CA2558616A1 - Detection of telephone number spoofing - Google Patents
Detection of telephone number spoofing Download PDFInfo
- Publication number
- CA2558616A1 CA2558616A1 CA002558616A CA2558616A CA2558616A1 CA 2558616 A1 CA2558616 A1 CA 2558616A1 CA 002558616 A CA002558616 A CA 002558616A CA 2558616 A CA2558616 A CA 2558616A CA 2558616 A1 CA2558616 A1 CA 2558616A1
- Authority
- CA
- Canada
- Prior art keywords
- telephone
- exchange
- telephone number
- network
- privilege
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M3/00—Automatic or semi-automatic exchanges
- H04M3/42—Systems providing special services or facilities to subscribers
- H04M3/436—Arrangements for screening incoming calls, i.e. evaluating the characteristics of a call before deciding whether to answer it
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M2203/00—Aspects of automatic or semi-automatic exchanges
- H04M2203/20—Aspects of automatic or semi-automatic exchanges related to features of supplementary services
- H04M2203/2066—Call type detection of indication, e.g. voice or fax, mobile of fixed, PSTN or IP
Abstract
An apparatus and method are disclosed that enables detecting the spoofing of a telephone number. To validate the identity of a calling terminal, some techniques in the prior art rely on exchanging data that only the legitimate calling system and the called system know about. In contrast, the illustrative embodiment of the present invention validates the identity of the calling terminal by assessing characteristics other than the calling terminal's telephone number, such as the telephone type and the signaling protocol.
By using characteristics other than telephone number to validate the identity, the data-processing system of the illustrative embodiment makes it more difficult to spoof a legitimate telephone's number.
By using characteristics other than telephone number to validate the identity, the data-processing system of the illustrative embodiment makes it more difficult to spoof a legitimate telephone's number.
Description
Attorney Docket: 630-1?,8U i Avaya Docket: 505076-A-O:l-US
Detection of Telephone Number Spoofing Field of the Invention ~oooi7 The present invention relates to telecommunications in general, and, more particularly, to detecting the spoofing of a telephone number.
Background of the Invention ~0002~ Figure 1 depicts a schematic diagram of a telecommunications system in the prior art. Telecommunications system 100 comprises:
i. telecommunications network 101, ii. network telephone 103, iii. private branch exchange 105, iv. on-premises telephones 106 and 107, v. Internet protocol network 108, vi Internet protocol telephone 109, vii, cellular protocol network 110, and viii. cellular telephones 112 and 113, all of which are interconnected as shown.
~ooosl Telecommunications network 101 is one of multiple, telecommunications networks that are represented in Figure 1. Telecommunications network 101 comprises the Public Switched Telephone Network, which is a complex of telecommunications equipment that is owned and operated by different entities throughout the World. In the United Stages of America, for example, the Public Switched Telephone Network (or "PSTN") comprises an address space that is defined by ten digits, and, therefore, comprises 10 billion unique addresses or "telephone numbers." The public switched telephone networks in other countries are similar.
~oooal Network 101 interconnects the other telecommunications networks that include (i) the enterprise network supported by private branch exchange 105, (ii) Interneg protocol network 108, and (iii) cellular protocol network 110. The enterprise network supported by private branch exchange 105 provides telecommunications service to one or' more telecommunications terminals-for example, telephones 106 and 107-within the enterprise area served, such as an office building or campus. Internet protocol network 108 provides telecommunications service to one or more Internet protocol-capable -i Attorney Docket: 630-13BUS
Avaya Docket: 505076-A-O1-US
telecommunications terminals, including telephone 109. Cellular protocol network i10 provides telecommunications service to one or more cellular telecommunications terminals, including telephones 112 and 113.
~ooos~ Additionally, network 101 provides telecommunications service to other telecommunications terminals, such as telephone 103. For example, network 101 is able to route a call that telephone 103 originates to private branch exchange 105.
~ooos~ Internet protocol network 108 is capable of switching incoming calls from network 101 to terminals that are capable of Voice over Internet Protocol (VoIP), such as telephone 109. Network 108 is also capable of handling outgoing calls from VoIP-capable terminals to network 101. Network 108 handles calls that involve telephone 109 via one or more routers.
(ooo~~ Cellular protocol network 110 is capable of switching incoming calls from network 101 to cellular-capable terminals that have registered with the network, such as telephones ilz and 113. Network 110 is also capable of handling outgoing calls from cellular-capable terminals to network 101. Network 110 handles calls that involve telephones 112 and 113 via one or more mobile switching centers and radio base stations.
