WO1997024856A1 - Encryption of telephone calling card codes - Google Patents

Encryption of telephone calling card codes Download PDF

Info

Publication number
WO1997024856A1
WO1997024856A1 PCT/US1996/020281 US9620281W WO9724856A1 WO 1997024856 A1 WO1997024856 A1 WO 1997024856A1 US 9620281 W US9620281 W US 9620281W WO 9724856 A1 WO9724856 A1 WO 9724856A1
Authority
WO
WIPO (PCT)
Prior art keywords
calling card
access code
encrypted
card access
access codes
Prior art date
Application number
PCT/US1996/020281
Other languages
French (fr)
Inventor
Elaine Reed
Kevin Mcmahon
Original Assignee
Mci Communications Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mci Communications Corporation filed Critical Mci Communications Corporation
Priority to AU18208/97A priority Critical patent/AU1820897A/en
Publication of WO1997024856A1 publication Critical patent/WO1997024856A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/38Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
    • H04M3/382Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections using authorisation codes or passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP

Definitions

  • the present invention relates generally to telecommunications and more particularly to security techniques including cryptography within a telecommunications network.
  • the process of making calls using a calling card includes entering an account number and a personal identification number or
  • PIN into a telephone key pad device. This enables a calling card customer to make one or more calls from that location. Charges for those calls are subsequently billed to the customer's calling card account. Calling cards can also be used to avoid having to pay additional surcharges when making calls from certain public facilities such as hotels or the like.
  • Calling card account numbers along with valid PINs, (the combination of which is to be hereinafter referred to as "calling card access codes"), have become valuable commodities to persons in our society that have a propensity for theft and fraud. It is well known that a modern crime has arisen that thrives on the sale of illegally obtained calling card access codes.
  • misappropriation may be termed out-of-network theft, and a second type, in-network theft.
  • the present invention relates to the prevention of the latter type. However it is usefiil to describe the former in order to clearly understand the problem.
  • Out-of-network theft involves direct interaction with calling card customers. This can be accomplished either by stealing the physical card itself, or by simply examining a card that contains an account number and PIN directly on its face. Alternatively, a thief can obtain the same information by eavesdropping on a calling card customer (which is often accomplished with the aid of high powered surveillance equipment), and capturing the sequence of numbers as they are entered into the telephone keypad.
  • In-network theft is achieved by extracting calling card access codes after they have been entered into the telephone network. This can occur by two different methods. The first method is undertaken by individuals known as
  • Valuable calling card access codes are included in many network transmission signals as they are being routed across the network for billing purposes, validation purposes and the like. These codes are extracted and used to defraud the telephone company as discussed herein.
  • a solution to in-network theft is to use cryptography techniques to encrypt calling card access codes prior to transporting them across the telephone network.
  • the access codes are subsequently decrypted only within secure intemal telephone company computer systems. Only the encrypted versions ofthe telephone access codes are transported over the telephone network, thereby preventing in-network theft by hackers.
  • This invention relates to a method and apparatus to prevent in-network theft of telephone calling card access codes.
  • In-network theft is defined as the misappropriation of calling card access codes by telephone company employees and electronic telephone network eavesdroppers, also known as hackers.
  • Calling card clear-text (i.e. non-encrypted) access codes are encrypted by a telecommunications carrier at the time they are received by the calling card service provider's equipment. Once the service provider encrypts the clear-text access code into an enciypted access code, the encrypted versions are used instead ofthe clear-text versions in all subsequent transmissions by the service provider. This feature ofthe present invention prevents in-network theft by hackers.
  • encrypted access codes are used instead of the clear-text access codes for all subsequent procedures and processes that use access codes within a tdecommunications company.
  • This feature ofthe present invention prevents in- network theft by tdephone company employees.
  • Decryption of access codes are not necessary according to the present invention. Only encrypted versions are maintained by a service provide' s internal computer data base systems and the like. Calling card telephone calls are enabled by comparing access codes after they are encrypted. These codes are compared with internal computer data base systems that have access to lists of valid encrypted access codes. Likewise, such telephone calls are billed using customer account and billing information provided by other internal computer data base systems that are keyed or indexed only by encrypted access codes and not clear- text versions. This feature ofthe present invention prevents in-network theft by telephone company employees.
  • the present invention prevents in-network theft of calling card access codes perpetrated by hackers and telephone company employees.
  • the present invention prevents in-network theft of calling card access codes in a manner that is effident, cost-effective and easy to implement by telecommunication companies.
