 1104 For each plaintext symbol P0, P1, P2, P3, . . . Pi different translation tables 1104 , each with a different permutation of symbols, is used to obtain encrypted symbols C0, C1, C2, C3, . . . Ci.
- the number of possible permutations generated is 12! or 479,001,600.
- a thirty-two (32) bit keystream may suffice to choose one permutation as a translation table without bias.
- this approach becomes inefficient as the number of symbols in a set increase. For instance, for a set of 256 possible symbols, the number of possible permutations generated is 256! or 8.5 ⁇ 10 506 which would take in excess of 1684 bits from the pseudorandom keystream to select one of the permutations as a translation table.
- FIG. 12 illustrates an algorithm for selecting a translation table from a plurality of possible permutations for a set of n symbols, where n is a positive integer.
- a cipher generator may be used that provides pseudorandom keystream values k bits long (e.g., 8 bits, 32 bits, etc.) uniformly distributed in the range of 0 and 2 k ⁇ 1.
- the keystream is used to obtain a pseudorandom number w 1202 . Since n! may not divide evenly into 2 k , the pseudorandom number w cannot be used directly without introducing biases. For this reason, a maximum threshold Pmax is defined as the largest multiple of n! that is less than 2 k .
- pseudorandom number w is less than this maximum threshold Pmax, then it can be used without introducing a bias. Otherwise, if the pseudorandom number w is greater than or equal to this maximum threshold Pmax, it is discarded and a new pseudorandom number w is selected until a pseudorandom number w is obtained that is less than the maximum threshold Pmax 1204 .
- an unbiased pseudorandom number w is obtained in the range of 0 to n! that can be used to obtain a permutation (i.e., translation table).
- one feature Rather than storing pre-generated permutations and selecting one such permutation by using the pseudorandom number w, one feature provides for generating a permutation by shuffling symbols of a base permutation to generate a translation table.
- a symbol shuffling algorithm 1210 is then used to shuffle the symbols in the base permutation vector P using pseudorandom number w.
- the permutation vector P may be provided 1212 to any application that can use it, for example, as a translation table to encrypt an input symbol stream.
- FIG. 13 is a block diagram illustrating another encryption scheme that may achieve symbol authentication by using multiple translation tables to encrypt a single plaintext symbol. That is, a plaintext input symbol Pi 1302 is encrypted by a translation table A1 1304 , that may be generated or selected based on a first keystream Si′ 1306 obtained from a first cipher generator 1308 , to obtain a first encrypted output symbol Ci′ 1310 . The first encrypted output symbol Ci′ 1310 then serves as input to a second translation table A2 1312 , that may be generated or selected based on a second keystream Si 1314 obtained from a second cipher generator 1316 , used to obtain a second encrypted output symbol Ci 1318 .
- redundancy may be used to authenticate the first encrypted output symbol Ci′ 1310 . That is, by using symbols Ci′ 1310 and Ci 1318 together, symbol Ci 1318 authenticates Ci′ 1310 . Thus, if an attacker succeed in changing symbol Ci′ 1310 , for example, it would not be properly authenticated by symbol Ci 1318 .
- FIG. 14 illustrates how multiple translation tables 1404 and 1406 may be used to encrypt each plaintext symbol 1402 to obtain a corresponding pair of encrypted symbols 1408 . It should be noted that the translation tables 1404 and 1406 may be pseudorandomly selected and/or generated to encrypt each plaintext symbol Pi into a pair of symbols Ci′/Ci.
- FIG. 15 illustrates an example of how two translation tables may be employed to translate or encrypt a plaintext symbol Pn into a pair of symbols Cn′ and Cn.
- a second plaintext symbol P(n+1) may have completely different translation tables even where the first plaintext symbol and second plaintext symbol are the same.
- the redundant use of symbol pair C(n+/)′ and C(n+1) may serve as a form of authentication.
- FIG. 16 illustrates a method for performing plaintext encryption according to one example.
- a plurality of input symbols defined within a set of n symbols is obtained 1602 .
- a pseudorandomly selected translation table is obtained for each of the input symbols to be encrypted 1604 .
- the input symbols are translated into corresponding output symbols using their corresponding translation table for each of the input symbols to individually encrypt each input symbol 1606 .
- the output symbols may then be transmitted to a decrypting device 1608 .
- a first plaintext symbol is obtained, wherein the first plaintext symbol may be one of n symbols in a set.
- a first translation table is obtained that translates n symbols into a different permutation of the n symbols.
- the first translation table may be pseudorandomly generated by using a pseudorandom number to shuffle the n symbols.
- the first plaintext symbol is then translated into a first output symbol using the first translation table.
- a second translation table may be obtained that translates n symbols into a different permutation of the n symbols than the first translation table.
- the first output symbol is translated into a second output symbol using the second translation table.
- An encrypted symbol is then transmitted based on the first and/or second output symbols.
- FIG. 17 is a block diagram illustrating how encrypted symbols Ci may be decrypted by using one or more reverse translation tables to obtain a single plaintext symbol. That is, an encrypted input symbol Ci 1702 may be decrypted by a first reverse translation table A1 1704 , that may be generated or selected based on a first keystream Si′ 1706 obtained from a first cipher generator 1708 , to obtain a first decrypted output symbol Ci′ 1710 . The first decrypted output symbol Ci′ 1710 then serves as input to a second reverse translation table A2 1712 , that may be generated or selected based on a second keystream Si 1714 obtained from a second cipher generator 1716 , used to obtain a plaintext output symbol Pi 1718 .
- a second reverse translation table A2 1712 that may be generated or selected based on a second keystream Si 1714 obtained from a second cipher generator 1716 , used to obtain a plaintext output symbol Pi 1718 .
- encrypted symbols x and y may be decrypted in the reverse order in which they were encrypted to obtain the plaintext output symbol Pi.
- FIG. 18 illustrates a method for performing symbol decryption according to one example.
- a plurality of (encrypted) input symbols defined within a set of n symbols is obtained 1802 .
- a pseudorandomly selected reverse translation table is obtained, from a plurality of reverse translation tables defining different symbol-to-symbol permutations, for each of the input symbols to be decrypted 1804 .
- a first encrypted symbol (input symbol) is obtained, wherein the first encrypted symbol is one of n symbols in a set.
- a first reverse translation table is also obtained that translates n symbols into a different permutation of the n symbols.
- the first reverse translation table may be pseudorandomly generated by using a pseudorandom number to shuffle the n symbols.
- the first encrypted symbol is translated into a first output symbol using the first reverse translation table.
- a second reverse translation table is obtained that translates n symbols into a different permutation of the n symbols than the first translation table.
- the first output symbol is translated into a second output symbol using the second reverse translation table.
- a plaintext symbol may then be obtained based on the first and/or second output symbols.
- FIG. 19 is a block diagram illustrating an encryption module according to one example.
- the encryption module 1902 may be include a processing circuit 1904 configured to provide a seed to a keystream generator 1906 .
- the keystream generator 1906 generates a keystream of pseudorandom numbers or symbols which are sent to the processing circuit 1904 .
- An input interface 1908 coupled to the processing circuit 1904 may receive a plaintext symbol stream.
- the processing circuit 1904 may be configured to use a pseudorandom number obtained from the keystream to obtain a translation table from a translation table generator 1910 .
- the translation table generator 1910 may be configured to use the pseudorandom number to, for example, shuffle and/or combine symbols of a base table in a pseudorandom, non-biased, manner to provide a translation table.
- the processing circuit 1904 uses the translation table once to translate a first plaintext symbol into a first encrypted symbol of an encrypted symbol stream.
- the encrypted symbol stream may be transmitted through an output interface 1912 coupled to the processing circuit 1904 .
- a different translation table may be generated and used to translate that symbol.
- FIG. 20 is a block diagram illustrating a decryption module according to one example.
- the decryption module 2002 may be include a processing circuit 2004 configured to provide a seed to a keystream generator 2006 .
- the keystream generator 2006 generates a keystream of pseudorandom numbers or symbols which are sent to the processing circuit 2004 .
- An input interface 2008 coupled to the processing circuit 2004 may receive an encrypted symbol stream.
- the processing circuit 2004 may be configured to use a pseudorandom number obtained from the keystream to obtain a translation table from a reverse translation table generator 2010 .
- the reverse translation table generator 2010 may be configured to use the pseudorandom number to, for example, shuffle and/or combine symbols of a base table in a pseudorandom, non-biased, manner to provide a translation table.
- the processing circuit 2004 then uses the reverse translation table once to translate a first encrypted symbol into a first plaintext symbol of a plaintext symbol stream.
- the plaintext symbol stream may be transmitted through an output interface 2012 coupled to the processing circuit 2004 .
- an encryption module 1902 and decryption module 2002 may have the same keystream generator and have complementary translation table generators.
- a common seed may be established (e.g., by a secure authentication scheme) for a particular communication session between the encryption module and decryption module.
- a session key may be used as the seed for the keystream generators 1906 and 2006 .
- FIGS. 1-18 One or more of the components, steps, and/or functions illustrated in FIGS. 1-18 may be rearranged and/or combined into a single component, step, and/or function or in separated into several components, steps, and/or functions without departing from the invention. Additional elements, components, steps, and/or functions may also be added without departing from the invention.
- the apparatus, devices, and/or components illustrated in FIGS. 1 , 2 , 3 , 5 , 7 , 9 , 13 , 17 , 19 and/or 20 may be configured to perform one or more of the methods, features, or steps described in FIGS. 2 , 4 , 6 , 8 , 10 , 11 , 12 , 14 , 15 , 16 and/or 18 .
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Economics (AREA)
- Development Economics (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
A small form-factor security device is provided that may be inserted in series with a telephone line to encrypt dual tone multi-frequency (DTMF) tones from a telephone to prevent unauthorized disclosure of sensitive information. A receiving device decrypts the encrypted DTMF tones to receive the original information sent by the telephone. The security device acts as a second factor in a two-factor authentication scheme with a tele-services security server that authenticates the security device.
Description
- This application is a divisional of prior application Ser. No. 11/611,825, filed Dec. 15, 2006, which application is incorporated by reference herein.
- Various examples relate generally to telephone accessory devices and, more particularly, to a device and method for securing dual tone multi-frequency (DTMF) tones during transmission from a telephone.
- In many countries, electronic banking is done by telephone, where a customer calls the bank's automatic service number, and uses the telephone keypad to respond to recorded prompts for menu items, account numbers, private identification numbers (PINs), amounts, and so on. Such information is often transmitted in dual tone multi-frequency (DTMF) signals from the telephone to the bank server. While such transactions over the Internet are often secured using secure socket layer (SSL), but there is no corresponding security for DTMF tones from telephones. In developing countries, banks often make such telephone services available to their customers. However, such services may be vulnerable to malicious parties that tap into the telephone wires to discover or capture sensitive information, such as customer account numbers and PINs, and then use the information to transfer money out of the accounts.