(ooos~ Private branch exchange (PBX) 105 is an enterprise system capable of switching incoming calls (e.g., originated by telephone 113, etc.) from telecommunications network 101 via one or more communications paths to one or more on-premises terminals, such as on-premises telephones 106 and 107. Private branch exchange 105 is also capable of handling outgoing calls from on-premises terminals to network 101 via one or more communications paths.
~ooos~ Private branch exchange 105 is also capable of forwarding an incoming call, such as from telephone 113, to a telephone number of a PBX user's "off-premises" terminal that is accessible through network 101. This type of forwarding to a terminal affiliated with exchange 105 is also known as "extending" a call because the connection to the off-premises terminal appears to exchange 105 as an additional PBX line, or "call appearance."
Exchange 105 extends the call to the call appearance at the off-premises terminal in addition to switching the same incoming call to a call appearance at an "on-premises terminal" within the enterprise area that exchange 105 serves. In telecommunications system 100, telephones 106 and 107 are the on-premises terminals with respect to privai~e branch exchange 105, while telephones 103 and 112 are the off-premises terminals with respect to exchange 105. Note that in system 100, telephones 113 and 109 are not Attorney Docket: 630-138US
Avaya Docket: 505076-A-01-US
considered off-premises terminals because, unlike telephones 103 and 112, they are not affiliated with exchange 105.
(ooio~ To accomplish (i) the switching of an incoming, enterprise-related call to an on-premises terminal and (ii) the extending of the call to the correct off-premises terminal, private branch exchange 105 maintains a table that correlates the off-premises telephone number to the on-premises, private branch exchange extension. Table 1 depicts a table that illustrates the correlation.
On-Premises Private Branch Off-Premises Telecommunications Tele hone Exchan a ExtensionTele hone Network Number 106 732-555-0102,x11 I03 201-555-1236 107 732-555-0102 x12 112 908-555-3381 Table 1 - PBX Extension-to-PSTN Number Database (oolll In addition, private branch exchange 105 is capable of receiving an incoming call attempt from an off-premises terminal, such as from telephone 103 or 112, in which the call attempt is for accessing one or more PBX user features. Note that outside of the enterprise network, only those terminals that are affiliated with exchange 105 (i.e., telephones 103 and 112) are intended to have access to the user features. In handling the call attempt, network 101 passes to exchange 105 the caller identifier that represents the calling, off-premises terminal. Exchange 105 checks that the caller identifier matches with one that is stored (e.g., 908-555-3381, etc.) and, as a result, grants the PBX
user at the off-premises terminal the privilege to access one or more features.
(ool2l The problem with exchange 105 relying on the caller identifier of the calling terminal is that a telephone user who is using a bogus telephone can masquerade as the legitimate PBX user by manipulating (i) the bogus telephone or (ii) the calling network, or both, to represent the bogus telephone as the legitimate one. This was not a major concern when telecommunications networks were somewhat closed systems that were not easily compromised. However, with the advent of broadband telephone services (e.g., Vonage, AT&T CaIIVantage, etc.) that coexist with the Internet, it has become easier for hackers to manipulate telecommunications networks for unethical or unlawful purposes, such as to ~~spoof" the caller identifier of a legitimate calling party. For example, a user of a VoIP
telephone in certain broadband telephone networks, such as telephone 109 in Internet protocol network 108, is able to use a three-way calling feature to manipulate the value of the VoIP telephone's caller identifier. If the user of a bogus telephone takes on the number Attorney Docket: 630-13BUS
Avaya Docket: 505076-A-O1-US
of a legitimate user of exchange 105, the bogus user becomes able to access features that are reserved only for legitimate, off-premises users. Access by illegitimate users enables breaking into voice mail accounts and the calling of legitimate PBX users for gathering proprietary information. To minimize this unwanted activity, what is needed is a way to detect the spoofing of a telephone number, without some of the disadvantages of the prior a rt.
Summary of the Invention (oois~ The present invention enables detecting the spoofing of a telephone number.
To validate the identity of a calling terminal, some techniques in the prior art rely on exchanging data that only the legitimate calling system and the called system know about.
In contrast, the illustrative embodiment of the present invention validates the identity of i:he calling terminal by assessing characteristics other than the calling terminal's telephone number, such as the telephone type and the signaling protocol. By using characteristics other than telephone number to validate the identity, the data-processing system of the illustrative embodiment makes it more difficult to spoof a legitimate telephone's number.
(ooial In accordance with the illustrative embodiment, the data-processing system that receives a call attempt from a calling telephone (i.e., through one or more telecommunications networks) also receives the calling phone's telephone number, along with other information that is pertinent to the telephone. The data-processing system, such as an enhanced private branch exchange, first checks the telephone number to determine if it matches a number that belongs to a user of the data-processing system. In accordance with the illustrative embodiment, the data-processing system then checks the calling telephone's telephone type that the system receives with the telephone number to see if the telephone type agrees with what is expected for the matched telephone number.