  • the present invention prevents in-network theft of calling card access codes in a manner that has little or no impact on current telecommunications operating procedures, methods and processes. Still further, the present invention prevents in-network theft of calling card access codes without increasing security risks and overhead relating to the maintenance of security measures usually associated with encryption decryption schemes.
  • FIG. 1 is a block diagram of an arrangement of tdecommunication systems used for implementing an embodiment ofthe present invention
  • FIG. 2 is a flow diagram showing the input and output of a one-way encryption function according to the present invention
  • FIG. 3 is block diagram of a computer useful for implementing components ofthe present invention.
  • FIG. 4 is a flow diagram showing a more detailed view ofthe inputs and outputs of a one-way encryption function according to the present invention.
  • like reference numbers generally indicate identical, functionally similar, and/or structurally similar elements. The drawing in which an element first appears is indicated by the digit(s) to the left ofthe two rightmost digits in the corresponding reference number
  • FIG. 1 is a block diagram of an arrangement of telecommunication systems used for implementing an embodiment of the present invention.
  • a telephone calling card access code 104 is transmitted to switching device 106 by a telephonic device, such as tdephone 102.
  • Switching device 106 collects the clear-text access code 104 for further processing.
  • a telecommunications switch 106 is shown in FIG. 1, other devices may be used in place of, or in addition to, switching device 106 for implementing the clear-text access code collection function.
  • a Voice Recognition Unit may be involved in the access code collection process.
  • a VRU uses voice recognition techniques to recognize and accept voice input data from calling card customers when processing calling card tdephone calls.
  • dear-text access codes are often collected manually by human operators. Therefore, the tdecommunication switch 106 depicted in FIG. 1, is only an example of a device that functions to collect dear-text access codes from calling card customers, and should not be construed as a limitation ofthe present invention. Consequently, switch 106 is hereinafter referred to as an "access code collection device".
  • the access code collection device 106 represents the aforementioned examples and other telecommunication devices used to implement the calling card access code collection unction as described herein.
  • the access code collection device 106 has access to an encryption device
  • the encryption device 116 includes logic that functions to translate or encrypt the dear-text form ofthe calling card access code 104 into an encrypted access code 110. Encryption device 116 may be implemented either in hardware or computer software.
  • the encrypted access code 110 is transported over signaling network 108 to a computer system which includes a data base 114. Logic within data base computer system 114 functions to determine whether the encrypted access code is valid. In order to accomplish this task, data base computer system 114 includes a list of all valid encrypted access codes 118. Logic within data base computer system 114 compares the encrypted access code 110 with the list of valid encrypted access codes 118.
  • a positive response 112 is sent from data base computer system 114, to access code collection device 106, thus enabling the telephone call originating from telephone 102. If a match between the encrypted access code 110 and the list of valid codes 118 is not found, a negative response 112 is sent and the call originating from telephone 102 is disabled.
  • the list of encrypted access codes 118 is entered into computer data base system 114 by an order entry organization.
  • the order entry organization takes orders from customers for new services.
  • the order entry organization sets up customer accounts including the assignment of clear-text access codes for calling card customers.
  • Customer information 120 is entered into the order entry data base computer system 121.
  • each dear text access code 122 is translated into an encrypted access code 126 via encryption device 124.
  • Encryption device 124 functions identically to encryption device 116, and will be subsequently discussed herein with reference to figures 2 and 4.
  • the encrypted access codes are subsequently entered into the central computer data base system 114, which may be accessed by a plurality of access code card collection devices throughout the telephone network.
  • encrypted access code 110 is not decrypted or deciphered by data base computer system 114. Indeed, encrypted access codes such as 110 are never decrypted or converted back into clear-text access codes such as 104, according to a preferred embodiment of the present invention. Because decryption is not necessary, the present invention may be implemented by a telecommunications carrier with only minor changes to current methods, procedures, and operations.
  • encryption device 116 and 124, and/or data base computer systems 114 and 121 may each be embodied in a general computer system.
  • An exemplary computer system 301 is shown in FIG. 3.
  • the computer system 301 includes one or more processors, such as processor 304.
  • the processor 304 is connected to a communication bus 302.
  • the computer system 301 also includes main memory 306, preferably random access memory (RAM), and a secondary memory 308.
  • the secondary memory 308 includes, for example, a hard disk drive 310 and/or a removable storage drive 312, representing a floppy disk drive, a magnetic tape drive, a compact disk drive, etc.
  • the removable storage drive 312 reads from and/or writes to a removable storage unit 314 in a well known manner.
  • the removable storage unit 314 includes a computer usable storage medium having stored therein computer software and/or data.
