Search

EP-4503586-B1 - OUT-OF-BAND CALL AUTHENTICATION USING PSEUDO CALL ROUTING

EP4503586B1EP 4503586 B1EP4503586 B1EP 4503586B1EP-4503586-B1

Inventors

  • PISCOPO, ROBERT FRANCIS, JR.

Dates

Publication Date
20260506
Application Date
20240320

Claims (11)

  1. A method comprising: receiving (302), prior to a second call, a call invite message at an out of band network (110) and determining (304) a first calling number and a first called number based on the call invite message; transmitting (306), at the out of band network, a call alert message to a terminating network (130), the call alert message indicating the first calling number, the first called number, and a time period to expect the second call; receiving (310) the second call at the terminating network from another network (115), the second call having a second calling number and a second called number; determining (312) whether the first calling number and the first called number match the second calling number and the second called number and the second call was received within the time period, wherein the second call is authenticated if the first calling number and the first called number match the second calling number and the second called number and the call was received within the time period; and after the second call has been authenticated, pairing (314) call content with the second call and routing the second call to a call recipient.
  2. The method of claim 1, comprising initiating an application programming interface API at the out of band network (110) to perform transmitting the call alert message to the terminating network (115).
  3. The method of any preceding claim, wherein the call invite message is part of a pseudo-call initiated by a call originator (120) prior to the second call to the call recipient, the method comprising cancelling the pseudo-call sent from the call originator (120) to the out of band network (110) after the out of band network identifies the calling number and the called number.
  4. The method of any preceding claim, comprising initiating the second call at the call originator (120) to the another network (115).
  5. The method of any preceding claim, comprising initiating (308) a timer at the terminating network to expect the second call comprising the first calling number and the first called number within the time period defined by the timer.
  6. An apparatus comprising: a receiver configured to receive (302), prior to a second call, a call invite message at an out of band network (110); a transmitter configured to transmit (306), at the out of band network, a call alert message to a terminating network (130), the call alert message indicating a first calling number, a second called number, and a time period to expect the second call; wherein the receiver is configured to receive (310) a second call at the terminating network from another network (115), the second call having a second calling number and a second called number; and a processor configured to: determine (304) a first calling number and a first called number based on the call invite message; determine (312) whether the first calling number and the first called number match the second calling number and the second called number and the second call was received within the time period, wherein the second call is authenticated if the first calling number and the first called number match the second calling number and the second called number and the call was received within the time period; and after the second call has been authenticated, pair (314) call content with the second call and route the second call to a call recipient.
  7. A computer readable storage medium configured to store instructions that when executed cause a processor to perform: receiving (302), prior to a second call, a call invite message at an out of band network (110) and determining (304) a first calling number and a first called number based on the call invite message; transmitting (306), at the out of band network, a call alert message to a terminating network (130), the call alert message indicating a first calling number, a first called number, and a time period to expect the second call; receiving (310) the second call at the terminating network from another network (115), the second call having a second calling number and a second called number; determining (312) whether the first calling number and the first called number match the second calling number and the second called number and the second call was received within the time period, wherein the second call is authenticated if the first calling number and the first called number match the second calling number and the second called number and the call was received within the time period; and after the second call has been authenticated, pairing (314) call content with the second call and routing the second call to a call recipient.
  8. The apparatus or the computer readable storage medium of any of claims 6 or 7, wherein the processor is configured to initiate an application programming interface API at the out of band network (110) to perform transmitting the call alert message to the terminating network (115).
  9. The apparatus or the computer readable storage medium of any of claims 6 to 8, wherein the call invite message is part of a pseudo-call initiated by a call originator (120) prior to the second call to the call recipient (102), wherein the processor is configured to cancel the pseudo-call sent from the call originator (120) to the out of band network (110) after the out of band network identifies the calling number and the called number.
  10. The apparatus or the computer readable storage medium of any of claims 6 to 9, wherein the processor is configured to initiate the second call at the call originator (120) to the another network (115).
  11. The apparatus or the computer readable storage medium of any of claims 6 to 10, wherein the processor is configured to initiate (308) a timer at the terminating network to expect the second call comprising the first calling number and the first called number within the time period defined by the timer.

Description

Background Conventionally, caller identification (ID) spoofing refers to the practice of manipulating the information displayed on a recipient device caller ID display to make it appear as if the call is originating from a different phone number or entity than the entity that is actually performing the call. This scam technique is commonly used by scammers and fraudsters to deceive and defraud unsuspecting individuals to trick call recipients into believing they are receiving a call from a known or trusted party. Caller ID spoofing provides scammers with the capability to mask their true identity and make their calls appear legitimate. By manipulating the caller information displayed on the recipient's call device, scammers can make it seem like the call is coming from a trusted source, such as a government agency, financial institution, or well-known company. With this deceptive tactic, scammers can execute various fraudulent schemes. They might impersonate bank representatives, claiming there is an urgent issue with the recipient's account and tricking them into revealing sensitive personal information, such as passwords, account numbers, or social security numbers. Alternatively, scammers might pose as technical support agents, warning individuals of non-existent computer issues and convincing them to grant remote access to their devices, enabling the scammers to install malware or steal valuable data. STIR/SHAKEN (secure telephone identity revisited/signature-based handling of asserted information using tokens) is a framework designed to combat caller ID spoofing and restore trust in phone call identification systems. The system works by implementing digital certificates and cryptographic signatures that enable service providers to verify the authenticity of caller ID information. When a call is made, the originating service provider signs the call with a digital certificate, indicating that the caller ID information has been validated. The call then passes through the network, and the recipient's service provider can verify the signature and ensure that the Caller ID information is legitimate. By implementing STIR/SHAKEN, legitimate service providers can distinguish between legitimate calls and those with spoofed caller ID information, making it more difficult for scammers to deceive unsuspecting individuals. This technology helps restore confidence in caller ID systems, enhancing call authentication and enabling individuals to make more informed decisions when answering or trusting incoming calls. While STIR/SHAKEN is an effective framework for combating caller ID spoofing, there are certain cases where signing cannot be performed or where the signature may not reach the terminating service provider (TSP). These situations include calls originating from international networks that do not support STIR/SHAKEN implementation or calls made between service providers that have not yet adopted the framework. Additionally, calls that pass through intermediate networks or undergo complex call routing processes may encounter challenges in transmitting the signature to the TSP. In the cases where authentication via STIR/SHAKEN cannot be achieved, it may be possible to authenticate the call by relaying information from the call originator to the TSP about a call being out-of-band, meaning the call is sent via signaling which is outside of the SIP signaling used to setup the call when the STIR/SHAKEN signature is transmitted. EP 3 796 627 Al describes a caller verification server that receives a verification request message from a calling party via a data network. The verification request is associated with a communication from the calling party to a called device placed via a telephone network. The telephone network is logically separate from the data network. Thus, the verification request message travelling over the data network is said to be "out-of-band" relative to the telephone network. Responsive to receipt of the verification request message, the caller verification server generates a verification message indicating that the associated communication is verified as being from the calling party. The caller verification server sends the verification message to the called device via the data network. Summary of the Application Example embodiments of the present application provide at least a method according to claim 1, an apparatus according to claim 6 and a computer program according to claim 7. Brief Description of the Drawings FIG. 1 illustrates a call network configuration including a pseudo-call and actual call placement process according to example embodiments.FIG. 2 illustrates a system configuration of a pseudo-call and actual call placement process according to example embodiments.FIG. 3 illustrates a flow diagram of a pseudo-call and actual call placement process according to example embodiments.FIG. 4 illustrates an example network entity device configured to store instructions, software, and corr