- Therefore, it is desirable to provide a way to secure transmissions of DTMF tones from a telephone. Possession of the encryption device can simultaneously form a second factor of authentication for the customer, further enhancing security.
- A method operational on a small form-factor telephone security device is provided for securing DTMF tones during transmission. Dual tone multi-frequency (DTMF) tones are received from a telephone over a first communication interface. The DTMF tones received from the telephone are encrypted and the encrypted DTMF tones are sent to a security server over a second communication interface. An activation signal may be received from the security device, and as a result, the security device may be placed into an active mode of operation. In active mode of operation, the security device may be configured to encrypt DTMF tones received from the telephone and allow voice signals to pass through the security device unchanged. In a passive mode of operation, the security device may pass DTMF tones from the telephone through unchanged between the first communication interface to a second communication interface.
- The security device may be positioned proximate the telephone and coupled in series between the telephone and the security server and may be powered upon a call being initiated between the telephone and the security server.
- In order to provide authentication, an authentication challenge may be received from the security server. In response, an authentication response is formulated and sent to the security server. A confirmation may be received from the security server indicating that the security server has successfully authenticated the security device.
- In one example, a first DTMF tone received over the first communication interface is converted into a first symbol. A translation table is pseudorandomly selected from a plurality of translation tables. The first symbol is converted into a second symbol using the selected translation table and the second symbol is, in turn, converted into a second DTMF tone. The second DTMF tone is transmitted as the encrypted DTMF tone. In one example, the selected translation table is generated by obtaining pseudorandom number from a keystream generated at the security device and shuffling symbols in a base translation table based on the pseudorandom number to obtain the selected translation table.
- In another example, DTMF tones received over the first communication interface are converted into associated symbols within a set of symbols. An associated translation table is pseudorandomly selected from a plurality of translation tables for each DTMF tone received. The associated symbol for each DTMF tone received is then translated into an encrypted symbol based on its associated translation table.
- In one configuration, the security device may detect the telephone number called by the telephone. If the telephone number is recognized as an associated secure institution, the security device encrypts DTMF tones received from the telephone. Otherwise, DTMF tones received from the telephone are passed to the security server unchanged.
- A small form-factor telephone security device is also provided including a first and second communication interfaces and a processing circuit. The first communication interface allows the security device to communicate with a telephone while the second communication interface allows the security device to communicate with a security server. The processing circuit is coupled between the first communication interface and the second communication interface and may be configured to (a) receive dual tone multi-frequency (DTMF) tones from the telephone, (b) receive an activation signal from the security device; (c) place the security device into an active mode of operation once the activation signal is received, (d) encrypt the received DTMF tones; and/or (e) send the encrypted DTMF tones to the security server. In a passive mode of operation, the security device passes DTMF tones through unchanged between the first communication interface and a second communication interface.
- The security device may also include (a) a DTMF tone detector coupled to the processing circuit to detect when a DTMF tone is received over the first communication interface; and/or (b) a DTMF encryption interface coupled to the processing circuit to assist the processing circuit in converting a received DTMF tone into an encrypted DTMF tone.
- The processing circuit may be further configured to (a) convert a first DTMF tone received over the first communication interface into a first symbol; (b) pseudorandomly select a translation table from a plurality of translation tables; (c) translate the first symbol into a second symbol by using the selected translation table; (d) convert the second symbol into a second DTMF tone; and/or (e) send the second DTMF tone as the encrypted DTMF tone. To select the translation table, the processing circuit may be configured to (a) obtain a pseudorandom number from a keystream generated at the security device; and/or (b) shuffle symbols in a base translation table based on the pseudorandom number to obtain the selected translation table.
- Consequently, a small form-factor telephone security device is provided comprising: (a) means for receiving dual tone multi-frequency (DTMF) tones from a telephone over a first communication interface; (b) means for receiving an activation signal from the security device; (c) means for placing the security device into an active mode of operation once the activation signal is received. (d) means for encrypting the DTMF tones received from the telephone; (e) means for sending the encrypted DTMF tones to a security server over a second communication interface; and/or (f) means for passing DTMF tones through unchanged between the first communication interface to a second communication interface in a passive mode of operation.
- Additionally, the security device may include (a) means for converting a first DTMF tone received over the first communication interface into a first symbol; (b) means for pseudorandomly selecting a translation table from a plurality of translation tables; (c) means for translating the first symbol into a second symbol using the selected translation table; (d) means for converting the second symbol into a second DTMF tone; and/or (e) means for sending the second DTMF tone as the encrypted DTMF tone.
- A machine-readable medium having one or more instructions operational on a security device for securing information transmitted by a telephone, which when executed by a processor causes the processor to: (a) receive dual tone multi-frequency (DTMF) tones from the telephone over a first communication interface; (b) encrypt the DTMF tones received from the telephone; and/or (c) sending the encrypted DTMF tones over a second communication interface. The security device may be placed into an active mode of operation if an activation signal is received, wherein activation mode received DTMF tones are converted to encrypted DTMF tones. Otherwise, the security device passes DTMF tones through unchanged between the first communication interface to a second communication interface in a passive mode of operation. The security device may also be authenticated with a receiving device coupled to the second communication interface.
- To encrypt DTMF tones, a pseudorandom number is generated and a translation table is selected from a plurality of translation tables based on the pseudorandom number. A first DTMF tone received from the telephone is translated into a second DTMF tone based on the selected translation table.
- A method operational on a telephone security server is also provided for facilitating securing of DTMF signals during transmission. A call is received from a dual tone multi-frequency (DTMF)-enabled telephone. An activation signal is sent to a security device associated with the DTMF-enabled telephone to activate encryption of DTMF tones from the telephone. Encrypted DTMF tones are received from the security device. The received DTMF tones are then decrypted to obtain information sent by the telephone. Decrypting a received DTMF tone may result in obtaining part of a number entered by a user of the telephone.
- The security device may be positioned proximate the telephone and coupled in series between the telephone and the security server.
- To authenticate the security device, the security server may send an authentication challenge to the security device. An authentication response may be received from the security device. A confirmation may then be sent to the security device if the authentication response is valid for the authentication challenge. A symbol encryption algorithm may be synchronized between the security server and the security device.
- Decrypting the received DTMF tones may include (a) converting a first DTMF tone into a first symbol; (b) translating the first symbol into a second symbol using a pseudorandomly selected symbol-to-symbol reverse translation table; and/or converting the second symbol into a second DTMF tone.
- A telephone security server is also provided comprising a communication module, a DTMF decryption module, and a processing circuit. The communication module may allow receiving telephone calls from dual tone multi-frequency (DTMF) enabled telephones. The DTMF decryption module may serve to decrypt encrypted DTMF tones. The processing circuit may be configured to (a) receive a call from the DTMF-enabled telephone; (b) send an activation signal to the security device associated with the DTMF-enabled telephone to activate encryption of DTMF tones from the telephone; (c) receive encrypted DTMF tones from a security device associated with a DTMF-enabled telephone; and/or (d) decrypt the received DTMF tones to obtain information sent by the telephone. Additionally, the security server may also include an authentication module configured to authenticate the security device. The processing circuit may be further configured to (a) convert a first DTMF tone into a first symbol; (b) translate the first symbol into a second symbol using a pseudorandomly selected symbol-to-symbol reverse translation table; and/or (c) convert the second symbol into a second DTMF tone.
- Consequently, a telephone security server is provided comprising: (a) means for receiving a call from a dual tone multi-frequency (DTMF)-enabled telephone; (b) means for sending an activation signal to a security device associated with the DTMF-enabled telephone to activate encryption of DTMF tones from the telephone; (c) means for receiving encrypted DTMF tones from the security device; and/or (d) means for decrypting the received DTMF tones to obtain information sent by the telephone. The security server may also include (a) means for sending an authentication challenge to the security device; (b) means for receiving an authentication response from the security device; (c) means for sending a confirmation to the security device if the authentication response is valid for the authentication challenge; (d) means for converting a first DTMF tone into a first symbol; (e) means for translating the first symbol into a second symbol using a pseudorandomly selected symbol-to-symbol reverse translation table; and/or (f) means for converting the second symbol into a second DTMF tone.
- A machine-readable medium is also provided having one or more instructions operational on a telephone security server for securing information transmitted from a telephone as dual tone multi-frequency (DTMF) tones, which when executed by a processor causes the processor to: (a) receive a call from the telephone; (b) send an activation signal to a security device associated with the telephone to activate encryption of DTMF tones from the telephone; (c) authenticate a security device associated with the telephone; (d) receive encrypted DTMF tones from the security device; and/or (e) decrypt the received DTMF tones to obtain information sent by the telephone. Additional instructions may (a) convert the encrypted DTMF tones into digital symbols; (b) obtain a symbol-to-symbol reverse translation table for each of the digital symbols; and/or (c) translate each digital symbol using the reverse translation table.
-
FIG. 1 illustrates a system in which a security device may be coupled along a communication line to a telephone to secure certain communications between the telephone and a secure server. -
FIG. 2 is a flow diagram illustrating a method for securing certain communications between the telephone and the security server belonging to issuing institution ofFIG. 1 . -
FIG. 3 illustrates a block diagram of one example of a tele-services security server that may enable securing DTMF tones during transmission. -
FIG. 4 illustrates a method operational on a security server for securing DTMF tones from a telephone device. -
FIG. 5 illustrates a block diagram of one example of a security device that may be configured to protect DTMF tones during transmission. -
FIG. 6 illustrates a method operational on a security device for securing DTMF tones from a telephone device. -
FIG. 7 is a block diagram of a mobile communication device configured to authenticate itself with a security server. -
FIG. 8 is a flow diagram illustrating a method for authenticating a mobile communication device to a tele-services station over a communication network. -
FIG. 9 illustrates a block diagram of a combinational combiner for securing plaintext symbols by pseudorandomly selecting a translation table for each symbol to be encrypted. -
FIG. 10 illustrates an example of a symbol-to-symbol translation table for translating a plaintext symbol into an encrypted symbol. -
FIG. 11 illustrates one example of how plaintext symbols may be encrypted using different translation tables to obtain encrypted symbols. -
FIG. 12 illustrates an algorithm for selecting a translation table from a plurality of possible permutations for a set of n symbols, where n is a positive integer. -
FIG. 13 is a block diagram illustrating another encryption scheme that may achieve symbol authentication by using multiple translation tables to encrypt a single plaintext symbol. -
FIG. 14 illustrates how multiple translation tables may be used to encrypt each plaintext symbol to obtain a corresponding encrypted symbol. -
FIG. 15 illustrates an example of how two translation tables may be employed to translate or encrypt a plaintext symbol into an encrypted symbol. -
FIG. 16 illustrates a method for performing plaintext encryption according to one example. -
FIG. 17 is a block diagram illustrating how encrypted symbols may be decrypted by using one or more reverse translation tables to obtain a single plaintext symbol. -
FIG. 18 illustrates a method for performing plaintext encryption according to one example. -
FIG. 19 is a block diagram illustrating an encryption module according to one example. -
FIG. 20 is a block diagram illustrating a decryption module according to one example. - In the following description, specific details are given to provide a thorough understanding of the examples. However, it will be understood by one of ordinary skill in the art that the examples may be practiced without these specific details. For example, circuits may not be shown in block diagrams in order not to obscure the examples in unnecessary detail.
