Search

US-12621385-B1 - Call source verification

US12621385B1US 12621385 B1US12621385 B1US 12621385B1US-12621385-B1

Abstract

Methods and systems described herein are directed to verifying a caller's identity during a phone call by exchanging sub-audible tones between two parties to a phone call. A code, password, or other message can be embedded within telephone audio signals as sub-audible tones, which can be used to facilitate a verification process. The combined audio signal that includes sub-audible tones can be analyzed by a receiving device to extract an embedded code or message. Aspects of cryptographic schemes can be implemented using sub-audible tones—such as time-based one-time passwords (TOTP) and handshakes—which verify the identity of a party to a call. Based on the outcome of the verification process, the user can be notified whether verification was successful.

Inventors

  • Janelle Denice Dziuk
  • Jon D. McEachron
  • Steven Michael Bernstein

Assignees

  • UIPCO, LLC

Dates

Publication Date
20260505
Application Date
20221222

Claims (20)

  1. 1 . A method for verifying a party to a telephone call, the method comprising: recording an audio clip from a telephone call between a caller and a callee; identifying one or more sub-audible tones within the audio clip, wherein the one or more sub-audible tones originate from the caller and occur at a first time; determining a first code based on the one or more sub-audible tones and a sub-audible tone map; generating a second code based at least in part on the first time; determining that the first code is related to the second code; and in response to determining that the first code is related to the second code, notifying the callee that the caller has been verified.
  2. 2 . The method of claim 1 , wherein the recording of the audio clip begins in response to detecting a trigger condition, and wherein the method further comprises: receiving caller ID information indicating an identity of the caller; detecting the trigger condition by determining that the caller ID information matches a stored identity; and in response to determining that the caller ID information matches a stored identity, begin the recording of the audio clip.
  3. 3 . The method of claim 1 , wherein the identification of the one or more sub-audible tones begins in response to detecting a trigger condition, and wherein the method further comprises: determining, from at least a portion of the audio clip, one or more spoken words; and detecting the trigger condition by determining that the one or more spoken words matches one or more stored words, wherein the one or more stored words represent at least one of the following: (i) a name of the caller; (ii) a spoken command to verify the caller; and (iii) a phrase that indicates that the caller's identity is in question; wherein the identification of the one or more sub-audible tones is in response to determining that the one or more spoken words matches one or more stored words.
  4. 4 . The method of claim 1 , wherein the recording of the audio clip begins in response to detecting a trigger condition, and wherein the method further comprises: detecting the trigger condition by receiving a request to manually initiate caller verification; wherein the recording of the audio clip is in response to receiving the request.
  5. 5 . The method of claim 1 , wherein the one or more sub-audible tones are one or more second sub-audible tones, wherein the recording of the audio clip begins in response to detecting a trigger condition, and wherein the method further comprises: detecting the trigger condition by identifying one or more first sub-audible tones from an audio signal from the telephone call, wherein the one or more first sub-audible tones indicate a request to begin caller verification; wherein the recording of the audio clip is in response to identifying the one or more first sub-audible tones.
  6. 6 . The method of claim 1 , wherein the telephone call occurs between a caller's device associated with the caller and a callee's device associated with the callee, and wherein the method is performed on an external validation device associated with the callee.
  7. 7 . The method of claim 1 , wherein the telephone call occurs between a caller's device associated with the caller and a callee's device associated with the callee, and wherein the method further comprises: generating, by the callee's device, a key at a second time, wherein the second time is before the first time; and transmitting the key to the caller's device; wherein the first code is generated based in part on the key; wherein generating the second code is further based on the key; and wherein determining that the first code is related to the second code comprises determining that the first code is equivalent to the second code.
  8. 8 . The method of claim 1 , wherein the telephone call occurs between a caller's device associated with the caller and a callee's device associated with the callee, and wherein the method further comprises: generating, by the caller's device, a key at a second time, wherein the second time is before the first time; and transmitting the key to the callee's device; wherein the first code is generated based in part on the key; wherein generating the second code is further based on the key; and wherein determining that the first code is related to the second code comprises determining that the first code is equivalent to the second code.
  9. 9 . A computing system associated with a first party for verifying a second party to a telephone call, the computing system comprising: one or more processors; and one or more memories storing instructions that, when executed by the one or more processors, cause the computing system to perform operations comprising: generating one or more first sub-audible tones based at least in part on a first code; combining an audio signal captured by a microphone with the one or more first sub-audible tones to generate a first combined audio signal; transmitting the first combined audio signal to a phone system associated with the second party; receiving a second combined audio signal from the phone system associated with the second party; identifying, from the second combined audio signal, one or more second sub-audible tones; determining a second code based at least in part on the one or more second sub-audible tones; determining that the first code is related to the second code; and in response to determining that the first code is related to the second code, generating a notification to the first party that the second party has been verified.