The system also checks the signaling protocol used by the calling telephone in attempting the call, also to see if the signaling protocol agrees with what is expected.
Finally, in some embodiments, the system checks the order of the identifiers present in the call attempt message to see if the order agrees with what is expected. By checking the results, the data-processing system determines, with a higher level of confidence than with some techniques in the prior art, whether the calling telephone is genuine or is spoofing another telephone.
(oolsl The illustrative embodiment of the present invention is different from some verification techniques in the prior art, in that it does not rely on the actual value of the Attorney Docket: 630-138US
Avaya Docket: 505076-A-01.-US
calling identifier. Rather, it relies on the characteristics of the calling telephone and on the messages used to convey the call attempt information. The illustrative embodiment is advantageous over some techniques in the prior art because of the inherent level of difficulty for a hacker to determine the exact values of esoteric parameters such as the telephone type of and the signaling protocol used by the calling telephone.
For example, it is relatively straightforward for a hacker to apply a spoofed calling number to a call attempt.
In contrast, it is considerably more difficult to (i) determine the one or more alternative characteristics that are checked by the system targeted by the hacker, (ii) understand the values of the relevant characteristics for the particular phone being spoofed, and (iii) identify and insert the specific numerical quantities in the correct fields in the call attempt messages.
~oois~ The illustrative embodiment of the present invention comprises;
receiving a telephone number and a telephone type for a first telephone; and granting a privilege to the first telephone based on whether or not the telephone type agrees with what is expected for the telephone number.
Brief Descriution of the Drawinas hoop Figure 1 depicts a schematic diagram of telecommunications system 100 in the prior art.
(oois~ Figure 2 depicts a schematic diagram of telecommunications system 200, in accordance with the illustrative embodiment of the present invention.
~oois~ Figure 3 depicts a block diagram of the salient components of enhanced private branch exchange 205 in accordance with the illustrative embodiment of the present invention.
~oozo) Figure 4 depicts a flowchart of the operation of enhanced private branch exchange 205 when handling a call attempt from a calling telephone, in accordance with the illustrative embodiment of the present invention.
~oozi~ Figure 5 depicts a flowchart of the tasks that are related to task 404, in accordance with the illustrative embodiment of the present invention.
Detailed Description ~oozz~ The terms appearing below are given the following definitions for use in this Description and the appended Claims.
Detection of Telephone Number Spoofing Field of the Invention ~oooi7 The present invention relates to telecommunications in general, and, more particularly, to detecting the spoofing of a telephone number.
Background of the Invention ~0002~ Figure 1 depicts a schematic diagram of a telecommunications system in the prior art. Telecommunications system 100 comprises:
i. telecommunications network 101, ii. network telephone 103, iii. private branch exchange 105, iv. on-premises telephones 106 and 107, v. Internet protocol network 108, vi Internet protocol telephone 109, vii, cellular protocol network 110, and viii. cellular telephones 112 and 113, all of which are interconnected as shown.
~ooosl Telecommunications network 101 is one of multiple, telecommunications networks that are represented in Figure 1. Telecommunications network 101 comprises the Public Switched Telephone Network, which is a complex of telecommunications equipment that is owned and operated by different entities throughout the World. In the United Stages of America, for example, the Public Switched Telephone Network (or "PSTN") comprises an address space that is defined by ten digits, and, therefore, comprises 10 billion unique addresses or "telephone numbers." The public switched telephone networks in other countries are similar.
~oooal Network 101 interconnects the other telecommunications networks that include (i) the enterprise network supported by private branch exchange 105, (ii) Interneg protocol network 108, and (iii) cellular protocol network 110. The enterprise network supported by private branch exchange 105 provides telecommunications service to one or' more telecommunications terminals-for example, telephones 106 and 107-within the enterprise area served, such as an office building or campus. Internet protocol network 108 provides telecommunications service to one or more Internet protocol-capable -i Attorney Docket: 630-13BUS
Avaya Docket: 505076-A-O1-US
telecommunications terminals, including telephone 109. Cellular protocol network i10 provides telecommunications service to one or more cellular telecommunications terminals, including telephones 112 and 113.
~ooos~ Additionally, network 101 provides telecommunications service to other telecommunications terminals, such as telephone 103. For example, network 101 is able to route a call that telephone 103 originates to private branch exchange 105.