- Also, it is noted that the examples may be described as a process that is depicted as a flowchart, a flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its termination corresponds to a return of the function to the calling function or the main function.
- Moreover, a storage medium may represent one or more devices for storing data, including read-only memory (ROM), random access memory (RAM), magnetic disk storage mediums, optical storage mediums, flash memory devices, and/or other machine readable mediums for storing information. The term “machine readable medium” includes, but is not limited to portable or fixed storage devices, optical storage devices, wireless channels, and various other mediums capable of storing, containing, or carrying instruction(s) and/or data.
- Furthermore, various configurations may be implemented by hardware, software, firmware, middleware, microcode, or a combination thereof. When implemented in software, firmware, middleware, or microcode, the program code or code segments to perform the described tasks may be stored in a machine-readable medium such as a storage medium or other storage means. A processor may perform the defined tasks. A code segment may represent a procedure, a function, a subprogram, a program, a routine, a subroutine, a module, a software package, a class, or a combination of instructions, data structures, or program statements. A code segment may be coupled to another code segment or a hardware circuit by passing and/or receiving information, data, arguments, parameters, or memory contents. Information, arguments, parameters, data, and the like, may be passed, forwarded, or transmitted via a suitable means including memory sharing, message passing, token passing, and network transmission, among others. The methods disclosed herein may be implemented in hardware, software, or both.
- The various illustrative logical blocks, modules, circuits, elements, and/or components described in connection with the examples disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic component, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing components, e.g., a combination of a DSP and a microprocessor, a number of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
- The methods or algorithms described in connection with the examples disclosed herein may be embodied directly in hardware, in a software module executable by a processor, or in a combination of both, in the form of processing unit, programming instructions, or other directions, and may be contained in a single device or distributed across multiple devices. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. A storage medium may be coupled to the processor such that the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor.
- One feature provides a small form-factor security device that may be inserted in series with a customer's phone line, which acts as a second factor in a two-factor authentication scheme and encrypts DTMF tones, thereby preventing disclosure of sensitive information. The device does not interfere with the normal operation of the phone. The device may include a small-form factor enclosure which may also offer a branding opportunity for banks and payment services with which they are associated. The device may be powered from the phone line to which it is coupled. In one configuration, a plurality of such devices may be chained or cascaded along a phone line to provide secure communications with multiple different parties (e.g., banks).
- Another feature provides an efficient encryption method that safeguards the security of encrypted symbols. Each plaintext symbol is encrypted by using a separate pseudorandomly selected translation table. Rather than pre-storing every possible permutation of symbols as translation tables, the translation tables may be efficiently generated on-the-fly based on a pseudorandom number and a symbol shuffling algorithm. A receiving device may similarly generate reverse translation tables on-the-fly to decrypt received encrypted symbols.
-
FIG. 1 illustrates a system in which asecurity device 102 may be coupled along a communication line to atelephone 104 to secure certain communications between thetelephone 104 and asecure server 108. Thesecurity device 102 may be a small-form factor device that can be connected in-line or in series on a telephone line between atelephone 104 and acommunication network 106. Thesecurity device 102 may be coupled to the telephone line near or adjacent to atelephone 104. - In one example, the
security device 102 may be associated with an account and/or an issuing institution 108 (e.g., bank, credit card company, etc.). For example, a bank may issuesuch security device 102 to its customers, each security devices being uniquely associated with a customer or a customer's account. The issuinginstitution 108 may have asecurity server 110 that facilitates telephonic transactions with customers. -
FIG. 2 is a flow diagram illustrating a method for securing certain communications between thetelephone 104 and thesecurity server 110 belonging to issuinginstitution 108 ofFIG. 1 . Thesecurity device 102 may have an active mode of operation and an inactive (passive) mode of operation. When thesecurity device 102 is used to call someone other than the issuing institution 108 (e.g., security server 110), it is inactive and the call just passes through thesecurity device 102, including DTMF tones, unchanged. However, when thetelephone 104 initiates a call to theissuing institution 208, the security server 110 (e.g., security server 110) sends an activation signal that wakes up thesecurity device 210. The activation signal may be sufficiently long and/or unique (e.g., have enough digits or symbols) to be reasonably sure that thesecurity device 102 is not likely to be triggered by coincidence. In one example, this activation signal may not actually carry any information but merely triggers or activates thesecurity device 102 to switch from an inactive (passive) mode to active mode. For instance, the activation signal may be a short piece of music or tone that is recognized by thesecurity device 102. Thesecurity device 102 listens for and recognizes the activation signal (e.g., a unique set of DTMF tones) from thesecurity server 110 and changes toactive mode 212. In one example, upon receiving the activation signal, thesecurity device 102 may start encrypting all DTMF tones from the telephone to thesecurity server 110. - In one configuration, a challenge-response scheme may be implemented between the
security device 102 andsecurity server 110. In addition to the activation signal, thesecurity server 110 may send a random challenge to thesecurity device 214. Thesecurity device 102 receives the challenge, generates a reply (e.g., identifier and response to challenge) 216, and sends the reply to thesecurity server 110. The reply may include an identifier, associated with thesecurity device 102, and a response to the challenge. Thesecurity device 102 may also generate a session key that may be used to encrypt subsequent DTMF tones from thetelephone 104 to thesecurity server 110. - The reply informs the
security server 110 that it is communicating with an associated security device. Thesecurity server 110 may use the identifier to look-up a particular customer'saccounts 220, thereby saving the customer the trouble of identifying themselves manually (e.g., avoids having the customer entering their account number). Thesecurity server 110 may also verify that the response is correct based on the random challenge and anauthentication key 222, provisioned in both thesecurity device 102 andsecurity server 110, to authenticate the user. Note that since thesecurity device 102 is located in close proximity to the user's telephone (e.g., inside the user's home), an attacker would have to steal it to initiate an attack. - By using the same challenge and response, the
security server 110 calculates thesame session key 226 as thesecurity device 102 calculates 224. If thesecurity server 110 disagrees with the reply it receives from the security device 102 (or does not receive a response at all), the call may be diverted to an alternative path for more stringent identification and/or authentication. That is, thesecurity device 102 may calculate its response based on the received random challenge and the authentication key. Thesecurity server 110 can then verity the received response by calculating a local response (based on the random challenge and authentication key) and compares it to the received response from thesecurity device 102. - If the challenge-response is properly authenticated, the
security server 110 sends a confirmation that is authenticated 228 using the newly derived session key. This confirmation informs thesecurity device 102 to start encrypting DTMF tones coming from thetelephone 104. If there is a problem with the confirmation from the security server (e.g., it is not received by thesecurity device 102 within a certain maximum time, or the confirmation fails, etc.), thesecurity device 102 may generate a warning signal to the user. For example, a light may flash (or come ON) or an alarm may sound if the challenge-response authentication fails. Additionally, a light (e.g., light emitting diode—LED) may glow to indicate thesecurity device 102 is active and/or the challenge-response is successfully authenticated. - Once the challenge-response is successfully authenticated, in one example the session key may be used by the
security device 102 to encrypt transmissions fromtelephone 104 to the security server. Once encryption begins, the security device intercepts DTMF tones coming from thetelephone 232 and transmits encrypted DTMF tones instead 234. In one example of such encryption of DTMF tones, DTMF tones from thetelephone 104 may be translated into different DTMF tones which are then sent to thesecurity server 110. In another configuration, DTMF tones may be converted to digital symbols by thesecurity device 102 which are then encrypted and sent to thesecurity server 110. Thesecurity device 102 also passes anything else (non-DTMF tones or signals) in both directions without modifying or encrypting it. Since one of the first things the user may be asked is to enter a PIN number associated with their account, the DTMF tones associated with this PIN number is encrypted and may form a second factor for authentication. Similarly, thesecurity server 110 can use the session key to decrypt DTMF tones received from the telephone via thesecurity device 236. - In an alternative configuration, the
security device 102 may be configured to recognize a particular telephone number(s) associated with aparticular issuing institution 108. When thesecurity device 102 recognizes that the telephone has dialed the particular telephone number, it may automatically switch to active mode and/or encrypt all DTMF tones from the telephone to thesecurity server 110. - The
security device 102 may continue to encrypt DTMF tones from thetelephone 104 until the call is terminated, at which point thesecurity device 102 switches back to inactive mode where it allows all DTMF tones to pass through unchanged. - Since the
security device 102 may have a small form factor and may be easily plugged into a telephone line. A user may have multiple security devices, associated with a single institution or account, to enable the user to securely access an account from different locations (e.g., home, office, etc.). A user may also have multiple security devices associated with various different institutions and/or accounts. These multiple security devices may be coupled in series along a telephone line. An inactive security device in a chain merely passes signals to the next security device in the chain. If a security device in the chain is activated by a security server, then it encrypts DTMF tones from the telephone. - In another example, a
security device 102 may serve multiple users from one telephone or location. In such case, the security server may identify that the security device is associated with a plurality of users or accounts. To distinguish between each user, the security server may send a voice prompt requesting the user to enter a PIN or other identifier that identifies a particular user or account. -
FIG. 3 illustrates a block diagram of one example of a tele-services security server that may enable securing DTMF tones during transmission. Thesecurity server 302 may include aprocessing circuit 304, such as a small and/or low-power microprocessor. Thesecurity server 302 may be include afirst communication module 306 used to couple thesecurity server 302 to a communication network. Anauthentication module 308 allows thesecurity server 302 to authenticate a security device with which it communicates. ADTMF decryption module 308 allows thesecurity server 302 to decrypt encrypted DTMF tones received from the security device. -
FIG. 4 illustrates a method operational on a security server for securing DTMF tones from a telephone device. A call is received from a DTMF-enabledtelephone 402. An activation signal is sent to a security device associated with the DTMF-enabledtelephone 404. The security device may be located near in proximity to the DTMF-enabled telephone. The security device is then authenticated by the security server. For instance, a challenge signal is sent to thesecurity device 406. The security server determines whether a response is received from asecurity device 408. If not, then it may be assumed that no security device is present on thetelephone line 410. Otherwise, the security server determines whether the received response can be successfully authenticated 412. If the received response cannot be successfully authenticated, then authentication fails 414. Otherwise, a session key is generated 416. A confirmation message authenticated by the session key is sent to the security device 418. The security server may receive encrypted DTMF tones from the security device 420. The security server may then decrypt the received DTMF tones to obtain information sent by the telephone 422. Such DTMF tones may represent confidential information (e.g., account number, password, PIN, etc.) that is protected from eavesdroppers during transmission by encrypting the original DTMF tones. -