  • Computer programs also called controllers
  • Such computer programs when executed, enable computer system 301 to perform the features ofthe present invention discussed herein.
  • the computer programs when executed enable processor 304 to perform the features ofthe present invention. Accordingly, such computer programs represent controllers of computer system 301.
  • the computer system 304 also indudes a network interface 316.
  • Network interface 316 provides the necessary hardware and software required to enable two-way commumcations between computer system 301 and other devices attached to telephone network 108.
  • the invention is directed to a computer program product comprising a computer readable medium having control logic (computer software) stored therein.
  • control logic when executed by processor 304, causes processor 304 to perform the functions of the invention as described herein.
  • the invention is implemented primarily in hardware using, for example, a hardware state machine.
  • a hardware state machine so as to perform these functions described herein will be apparent to persons skilled in the relevant art(s).
  • Encryption device 116 and 124 are implementations of a one-way encryption function.
  • FIG 2. is a block diagram showing the input 202 and output 214 of one-way encryption function 208.
  • One-way encryption function 208 represents an encryption technique that is irreversible. That is, once input data 202 is translated into output data 214, via one-way encryption fimction 208, there is no practical means available to translate output data 214 back into input data 202. Since the encrypted access codes are never decrypted according to a preferred embodiment of the present invention, an irreversible one-way encryption function 208 may be used. The implementation of such a one-way encryption fimction 208 is well known in the art.
  • N digit calling card access code 202 is comprised of a N-P digit account number 204 and a P digit PIN 206.
  • the calling card access code is input to the one-way encryption function 208.
  • the output of one-way encryption function 208 is an encrypted N digit calling card access code
  • N digit encrypted access code 214 comprises an N-P digit encrypted account number 210 and a P digit encrypted PIN.
  • N-P digit account number 204 as input to one-way encryption function 208.
  • the output of one-way encryption function 208 is an encrypted N-P digit account number 210.
  • Sub-process 218 has a complete N digit access code 202 as the input to one-way encryption function 208.
  • the complete N digit access code 202 comprises a N-P digit account number 204 and a P digit PIN 202.
  • the output of one-way encryption function 208 is an enciypted P digit PIN 212.
  • the encrypted N digit access code 214 comprises a combination ofthe outputs from sub-processes 216 and 218 respectively. Note that the first part of enciypted N digit access code 214 is an encrypted N-P digit account number 210.
  • the encrypted N-P digit account number 210 is derived solely from the corresponding clear-text N-P digit account number 204.
  • Account number commonality is maintained when clear-text access codes comprising common account numbers, yield encrypted access codes comprising common enciypted account numbers. Maintaining account number commonality enables a telecommunications company to process enciypted access codes in the same manner as clear digit access codes were previously processed, thereby eliminating the need to modify such processes. Processing of access codes are maintained at both the account number level and the PIN level.
  • a corporation is assigned a plurality of calling cards for use by their employees.
  • Each calling card has the same account number but a different PIN.
  • the tdecommunications carrier processes telephone calls made by the use such calling cards at both the PIN level and the account number level.
  • Calling card access codes are processed at the PIN level for example, in order track and report individual calls made by particular employees.
  • Calling card access codes are processed at the account level for example, for billing purposes such as the identity ofthe billing party (the corporation), and frequency of use discount rates, which are based on all calls made by employees ofthe corporation.
  • This feature ofthe present invention allows a teleco ⁇ ununications company to use encrypted access codes instead of clear-text access codes in all processes and procedures that make use of calling card access codes. For example, billing procedures that process access codes at both the account level and the PIN level may use the enciypted access codes in exactly the same manner as clear-text access codes were previously used. Likewise, enciypted calling card access codes are printed on customer bills instead of previously used clear-text calling card access codes. Finally, only encrypted calling card access codes are transmitted over the telephone network after the initial encryption take place.
  • dear-text access codes are never again referred to by any system, person, or process within a telecommunications company. This includes all transmissions of access codes over the telephone network.
  • Encrypted codes are completely worthless to would-be thieves since they cannot be used to originate telephone calls or services.
  • Only dear-text calling card access codes will generate proper enciypted access codes that are used internally by the service provider to enable telephone calls based on calling card access codes. For example, if a valid enciypted access code were to be used by a caller, the code would be encrypted a second time by the carrier's access code collection device. This would result in the generation of an invalid access code which cannot be used to enable any tdephone services.
  • the present invention completely eliminates in-network theft of calling card access codes perpetrated by both telephone network hackers and telephone company employees.

