1. Field of the Invention
Embodiments of the present invention generally relate to telecommunication systems and, more particularly, to a method and apparatus for verifying the authenticity of device information of a telephony device.
2. Description of the Related Art
Telephony service providers and/or mobile app developers may wish to provide telephony services to an end user through an app. For example, telephony service providers may provide mobile apps that users can install on their smartphone, or other type of mobile devices, that allow users to make Voice over IP (VoIP) calls from their mobile phone.
Calls from a VoIP caller typically display the caller ID (CID) information of the caller to the called party. Upon installation/registration of the mobile VoIP app, the mobile VoIP app may prompt users to enter the phone number of the device before using the app. However, the user may potentially enter any phone number to be used as the CID since there is no inherent verification that the number provided is actually associated with the device (or even belongs to the user). That is, the inventor has observed that it is very easy for a VoIP caller to “spoof” his/her CID to appear as someone they are not. CID information is often centrally maintained on a Public Switched Telephone Network (PSTN) in a Caller Name (CNAM) database. Generally, service providers access the CNAM database to retrieve caller ID data. However, the CNAM request for information is based on the calling number that is provided by the caller and, in the case of a VoIP call, that number is freely editable by the caller without any verification. This prevents called parties from screening calls from unknown or undesirable callers (such as telemarketers).
Mobile apps may attempt to verify and update the “correct” device phone number through an automatic API call to the device's operating system. However, this method is similarly deficient, as the device user could simply replace the device phone number with any number of her choosing for example, by modifying the information in the phone's settings.
Other methods to prevent undesired spoofing may include independent verification that the claimed telephone number provided by the user is, in fact, associated with the user's device. This is typically done through an “out of band” channel that maps to that phone number, such as a phone call or SMS to that phone number. However, this approach may be inconvenient and more costly as it requires additional steps, time and resources to perform the authentication. Moreover, such “out of band” means may be unreliable (such as when the user is roaming). In addition, this method could potentially be abused by requesting “out of band” verifications to numbers owned by persons who have no desire to use the app.
Accordingly, there exists a need in the art for a convenient way to authenticate the association between a telephone number and a given device without resorting to out-of-band authentication steps.