FIG. 5 illustrates a block diagram of one example of a security device that may be configured to protect DTMF tones during transmission. Thesecurity device 502 may include aprocessing circuit 504, such as a small and/or low-power microprocessor. Thesecurity device 502 may be powered by a telephone line to which it is coupled. A firstcommunication interface A 506 may be used to couple thesecurity device 502 to a telephone. A secondcommunication interface B 508 may be used to couple thesecurity device 502 to a communication network. In a passive mode of operation, thesecurity device 502 lets all DTMF tones pass through unchanged. Theprocessing circuit 504 may be configured to listen for an activation signal (e.g., from a security server). ADTMF detector 510 may be configured to detect a DTMF activation signal to switch the security device to an active mode of operation. In active mode, thesecurity device 502 may be configured to respond to an authentication challenge from a security server. - In activation mode, the
DTMF detector 510 may also be configured to detect DTMF tones received via communication interface A 506 (e.g., coming from a telephone). If one or more DTMF tones are detected, the DTMF tones are encrypted or otherwise modified by aDTMF encryption module 512. The encrypted DTMF tones are then transmitted through thecommunication interface B 508 to a security server. -
FIG. 6 illustrates a method operational on a security device for securing DTMF tones from a telephone device. The security device is powered upon a call being initiated between a telephone and asecurity server 602. That is, since the communication line is energized when a call is made, the security device may draw its power from the communication line. In a passive mode of operation, the security device allows DTMF tones to pass through unchanged between a first communication interface and asecond communication interface 604. For example, the first communication interface may be coupled to the telephone and the second communication interface may be coupled to a second communication interface. The security device monitors transmissions to determine whether a (DTMF) activation signal is received from asecurity server 606. The security device continues operating in passive mode unless an activation signal is received. If a DTMF activation signal is received, the security device changes to an active mode ofoperation 608. The security device may also listen for other signals from thesecurity server 610. - The security device may receive a challenge from the
security server 612. The security device replies with a response to thechallenge 614. If the response is valid, the security device may receive a confirmation indicating that the security server has successfully authenticated thesecurity device 616. - Once activated and properly authenticated, the security device listens for DTMF tones from the telephone. If DTMF tones are received from the telephone (to which the security device is coupled) over the
first communication interface 618, the received DTMF tones are encrypted into different DTMF tones 620. In one example, DTMF tones from the telephone may be translated into different DTMF tones which are then sent to the security server. In another configuration, DTMF tones may be converted to digital symbols by thesecurity device 102 which are then encrypted and sent to the security server. The encrypted DTMF tones are then sent to the security server over thesecond communication interface 622. The security device continues to encrypt DTMF tones from the telephone until the call ends, at which time the security device returns to passive mode 624. Thesecurity device 102 prevents unencrypted DTMF tones from the telephone from passing to the security server. In one example, thesecurity device 102 may disconnect all inputs (.e.g., transmissions) from the telephone the network while active. In this case there may be some provision for either the customer or the security server to reconnect the inputs (e.g., allow transmissions from the security device 102), for example, if the customer needs to talk to a representative. -
FIG. 7 is a block diagram of a mobile communication device configured to authenticate itself with a security server. Themobile communication device 702 includes aprocessing circuit 704 coupled to acommunication module 706 and auser input interface 708. Thecommunication module 706 enables themobile communication device 702 to communicate over awireless communication network 710. Theprocessing circuit 704 may be configured to authenticate itself with one or more security servers during a call. For example, the mobile communication device may be configured with an authentication key and/or a user identifier that allows a bank or financial institution to authenticate the user of themobile communication device 702. The authentication key and/or user identifier may be provided beforehand (e.g., during setup or configuration) by the bank or financial institution. Additionally, theprocessing circuit 704 may also request a PIN, password, and/or other input from a user to complete an authentication procedure. -
FIG. 8 is a flow diagram illustrating a method for authenticating amobile communication device 802 to a tele-services station 804 over a communication network. Themobile communication device 802 may be a mobile phone and the tele-services station 804 may include a security server associated with a banking or financial institution. Themobile communication device 802 and tele-services station 804 may each have the same authentication key. - The mobile communication device may initiate a call to an
issuing institution 806 associated with the tele-services station. The issuing institution may be a bank or financial institution, for example. The tele-services station sends arandom authentication challenge 808 to the mobile communication device. The mobile communication device then generates a response based on the random challenge and theauthentication key 809 and sends the response and (possibly) a user identifier to the tele-services station 810. The tele-services station then verifies whether the response from the mobile communication device is correct 812. This may be done by the tele-services station calculating a verification value based on its authentication key and the random authentication challenge and comparing it to the response received from the mobile communication device. If the response is successfully authenticated, anauthentication confirmation 814 may be sent to the mobile communication device. The mobile communication device may request sensitive information (e.g., bank account records, etc.) from the tele-services station 816. If the mobile communication device is successfully authenticated, the tele-services station then provides the requested sensitive information to themobile communication device 818. In this manner, a mobile communication device (e.g., mobile phone) may be authenticated by a tele-services station to secure the transmission of sensitive information during a call. - One type of threat addressed by the security device and/or methods described herein is an eavesdropping attack. In such an attack, an attacker may attach a recorder to the telephone wires to listen to the DTMF tones associated with numbers entered by a user on the telephone. These DTMF tones may identify the bank being called, the user's customer and/or account numbers, private identification number (PIN), social security number, among other private and/or confidential information. The attacker may then use this information to perform fraudulent transactions from the user's account. The security device described herein defeats such an attack by encrypting the DTMF tones and providing further authentication. Since most institutions (e.g., banks, etc.) can use two factors for authentication (e.g., possession of the security device and knowledge of a PIN), it would rarely have to ask for other sensitive information. Simply intercepting the encrypted DTMF tones reveals nothing about the corresponding account numbers, PINs, etc.
- An attacker, to be successful would have to interfere with the progress of the call by, for example, preventing the call from going to the intended receiver (e.g., intended bank), pretend to the intending receiver, asking the caller to enter all sensitive information. To defeat such attack, the security device may turn On a security indicator (e.g., light) after a “start encrypting” signal (i.e., authenticated confirmation) is received from the receiving institution. The caller (e.g., customer) merely checks the security indicator to make sure that the security device is encrypting its tones before entering any sensitive or confidential information.
- Another type of attack may be a session hijacking attack where the attacker waits until the user has established communications with the intended receiver (e.g., bank), thus activating the security indicator, and then takes over the call. The attacker may then pretend that something went wrong with the call and ask the user to verbally provide sensitive information. Alternatively, the attacker may ask the user to enter specific responses (that are already known to the attacker) to try to establish a tone-by-tone encryption pattern, and then use the tone-by-tone conversions to encrypt their own response to the bank. To address this type of attack, the tone-by-tone encryption may be altered or modified on a pseudorandom basis, rotational basis, and/or other basis that inhibits discovery of a number-to-tone relationship.
- The security device may be configured to perform message authentication and session key derivation by using, for example, a Message Authentication Code (MAC) function. For example, a security server may authenticate a caller's security device by splitting the output from a single invocation of MACK (Challenge). For instance, a typical MAC function may return 128 bits of output, which may be represented as 32 DTMF tones. After the security server and security device have calculated the MAC, the security server may send the first 16 DTMF tones (representing part of the MAC) to the security device, and, in response, the security device sends back the other 16 DTMF tones (representing the other part of the MAC). In this manner, both the security server and security device may prove to each other that they are authorized or legitimate.
- Similarly, a session key may be calculated by each side such that Session Key=MACK (Authentication Key∥Challenge)), where the authentication key is pre-loaded into the security device. In order to prevent the session key from being discloses when the security device sends its response to the security server, the response may include additional information. For example, the response may be Response=MACK (“extra information string”∥Authentication Key∥Challenge).
- Another feature provides an efficient cryptographic method that safeguards the security of encrypted symbols. Each plaintext symbol is encrypted by using a separate pseudorandomly selected translation table. Rather than pre-storing every possible permutation of symbols as translation tables, the translation tables may be efficiently generated on-the-fly based on a pseudorandom number and a symbol shuffling algorithm. A receiving device may similarly generate reverse translation tables on-the-fly to decrypt received encrypted symbols.
- This cryptographic method may be implemented in various configurations. For example, a telephone security device may convert DTMF tones into digital values, encrypt the digital values by using a pseudorandomly selected translation table for each digital value. The encrypted digital values may then be transmitted to a security server (e.g., tele-services station), either in digital form or as DTMF tones associated with the encrypted digital values.
- Because the DTMF tones are represented by (or associated with) digital symbols, they may be secured by, for example, stream encryption. In various examples, stream encryption may use a keystream generated by a block cipher, such as Advanced Encryption Standard (AES) in counter mode, Output Feedback (OFB), or Ciphertext Feedback (CFB) modes. For example, the MAC function may be implemented with a block cipher in CBC-MAC mode. This may be advantageous if, for example, the security device had AES implemented in hardware.
- If these functions are implemented in software, it may be preferable to use a dedicated stream cipher such as Non-linear SOBER (NLS). A stream cipher may also be used as a MAC function, albeit with low efficiency, by using the data to be encrypted as a key or nonce input, then generating an output keystream. Since the length of the keystream generated may be as long as desired, both the Response and Session Key may be generated in a single call.
- Conventional stream encryption (whether using a true stream cipher or a block cipher in streaming mode) usually proceeds by generating a keystream of pseudo-random numbers and combining them with the plaintext (i.e., digital representations of the DTMF tones) to form an encrypted output or ciphertext. Normally, the keystream and plaintext are combined using an Exclusive-OR (XOR) operation, because it is self-inversive. However, a conventional DTMF-enabled telephone has ten or more keys, each key having a unique tone. Thus, XOR operations cannot be used to encrypt said DTMF tones with a keystream. Instead, the DTMF tones associated with telephone keys may be converted into (or associated with) different digital symbols that may be added to pseudorandom numbers/symbols obtained from the keystream to generate an encrypted symbol or ciphertext. But an active attacker, knowing the position of a particular digit may be able to change that number by subtracting from the transmitted ciphertext number. For instance, an attacker knowing that for a particular DTMF tone the input was a “1” but the output was a “7”, may determine that the pseudorandom number generated for this tone was a “6” and can then correctly encrypt any character of their choosing for that particular digit position.