Abstract

A cost-efficient method that utilizes encryption techniques to prevent the unauthorized use of telephone customer calling card account and personal identification numbers (access codes), by electronic telephone network eavesdroppers and telephone company employees. The access codes are encrypted by the telecommunications carrier's access code collection device. The encrypted access codes are subsequently used instead of the clear-text access codes in all subsequent transmissions and subsequent processes that make use of access codes including billing and printing of calling card access codes.

Description

Encryption of Telephone Calling Card Codes
Background ofthe Invention
Field ofthe Invention
The present invention relates generally to telecommunications and more particularly to security techniques including cryptography within a telecommunications network.
Related Art
The emergence of telephone company calling cards have caused significant changes to the way many telephone company customers make phone calls while away from the home or office. The burdensome practice of rounding up large quantities of coins needed for long distance calls has been alleviated by the use of telephone calling cards.
Today, calling card customers originating calls from typical public facilities need not deposit even a single coin. The process of making calls using a calling card includes entering an account number and a personal identification number or
"PIN" into a telephone key pad device. This enables a calling card customer to make one or more calls from that location. Charges for those calls are subsequently billed to the customer's calling card account. Calling cards can also be used to avoid having to pay additional surcharges when making calls from certain public facilities such as hotels or the like.
Unfortunately, along with the conveniences and other advantages brought about by the advent of telephone calling cards, significant problems have arose. Calling card account numbers along with valid PINs, (the combination of which is to be hereinafter referred to as "calling card access codes"), have become valuable commodities to persons in our society that have a propensity for theft and fraud. It is well known that a modern crime has arisen that thrives on the sale of illegally obtained calling card access codes.
Typically, once calling card access codes are illegally obtained they are rapidly communicated to a multitude of people that use or sell telephone services activated or enabled by the use of the stolen codes. Generally, many calls are completed by the time the telephone company discovers the misuse and deactivates the stolen access codes. Consequently, the telecommunications industry has reported substantial revenues losses based on theft and fraudulent misuse of telephone access codes. Account numbers by themselves are generally not regarded as confidential.
They usually comprise the area code and telephone number ofthe calling card account customer. However, the Personal identification number (usually comprised of 4 digits) is considered confidential. It is the combination of the account number and the PIN that is particularly vulnerable to misuse as discussed herein.
Several methods have been used to misappropriate calling card access codes from unsuspecting calling card users. One type of misappropriation may be termed out-of-network theft, and a second type, in-network theft. The present invention relates to the prevention of the latter type. However it is usefiil to describe the former in order to clearly understand the problem.
Out-of-network theft involves direct interaction with calling card customers. This can be accomplished either by stealing the physical card itself, or by simply examining a card that contains an account number and PIN directly on its face. Alternatively, a thief can obtain the same information by eavesdropping on a calling card customer (which is often accomplished with the aid of high powered surveillance equipment), and capturing the sequence of numbers as they are entered into the telephone keypad.
Out-of-network theft may have subsided somewhat due a general awareness ofthe problem and various solutions thereof. However, this and other types of calling card access code theft remains to be a significant problem and a continuous revenue loss for the telecommunications industry.
In-network theft is achieved by extracting calling card access codes after they have been entered into the telephone network. This can occur by two different methods. The first method is undertaken by individuals known as
"hackers" who engage in electronic eavesdropping ofthe telephone network. The hackers covertly and illegally attach conφuter equipment to the telephone network for the purpose of capturing the signals therein. Valuable calling card access codes are included in many network transmission signals as they are being routed across the network for billing purposes, validation purposes and the like. These codes are extracted and used to defraud the telephone company as discussed herein.
The second method of in-network theft occurs within the telephone companies themselves. Calling card access codes are vulnerable to theft by telephone company insiders due to the large number of employees that have access to the codes as part of their regular employment. This leads to security problems which may be difficult and expensive to control.
A solution to in-network theft is to use cryptography techniques to encrypt calling card access codes prior to transporting them across the telephone network. The access codes are subsequently decrypted only within secure intemal telephone company computer systems. Only the encrypted versions ofthe telephone access codes are transported over the telephone network, thereby preventing in-network theft by hackers.
However, a solution that involves conventional encryption/decryption techniques presents several problems. First, it requires multiple iterations ofthe encryption/decryption process because access to the codes are generally required on numerous occasions and at numerous sites, throughout the call and billing cycle. Consequently the implementation of encryption decryption techniques may require changes to many methods and procedures used by a telecommunications carrier. Second, the solution requires the maintenance, management and security of "encryption keys". An encryption key, as the name implies, is the key to dedphering an enciypted message. Clearly, the security of any encryption scheme is only as good as the security ofthe encryption keys themselves. Consequently, conventional methods of encryption/decryption techniques require a significant amount of overhead for encryption key management and security. Finally, this solution only addresses in-network theft perpetrated by telephone company hackers. Since only the encrypted codes are transported over the telephone network, in-network theft caused by hackers as discussed herein is effectively prevented. However, in-network theft perpetrated by telephone company employees are not resolved by conventional encryption/decryption techniques because valuable decrypted access codes are still accessible to many telephone company employees.
Summary ofthe Invention
