Telephone service is an important part of our society. For example, telephones allow us to talk to people miles away. Picking up a telephone and entering the digits corresponding to the person to whom you want to talk, has become second nature. Even though people using a telephone may not have noticed it, the techniques used to transmit conversations from telephone to telephone have changed over the years. As advancements in technology provide improved techniques for making phone calls, the telephone companies have upgraded their systems.
Now that technology has advanced once again, telephone networks are beginning to move from the public switched telephone network (PSTN) to an IP (Internet Protocol) based telephone network. Therefore, as in any switch from one network to another, moving to an Internet based network raises new challenges. For example how to offer Internet services such as Voice over Internet Protocol (VoIP) based telephone service. From a customer acceptance perspective it is important not to change the way phone calls are made, since the way telephones are used have become so commonplace. Therefore, there needs to be techniques for locating called party telephones on the Internet using just the telephone number entered by a VoIP user. One approach to address these problems is ENUM.
“ENUM” is the name of the protocol that converges the international standard for telephone numbering sanctioned by the International Telecommunication Union (ITU), i.e., E.164, with Internet networks by using a technique based on the Domain Name System (DNS) of the Internet. ENUM is described in Internet Engineering Task Force (IETF) document RFC 2916, which is the approved protocol document that discusses the use of DNS for the storage of telephone numbers and the available services connected to a telephone number.
Using E.164 numbers and the DNS to implement ENUM is appropriate because E.164 is an accepted standard that is used throughout the world for telephone numbers, and the DNS includes the ability to correlate alphanumeric information with IP addresses. Currently, DNS is used to correlate webpage addresses with their corresponding Internet Protocol (IP) addresses, i.e., the DNS allows user computers to find website servers over the Internet using easy to remember website addresses instead of complicated Internet addresses. E.164 numbers like website names remain relatively static requiring relatively infrequent updates, e.g., as individual service subscribers change their telephone or Internet services.
A fully qualified E.114 number will now be described. An E.164 number includes a country code, an area or city code and a phone number. The ITU issues country codes to sovereign nations, e.g., the United States has a country code of “1”. Area or city codes, and phone numbers are administered by the sovereign nations through local telecommunications regulatory agencies. For example, a fully qualified E.164 number for the phone number, 555-1234, in Washington, D.C. (area code 202) in the United States would be +1-202-555-1234. The “+” indicates the number is a fully qualified E.164 number.
ENUM addresses the challenges discussed above regarding VoIP service and other services, while providing telephone customers with many benefits. ENUM enables companies to offer a wide range of IP-based services for communicating with another person when the user knows only a telephone number or has access to only a telephone keypad. The user is allowed to access these IP-based services and resources from Internet-aware telephones, ordinary telephones connected to Internet gateways or proxy services, and/or other devices coupled to the Internet where input is limited to numeric digits. ENUM enables users to specify their preferences for receiving incoming communications, and gives greater user control over communications. For example, a user can set up voice mail preferences or can input a destination phone number in a call forwarding service.
There are many potential applications of ENUM. However, the principal applications for ENUM have centered on two areas. First is Voice over IP (VoIP) and second is Voice Protocol for Internet Mail (VPIM). One goal of the VoIP industry is to make a phone call over the Internet as easy to make as a regular PSTN phone call and with the same level of quality. If an average telephone customer were to make a telephone call using, e.g., an Internet-enabled phone to another Internet-enabled phone, all of the steps in between should remain transparent to the user. To the calling party and the called party, this phone call should appear the same as a call made over the PSTN.
One goal of the VPIM industry is to develop a comprehensive mechanism by which voice mail systems can exchange messages over IP networks. ENUM enables carrier and enterprise voicemail systems to find each other, interoperate, and exchange messages. Although VoIP and VPIM are the most widely discussed applications, other application possibilities for ENUM, including but not limited to Internet Fax and Instant Messaging, exist.
Since ENUM can offer many different kinds of services, ENUM has a wide range of potential customers including individual residential telephone customers, corporations, government agencies, military, and hosts of other non-individual users. When a subscriber wishes to use a specific service, they can identify the ENUM service that they wish to use, e.g., by entering a code on the telephone keypad. A list of the services that a user is subscribed to is stored in the ENUM database and may be accessed in response to entry of the code.
The ENUM protocol works in the following manner. Once a telephone number is entered, it is translated into an Internet address using the following steps:                1) The phone number is translated into a fully qualified E.164 number by adding the city (or area) and country code. For example: 555-1234 dialed in Washington D.C. becomes +1-202-555-1234, where the “1” represents the North American country code, “202” represents the city or area code for Washington D.C. and the “+” indicates that the number is a fully qualified E.164 number.        2) All characters are removed except for the digits. For example: +1-202-555-1234 becomes 12025551234        3) The order of the digits is reversed. For example: 12025551234 becomes 43215552021        4) Dots are placed between each digit. For example: 43215552021 becomes 4.3.2.1.5.5.5.2.0.2.1        5) The domain “e164.arpa” is appended to the end. For example: 4.3.2.1.5.5.5.2.0.2.1 becomes 4.3.2.1.5.5.5.2.0.2.1.e164.arpa.        
ENUM then issues a DNS query on this domain. Once the authoritative name server is found, ENUM retrieves relevant NAPTR Resource records from an ENUM database and will perform according to the user's registered services for that number.
Customer information, e.g., the types of services a customer is registered for, is stored in the ENUM database. When including new customer information into an ENUM database, many logistical issues concerning the protection of both a telephone company and its customers from fraudulent attacks arise. Telephone number assignees must opt-in, e.g., register, with an ENUM registrar before their telephone number is included in an ENUM database. If appropriate precautions are not taken, a telephone company and its customers may be exposed to fraudulent activities resulting from inaccurate, unauthorized and/or unauthenticated ENUM records (e.g., email address and SIP address) being associated with a telephone number. For example, “telephone number hijacking” may occur. Telephone number hijacking refers to a scenario where an ENUM record is created or modified under false pretences. It can effect a customer's ability to receive incoming calls or messages when the ENUM process is invoked. In addition, if adequate security is not provided prior to registration of information in ENUM, an ENUM record may be created by a user who is not authorized to create an ENUM record for that telephone number resulting in inaccurate and/or possibly misleading information being provided to ENUM users. Given the problems that can arise from inaccurate ENUM records, it is important that individuals seeking to register ENUM information are adequately authenticated and authorized.
One known method for authenticating a registrant is asking for a copy of personal material that would normally be accessible only by the registrant, e.g., a driver's license or a recent telephone bill. Unfortunately, this technique creates a long registration process, whereby a registrant has to wait until the registrar receives the personal material before they can register and use the new service. In the fast paced business world, an extended registration time could lead to a loss of money, and is not acceptable. In addition, when using copies of identification there is risk of someone fraudulently obtaining the information.
A second technique for authentication and authorization may include the registrar calling the registrant's telephone number. If the registrant answers the phone, it may be assumed that the registrant has the authority to use the phone line. Unfortunately, this technique introduces a second phone call that ties up the registrar's resources and increases the costs, e.g., the telephone bill, of the registrar.
Further, another technique for authorizing a registrant that was suggested included using caller ID information. Although such a technique was suggested a workable method for using caller ID information to authenticate and authorize registrants was not developed.
Accordingly, there is a need to properly authenticate ENUM registrants, e.g., there is a need for a mechanism to ensure that the ENUM registrants are who they say they are. In addition, there is a need to ensure that ENUM registration requests are properly authorized, i.e., there should be a mechanism to ensure that the ENUM registrant is entitled to use the telephone number the registrant is seeking to register.