Fraud related to identity theft schemes is becoming very prevalent in today's intricate telephony (e.g., voice/data) networks Malicious entities are taking advantage of well-established social behavior to gather confidential (i.e., sensitive) information. Identity theft has also become a serious problem nearly everywhere in the world. Identity thieves leverage a false sense of security that telephony users have when it comes to phone systems, thereby tricking phone users into disclosing confidential information. In some instances, it is a calling party (i.e., caller) attempting to obtain confidential information from a called party for the purpose of committing malicious acts (e.g., criminal and/or deceitful acts) with such confidential information. In other instances, it is the called party attempting to obtain confidential information from a calling party for the purpose of committing malicious acts with such confidential information.
A specific instance in which a malicious party can attempt to obtain confidential information relates to leaving and retrieving voicemail messages. When person A calls person B and has the option to leave a voice mail message for person B, there are two aspects to leaving such a message where authentication is beneficial to limiting the potential for a malicious party to obtain confidential information from an unknowing voice mail participant. The first aspect is identifying person A as actually being the caller leaving the message and the second aspect is identifying person B as actually being the person whose voice mail is receiving the message (i.e., typically, the owner of the voice mail account on which the voice mail message is left).
Currently, there is no real solution for authenticating that a person leaving a message is actually the person that they say they are or infer they are. Some conventional (i.e., prior art) systems can be configured to record Caller ID information of a person leaving a message for them, but Caller ID is easily spoofed and is not suitable for authentication of calling parties. Most people retrieving a voice mail message just rely on the voice of the caller to determine if it is a person they know. If the voice is not known to the person retrieving the message or the person leaving the message is obviously not known to the person retrieving the voice mail message, the person retrieving the voice mail message simply relies upon their own intuition with regard to the person leaving the message and the content of the message. For example, in some instances, a person leaving a voice mail message may claim to be from a well-known organization of the called party, but is not personally known to the person whose voice mail account receives the voice message. There are no known solutions for such an instance in which a voice mail message is left (e.g., even if Caller ID were secure, the phone number would typically not be meaningful to the person receiving the message). Yet, authentication of such voice mail messages is increasingly important because many types of fraud (i.e., identity theft amongst them) make use of this exact weakness in voice mail messaging.
Furthermore, there is currently no real solution for authenticating that the voice mail account on which a message is being left is the intended voice mail account of a caller. Such authentication is important for any number of reasons. One reason includes the situation where a caller inadvertently dials the wrong number. Another reason includes the situation where a caller is spoofed into believing that they are leaving a message on an intended voice mail message account, but are in fact leaving the message on a different voice mail message account. Still another reason is the situation where a caller is delivering sensitive information and wants to positively authenticate a voice mail account holder prior to leaving such sensitive information. Thus, it can be seen that the current deficiency with respect to not allowing a caller to authenticate the voice mail account holder of a voice mail account on which they intend to leave a message creates the potential for messages being left in unintended voice mail accounts.
With respect to the potential that the person retrieving the voicemail message may not be authorized to receive and/or retrieve such message, prior art mechanisms for such authorization usually involve weak authentication schemes opening wide voice mail boxes to fraudulent access. In some instances, voice mail systems even assumed the identity of a user based on insecure “caller ID” data, which can be easily and readily forged. It is well known that such caller ID based access to voice mail system accounts can result in unauthorized administrative system-wide access and/or access to individual voice mail accounts. Similarly, using password-based authentication poses management problems that cannot be easily avoided. In addition to the theft of potentially sensitive information, hacking into poorly protected voice mail systems can lead to malicious activities aimed at perpetrating costly phone calls and the like.
In U.S. Pat. No. 6,912,275 (i.e., the '275 patent), which is entitled “Secure Remote Access to Voice Mail”, user access to the mailbox is authenticated through one time password (OTP) technique. In general, OTP suffers from man-in-the-middle vulnerabilities that can result in a malicious party successfully obtaining confidential/sensitive information from an unknowing voice mail message recipient. Moreover, clients of voice mail systems configured in accordance with the inventive subject matter taught in the '275 patent need to be provisioned with OTP tokens, which make such a solution expensive to deploy/manage.
Therefore, a solution for verifying authenticity of voice mail participants in a manner that overcomes shortcomings and/or deficiencies of prior art solutions would be advantageous, desirable and useful.