The disclosure generally relates to authentication systems and methods for online management of a subscriber account. More specifically, the disclosure relates to authenticating a subscriber to a Voice over Internet Protocol (VoIP) service to prevent fraudulent access to the subscriber's online account.
The security aspect of a function such as user registration, authentication and transaction authorization on a network such as the Internet is important, yet subject to vulnerability. It is a common situation that users must register for a service, authenticate their identity, accept a transaction, or sign-in to web applications using a combination of credentials (typically username, password and/or email address). A recurring problem is that these credentials are subject to security vulnerabilities which may lead to identity theft, access to confidential information, or the conduct of fraudulent financial transactions. Once an unauthorized person (such as a hacker) has gained access to the user's accounts, they are able to masquerade as the user, gaining further access to private data, additional accounts and thereby the ability to cause further harm. This harm is to both the individual directly affected, and to the confidence of others in the integrity of the economic system based on eCommerce and banking transactions over the Internet.
Current methods used by unauthorized persons to gain access to users accounts and other personal data on the Internet include:
Guesswork—a person guesses the user's credentials and is able to log in to access their account;
Social engineering—a person posing as a trusted source (the eCommerce store owner, financial institution, etc.) tricks the user into revealing their credential; and
Phishing—becoming commonplace on the Internet, in this deception an attacker masquerades an email, instant message or other electronic communication as being from a trusted entity in an attempt to lure recipients into divulging sensitive information such as usernames, passwords and credit card details. Phishing often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Attackers can then use data such as login credentials to access an actual account and otherwise use confidential information entered innocently by the unsuspecting user.
Pharming—a deception where an attacker redirects a websitets traffic to another, bogus website. Pharming is typically attempted by changing the hosts file on a victim's computer or by compromising DNS server software. Compromising a DNS server, which is a computer responsible for resolving Internet names into their real addresses, allows website traffic directed to a particular website name to be rerouted to an attacker's site.
Malware—Any variety of malicious software that an attacker can use to infiltrate or damage a computer system. One form of malware, called spyware, can be surreptitiously installed in a victims computer to monitor and transmit user information, including login credentials. When the user doesn't change the information, the harvested credentials can be reused by the attacker.
Existing techniques to increase security and reduce the vulnerability of personal information include those noted below along with their significant disadvantages.
One method is a system in which stronger passwords are enforced. Such systems may make passwords harder for thieves to guess but do not overcome social engineering or phishing attacks. Furthermore, they have the side effects that users forget their passwords resulting in higher customer support costs and lower user satisfaction. Also, when passwords are difficult to remember, users write their passwords down on paper or store them in insecure files.
Another system is that of biometrics where such a system includes a fingerprint or retina scanner, etc. Deploying such systems however is prohibitively expensive for all but the most highly valuable use cases because they require additional hardware. Furthermore, the typical systems are fingerprint based or iris-based, both of which are metrics that can be stolen (fingerprints left on wine glasses, or iris photographed by a telephoto lens). Further, once these credentials are stolen, they are stolen for life. Systems that require the user to insert a specially coded card are referred to as smartcard system. These systems are relatively expensive to deploy.
One prior art reference Heitzeberg et al. US 2007 0220275 A1 entitled, “WEB AUTHORIZATION BY AUTOMATED INTERACTIVE PHONE OR VoIP SESSION,” incorporates the use of two separate channels as a supplementary method for verifying a user's identity. The first channel being the internet and the second channel being a response entered on a standard or VoIP phone. Heitzeberg, however, requires placing a call or sending information to a user's telephone number, which can be forwarded to an attacker. Thus, the attacker may overcome such security mechanisms.
Camaisa et al. U.S. 2007 0266257 A1 entitled, “SYSTEM AND METHOD FOR BLOCKING UNAUTHORIZED NETWORK LOG IN USING STOLEN PASSWORD,” offers an approach where the authenticity of a website is determined using a unique string of characters known only to the user and the web site on each page of the website that is displayed to the user, with a false site being incapable of displaying this unique string of characters, thereby putting the user on notice that the current site is not the authentic one the user desires to access. The user computer is authenticated by machine ID and login keys managed using cookies. Further, voice methods for conveying one-time pass codes to users and for permitting customer institutions to select authentication rules are also disclosed.
Camaisa installs a cookie on the user's personal computer, but users routinely clean cookies in an attempt to remove suspicious spyware/adware. Also, even if the cookie has not been cleaned, the cookie resides on the PC. As a result, the authentication provided by the cookie and the authentication provided by the user login occur over the same channel which is susceptible to a man-in-the middle attack. The PC displays a user approved secret to the user to prevent phishing/pharming, but the user approved secret may be discovered by an attacker and presented on a pharmed website. Camaisa also sends an OTP to a user via phone line, but phone calls, as mentioned previously, can be forwarded to an attacker.