  10. 10 . The computing system of claim 9 , wherein determining that the first code is related to the second code comprises: performing one or more predetermined operations on the first code to generate a third code; and determining that the first code and the third code are equivalent.
  11. 11 . The computing system of claim 9 , wherein the second code is encrypted, and wherein determining that the first code is related to the second code comprises: decrypting the second code with a key to determine a third code; performing one or more predetermined operations on the third code to generate a fourth code; and determining that the first code and the fourth code are equivalent.
  12. 12 . The computing system of claim 9 , wherein the instructions further cause the computing device to perform operations further comprising: receiving an input from the first party indicative of a request to verify the second party; wherein the generating the one or more first sub-audible tones based at least in part on the first code is in response to receiving the input.
  13. 13 . The computing system of claim 9 , further comprising a tone generator, and wherein the generation of the one or more first sub-audible tones based at least in part on the first code comprises: retrieving, from the one or more memories, a sub-audible tone map that maps code digits to respective frequencies; and generating, using the tone generator, a digital audio signal representing the first code based on the sub-audible tone map.
  14. 14 . The computing system of claim 9 , further comprising a tone analyzer, and wherein the identification of the one or more second sub-audible tones comprises: retrieving, from the one or more memories, a sub-audible tone map that maps code digits to respective frequencies; and detecting, using the tone analyzer, one or more frequencies from the second combined audio signal; wherein determining the second code comprises determining one or more code digits corresponding to the detected one or more frequencies according to the sub-audible tone map.
  15. 15 . A non-transitory computer-readable storage medium storing instructions that, when executed by a computing system, cause the computing system to perform a process for verifying a party to a telephone call, the process comprising: recording an audio clip from a telephone call between a caller and a callee; identifying one or more sub-audible tones within the audio clip, wherein the one or more sub-audible tones originate from the caller and occur at a first time; determining a first code based on the one or more sub-audible tones and a sub-audible tone map; generating a second code based at least in part on the first time; determining that the first code is related to the second code; and in response to determining that the first code is related to the second code, notifying the callee that the caller has been verified.
  16. 16 . The non-transitory computer-readable storage medium of claim 15 , wherein the recording of the audio clip begins in response to detecting a trigger condition, and wherein the process further comprises: receiving caller ID information indicating an identity of the caller; and detecting the trigger condition by determining that the caller ID information matches a stored identity; wherein the recording of the audio clip is in response to determining that the caller ID information matches a stored identity.
  17. 17 . The non-transitory computer-readable storage medium of claim 15 , wherein the identification of the one or more sub-audible tones begins in response to detecting a trigger condition, and wherein the process further comprises: determining, from at least a portion of the audio clip, one or more spoken words; and detecting the trigger condition by determining that the one or more spoken words matches one or more stored words, wherein the one or more stored words represent at least one of the following: (i) a name of the caller; (ii) a spoken command to verify the caller; and (iii) a phrase that indicates that the caller's identity is in question; wherein the identifying one or more sub-audible tones within the audio clip is in response to determining that the one or more spoken words matches one or more stored words.
  18. 18 . The non-transitory computer-readable storage medium of claim 15 , wherein the recording of the audio clip begins in response to detecting a trigger condition, and wherein the process further comprises: detecting the trigger condition by receiving a request to manually initiate caller verification; wherein the recording of the audio clip is in response to receiving the request.
  19. 19 . The non-transitory computer-readable storage medium of claim 15 , wherein the one or more sub-audible tones are one or more second sub-audible tones, wherein the recording of the audio clip begins in response to detecting a trigger condition, and wherein the process further comprises: detecting the trigger condition by identifying one or more first sub-audible tones from an audio signal from the telephone call, wherein the one or more first sub-audible tones indicate a request to begin caller verification; wherein the recording of the audio clip is in response to identifying the one or more first sub-audible tones.
  20. 20 . The non-transitory computer-readable storage medium of claim 15 , wherein the telephone call occurs between a caller's device associated with the caller and a callee's device associated with the callee, and wherein the process further comprises: generating, by the callee's device, a key at a second time, wherein the second time is before the first time; and transmitting the key to the caller's device; wherein the first code is generated based in part on the key; wherein generating the second code is further based on the key; and wherein determining that the first code is related to the second code comprises determining that the first code is equivalent to the second code.