- One feature provides for using a keystream to obtain or generate a pseudorandomly selected or generated translation table for each plaintext symbol to be encrypted. Instead of taking a pseudorandom number from the keystream and changing the plaintext the same way (e.g., by adding modulo n), one feature provides for translating each plaintext symbol in an input stream by pseudorandomly selecting one of a plurality of translation tables. Translation tables may provide different possible permutations of a set of numbers or symbols. This is herein referred to as a combinational combiner.
-
FIG. 9 illustrates a block diagram of a combinational combiner for securing plaintext symbols by pseudorandomly selecting a translation table for each symbol to be encrypted. Acipher generator 902 is used to generate akeystream Si 904 of pseudorandom numbers/symbols. The pseudorandom numbers ofkeystream 904 are used to generate or obtain a different translation table 906, from a plurality of possible translation tables, for each plaintextinput symbol Pi 908 in an input stream. By translating theplaintext input symbol 908 into a pseudorandom output, an encryptedoutput symbol Ci 910 is generated. - Such translation operation defines a permutation of the
plaintext input symbols 908 under the control of thekeystream 904. The translation table 906 may be represented as a vector of n elements and the translation of aplaintext input symbol 908 may be done by looking up the pth element of the translation table 906. Given an encrypted output symbol Ci, the reverse translation may be done either by creating a table of the inverse permutation, or by searching the table for the entry containing symbol Ci, and returning its index as p. - Generally speaking, for a set of n plaintext symbols, there are n! (factorial) possible permutations. A permutation may be chosen at random from the set of all such permutations, and used as the translation table 906 to translate the plaintext
input symbol Pi 908 into the encrypted output symbol Ci 910 (also referred to as ciphertext). For each plaintext symbol in an input stream, a pseudorandomly selected translation table is selected. Then an attacker who sees theencrypted symbol Ci 910 and knows that it corresponds to a particular plaintext symbol still knows nothing about the correspondence between other plaintext symbols and corresponding encrypted symbols. That is, all the information that an attacker can ascertain is that changing the encrypted symbol will yield a different plaintext symbol from the one they know, but not which other plaintext symbol that will be. Thus, the pseudorandomly selected translation tables do not reveal a relationship between the plaintext input symbols and encrypted output symbols (ciphertext) and an attacker cannot exploit the knowledge of any single plaintext symbol to ciphertext symbol translation. - In one example for secure telephone banking, each DTMF tone received by a security device from a telephone is converted to (or associated with) a digital plaintext symbol. The plaintext symbol is then translated by a translation table (obtained based on one or more pseudorandom numbers from the keystream) to obtain an encrypted symbol. The encrypted symbol is then transmitted to a security server (either in digital form or as a DTMF tone corresponding to the encrypted symbol) where it is decrypted by a reverse translation table. The reverse translation table may be generated or obtained by having synchronized cipher generators at both the security device and security server that generate the same keystream. In one example, the cipher generators may be synchronized by using the same seed (e.g., session key, etc.).
- In one example, a plurality of translation tables may be pre-generated and/or stored by the security device and/or security server. Rather than generating a new translation table (i.e., a permutation of the input symbols) on-the-fly, the translation tables may be pre-generated and stored. The pseudorandom values/symbols of the
keystream 904 may be used to select one of the pre-generated translation tables for each plaintext symbol to be encrypted. The pre-generated translation tables may define every permutation or a subset of permutations for a set of n plaintext symbols. - In another example, the translation table used may be generated on-the-fly by using the keystream and pseudorandomly shuffling symbols to form the translation table. Note that these solutions are equivalent, in the sense that it there will be n! tables, and the amount of keystream needed to select one of these tables is the same as the amount needed to create such a table by shuffling.
-
FIG. 10 illustrates an example of a symbol-to-symbol translation table 1002 for translating a plaintext symbol into an encrypted symbol. In this example, sixteen (16) plaintext symbols translate to a different encrypted symbol. The binary representation is shown in this example to merely illustrate that the sixteen plaintext symbols may be encrypted using four-bit encrypted symbols. In other examples, were a greater or fewer number of plaintext symbols are to be encrypted, a different number of bits may be used for each symbol. For example, for up to two hundred fifty-six (256) plaintext symbols, eight (8) bits may be extracted from the keystream to generate each encrypted symbol. - Another feature provides for a one-to-one correspondence between plaintext symbols and encrypted symbols within a particular translation table. That is, no two plaintext symbols convert to the same encrypted symbol within a particular translation table. This allows a decrypting device to accurately decrypt an encrypted symbol into its original plaintext symbol.
- At a decrypting device, a symbol-to-symbol reverse translation table may be generated to reverse the symbol-to-symbol translation of an encryption device and thereby decrypt received encrypted symbols.
-
FIG. 11 illustrates one example of howplaintext symbols 1102 may be encrypted using different translation tables 1104 to obtainencrypted symbols 1106. For each plaintext symbol P0, P1, P2, P3, . . . Pi different translation tables 1104, each with a different permutation of symbols, is used to obtain encrypted symbols C0, C1, C2, C3, . . . Ci. - For a small number of symbols in a set, it may be possible to list (i.e., pre-generate) all the permutations of such symbols, and use an index (from the keystream) to select a translation table from the permutations. For example, for a set of twelve (12) possible symbols, the number of possible permutations generated is 12! or 479,001,600. To adequately select a permutation, a thirty-two (32) bit keystream may suffice to choose one permutation as a translation table without bias. However, this approach becomes inefficient as the number of symbols in a set increase. For instance, for a set of 256 possible symbols, the number of possible permutations generated is 256! or 8.5×10506 which would take in excess of 1684 bits from the pseudorandom keystream to select one of the permutations as a translation table.
-
FIG. 12 illustrates an algorithm for selecting a translation table from a plurality of possible permutations for a set of n symbols, where n is a positive integer. In this example, a cipher generator may be used that provides pseudorandom keystream values k bits long (e.g., 8 bits, 32 bits, etc.) uniformly distributed in the range of 0 and 2k−1. The keystream is used to obtain a pseudorandom number w 1202. Since n! may not divide evenly into 2k, the pseudorandom number w cannot be used directly without introducing biases. For this reason, a maximum threshold Pmax is defined as the largest multiple of n! that is less than 2k. If the pseudorandom number w is less than this maximum threshold Pmax, then it can be used without introducing a bias. Otherwise, if the pseudorandom number w is greater than or equal to this maximum threshold Pmax, it is discarded and a new pseudorandom number w is selected until a pseudorandom number w is obtained that is less than themaximum threshold Pmax 1204. - The pseudorandom number w is divided modulo n! so that w=w modulo (n!) 1206. Thus, an unbiased pseudorandom number w is obtained in the range of 0 to n! that can be used to obtain a permutation (i.e., translation table).
- Rather than storing pre-generated permutations and selecting one such permutation by using the pseudorandom number w, one feature provides for generating a permutation by shuffling symbols of a base permutation to generate a translation table. A base permutation vector P is initialized with all values of a symbol set such that P=[0, 1, 2, . . . n−1] 1208. A
symbol shuffling algorithm 1210 is then used to shuffle the symbols in the base permutation vector P using pseudorandom number w. - One example of a
symbol shuffling algorithm 1210 initializes a counter i to n−1, where n is the number of symbols in a set. While counter i>=0, pseudorandom number w=w/(i+1), a variable j=w modulo (i+1) and the values of permutation vector P are shuffled such that Pt[i]=Pt-1[j] and Pt[j]=Pt-1[i]. Note that other symbol shuffling algorithms may be used without departing from the present disclosed feature. - Once the permutation vector P has been shuffled, it may be provided 1212 to any application that can use it, for example, as a translation table to encrypt an input symbol stream.
-
FIG. 13 is a block diagram illustrating another encryption scheme that may achieve symbol authentication by using multiple translation tables to encrypt a single plaintext symbol. That is, a plaintextinput symbol Pi 1302 is encrypted by atranslation table A1 1304, that may be generated or selected based on a first keystream Si′ 1306 obtained from afirst cipher generator 1308, to obtain a first encrypted output symbol Ci′ 1310. The first encrypted output symbol Ci′ 1310 then serves as input to a secondtranslation table A2 1312, that may be generated or selected based on asecond keystream Si 1314 obtained from asecond cipher generator 1316, used to obtain a second encryptedoutput symbol Ci 1318. In this manner, redundancy may be used to authenticate the first encrypted output symbol Ci′ 1310. That is, by using symbols Ci′ 1310 andCi 1318 together,symbol Ci 1318 authenticates Ci′ 1310. Thus, if an attacker succeed in changing symbol Ci′ 1310, for example, it would not be properly authenticated bysymbol Ci 1318. -
FIG. 14 illustrates how multiple translation tables 1404 and 1406 may be used to encrypt eachplaintext symbol 1402 to obtain a corresponding pair ofencrypted symbols 1408. It should be noted that the translation tables 1404 and 1406 may be pseudorandomly selected and/or generated to encrypt each plaintext symbol Pi into a pair of symbols Ci′/Ci. -
FIG. 15 illustrates an example of how two translation tables may be employed to translate or encrypt a plaintext symbol Pn into a pair of symbols Cn′ and Cn. For example, for a first plaintext symbol Pn=‘5’, a firsttranslation table A1 1502 provides a first output symbol Cn′=8 (i.e., ‘5’ translates to ‘8’). The first output symbol ‘8’ may then serve as input to a secondtranslation table A2 1504 to obtain a second output symbol Cn=7 (i.e., ‘8’ translates to ‘7’). Because the second output symbol Cn was generated based on the first output symbol Cn′, the redundant symbols Cn and Cn′ may be used for authentication. If either or both symbols are changed by an attacker during transmission, then authentication fails. For example, if Cn′ is modified from ‘8’ to ‘4’ by an attacker, a recipient who receives symbols Cn′ and Cn=‘47’ would discover that Cn=‘7’ should mean that Cn′=‘8’ not ‘4’. - A second plaintext symbol P(n+1) may have completely different translation tables even where the first plaintext symbol and second plaintext symbol are the same. For example, for a second plaintext symbol P(n+1)=‘5’, a first
translation table B1 1506 provides a third output symbol C(n+1)′=‘*’ (i.e., ‘5’ translates to ‘*’). The third output symbol C(n+1)′=‘*’ may then serve as input to a secondtranslation table B2 1508 to obtain a fourth output symbol C(n+1)=‘1’ (i.e., ‘*’ translates to ‘1’). As before, the redundant use of symbol pair C(n+/)′ and C(n+1) may serve as a form of authentication. -
FIG. 16 illustrates a method for performing plaintext encryption according to one example. A plurality of input symbols defined within a set of n symbols is obtained 1602. A pseudorandomly selected translation table, from a plurality of translation tables defining different symbol-to-symbol permutations, is obtained for each of the input symbols to be encrypted 1604. The input symbols are translated into corresponding output symbols using their corresponding translation table for each of the input symbols to individually encrypt eachinput symbol 1606. The output symbols may then be transmitted to adecrypting device 1608. - In one example of such method a first plaintext symbol is obtained, wherein the first plaintext symbol may be one of n symbols in a set. A first translation table is obtained that translates n symbols into a different permutation of the n symbols. The first translation table may be pseudorandomly generated by using a pseudorandom number to shuffle the n symbols. The first plaintext symbol is then translated into a first output symbol using the first translation table.