This invention relates to a method and apparatus to prevent in-network theft of telephone calling card access codes. In-network theft is defined as the misappropriation of calling card access codes by telephone company employees and electronic telephone network eavesdroppers, also known as hackers. Calling card clear-text (i.e. non-encrypted) access codes are encrypted by a telecommunications carrier at the time they are received by the calling card service provider's equipment. Once the service provider encrypts the clear-text access code into an enciypted access code, the encrypted versions are used instead ofthe clear-text versions in all subsequent transmissions by the service provider. This feature ofthe present invention prevents in-network theft by hackers. Moreover, encrypted access codes are used instead of the clear-text access codes for all subsequent procedures and processes that use access codes within a tdecommunications company. This feature ofthe present invention prevents in- network theft by tdephone company employees. Decryption of access codes are not necessary according to the present invention. Only encrypted versions are maintained by a service provide' s internal computer data base systems and the like. Calling card telephone calls are enabled by comparing access codes after they are encrypted. These codes are compared with internal computer data base systems that have access to lists of valid encrypted access codes. Likewise, such telephone calls are billed using customer account and billing information provided by other internal computer data base systems that are keyed or indexed only by encrypted access codes and not clear- text versions. This feature ofthe present invention prevents in-network theft by telephone company employees.
Furthermore, the vast majority of current telecommunications procedures and processes relating to calling card access codes are maintained by merely substituting clear-text access codes with encrypted ones. Therefore, implementation of the present invention requires little or no modification to current telecommunication calling card procedures and processes.
Features and Advantages
The present invention prevents in-network theft of calling card access codes perpetrated by hackers and telephone company employees.
Additionally, the present invention prevents in-network theft of calling card access codes in a manner that is effident, cost-effective and easy to implement by telecommunication companies.
Further, the present invention prevents in-network theft of calling card access codes in a manner that has little or no impact on current telecommunications operating procedures, methods and processes. Still further, the present invention prevents in-network theft of calling card access codes without increasing security risks and overhead relating to the maintenance of security measures usually associated with encryption decryption schemes. Further features and advantages ofthe invention, as well as the structure and operation of various embodiments ofthe invention, are described in detail below with reference to the accompanying drawings
Brief Description ofthe Figures
The present invention will be described with reference to the accompanying drawings, wherein:
FIG. 1 is a block diagram of an arrangement of tdecommunication systems used for implementing an embodiment ofthe present invention;
FIG. 2 is a flow diagram showing the input and output of a one-way encryption function according to the present invention;
FIG. 3 is block diagram of a computer useful for implementing components ofthe present invention; and
FIG. 4 is a flow diagram showing a more detailed view ofthe inputs and outputs of a one-way encryption function according to the present invention. In the drawings, like reference numbers generally indicate identical, functionally similar, and/or structurally similar elements. The drawing in which an element first appears is indicated by the digit(s) to the left ofthe two rightmost digits in the corresponding reference number
Detailed Description ofthe Preferred Embodiments
FIG. 1 is a block diagram of an arrangement of telecommunication systems used for implementing an embodiment of the present invention. A telephone calling card access code 104 is transmitted to switching device 106 by a telephonic device, such as tdephone 102. Switching device 106 collects the clear-text access code 104 for further processing. Although a telecommunications switch 106 is shown in FIG. 1, other devices may be used in place of, or in addition to, switching device 106 for implementing the clear-text access code collection function.
For example, a Voice Recognition Unit (VRU) may be involved in the access code collection process. A VRU uses voice recognition techniques to recognize and accept voice input data from calling card customers when processing calling card tdephone calls. Similarly, dear-text access codes are often collected manually by human operators. Therefore, the tdecommunication switch 106 depicted in FIG. 1, is only an example of a device that functions to collect dear-text access codes from calling card customers, and should not be construed as a limitation ofthe present invention. Consequently, switch 106 is hereinafter referred to as an "access code collection device". The access code collection device 106 represents the aforementioned examples and other telecommunication devices used to implement the calling card access code collection unction as described herein. The access code collection device 106 has access to an encryption device
116. The encryption device 116 includes logic that functions to translate or encrypt the dear-text form ofthe calling card access code 104 into an encrypted access code 110. Encryption device 116 may be implemented either in hardware or computer software. The encrypted access code 110 is transported over signaling network 108 to a computer system which includes a data base 114. Logic within data base computer system 114 functions to determine whether the encrypted access code is valid. In order to accomplish this task, data base computer system 114 includes a list of all valid encrypted access codes 118. Logic within data base computer system 114 compares the encrypted access code 110 with the list of valid encrypted access codes 118. If a match is found, a positive response 112 is sent from data base computer system 114, to access code collection device 106, thus enabling the telephone call originating from telephone 102. If a match between the encrypted access code 110 and the list of valid codes 118 is not found, a negative response 112 is sent and the call originating from telephone 102 is disabled.
The list of encrypted access codes 118 is entered into computer data base system 114 by an order entry organization. The order entry organization takes orders from customers for new services. The order entry organization sets up customer accounts including the assignment of clear-text access codes for calling card customers. Customer information 120 is entered into the order entry data base computer system 121.
After customer order information is entered into the order entry data base system 121, each dear text access code 122 is translated into an encrypted access code 126 via encryption device 124. Encryption device 124 functions identically to encryption device 116, and will be subsequently discussed herein with reference to figures 2 and 4. The encrypted access codes are subsequently entered into the central computer data base system 114, which may be accessed by a plurality of access code card collection devices throughout the telephone network.
Note that encrypted access code 110 is not decrypted or deciphered by data base computer system 114. Indeed, encrypted access codes such as 110 are never decrypted or converted back into clear-text access codes such as 104, according to a preferred embodiment of the present invention. Because decryption is not necessary, the present invention may be implemented by a telecommunications carrier with only minor changes to current methods, procedures, and operations.
In one embodiment, encryption device 116 and 124, and/or data base computer systems 114 and 121, may each be embodied in a general computer system. An exemplary computer system 301 is shown in FIG. 3. The computer system 301 includes one or more processors, such as processor 304. The processor 304 is connected to a communication bus 302.