~ooos~ Internet protocol network 108 is capable of switching incoming calls from network 101 to terminals that are capable of Voice over Internet Protocol (VoIP), such as telephone 109. Network 108 is also capable of handling outgoing calls from VoIP-capable terminals to network 101. Network 108 handles calls that involve telephone 109 via one or more routers.
(ooo~~ Cellular protocol network 110 is capable of switching incoming calls from network 101 to cellular-capable terminals that have registered with the network, such as telephones ilz and 113. Network 110 is also capable of handling outgoing calls from cellular-capable terminals to network 101. Network 110 handles calls that involve telephones 112 and 113 via one or more mobile switching centers and radio base stations.
(ooos~ Private branch exchange (PBX) 105 is an enterprise system capable of switching incoming calls (e.g., originated by telephone 113, etc.) from telecommunications network 101 via one or more communications paths to one or more on-premises terminals, such as on-premises telephones 106 and 107. Private branch exchange 105 is also capable of handling outgoing calls from on-premises terminals to network 101 via one or more communications paths.
~ooos~ Private branch exchange 105 is also capable of forwarding an incoming call, such as from telephone 113, to a telephone number of a PBX user's "off-premises" terminal that is accessible through network 101. This type of forwarding to a terminal affiliated with exchange 105 is also known as "extending" a call because the connection to the off-premises terminal appears to exchange 105 as an additional PBX line, or "call appearance."
Exchange 105 extends the call to the call appearance at the off-premises terminal in addition to switching the same incoming call to a call appearance at an "on-premises terminal" within the enterprise area that exchange 105 serves. In telecommunications system 100, telephones 106 and 107 are the on-premises terminals with respect to privai~e branch exchange 105, while telephones 103 and 112 are the off-premises terminals with respect to exchange 105. Note that in system 100, telephones 113 and 109 are not Attorney Docket: 630-138US
Avaya Docket: 505076-A-01-US
considered off-premises terminals because, unlike telephones 103 and 112, they are not affiliated with exchange 105.
(ooio~ To accomplish (i) the switching of an incoming, enterprise-related call to an on-premises terminal and (ii) the extending of the call to the correct off-premises terminal, private branch exchange 105 maintains a table that correlates the off-premises telephone number to the on-premises, private branch exchange extension. Table 1 depicts a table that illustrates the correlation.
On-Premises Private Branch Off-Premises Telecommunications Tele hone Exchan a ExtensionTele hone Network Number 106 732-555-0102,x11 I03 201-555-1236 107 732-555-0102 x12 112 908-555-3381 Table 1 - PBX Extension-to-PSTN Number Database (oolll In addition, private branch exchange 105 is capable of receiving an incoming call attempt from an off-premises terminal, such as from telephone 103 or 112, in which the call attempt is for accessing one or more PBX user features. Note that outside of the enterprise network, only those terminals that are affiliated with exchange 105 (i.e., telephones 103 and 112) are intended to have access to the user features. In handling the call attempt, network 101 passes to exchange 105 the caller identifier that represents the calling, off-premises terminal. Exchange 105 checks that the caller identifier matches with one that is stored (e.g., 908-555-3381, etc.) and, as a result, grants the PBX
user at the off-premises terminal the privilege to access one or more features.
(ool2l The problem with exchange 105 relying on the caller identifier of the calling terminal is that a telephone user who is using a bogus telephone can masquerade as the legitimate PBX user by manipulating (i) the bogus telephone or (ii) the calling network, or both, to represent the bogus telephone as the legitimate one. This was not a major concern when telecommunications networks were somewhat closed systems that were not easily compromised. However, with the advent of broadband telephone services (e.g., Vonage, AT&T CaIIVantage, etc.) that coexist with the Internet, it has become easier for hackers to manipulate telecommunications networks for unethical or unlawful purposes, such as to ~~spoof" the caller identifier of a legitimate calling party. For example, a user of a VoIP
telephone in certain broadband telephone networks, such as telephone 109 in Internet protocol network 108, is able to use a three-way calling feature to manipulate the value of the VoIP telephone's caller identifier. If the user of a bogus telephone takes on the number Attorney Docket: 630-13BUS
Avaya Docket: 505076-A-O1-US
of a legitimate user of exchange 105, the bogus user becomes able to access features that are reserved only for legitimate, off-premises users. Access by illegitimate users enables breaking into voice mail accounts and the calling of legitimate PBX users for gathering proprietary information. To minimize this unwanted activity, what is needed is a way to detect the spoofing of a telephone number, without some of the disadvantages of the prior a rt.
Summary of the Invention (oois~ The present invention enables detecting the spoofing of a telephone number.
To validate the identity of a calling terminal, some techniques in the prior art rely on exchanging data that only the legitimate calling system and the called system know about.