- A second translation table may be obtained that translates n symbols into a different permutation of the n symbols than the first translation table. The first output symbol is translated into a second output symbol using the second translation table. An encrypted symbol is then transmitted based on the first and/or second output symbols.
-
FIG. 17 is a block diagram illustrating how encrypted symbols Ci may be decrypted by using one or more reverse translation tables to obtain a single plaintext symbol. That is, an encryptedinput symbol Ci 1702 may be decrypted by a first reversetranslation table A1 1704, that may be generated or selected based on a first keystream Si′ 1706 obtained from afirst cipher generator 1708, to obtain a first decrypted output symbol Ci′ 1710. The first decrypted output symbol Ci′ 1710 then serves as input to a second reversetranslation table A2 1712, that may be generated or selected based on asecond keystream Si 1714 obtained from asecond cipher generator 1716, used to obtain a plaintextoutput symbol Pi 1718. - In alternative configurations, where Ci=(x,y) for example, encrypted symbols x and y may be decrypted in the reverse order in which they were encrypted to obtain the plaintext output symbol Pi.
-
FIG. 18 illustrates a method for performing symbol decryption according to one example. A plurality of (encrypted) input symbols defined within a set of n symbols is obtained 1802. A pseudorandomly selected reverse translation table is obtained, from a plurality of reverse translation tables defining different symbol-to-symbol permutations, for each of the input symbols to be decrypted 1804. Translate the input symbols into corresponding output symbols using their corresponding reverse translation table for each of the input symbols to individually decrypt eachinput symbol 1806. - In one example of such method a first encrypted symbol (input symbol) is obtained, wherein the first encrypted symbol is one of n symbols in a set. A first reverse translation table is also obtained that translates n symbols into a different permutation of the n symbols. The first reverse translation table may be pseudorandomly generated by using a pseudorandom number to shuffle the n symbols. The first encrypted symbol is translated into a first output symbol using the first reverse translation table. A second reverse translation table is obtained that translates n symbols into a different permutation of the n symbols than the first translation table. The first output symbol is translated into a second output symbol using the second reverse translation table. A plaintext symbol may then be obtained based on the first and/or second output symbols.
-
FIG. 19 is a block diagram illustrating an encryption module according to one example. Theencryption module 1902 may be include aprocessing circuit 1904 configured to provide a seed to akeystream generator 1906. Thekeystream generator 1906 generates a keystream of pseudorandom numbers or symbols which are sent to theprocessing circuit 1904. Aninput interface 1908 coupled to theprocessing circuit 1904 may receive a plaintext symbol stream. In order to encrypt the plaintext symbol stream, theprocessing circuit 1904 may be configured to use a pseudorandom number obtained from the keystream to obtain a translation table from atranslation table generator 1910. Thetranslation table generator 1910 may be configured to use the pseudorandom number to, for example, shuffle and/or combine symbols of a base table in a pseudorandom, non-biased, manner to provide a translation table. Theprocessing circuit 1904 then uses the translation table once to translate a first plaintext symbol into a first encrypted symbol of an encrypted symbol stream. The encrypted symbol stream may be transmitted through anoutput interface 1912 coupled to theprocessing circuit 1904. For each plaintext symbol in the plaintext symbol stream, a different translation table may be generated and used to translate that symbol. -
FIG. 20 is a block diagram illustrating a decryption module according to one example. Thedecryption module 2002 may be include aprocessing circuit 2004 configured to provide a seed to akeystream generator 2006. Thekeystream generator 2006 generates a keystream of pseudorandom numbers or symbols which are sent to theprocessing circuit 2004. Aninput interface 2008 coupled to theprocessing circuit 2004 may receive an encrypted symbol stream. In order to decrypt the encrypted symbol stream, theprocessing circuit 2004 may be configured to use a pseudorandom number obtained from the keystream to obtain a translation table from a reversetranslation table generator 2010. The reversetranslation table generator 2010 may be configured to use the pseudorandom number to, for example, shuffle and/or combine symbols of a base table in a pseudorandom, non-biased, manner to provide a translation table. Theprocessing circuit 2004 then uses the reverse translation table once to translate a first encrypted symbol into a first plaintext symbol of a plaintext symbol stream. The plaintext symbol stream may be transmitted through anoutput interface 2012 coupled to theprocessing circuit 2004. - In order for an
encryption module 1902 anddecryption module 2002 to properly encrypt and decrypt a symbol, respectively, they may have the same keystream generator and have complementary translation table generators. In order to synchronize thekeystream generators keystream generators - While some of the examples described herein refer to encryption of DTMF tones, the encryption methods described herein may be implemented with many other types of communication systems to secure transmitted information.
- One or more of the components, steps, and/or functions illustrated in
FIGS. 1-18 may be rearranged and/or combined into a single component, step, and/or function or in separated into several components, steps, and/or functions without departing from the invention. Additional elements, components, steps, and/or functions may also be added without departing from the invention. The apparatus, devices, and/or components illustrated inFIGS. 1 , 2, 3, 5, 7, 9, 13, 17, 19 and/or 20 may be configured to perform one or more of the methods, features, or steps described inFIGS. 2 , 4, 6, 8, 10, 11, 12, 14, 15, 16 and/or 18. - Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the examples disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system.
- It should be noted that the foregoing configurations are merely examples and are not to be construed as limiting the invention. The description of these examples is intended to be illustrative, and not to limit the scope of the claims. As such, the present teachings can be readily applied to other types of apparatuses and many alternatives, modifications, and variations will be apparent to those skilled in the art.
Claims (42)
1. A method operational on a small form-factor telephone security device, comprising:
receiving dual tone multi-frequency (DTMF) tones from a telephone over a first communication interface;
encrypting the DTMF tones received from the telephone; and
sending the encrypted DTMF tones to a security server over a second communication interface.
2. The method of claim 1 further comprising:
receiving an activation signal from the security device; and
placing the security device into an active mode of operation once the activation signal is received, wherein active mode the security device is configured to
encrypt DTMF tones received from the telephone are, and
allow voice signals to pass through the security device unchanged.
3. The method of claim 1 further comprising:
passing DTMF tones from the telephone through unchanged between the first communication interface to a second communication interface in a passive mode of operation.
4. The method of claim 1 further comprising:
powering the security device upon a call being initiated between the telephone and the security server.
5. The method of claim 1 further comprising:
receiving an authentication challenge from the security server;
replying to the authentication challenge with an authentication response; and
receiving a confirmation indicating that the security server has successfully authenticated the security device.
6. The method of claim 1 further comprising:
converting a first DTMF tone received over the first communication interface into a first symbol;
pseudorandomly selecting a translation table from a plurality of translation tables;
translating the first symbol into a second symbol using the selected translation table;
converting the second symbol into a second DTMF tone; and
sending the second DTMF tone as the encrypted DTMF tone.
7. The method of claim 6 further comprising:
obtaining a pseudorandom number from a keystream generated at the security device; and
shuffling symbols in a base translation table based on the pseudorandom number to obtain the selected translation table.
8. The method of claim 6 further comprising:
converting DTMF tones received over the first communication interface into associated symbols within a set of symbols;
pseudorandomly selecting an associated translation table from a plurality of translation tables for each DTMF tone received; and
translating the associated symbol for each DTMF tone received into an encrypted symbol based on its associated translation table.
9. The method of claim 1 wherein the security device is positioned proximate the telephone and coupled in series between the telephone and the security server.
10. The method of claim 1 further comprising:
detecting the telephone number called by the telephone;
encrypting DTMF tones received from the telephone if the telephone number is recognized as an associated secure institution; and
passing DTMF tones received from the telephone to the security server unchanged otherwise.
11. A small form-factor telephone security device, comprising:
means for receiving dual tone multi-frequency (DTMF) tones from a telephone over a first communication interface;
means for encrypting the DTMF tones received from the telephone; and
means for sending the encrypted DTMF tones to a security server over a second communication interface.
12. The device of claim 11 further comprising:
means for receiving an activation signal from the security device; and
means for placing the security device into an active mode of operation once the activation signal is received.
13. The method of claim 11 further comprising:
means for passing DTMF tones through unchanged between the first communication interface to a second communication interface in a passive mode of operation.
14. The device of claim 11 further comprising:
means for converting a first DTMF tone received over the first communication interface into a first symbol;
means for pseudorandomly selecting a translation table from a plurality of translation tables;
means for translating the first symbol into a second symbol using the selected translation table;
means for converting the second symbol into a second DTMF tone; and
means for sending the second DTMF tone as the encrypted DTMF tone.
15. The device of claim 14 further comprising:
means for obtaining a pseudorandom number from a keystream generated at the security device; and
means for shuffling symbols in a base translation table based on the pseudorandom number to obtain the selected translation table.
16. A small form-factor telephone security device, comprising:
a first communication interface for communicating with a telephone;
a second communication interface for communicating with a security server;
a processing circuit coupled between the first communication interface and the second communication interface, the processing circuit configured to:
receive dual tone multi-frequency (DTMF) tones from the telephone;
encrypt the received DTMF tones; and
send the encrypted DTMF tones to the security server.
17. The device of claim 16 wherein the processing circuit is further configured to
receive an activation signal from the security device; and
place the security device into an active mode of operation once the activation signal is received.
18. The device of claim 16 the processing circuit is further configured to
pass DTMF tones through unchanged between the first communication interface to a second communication interface in a passive mode of operation.
19. The device of claim 16 further comprising:
a DTMF tone detector coupled to the processing circuit to detect when a DTMF tone is received over the first communication interface; and
a DTMF encryption module coupled to the processing circuit to assist the processing circuit in converting a received DTMF tone into an encrypted DTMF tone.
20. The device of claim 16 wherein the processing circuit is further configured to
convert a first DTMF tone received over the first communication interface into a first symbol;
pseudorandomly select a translation table from a plurality of translation tables;
translate the first symbol into a second symbol by using the selected translation table;
convert the second symbol into a second DTMF tone; and
send the second DTMF tone as the encrypted DTMF tone.