The computer system 301 also includes main memory 306, preferably random access memory (RAM), and a secondary memory 308. The secondary memory 308 includes, for example, a hard disk drive 310 and/or a removable storage drive 312, representing a floppy disk drive, a magnetic tape drive, a compact disk drive, etc. The removable storage drive 312 reads from and/or writes to a removable storage unit 314 in a well known manner.
Removable storage unit 314, also called a program storage device or a computer program product, represents a floppy disk, magnetic tape, compact disk, etc. As will be appredated, the removable storage unit 314 includes a computer usable storage medium having stored therein computer software and/or data. Computer programs (also called controllers ) are stored in main memory and/or secondary memory 308. Such computer programs, when executed, enable computer system 301 to perform the features ofthe present invention discussed herein. In particular, the computer programs, when executed enable processor 304 to perform the features ofthe present invention. Accordingly, such computer programs represent controllers of computer system 301.
The computer system 304 also indudes a network interface 316. Network interface 316 provides the necessary hardware and software required to enable two-way commumcations between computer system 301 and other devices attached to telephone network 108.
In another embodiment, the invention is directed to a computer program product comprising a computer readable medium having control logic (computer software) stored therein. The control logic, when executed by processor 304, causes processor 304 to perform the functions of the invention as described herein.
Li another embodiment, the invention is implemented primarily in hardware using, for example, a hardware state machine. Implementation ofthe hardware state machine so as to perform these functions described herein will be apparent to persons skilled in the relevant art(s).
Encryption device 116 and 124 are implementations of a one-way encryption function. FIG 2. is a block diagram showing the input 202 and output 214 of one-way encryption function 208. One-way encryption function 208 represents an encryption technique that is irreversible. That is, once input data 202 is translated into output data 214, via one-way encryption fimction 208, there is no practical means available to translate output data 214 back into input data 202. Since the encrypted access codes are never decrypted according to a preferred embodiment of the present invention, an irreversible one-way encryption function 208 may be used. The implementation of such a one-way encryption fimction 208 is well known in the art.
Referring to FIG. 2, a clear-text, N digit calling card access code 202 is comprised of a N-P digit account number 204 and a P digit PIN 206. The calling card access code is input to the one-way encryption function 208. The output of one-way encryption function 208 is an encrypted N digit calling card access code
214. N digit encrypted access code 214 comprises an N-P digit encrypted account number 210 and a P digit encrypted PIN.
The details of one-way encryption fimction 208 will now be discussed with reference to FIG. 4. Output 214 of one-way encryption function 208 is achieved by two separate encryption sub-processes 216 and 218. Sub-process 216 has an
N-P digit account number 204 as input to one-way encryption function 208. The output of one-way encryption function 208 is an encrypted N-P digit account number 210. Sub-process 218 has a complete N digit access code 202 as the input to one-way encryption function 208. The complete N digit access code 202 comprises a N-P digit account number 204 and a P digit PIN 202. The output of one-way encryption function 208 is an enciypted P digit PIN 212.
The encrypted N digit access code 214 comprises a combination ofthe outputs from sub-processes 216 and 218 respectively. Note that the first part of enciypted N digit access code 214 is an encrypted N-P digit account number 210. The encrypted N-P digit account number 210 is derived solely from the corresponding clear-text N-P digit account number 204.
The two step process depicted in HG. 4, which generates enciypted access code 214 by combining outputs 210 and 212 respectively, results in maintaining account number commonality. Account number commonality is maintained when clear-text access codes comprising common account numbers, yield encrypted access codes comprising common enciypted account numbers. Maintaining account number commonality enables a telecommunications company to process enciypted access codes in the same manner as clear digit access codes were previously processed, thereby eliminating the need to modify such processes. Processing of access codes are maintained at both the account number level and the PIN level.
For example, a corporation is assigned a plurality of calling cards for use by their employees. Each calling card has the same account number but a different PIN. The tdecommunications carrier processes telephone calls made by the use such calling cards at both the PIN level and the account number level. Calling card access codes are processed at the PIN level for example, in order track and report individual calls made by particular employees. Calling card access codes are processed at the account level for example, for billing purposes such as the identity ofthe billing party (the corporation), and frequency of use discount rates, which are based on all calls made by employees ofthe corporation.
It is therefore a feature ofthe present invention to maintain the commonality of account numbers for all encrypted access codes that are generated by calling cards having common account numbers. Likewise, it a feature ofthe present invention to maintain different PINs for all encrypted access codes generated by calling cards having the same account numbers but different PINs.
This feature ofthe present invention allows a telecoπununications company to use encrypted access codes instead of clear-text access codes in all processes and procedures that make use of calling card access codes. For example, billing procedures that process access codes at both the account level and the PIN level may use the enciypted access codes in exactly the same manner as clear-text access codes were previously used. Likewise, enciypted calling card access codes are printed on customer bills instead of previously used clear-text calling card access codes. Finally, only encrypted calling card access codes are transmitted over the telephone network after the initial encryption take place. Accordingly, once clear-text access codes are converted into encrypted access codes by a carrier's access code collection device, such dear-text access codes are never again referred to by any system, person, or process within a telecommunications company. This includes all transmissions of access codes over the telephone network. Note that encrypted codes are completely worthless to would-be thieves since they cannot be used to originate telephone calls or services. Only dear-text calling card access codes will generate proper enciypted access codes that are used internally by the service provider to enable telephone calls based on calling card access codes. For example, if a valid enciypted access code were to be used by a caller, the code would be encrypted a second time by the carrier's access code collection device. This would result in the generation of an invalid access code which cannot be used to enable any tdephone services. In this way, the present invention completely eliminates in-network theft of calling card access codes perpetrated by both telephone network hackers and telephone company employees.
While various embodiments ofthe present invention have been described above, it should be understood that they have been presented by way of example only, and not limitation. Thus, the breadth and scope of the present invention should not be limited by any ofthe above-described exemplary embodiments, but should be defined only in accordance with the following claims and their equivalents.