In contrast, the illustrative embodiment of the present invention validates the identity of i:he calling terminal by assessing characteristics other than the calling terminal's telephone number, such as the telephone type and the signaling protocol. By using characteristics other than telephone number to validate the identity, the data-processing system of the illustrative embodiment makes it more difficult to spoof a legitimate telephone's number.
(ooial In accordance with the illustrative embodiment, the data-processing system that receives a call attempt from a calling telephone (i.e., through one or more telecommunications networks) also receives the calling phone's telephone number, along with other information that is pertinent to the telephone. The data-processing system, such as an enhanced private branch exchange, first checks the telephone number to determine if it matches a number that belongs to a user of the data-processing system. In accordance with the illustrative embodiment, the data-processing system then checks the calling telephone's telephone type that the system receives with the telephone number to see if the telephone type agrees with what is expected for the matched telephone number.
The system also checks the signaling protocol used by the calling telephone in attempting the call, also to see if the signaling protocol agrees with what is expected.
Finally, in some embodiments, the system checks the order of the identifiers present in the call attempt message to see if the order agrees with what is expected. By checking the results, the data-processing system determines, with a higher level of confidence than with some techniques in the prior art, whether the calling telephone is genuine or is spoofing another telephone.
(oolsl The illustrative embodiment of the present invention is different from some verification techniques in the prior art, in that it does not rely on the actual value of the Attorney Docket: 630-138US
Avaya Docket: 505076-A-01.-US
calling identifier. Rather, it relies on the characteristics of the calling telephone and on the messages used to convey the call attempt information. The illustrative embodiment is advantageous over some techniques in the prior art because of the inherent level of difficulty for a hacker to determine the exact values of esoteric parameters such as the telephone type of and the signaling protocol used by the calling telephone.
For example, it is relatively straightforward for a hacker to apply a spoofed calling number to a call attempt.
In contrast, it is considerably more difficult to (i) determine the one or more alternative characteristics that are checked by the system targeted by the hacker, (ii) understand the values of the relevant characteristics for the particular phone being spoofed, and (iii) identify and insert the specific numerical quantities in the correct fields in the call attempt messages.
~oois~ The illustrative embodiment of the present invention comprises;
receiving a telephone number and a telephone type for a first telephone; and granting a privilege to the first telephone based on whether or not the telephone type agrees with what is expected for the telephone number.
Brief Descriution of the Drawinas hoop Figure 1 depicts a schematic diagram of telecommunications system 100 in the prior art.
(oois~ Figure 2 depicts a schematic diagram of telecommunications system 200, in accordance with the illustrative embodiment of the present invention.
~oois~ Figure 3 depicts a block diagram of the salient components of enhanced private branch exchange 205 in accordance with the illustrative embodiment of the present invention.
~oozo) Figure 4 depicts a flowchart of the operation of enhanced private branch exchange 205 when handling a call attempt from a calling telephone, in accordance with the illustrative embodiment of the present invention.
~oozi~ Figure 5 depicts a flowchart of the tasks that are related to task 404, in accordance with the illustrative embodiment of the present invention.
Detailed Description ~oozz~ The terms appearing below are given the following definitions for use in this Description and the appended Claims.
Attorney Docket: 630-138US
Avaya Docket: 505076-A-O1-US
(oo2sl For the purposes of this specification and claims, the term "telephone type"
refers to the type of the calling telecommunications terminal. The telephone type of each telephone is based on one or more properties of the telephone, wherein each possible value of telephone type represents a specific combination of values of those properties. The properties include, but are not limited to, the following:
i. the location of the telephone (e.g., home, work, car, etc.);
ii. the capability of the telephone (e.g., voice, video, data, facsimile, pager, etc.);
iii. the transmission media used by the telephone (e.g., wireless, Code-Division Multiple Access [CDMA], Global System for Mobile Communications [GSM], wireline, etc.);
iv. the network transmission protocol used by the telephone (e.g., Internet protocol,, Integrated Services Digital Network [ISDN], analog, etc.);
v, the manufacturer (e.g., Avaya, Motorola, Nokia, Cisco, etc. ); and vi. the service provider (e.g., Verizon, Vonage, AT&T, SBC, etc.), As those who are skilled in the art will appreciate, telecommunications terminals can be characterized by a telephone type that is based on other properties than those listed above.
~ooz4l For the purposes of this specification and claims, the term "signaling protocol" is defined as the agreed-upon format for transmitting data between two devices.