21. The device of claim 20 wherein the processing circuit is further configured to
obtain a pseudorandom number from a keystream generated at the security device; and
shuffle symbols in a base translation table based on the pseudorandom number to obtain the selected translation table.
22. A machine-readable medium having one or more instructions operational on a security device for securing information transmitted by a telephone, which when executed by a processor causes the processor to:
receive dual tone multi-frequency (DTMF) tones from the telephone over a first communication interface;
encrypt the DTMF tones received from the telephone; and
sending the encrypted DTMF tones over a second communication interface.
23. The machine-readable medium of claim 22 having one or more instructions which when executed by a processor causes the processor to further:
place the security device into an active mode of operation if an activation signal is received, wherein activation mode received DTMF tones are converted to encrypted DTMF tones; and
pass DTMF tones through unchanged between the first communication interface to a second communication interface in a passive mode of operation.
24. The machine-readable medium of claim 22 having one or more instructions which when executed by a processor causes the processor to further:
authenticate the security device with a receiving device coupled to the second communication interface.
25. The machine-readable medium of claim 22 having one or more instructions which when executed by a processor causes the processor to further:
generate a pseudorandom number;
select a translation table from a plurality of translation tables based on the pseudorandom number; and
translate a first DTMF tone received from the telephone into a second DTMF tone based on the selected translation table.
26. The machine-readable medium of claim 25 having one or more instructions which when executed by a processor causes the processor to further:
generate other pseudorandom numbers for subsequent DTMF tones received from the telephone;
select a translation table from the plurality of translation tables for each subsequent DTMF tone received based on the other pseudorandom numbers; and
translate each DTMF tone received from the telephone into a other DTMF tones based on their selected translation tables.
27. A method operational on a telephone security server, comprising:
receiving a call from a dual tone multi-frequency (DTMF)-enabled telephone;
sending an activation signal to a security device associated with the DTMF-enabled telephone to activate encryption of DTMF tones from the telephone;
receiving encrypted DTMF tones from the security device; and
decrypting the received DTMF tones to obtain information sent by the telephone.
28. The method of claim 27 wherein the security device is positioned proximate the telephone and coupled in series between the telephone and the security server.
29. The method of claim 27 further comprising:
sending an authentication challenge to the security device;
receiving an authentication response from the security device; and
sending a confirmation to the security device if the authentication response is valid for the authentication challenge.
30. The method of claim 27 wherein decrypting a received DTMF tone results in obtaining part of a number entered by a user of the telephone.
31. The method of claim 27 further comprising:
synchronizing a symbol encryption algorithm between the security server and the security device.
32. The method of claim 27 wherein decrypting the received DTMF tones includes
converting a first DTMF tone into a first symbol;
translating the first symbol into a second symbol using a pseudorandomly selected symbol-to-symbol reverse translation table; and
converting the second symbol into a second DTMF tone.
33. A telephone security server, comprising:
means for receiving a call from a dual tone multi-frequency (DTMF)-enabled telephone;
means for sending an activation signal to a security device associated with the DTMF-enabled telephone to activate encryption of DTMF tones from the telephone;
means for receiving encrypted DTMF tones from the security device; and
means for decrypting the received DTMF tones to obtain information sent by the telephone.
34. The telephone security server of claim 33 further comprising:
means for sending an authentication challenge to the security device;
means for receiving an authentication response from the security device; and
means for sending a confirmation to the security device if the authentication response is valid for the authentication challenge.
35. The telephone security server of claim 33 further comprising:
means for converting a first DTMF tone into a first symbol;
means for translating the first symbol into a second symbol using a pseudorandomly selected symbol-to-symbol reverse translation table; and
means for converting the second symbol into a second DTMF tone.
36. A telephone security server, comprising:
a communication module for receiving telephone calls from dual tone multi-frequency (DTMF) enabled telephones;
a DTMF decryption module for decrypting encrypted DTMF tones; and
a processing circuit coupled to the communication module and the DTMF decryption module, the processing circuit configured to:
receive encrypted DTMF tones from a security device associated with a DTMF-enabled telephone; and
decrypt the received DTMF tones to obtain information sent by the telephone.
37. The server of claim 36 wherein the processing circuit is further configured to
receive a call from the DTMF-enabled telephone; and
send an activation signal to the security device associated with the DTMF-enabled telephone to activate encryption of DTMF tones from the telephone.
38. The server of claim 36 further comprising:
an authentication module to authenticate the security device.
39. The server of claim 36 wherein the processing circuit is further configured to
convert a first DTMF tone into a first symbol;
translate the first symbol into a second symbol using a pseudorandomly selected symbol-to-symbol reverse translation table; and
convert the second symbol into a second DTMF tone.
40. A machine-readable medium having one or more instructions operational on a telephone security server for securing information transmitted from a telephone as dual tone multi-frequency (DTMF) tones, which when executed by a processor causes the processor to:
authenticate a security device associated with the telephone;
receive encrypted DTMF tones from the security device; and
decrypt the received DTMF tones to obtain information sent by the telephone.
41. The machine-readable medium of claim 40 having one or more instructions which when executed by a processor causes the processor to further:
receive a call from the telephone; and
send an activation signal to a security device associated with the telephone to activate encryption of DTMF tones from the telephone.
42. The machine-readable medium of claim 40 having one or more instructions which when executed by a processor causes the processor to further:
convert the encrypted DTMF tones into digital symbols;
obtain a symbol-to-symbol reverse translation table for each of the digital symbols; and
translate each digital symbol using the reverse translation table.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/025,533 US20140016780A1 (en) | 2006-12-15 | 2013-09-12 | Method and device for secure phone banking |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/611,825 US8571188B2 (en) | 2006-12-15 | 2006-12-15 | Method and device for secure phone banking |
US14/025,533 US20140016780A1 (en) | 2006-12-15 | 2013-09-12 | Method and device for secure phone banking |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/611,825 Division US8571188B2 (en) | 2006-12-15 | 2006-12-15 | Method and device for secure phone banking |
Publications (1)
Publication Number | Publication Date |
---|---|
US20140016780A1 true US20140016780A1 (en) | 2014-01-16 |
Family
ID=39415221
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/611,825 Expired - Fee Related US8571188B2 (en) | 2006-12-15 | 2006-12-15 | Method and device for secure phone banking |
US14/025,533 Abandoned US20140016780A1 (en) | 2006-12-15 | 2013-09-12 | Method and device for secure phone banking |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/611,825 Expired - Fee Related US8571188B2 (en) | 2006-12-15 | 2006-12-15 | Method and device for secure phone banking |
Country Status (7)
Country | Link |
---|---|
US (2) | US8571188B2 (en) |
EP (1) | EP2100437A2 (en) |
JP (3) | JP2010514272A (en) |
KR (1) | KR101168107B1 (en) |
CN (2) | CN102572122A (en) |
TW (1) | TW200838256A (en) |
WO (1) | WO2008076776A2 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130145439A1 (en) * | 2011-12-06 | 2013-06-06 | Samsung Electronics Co. Ltd. | Apparatus and method for secure storage of information on a mobile terminal |
US20130272518A1 (en) * | 2012-04-11 | 2013-10-17 | Blucrypt Technologies Inc. | Speech encryption method and device, speech decryption method and device |
Families Citing this family (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8290162B2 (en) * | 2006-12-15 | 2012-10-16 | Qualcomm Incorporated | Combinational combiner cryptographic method and apparatus |
KR20090006370A (en) * | 2007-07-11 | 2009-01-15 | 삼성전자주식회사 | Apparatus and method for automatically processing automatic response system |
GB0808448D0 (en) | 2008-05-09 | 2008-06-18 | Elync Ltd | Secure communication system and method of operating the same |
NZ592063A (en) * | 2008-12-24 | 2014-02-28 | Commw Of Australia | Digital video guard |
US8539241B2 (en) * | 2009-03-25 | 2013-09-17 | Pacid Technologies, Llc | Method and system for securing communication |
TW201040781A (en) | 2009-03-25 | 2010-11-16 | Pacid Technologies Llc | System and method for protecting a secrets file |
CN201846343U (en) * | 2010-09-25 | 2011-05-25 | 北京天地融科技有限公司 | Electronic signature tool communicating with mobile phone through speech mode |
KR101581853B1 (en) * | 2010-12-23 | 2016-01-04 | 한국전자통신연구원 | Rfid security reader and method for security thereof |
US10491413B2 (en) * | 2011-09-20 | 2019-11-26 | Jonathan A. Clark | Secure processing of confidential information on a network |
US8479021B2 (en) | 2011-09-29 | 2013-07-02 | Pacid Technologies, Llc | Secure island computing system and method |
JP2014098773A (en) * | 2012-11-13 | 2014-05-29 | Forecast Communications Inc | Encryption system, decryption server, encryption method, and decryption program |
US9232394B2 (en) * | 2013-01-02 | 2016-01-05 | International Business Machines Corporation | Authentication of phone caller identity |
CN104038468B (en) * | 2013-03-06 | 2017-09-15 | 中国移动通信集团公司 | A kind of document transmission method, system and device |