U.S. 2008/0086770 to Kulkarni et al. “SINGLE-PARTY, SECURE MULTI-CHANNEL AUTHENTICATION FOR ACCESS TO A RESOURCE”. Kulkarni et al discloses a method for using multiple channels to access a resource, wherein an authenticated user requests a resource that requires a second authentication parameter over a first channel, a token value is transmitted to the user on the first channel, and the user transmits the token value and a second authentication parameter over a second channel. The token value is used to associate the first authentication parameter to the second authentication parameter, whereby the user is allowed access to the resource on the first or second channel. The token value, however, can be intercepted via the first channel and used on both the first and second channels.
In a separate effort, phone companies are increasingly using computer networks, such as the Internet, to transport long distance calls from one destination to another. Transferring voice calls over a data network is typically accomplished by converting analog voice signals into data packets. This is typically, but not necessarily, accomplished using an industry standard known as Voice over Internet Protocol (VoIP). Transporting calls over computer networks allows phone calls to be transported more efficiently. Additionally, because computer network infrastructures are already in place, the cost of transporting calls over computer networks is greatly minimized. As a result VoIP services have become pervasive.
VoIP providers supply customers with customer premise equipment (CPE) to enable VoIP calls. One such CPE is a terminal adaptor (TA) that enables a traditional plain old telephone service (POTS) phone to operate with a VoIP network. A TA may be a stand alone device, or may be integrated into a VoIP enabled phone, including portable phones. In this disclosure, such devices are generally referred to as packet telephony devices. The terms customers, users and subscribers are generally used interchangeably in this disclosure.
FIG. 13 illustrates typical prior art devices, including TA 1301, a VoIP enabled phone 1303 and a web-enabled device 1305 used in providing VoIP services over Internet 1306. TA 1301 is connected to POTS phone 1302. Typically, TA 1301 contains an encryption key (EK) known only to the VoIP service provider. The web-enabled device 1305 is shown as a personal computer, however, other web-enabled devices such as PDAs, Blackberrys, Smart phones, televisions, laptops and smart appliances are equally envisioned. At a minimum, a web-enabled device is adapted to allow a user to browse the web using a graphical user interface and input keys. Web-enabled devices allow users to make web based requests such as a request to access an online subscriber account or a request to make an online transaction, including purchases. Web-based requests are well known. The VoIP service provider may utilize servers 1307, routers, processors, databases and other equipment to manage and facilitate VoIP service over the Internet 1306.
VoIP users are able to access their VoIP accounts via the web using a web-enabled device. Access to these accounts, however, suffers from some of the same vulnerabilities described above.
There remains a need for a secure method that solves or ameliorates at least some of the deficiencies of the prior art.
Several embodiments of the disclosed subject matter leverage customer premise equipment (CPE) and an embedded unique encryption code associated with a VoIP or other specialized type data service. The disclosure provides systems and methods in which a terminal adaptor (TA) CPE, not a general processing PC, is utilized as a security mechanism for accessing a web account. In one embodiment, an OTP may be displayed on a TA/router CPE display, which has an encrypted code separate from the computer. In one embodiment, a system enables a website authentication code to display on the TA/router CPE.
An object of the disclosure is to present a novel method for authenticating access to a subscriber account that obviates the deficiencies of the prior art. The method including registering a packet telephony device with a packet telephony service provider for subsequent packet telephony communication based at least on an encryption key encoded, receiving a request to access an account, and transmitting an instruction, the performance of which requires physical access to the packet telephony device. The method further includes receiving an indication of the performance and authenticating the request based upon the performance of the instruction.
Another object of the disclosure is to present a novel method for authenticating a website, such that users are assured they are not on a masquerading website. The method includes registering a packet telephony device with a packet telephony service provider including verifying an encryption key encoded in the telephony device; receiving a request via a website to access a subscriber account and transmitting codes to both the web-enabled device and the packet telephony device for display. The method allows the subscriber to use the associated website verification codes as displayed as an indication of the authenticity of the website.
It is yet another object of the present disclosure to present a novel packet telephony device. The device including a signaling module for receiving, processing, and generating telephony signaling packets; a media module for receiving, processing, and generating telephony media packets; an encryption module having an encryption key encoded therein; and an authentication trigger. Upon actuation of the authentication trigger, the device transmits an authentication communication generated based on an encryption key in the encryption module. The authentication communication may be a signaling packet.
The disclosed subject matter overcomes or mitigates deficiencies of the prior art by advantageously providing an additional layer of security utilizing a CPE associated with VoIP service without resorting to the prior art methods and their associated disadvantages as described above. These and many other objects and advantages of the present invention will be readily apparent to one skilled in the art to which the invention pertains from a perusal of the claims, the appended drawings, and the following detailed description of the preferred embodiments.