Unless otherwise specified, the signaling protocol of the calling telephone refers to the format for transmitting data in the attempting of a call between the calling telephone and the calling network. The signaling protocol represented might refer to a broad set of protocols (e.g., ISDN, etc.) or it might refer to a specific layer, or subset, within the protocoH
set (e. g., Q.931, etc.).
~oo2sl Figure 2 depicts a schematic diagram of a telecommunications system, in accordance with the illustrative embodiment of the present invention.
Telecommunications system 200 comprises:
telecommunications network 101, ii. network telephone 103, iii. enhanced private branch exchange 205, iv. on-premises telephones 106 and 107, v. Internet protocol network 108, vi Internet protocol telephone 109, vii. cellular protocol network 110, and viii. cellular telephones 112 and 113, Attorney Docket: 630-138US
Avaya Docket: 505076-A-O1-US
all of which are interconnected as shown.
(oozs7 All of the elements depicted in Figure 2-with the exception of enhanced private branch exchange 205-are described above and with respect to Figure 1.
(ooze Enhanced private branch exchange 205 is a data-processing system, the salient components of which are described below and with respect to Figure 3.
Enhanced private branch exchange 205 is capable of switching incoming calls (e.g., from telephone 103, etc.) from network 101 via one or more communications paths to on-premises terminals, such as telephones 106 and 107. Exchange 205 is also capable of handling outgoing calls from on-premises terminals to network 101 via one or more communications paths.
(oozs7 Enhanced private branch exchange 205 is also capable of extending an incoming call (e.g., from telephone 103, etc.) to a telephone number of an off-premises terminal. From exchange 205's perspective, an °off-premises" terminal is a terminal that is accessible through network 101 while still being affiliated with exchange 205 as an extension to exchange 205's enterprise network. For pedagogical purposes, telephones 103 and 112 are the off-premises terminals in telecommunications system 200.
Exchange 205 is capable of extending the incoming call to the intended off-premises terminal in addition to or independently of switching the same incoming call to an on-premises terminal within the enterprise area that exchange 205 serves.
(ooz9l In addition, enhanced private branch exchange 205 is capable of receiving an incoming call attempt from an off-premises terminal, such as from telephone 103 or 112, in which the call attempt is for accessing one or more PBX user features. Note that these user features are available outside of the enterprise network to only those terminals that are affiliated with exchange 205 (i.e., telephones 103 and 112).
(oosol Enhanced private branch exchange 205 is connected to telecommunications systems that are present in network 101 via communications paths that comprise Integrated Services Digital Network (ISDN) trunks, as are known in the art. As those who are skilled in the art will appreciate, other types of communications paths might connect exchange 205 to network 101. For example, exchange 205 might receive at least some of the incoming calls via the Session Initiation Protocol over an Internet Protocol-based network.
(oo3il It will be clear to those skilled in the art, after reading this disclosure, how 1.o make and use alternative embodiments of the present invention in which enhanced private branch exchange 205 provides telecommunications service to a different number of on-premises terminals and a different number of off-premises terminals than those depicted. It Attorney Docket: 630-138US
Avaya Docket:505076-A-01-US
will also be clear to those skilled in the art, after reading this disclosure, how to make and use alternative embodiments of the present invention in which exchange 205-or another data-processing system that operates in accordance with the illustrative embodiment-provides service to telecommunications terminals other than telephones (e.g., handheld personal computers, etc. ).
~oosz~ Enhanced private branch exchange 205 is also capable of performing the tasks described below and with respect to Figure 4, in accordance with the illustrative embodiment. It will be clear to those skilled in the art, after reading this disclosure, how to make and use enhanced private branch exchange 205. Moreover, as those who are skilled in the art will appreciate, there can be alternative embodiments of the present invention in which a central office switch, contact center, or other type of data-processing system than a private branch exchange performs the described tasks. The data-processing systems in those alternative embodiments can inter-operate with the Public Switched Telephone Network that constitutes network 101. In some other alternative embodiments, those data-processing systems-or exchange 205, for that matter-can inter-operate with another type of network entirely (e.g., an Internet Protocol-based network, a wireless network, etc.).
Putting it differently, the present invention is well suited for implementation in variety of networks: in public and private telecommunications networks, in circuit-switched and packet-switched networks, in wireline and wireless networks, and so forth.
(oossl Figure 3 depicts a block diagram of the salient components of enhanced private branch exchange 205 in accordance with the illustrative embodiment of the present invention. Enhanced private branch exchange 205 comprises switching fabric 301, processor 302, and memory 303, interconnected as shown.
~oo3a~ Switching fabric 301 is capable of switching calls between on-premises terminals (e.g., telephones 106 and 107, etc.), and terminals that are accessible through network 101. In addition, switching fabric 301 is capable of performing the tasks described below and with respect to Figure 4, under the direction of processor 302. It will be clear to those skilled in the art how to make and use switching fabric 301.