WO2015070800A1 (en) * | 2013-11-15 | 2015-05-21 | 深圳光启创新技术有限公司 | Method and device for transmitting and receiving instruction information |
JP6247964B2 (en) * | 2014-03-12 | 2017-12-13 | 日立オムロンターミナルソリューションズ株式会社 | Guidance phone, automatic cash transaction equipment |
GB2535081B (en) | 2014-04-03 | 2018-02-28 | Barclays Bank Plc | User authentication |
EP3176779B1 (en) * | 2015-12-02 | 2019-01-02 | Tata Consultancy Services Limited | Systems and methods for sensitive audio zone rearrangement |
US10044710B2 (en) | 2016-02-22 | 2018-08-07 | Bpip Limited Liability Company | Device and method for validating a user using an intelligent voice print |
GB2569772B (en) | 2017-10-11 | 2023-01-18 | Pci Pal U K Ltd | Processing sensitive information over VOIP |
US11521705B2 (en) * | 2018-09-18 | 2022-12-06 | International Business Machines Corporation | Random sequence generation for gene simulations |
US12021861B2 (en) * | 2021-01-04 | 2024-06-25 | Bank Of America Corporation | Identity verification through multisystem cooperation |
Family Cites Families (47)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4870683A (en) | 1986-03-31 | 1989-09-26 | Atalla Corporation | Personal identification encryptor system and method |
US4979832A (en) | 1989-11-01 | 1990-12-25 | Ritter Terry F | Dynamic substitution combiner and extractor |
US5301223A (en) | 1990-05-22 | 1994-04-05 | Cellular Technical Services Company, Inc. | Cellular telephone system with remote programming, voice responsive registration and real time billing |
JP2808477B2 (en) * | 1990-05-23 | 1998-10-08 | 三菱重工業株式会社 | Phone confidential transfer connection method |
JPH0434053A (en) | 1990-05-30 | 1992-02-05 | Kawasaki Steel Corp | Production of fiber ball |
JPH0434053U (en) * | 1990-07-16 | 1992-03-19 | ||
US5455861A (en) | 1991-12-09 | 1995-10-03 | At&T Corp. | Secure telecommunications |
JP3325636B2 (en) * | 1993-03-25 | 2002-09-17 | 株式会社東芝 | Charging device and image forming device |
DE4325459A1 (en) | 1993-07-29 | 1995-02-09 | C2S Gmbh Cryptografische Siche | Tone transmitter with an identification and authentication device |
KR0165050B1 (en) | 1994-07-14 | 1999-02-01 | 정장호 | Dtmf signal display device |
US5583933A (en) | 1994-08-05 | 1996-12-10 | Mark; Andrew R. | Method and apparatus for the secure communication of data |
JPH0897811A (en) * | 1994-09-29 | 1996-04-12 | Toshiba Corp | Data service system |
JPH08130536A (en) | 1994-10-28 | 1996-05-21 | N T T Data Tsushin Kk | Inter-terminal mutual authentication method and tone card system |
SE506619C2 (en) | 1995-09-27 | 1998-01-19 | Ericsson Telefon Ab L M | Method for encrypting information |
JPH09114373A (en) | 1995-10-20 | 1997-05-02 | Fujitsu Ltd | Encoding system, decoding system and data processor |
FR2753858B1 (en) | 1996-09-25 | 1999-03-26 | METHOD AND SYSTEM FOR SECURING TELEPHONE CALL MANAGEMENT CENTERS | |
FR2753860B1 (en) | 1996-09-25 | 1998-11-06 | METHOD AND SYSTEM FOR SECURING REMOTE SERVICES PROVIDED BY FINANCIAL ORGANIZATIONS | |
JPH10224341A (en) | 1997-02-10 | 1998-08-21 | Nec Eng Ltd | Encryption method, decoding method, encryption/decoding method, encryption device, decoder, encryption/decoding device and encryption/decoding system |
US6075859A (en) | 1997-03-11 | 2000-06-13 | Qualcomm Incorporated | Method and apparatus for encrypting data in a wireless communication system |
FR2760871B1 (en) * | 1997-03-13 | 1999-04-16 | Bull Cp8 | METHOD FOR STORING AND EXPLOITING SENSITIVE INFORMATION IN A SECURITY MODULE, AND RELATED SECURITY MODULE |
EP0992002A2 (en) * | 1997-06-19 | 2000-04-12 | Brian E. Marchant | Security apparatus for data transmission with dynamic random encryption |
JPH1115896A (en) * | 1997-06-20 | 1999-01-22 | Nippon Telegr & Teleph Corp <Ntt> | Banking facility utilizing method by telephone equipment, its device and adapter |
US6275573B1 (en) | 1998-06-02 | 2001-08-14 | Snapshield Ltd. | System and method for secured network access |
US6290162B1 (en) * | 1999-02-01 | 2001-09-18 | Sumitomo Rubber Industries, Ltd. | Apparatus and method for manufacturing golf ball |
KR100304936B1 (en) | 1999-04-20 | 2001-10-29 | 서평원 | Device and Method for Facsimile Data Sending/Receiving in Wireless Local Loop system |
US20060190412A1 (en) * | 2000-02-11 | 2006-08-24 | Maurice Ostroff | Method and system for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites |
US7003501B2 (en) | 2000-02-11 | 2006-02-21 | Maurice Ostroff | Method for preventing fraudulent use of credit cards and credit card information, and for preventing unauthorized access to restricted physical and virtual sites |
JP2002279133A (en) * | 2001-03-16 | 2002-09-27 | Nec Software Chubu Ltd | Personnel efficiency rating processing system and method |
WO2003010946A1 (en) | 2001-07-23 | 2003-02-06 | Securelogix Corporation | Encapsulation, compression and encryption of pcm data |
US20020076044A1 (en) | 2001-11-16 | 2002-06-20 | Paul Pires | Method of and system for encrypting messages, generating encryption keys and producing secure session keys |
US20040097217A1 (en) * | 2002-08-06 | 2004-05-20 | Mcclain Fred | System and method for providing authentication and authorization utilizing a personal wireless communication device |
WO2004045134A1 (en) | 2002-11-05 | 2004-05-27 | The Titan Corporation | Self-synchronizing, stream-oriented data encryption technique |
DE10253676B4 (en) * | 2002-11-18 | 2008-03-27 | Siemens Ag | Method and device for the remote transmission of sensitive data |
JP2004349775A (en) * | 2003-05-20 | 2004-12-09 | Ace International Japan Inc | Mobile terminal having secrecy communication function and information processing system employing the mobile terminal |
CN1823456A (en) | 2003-06-10 | 2006-08-23 | 福托纳米公司 | Method and apparatus for suppression of spatial-hole burning in second or higher order dfb lasers |
KR100586654B1 (en) * | 2003-12-19 | 2006-06-07 | 이처닷컴 주식회사 | Wireless banking system and wireless banking method using mobile phone |
US7761095B2 (en) | 2004-03-17 | 2010-07-20 | Telecommunication Systems, Inc. | Secure transmission over satellite phone network |
KR100714367B1 (en) | 2004-03-24 | 2007-05-08 | 최성원 | Network security system co-operated with an authentication server and method thereof |
CN100372349C (en) * | 2004-04-02 | 2008-02-27 | 南京大学 | Setup method and device for chaos secret telephone |
US7091887B2 (en) | 2004-04-28 | 2006-08-15 | Kabushiki Kaisha Toshiba | Modulator, modulation method, and method of manufacturing an optical recordable medium with enhanced security for confidential information |
US7457409B2 (en) | 2004-06-09 | 2008-11-25 | Mediatek Inc. | System and method for performing secure communications in a wireless local area network |
CN100550958C (en) * | 2004-07-29 | 2009-10-14 | 大唐微电子技术有限公司 | At method and the device thereof of fixed net intelligent terminal realization to value-added service charging |
US8611536B2 (en) * | 2004-09-08 | 2013-12-17 | Qualcomm Incorporated | Bootstrapping authentication using distinguished random challenges |
EP1807966B1 (en) * | 2004-10-20 | 2020-05-27 | Salt Group Pty Ltd. | Authentication method |
JP2006313975A (en) * | 2005-05-06 | 2006-11-16 | Sumitomo Electric Ind Ltd | Ip telephone device |
US7512567B2 (en) * | 2006-06-29 | 2009-03-31 | Yt Acquisition Corporation | Method and system for providing biometric authentication at a point-of-sale via a mobile device |
US8290162B2 (en) | 2006-12-15 | 2012-10-16 | Qualcomm Incorporated | Combinational combiner cryptographic method and apparatus |
-
2006
- 2006-12-15 US US11/611,825 patent/US8571188B2/en not_active Expired - Fee Related
-
2007
- 2007-12-12 JP JP2009541567A patent/JP2010514272A/en active Pending
- 2007-12-12 CN CN2012100231187A patent/CN102572122A/en active Pending
- 2007-12-12 WO PCT/US2007/087312 patent/WO2008076776A2/en active Application Filing
- 2007-12-12 KR KR1020097014693A patent/KR101168107B1/en not_active IP Right Cessation
- 2007-12-12 EP EP07869184A patent/EP2100437A2/en not_active Withdrawn
- 2007-12-12 CN CN2007800463783A patent/CN101569165B/en not_active Expired - Fee Related
- 2007-12-14 TW TW096148131A patent/TW200838256A/en unknown
-
2012
- 2012-02-06 JP JP2012023309A patent/JP2012135005A/en active Pending
- 2012-10-26 JP JP2012237174A patent/JP2013065025A/en active Pending
-
2013
- 2013-09-12 US US14/025,533 patent/US20140016780A1/en not_active Abandoned
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130145439A1 (en) * | 2011-12-06 | 2013-06-06 | Samsung Electronics Co. Ltd. | Apparatus and method for secure storage of information on a mobile terminal |
US20130272518A1 (en) * | 2012-04-11 | 2013-10-17 | Blucrypt Technologies Inc. | Speech encryption method and device, speech decryption method and device |
Also Published As
Publication number | Publication date |
---|---|
US20080144787A1 (en) | 2008-06-19 |
CN101569165B (en) | 2013-06-19 |
JP2013065025A (en) | 2013-04-11 |
TW200838256A (en) | 2008-09-16 |
KR101168107B1 (en) | 2012-07-24 |
JP2010514272A (en) | 2010-04-30 |
KR20090087967A (en) | 2009-08-18 |
US8571188B2 (en) | 2013-10-29 |
EP2100437A2 (en) | 2009-09-16 |
JP2012135005A (en) | 2012-07-12 |
WO2008076776A3 (en) | 2008-07-31 |
CN101569165A (en) | 2009-10-28 |
CN102572122A (en) | 2012-07-11 |
WO2008076776A2 (en) | 2008-06-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8571188B2 (en) | Method and device for secure phone banking | |
US8290162B2 (en) | Combinational combiner cryptographic method and apparatus | |
JP2010515083A5 (en) | ||
JP2010514272A5 (en) | ||
US8712046B2 (en) | Cryptographic key split combiner | |
Oppliger et al. | SSL/TLS session-aware user authentication | |
JPH1013399A (en) | Circuit and method for generating ciphering key in communication node | |
US11438316B2 (en) | Sharing encrypted items with participants verification | |
US20110135093A1 (en) | Secure telephone devices, systems and methods | |
JP2008535427A (en) | Secure communication between data processing device and security module | |
US8693686B2 (en) | Secure telephone devices, systems and methods | |
Di Pietro et al. | A two-factor mobile authentication scheme for secure financial transactions | |
Du et al. | {UCBlocker}: Unwanted call blocking using anonymous authentication | |
JPH04247737A (en) | Enciphering device | |
JP4615128B2 (en) | Voice and data encryption method using encryption key split combiner | |
Rozenblit et al. | Computer aided design system for VLSI interconnections | |
Alsaadi et al. | MobiX: A software proposal based authentication service for mobile devices | |
KR20130027387A (en) | Authentication system and method using multiple category | |
Aydemir | Guap-A Strong User Authentication Protocol for Gsm | |
Patel | Over the air service provisioning | |
Carroll | Key escrow and distribution for telecommunications | |
Witosurapot | A Design of OTP-based Authentication Scheme for the Visually Impaired via Mobile Devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |