1. Field of the Invention
Embodiments relate to methods and arrangements for providing VoIP communication.
2. Background of the Art
Telephoning over a computer network on the basis of the Internet protocol (IP) is known as voice-over IP (VoIP). With VoIP, telephony in this case is shifted to data networks, particularly the Internet.
This results in cost savings for a subscriber of VoIP communication, but associated with the increased proliferation and use of VoIP there is an expectation that there will be an increasing number of Spam over Internet Telephony (SPIT) calls.
It is assumed that SPIT is as annoying to a user as a spam e-mail and perhaps even more so, because with a SPIT call, in contrast to e-mail, there is a loud ring and the receiver is picked up only to hear an electronic voice making an unwanted announcement, and this sometimes occurs even at night.
Furthermore, there are also some possible attack scenarios or misuse scenarios, such as an enticing call with routing to a number that is subject to a charge or a telemarketing call that automatically initiates a sale. In the first case, the SPIT caller uses the announcement to route the callee to a number subject to a charge. In the second case, a sale is made to the callee that should not be charged to him.
The fact that SPIT represents an increasing problem was demonstrated by an American VoIP company in a simulation, which showed that a spammer can send up to 1,000 SPIT messages per minute to IP telephones. This adds up to an incredible potential in terms of annoyance and costs, especially because SPIT calls can also start denial-of-service attacks against IP telephone connections.
At the moment, the spammer can carry out this type of worldwide telephone spam conveniently, because, if he has an account with his victim's provider, then as a rule a call currently does not cost him anything. Although tracing the call back to its origin is technically possible, in practice it is almost impossible, just as with known telephone advertising messages, because the SPIT caller can be located anywhere in the world or the appropriate companies are not in existence long enough for legal prosecution.
Naturally, there is also the risk with VoIP connections that the SPIT caller is simply using a false identity. In this case, these are called “vishing calls” where “vishing” stands for voice-over IP phishing. This is defined as the unauthorized use of false or different identities by criminals by telephone. In the case of so-called “call vishing,” a machine calls a list of numbers. A standard announcement requests that sensitive data be provided, such as bank account details, PINs, TAN lists, credit card numbers, eBay or Paypal account data. These types of scenarios are particularly appealing to criminals because of the high level of trust in the telephone as a communication form. Various institutions, such as banks, for example, are already warning their customers about SPIT and vishing.
In order to avoid these activities, it is possible to block a caller, for example, if an impermissibly high number of calls is being transmitted from one source.
Moreover, there is also the approach of setting up so-called white lists, on which people and institutions must be registered before a call is put through for the caller.
There are also so-called black lists, which contain subscriber identifications for which a call is not supposed to be signaled and instead various reactions are carried out depending upon the call identifications, such as rejection, rerouting to a voice box, or referral to an alternative call number subject to a charge.
Furthermore, so-called buddy lists are known, where the callee maintains a list of subscribers from whom he would like to receive calls. Moreover, there is also voice recognition of the caller in order to recognize a SPIT caller on the basis of his voice.
Currently, measures to repel SPIT are being carried out by several operators of Internet gateways. However, this is being done without uniform regulation and to some extent also without an official mandate at the operators' own individual responsibility. This lack of official regulation can also produce a lack of clarity in defining SPIT and in implementing appropriate defense measures. VoIP calls are filtered only by the callee, or in a larger company by its VoIP switching equipment (VoIP softswitch). In this case, there are several more or less efficient methods for detecting and eliminating SPIT.
All previous technical methods for repelling the described risks do not provide a satisfactory solution to protect against SPIT and vishing, because they are inefficient and do not provide omnipotent protection.