Claims

What Is Claimed Is:
1. A method for preventing unauthorized access to telephone calling card access codes that are transmitted over a telephone network, said method comprising the steps of: (1) receiving, at an access code collection device, a clear-text calling card access code;
(2) encrypting the dear-text calling card access code into a encrypted calling card access code;
(3) accessing a computer data base system having a pre-defined list of valid encrypted calling card access codes;
(4) comparing said encrypted calling card access code with said pre¬ defined list of valid encrypted calling card access codes; and
(5) authorizing the use ofthe calling card access code if said encrypted calling card access code matches one ofthe entries in said pre-defined list of valid encrypted calling card access codes.
2. The method of claim 1, further comprising the step of using said encrypted calling card access code instead of the clear-text access code for subsequent transmissions of the calling card access code over the telephone network.
3. The method of claim 1, further comprising the step of entering each encrypted calling card access code into said predefined list of valid encrypted calling card access codes, immediately following an order entry for new telephone calling card accounts.
4. The method of claim 1, wherein the clear-text calling card access code is N digits in length, comprising a P digit PIN and an N-P digit account number.
5. The method of Claim 1, wherein step (2) further includes:
(a) generating as a first output, an enciypted N-P digit account number from a first input comprising the clear-text N-P digit account number;
(b) generating as a second output, an encrypted P digit PIN from a second input comprising the clear-text N digit access code;
(c) generating said N digit enciypted access code by combining said first output with said second output, whereby all of said N digit encrypted access codes being generated by clear test access codes having common account numbers, have common encrypted account numbers, and all said N digit enciypted access codes being generated by dear test access codes having common account numbers and different PINs, have common encrypted account numbers and different encrypted PINs.
6. The method of claim 1 further comprising the step of using said encrypted calling card access code instead of the clear-text calling card access code, in subsequent tdecommunications carrier processes and procedures that utilize or reference calling card access codes.
7. An apparatus for preventing unauthorized access to telephone calling card access codes calls that are transmitted over a telephone signaling network, and used to enable telephone calls, the apparatus comprising: an encryption device coupled to an access code collection device, wherein said encryption device creates an encrypted calling card access code from a dear- text access code; a computer data base system connected to said originating switch, said computer data base system including a pre-defined list of valid enciypted calling card access codes; means coupled to said computer data base system, for comparing said encrypted calling card access code with said pre-defined list of valid enciypted calling card access codes; and means for enabling the tdephone call, if said encrypted calling card access code matches one ofthe entries in said list of pre-defined valid encrypted calling card access codes.
8. The apparatus of claim 7, further comprising a means for transmitting said encrypted calling card access code instead of the clear-text access code for subsequent transmissions ofthe calling card access code via the telephone network.
9. The apparatus of claim 7, further comprising a means for processing said enciypted calling card access code instead ofthe clear-text access code for subsequent telecommunications processing of the calling card access code.
PCT/US1996/020281 1995-12-28 1996-12-30 Encryption of telephone calling card codes WO1997024856A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU18208/97A AU1820897A (en) 1995-12-28 1996-12-30 Encryption of telephone calling card codes

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/580,207 US5978459A (en) 1995-12-28 1995-12-28 Encryption of telephone calling card codes
US08/580,207 1995-12-28

Publications (1)

Publication Number Publication Date
WO1997024856A1 true WO1997024856A1 (en) 1997-07-10

Family

ID=24320151

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1996/020281 WO1997024856A1 (en) 1995-12-28 1996-12-30 Encryption of telephone calling card codes

Country Status (3)

Country Link
US (1) US5978459A (en)
AU (1) AU1820897A (en)
WO (1) WO1997024856A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU704431B3 (en) * 1998-08-11 1999-04-22 Taleb Ibrahim Telephone communication apparatus

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2750285B1 (en) * 1996-06-20 2000-08-04 Sagem CONTROLLED USE MOBILE RADIO TELEPHONY TERMINAL
KR100649858B1 (en) * 1999-11-30 2006-11-24 주식회사 케이티 System and method for issuing and authenticating of payphone smart card
US20020013904A1 (en) * 2000-06-19 2002-01-31 Gardner Richard Mervyn Remote authentication for secure system access and payment systems
US7280645B1 (en) * 2002-06-27 2007-10-09 At&T Corp. Method of associating multiple prepaid cards with a single account
US20040120475A1 (en) * 2002-12-20 2004-06-24 Bauer Thomas Michael Method and apparatus for receiving a message on a prepaid card or calling card
US9332119B1 (en) * 2013-03-07 2016-05-03 Serdar Artun Danis Systems and methods for call destination authenticaiton and call forwarding detection