~ooss~ Processor 302 is a general=purpose processor that is capable of receiving called-related data from switching fabric 301, of reading data from and writing data to memory 303, and of executing the tasks described below and with respect to Figure 4. In some alternative embodiments of the present invention, processor 302 might be a special-purpose processor. In either case, it will be clear to those skilled in the art, after reading this disclosure, how to make and use processor 302.
_8 Attorney Docket: 630-138US
Avaya Docket: 505076-A-01-US
(oossl Memory 303 is a non-volatile random-access memory that stores the instructions and data used by processor 302. Memory 303 stores the PBX on-premises extension and affiliated off-premises telephone number for each PBX user, which are shown in Table 1. Memory 303 also stores the expected values of the characteristics for each off-premises telephone number, as described below and illustrated in Table 2. It will be clear to those skilled in the art how to make and use memory 303.
(003~~ Figure 4 depicts a flowchart of the operation of enhanced private branch exchange 205, in accordance with the illustrative embodiment of the present invention.
Exchange 205 receives information that is related to a calling telephone and determines whether to grant the calling telephone a privilege (e.g., establishing a call with exchange 205, etc.). It will be clear to those skilled in the art which tasks depicted in Figure 4 can be performed simultaneously or in a different order than that depicted.
(oossl At task 401, exchange 205 receives a call attempt from a first, calling telephone, in well-known fashion. In some alternative embodiments, exchange 205 instead receives an initialization of a transaction of data (e.9., email messages, instant messaging messages, e>'c. ) to follow.
(oo3sl At task 402, exchange 205 receives a telephone number for the first telephone. The telephone number is a caller identifier, as is known in the art. In some alternative embodiments, exchange 205 receives some other type of identifier that identifies the calling (originating) party. Exchange 205 also receives one or both of (i) a telephone type and (ii) a signaling protocol. The telephone type is that of the calling telephone. For example, the telephone type might be based on the transmission media that the phone uses, in which case, the possible values for telephone type might represent "GSM," "CDMA,"
"Landline," and so forth. The signaling protocol is that which the calling telephone uses to place the call attempt. For example, the signaling protocol might have possible values that represent "ISDN," "SIP" (for "Session Initiation Protocol"), and so forth. It will be clear to those skilled in the art how the telephone type and the signaling protocol are transmitted from the calling network to exchange 205. In some embodiments, exchange 205 receives a plurality of identifiers that identifies the first telephon-e, wherein the plurality of identifiers comprises the telephone number.
(oo4ol At task 403, exchange 205 checks if the received telephone number matches any off-premises telephone number that is stored in memory 303. If so, the received telephone number might be that of a user and task execution proceeds to task 404 for _9 Attorney Docket: 630-1313US
Avaya Docket: 505076-A-01-US
verification. If not, the received telephone number is not of any user of exchange 205 and task execution ends.
~ooail At task 404, exchange 205 grants a privilege to the first telephone based on one or more criteria that exchange 205 uses to verify the identity of the first telephone.
Task 404 is described in detail below and with respect to Figure 5. Task execution then ends after task 404.
X0042) Figure 5 depicts a flowchart of the salient tasks that are related to task 404, in accordance with the illustrative embodiment of the present invention. In some alternative embodiments, as those who are skilled in the art will appreciate, other criteria than those described can be used to verify the identity of the first telephone. It will be clear to those skilled in the art which tasks depicted in Figure 5 can be performed simultaneously or in a different order than that depicted.
~ooa3~ At task 501, exchange 205 determines whether the received telephone type agrees with what is expected for the received telephone number. If the telephone type agrees with what is expected, task execution proceeds to task 502; otherwise, task execution proceeds to task 505.
(oo44I Exchange 205 has expected information for each affiliated telephone number stored in memory 303. Table 2 depicts an example of the type of information stored.
Off-PremisesTelecommunicationsTelephone Type Signaling Protocol Tele hone Network Number 103 201-555-1236 Landline ISDN
112 908-555-3381 GSM Cellular ISDN
Table 2 - Telephone Characteristics Database For example, for the telephone number "908-555-3381", exchange 205 expects a telephone type of "GSM Cellular". If the calling telephone's telephone type is "GSM
Cellular", then task:
execution proceeds to task 502. If the calling telephone's telephone type is something else, such as "Landline", then task execution proceeds to task 505.
~oo4s~ At task 502, exchange 205 determines whether the received signaling protocol agrees with what is expected for the received telephone number. If the signaling protocol agrees with what is expected, then task execution proceeds to task 503; otherwise, task execution proceeds to task 505.
