1. Field of the Invention
The present invention relates generally to telecommunications and more particularly to security techniques including cryptography within a telecommunications network.
2. Related Art
The emergence of telephone company calling cards have caused significant changes to the way many telephone company customers make phone calls while away from the home or office. The burdensome practice of rounding up large quantities of coins needed for long distance calls has been alleviated by the use of telephone calling cards.
Today, calling card customers originating calls from typical public facilities need not deposit even a single coin. The process of making calls using a calling card includes entering an account number and a personal identification number or "PIN" into a telephone key pad device. This enables a calling card customer to make one or more calls from that location. Charges for those calls are subsequently billed to the customer's calling card account. Calling cards can also be used to avoid having to pay additional surcharges when making calls from certain public facilities such as hotels or the like.
Unfortunately, along with the conveniences and other advantages brought about by the advent of telephone calling cards, significant problems have arose. Calling card account numbers along with valid PINs, (the combination of which is to be hereinafter referred to as "calling card access codes"), have become valuable commodities to persons in our society that have a propensity for theft and fraud. It is well known that a modern crime has arisen that thrives on the sale of illegally obtained calling card access codes.
Typically, once calling card access codes are illegally obtained they are rapidly communicated to a multitude of people that use or sell telephone services activated or enabled by the use of the stolen codes. Generally, many calls are completed by the time the telephone company discovers the misuse and deactivates the stolen access codes. Consequently, the telecommunications industry has reported substantial revenues losses based on theft and fraudulent misuse of telephone access codes.
Account numbers by themselves are generally not regarded as confidential. They usually comprise the area code and telephone number of the calling card account customer. However, the Personal identification number (usually comprised of 4 digits) is considered confidential. It is the combination of the account number and the PIN that is particularly vulnerable to misuse as discussed herein.
Several methods have been used to misappropriate calling card access codes from unsuspecting calling card users. One type of misappropriation may be termed out-of-network theft, and a second type, in-network theft. The present invention relates to the prevention of the latter type. However it is useful to describe the former in order to clearly understand the problem.
Out-of-network theft involves direct interaction with calling card customers. This can be accomplished either by stealing the physical card itself, or by simply examining a card that contains an account number and PIN directly on its face. Alternatively, a thief can obtain the same information by eavesdropping on a calling card customer (which is often accomplished with the aid of high powered surveillance equipment), and capturing the sequence of numbers as they are entered into the telephone keypad.
Out-of-network theft may have subsided somewhat due a general awareness of the problem and various solutions thereof. However, this and other types of calling card access code theft remains to be a significant problem and a continuous revenue loss for the telecommunications industry.
In-network theft is achieved by extracting calling card access codes after they have been entered into the telephone network. This can occur by two different methods. The first method is undertaken by individuals known as "hackers" who engage in electronic eavesdropping of the telephone network. The hackers covertly and illegally attach computer equipment to the telephone network for the purpose of capturing the signals therein. Valuable calling card access codes are included in many network transmission signals as they are being routed across the network for billing purposes, validation purposes and the like. These codes are extracted and used to defraud the telephone company as discussed herein.
The second method of in-network theft occurs within the telephone companies themselves. Calling card access codes are vulnerable to theft by telephone company insiders due to the large number of employees that have access to the codes as part of their regular employment. This leads to security problems which may be difficult and expensive to control.
A solution to in-network theft is to use cryptography techniques to encrypt calling card access codes prior to transporting them across the telephone network. The access codes are subsequently decrypted only within secure internal telephone company computer systems. Only the encrypted versions of the telephone access codes are transported over the telephone network, thereby preventing in-network theft by hackers.
However, a solution that involves conventional encryption/decryption techniques presents several problems. First, it requires multiple iterations of the encryption/decryption process because access to the codes are generally required on numerous occasions and at numerous sites, throughout the call and billing cycle. Consequently the implementation of encryption/decryption techniques may require changes to many methods and procedures used by a telecommunications carrier.
Second, the solution requires the maintenance, management and security of "encryption keys". An encryption key, as the name implies, is the key to deciphering an encrypted message. Clearly, the security of any encryption scheme is only as good as the security of the encryption keys themselves. Consequently, conventional methods of encryption/decryption techniques require a significant amount of overhead for encryption key management and security. Finally, this solution only addresses in-network theft perpetrated by telephone company hackers. Since only the encrypted codes are transported over the telephone network, in-network theft caused by hackers as discussed herein is effectively prevented. However, in-network theft perpetrated by telephone company employees are not resolved by conventional encryption/decryption techniques because valuable decrypted access codes are still accessible to many telephone company employees.