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4162377A (en) * 1978-07-13 1979-07-24 Bell Telephone Laboratories, Incorporated Data base auto bill calling using CCIS direct signaling
US5479494A (en) * 1992-10-05 1995-12-26 At&T Corp. Virtual calling card system

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4924514A (en) * 1988-08-26 1990-05-08 International Business Machines Corporation Personal identification number processing using control vectors
US5146067A (en) * 1990-01-12 1992-09-08 Cic Systems, Inc. Prepayment metering system using encoded purchase cards from multiple locations
IT1248151B (en) * 1990-04-27 1995-01-05 Scandic Int Pty Ltd INTELLIGENT PAPER VALIDATION DEVICE AND METHOD
TW200624B (en) * 1992-04-06 1993-02-21 American Telephone & Telegraph A universal authentication device for use over telephone lines
JP3053527B2 (en) * 1993-07-30 2000-06-19 インターナショナル・ビジネス・マシーンズ・コーポレイション Method and apparatus for validating a password, method and apparatus for generating and preliminary validating a password, method and apparatus for controlling access to resources using an authentication code
US5481611A (en) * 1993-12-09 1996-01-02 Gte Laboratories Incorporated Method and apparatus for entity authentication
US5511114A (en) * 1994-06-06 1996-04-23 Call Processing, Inc. Telephone pre-paid calling card system and method
US5657389A (en) * 1995-05-08 1997-08-12 Image Data, Llc Positive identification system and method
US5617470A (en) * 1995-06-02 1997-04-01 Depasquale; George B. Apparatus and method for preventing unauthorized access to a system
US5673316A (en) * 1996-03-29 1997-09-30 International Business Machines Corporation Creation and distribution of cryptographic envelope

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4162377A (en) * 1978-07-13 1979-07-24 Bell Telephone Laboratories, Incorporated Data base auto bill calling using CCIS direct signaling
US5479494A (en) * 1992-10-05 1995-12-26 At&T Corp. Virtual calling card system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Phone Card Fraud-Reduction Method", IBM TECHNICAL DISCLOSURE BULLETIN, vol. 38, no. 3, March 1995 (1995-03-01), ARMONK, NY,US, pages 185, XP000508021 *
R.B.ROBROCK II: "The Intelligent Network-Changing the Face of Telecommunications", PROCEEDINGS OF THE IEEE, vol. 79, no. 1, January 1991 (1991-01-01), pages 7 - 20, XP000208127 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU704431B3 (en) * 1998-08-11 1999-04-22 Taleb Ibrahim Telephone communication apparatus

Also Published As

Publication number Publication date
AU1820897A (en) 1997-07-28
US5978459A (en) 1999-11-02

Similar Documents

Publication Publication Date Title
US9871913B1 (en) Systems and methods to identify ANI and caller ID manipulation for determining trustworthiness of incoming calling party and billing number information
US5809125A (en) Method and apparatus for intercepting potentially fraudulent telephone calls
EP1527552B1 (en) A system and method for the detection and termination of fraudulent services
US7756748B2 (en) Application of automatic internet identification methods
US5343529A (en) Transaction authentication using a centrally generated transaction identifier
EP0064779B1 (en) Method and system for the mutual encyphered identification between data communicating stations and stations for use with such method and system
CA2184302C (en) Personal identification number security system incorporating a time dimension
US6799272B1 (en) Remote device authentication system
US6529886B1 (en) Authenticating method for an access and/or payment control system
US5822691A (en) Method and system for detection of fraudulent cellular telephone use
US20010016835A1 (en) Method of payment by means of an electronic communication device
EP0925664A2 (en) Secure telecommunications data transmission
EP0722596A1 (en) Method and system for secure, decentralised personalisation of smart cards
US5978459A (en) Encryption of telephone calling card codes
US5812650A (en) Method and apparatus for intercepting potentially fraudulent
Brookson GSM (and PCN) Security and Encryption
WO1998000956A2 (en) System and method for preventing cellular fraud
WO1993021720A1 (en) Methods and apparatus for controlling access to toll free telephone service
EP0849713A1 (en) A method and a system for the encryption of codes
KR20050010606A (en) Method for preventing illegal use of service informations registered and System using the same
US6931527B1 (en) Method and system for ensuring the security of fax transmission using an identifying card
JP2005516431A (en) Country set logic that starts in the country and ends in the world
JP3521837B2 (en) Location information service system and method, and storage medium storing location information service program
Masrub et al. SIM Boxing Problem: ALMADAR ALJADID Case Study
Field et al. Techniques for telecommunications fraud management

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AU CA JP MX

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: JP

Ref document number: 97524436

Format of ref document f/p: F

122 Ep: pct application non-entry in european phase