Description

TECHNICAL FIELD The present disclosure is directed to methods and systems for verifying a caller's identity during a phone call using in-band and/or out-of-band signals. BACKGROUND The invention of the telephone enabled individuals to talk with family and friends and conduct business, without having to be in the physical presence of the person they are speaking with. Such communication at a distance presents an inherent risk: how can the called party verify the identity of the calling party? Historically, an individual or company is assigned a unique phone number which could be used to manually verify the identity of a caller. When “Caller ID” was introduced, the calling party's registered name would appear on the called party's phone, making it possible to identify the caller without knowledge of the specific phone number. Finally, the dialogue itself between the two parties to a telephone call have been used to verify the identity of one or both parties (e.g., asking identification verification questions to the caller or callee). In spite of these existing measures, leading cybersecurity companies have reported that telephone scams—such as technical support scams, government agent impersonation scams, and overpayment or refund scams—as the top phishing threat to consumers, with some surveys reporting that over half of respondents had been targeted by a telephone scam in the past year. Tools have been developed to spoof telephone numbers and caller ID, fooling called parties that the caller is a representative from a government agency or legitimate business. In addition, social engineering techniques have been used effectively to convince called parties to perform some action, provide sensitive information, and/or enter information into a phishing website that is designed to mimic the appearance of a legitimate business's website. Furthermore, although scammers tend to operate out of foreign countries, large companies tend to outsource telephone-based customer service to businesses in foreign countries, such that a scammer's foreign accent is less likely to be considered suspicious by the average consumer. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram illustrating an overview of devices on which some implementations can operate. FIG. 2 is a block diagram illustrating an overview of an environment in which some implementations can operate. FIG. 3 is a block diagram illustrating components which, in some implementations, can be used in a system employing the disclosed technology. FIG. 4 is a flow diagram illustrating a process used in some implementations for verifying a caller based on sub-audible tones within the caller's audio. FIG. 5 is a flow diagram illustrating a process used in some implementations for verifying a caller using a sub-audible tone-based handshake. FIG. 6 is a block diagram illustrating an example system for verifying a caller's identity. FIG. 7A is a sequence diagram of operations performed by devices for verifying a caller's identity on a callee's device from sub-audible tones. FIG. 7B is a sequence diagram of operations performed by devices for verifying a caller using a sub-audible tone-based handshake between a caller's device and a callee's device. FIG. 7C is a sequence diagram of operations performed by devices for verifying a caller using an external verification device. FIG. 8A is a diagram illustrating an example user interface for notifying the user that caller verification is in progress. FIG. 8B is a diagram illustrating an example user interface for notifying the user that the caller is successfully verified. FIG. 8C is a diagram illustrating an example user interface for notifying the user that a caller is not verified. FIG. 8D is a diagram illustrating an example user interface for manually initiating caller verification. The techniques introduced here may be better understood by referring to the following Detailed Description in conjunction with the accompanying drawings, in which like reference numerals indicate identical or functionally similar elements. DETAILED DESCRIPTION Aspects of the present disclosure are directed to methods and systems for verifying a caller's identity during a phone call using in-band and/or out-of-band signals. In an example embodiment, a calling party's (“caller”) phone system can superimpose audio from a microphone with one or more sub-audible tones (e.g., inaudible, barely audible, infrasonic, ultrasonic, etc.), which represent a code used to facilitate caller verification. The called party's (“callee”) device can process the audio to extract the code, which may either verify the caller's identification, or may be used as a part of a caller verification process. For example, the caller and the callee may have previously exchanged a secret key that is used to generate a rotating, time-based one-time password (TOTP). The caller's device can superimpose sub-audible tones representing the TOTP, and the callee's device can check