(ooasl For example, for the telephone number "908-555-3381" as shown in Table 2, exchange 205 expects the calling telephone to be using a signaling protocol of "ISDN". If Attorney Docket: 630-138US
Avaya Docket: 505076-A-O1-US
the calling telephone is using a signaling protocol of "ISDN", then task execution proceed s to task 503; otherwise, task execution proceeds to task 505.
~ooa~) At task 503, exchange 205 determines whether the ordering of the identifiers within the received plurality of identifiers agrees with what is expected for the received telephone number. If the ordering of the identifiers agrees with what is expected, then task execution proceeds to task 504; otherwise, task execution proceeds to task 505.
(ooasl For example, suppose exchange 205 expects four identifiers A through D
in the order "A-B-C-D" in the signaling message. If exchange 205 receives the four identifiers, but in the order "A-B-D-C" (i.e., not in the order expected), then task execution proceeds to task 505.
~ooa9~ At task 504, exchange 205 grants one or more privileges to the calling telephone, having validated the identity of the calling telephone in tasks 501 through 503.
In accordance with the illustrative embodiment, the calling telephone has indicated, as part of the call attempt, the privilege that it wants. In some alternative embodiments, however, exchange 205 determines the privilege to grant to the calling telephone. The privilege, for example, might comprise establishing a call with exchange 205 or with another data-processing system. The privilege might further comprise calling a second telephone (e.g.,, telephone 103, etc.) through exchange 205. Alternatively, the privilege might be to access one or more user features at exchange 205. After task 504, task execution ends.
~ooso~ At task 505, exchange 205, having received at least one unexpected value for the received telephone number, ends the call attempt from the first telephone.
Task execution then ends.
~oo5y As described with respect to Figure 5 and in accordance with the illustrative embodiment, exchange 205 will not grant privileges if the result of any check-that of telephone type, for example-is unexpected. In some alternative embodiments, however, exchange 205 might still grant privileges, or a limited set of privileges, even if at least one of the results is unexpected, indeterminate, or unknown-for example, the received telephone type is unexpected but the received signaling protocol is as expected.
Furthermore, in some other alternative embodiments, exchange 205 might nat check the three characteristics of telephone type, signaling protocol, and the ordering of the identifiers; instead, it might check only one or two of those characteristics.
(oosz~ Two examples are now presented to explain further the operation of exchange 205. The first example is of an off-premises terminal, telephone 112, attempting Attorney Docket: 630-138US
Avaya Docket: 505076-A-01-US
a call to enhanced private branch exchange 205. The second example is of a spoofing terminal, telephone 109, attempting a call to exchange 205.
~ooss~ In the first example, the user of telephone 112, who is a legitimate user of exchange z05, wishes to access one or more features at exchange 205 and, to that end, attempts a call to exchange 205. Exchange 205 receives the call attempt, along with the telephone number (908-555-3381), telephone type (GSM Cellular), and signaling protocol (ISDN). Exchange 205 first verifies that the telephone number matches a number of a valid PBX user. Exchange 205 then checks the telephone type and signaling protocol and verifies that they match with the expected values. The identifier information has also arrived in the correct ordering. Therefore, exchange 205 determines that the calling telephone is valid and grants the telephone the one or more privileges that it is attempting to access.
(oos4) In the second example, the user of landline telephone 109 is attempting to hack into exchange 205 to access illegitimately one or more features. The user attempts a call to exchange 205, manipulating the terminal and infrastructure to send a spoofed calling party number, such as telephone 112's number (i.e., "908-555-3381"), to exchange 205.
As those who are skilled in the art will appreciate, some voice over Internet protocol networks do not prevent the sending of a spoofed telephone number as the calling number.
Exchange 205 receives the call attempt, along with the telephone number (908-555-3381), telephone type, and signaling protocol. Exchange 205 first verifies that the telephone number matches a number of a valid PBX user, in well-known fashion. Exchange 205 then checks the telephone type and determines that instead of being °GSM
Cellular", the received telephone type is actually °Landline". Having determined that the calling telephone is bogus, exchange 205 consequently does not grant the spoofing terminal any privileges and ends the call attempt.
(oossl It is to be understood that the above-described embodiments are merely illustrative of the present invention and that many variations of the above-described embodiments can be devised by those skilled in the art without departing from the scope of the invention. For example, in this Disclosure, numerous specific details are provided in order to provide a thorough description and understanding of the illustrative embodiments of the present invention. Those skilled in the art will recognize, however, that the invention can be practiced without one or more of those details, or with other methods, materials, components, et~c.
~ooss~ Furthermore, in some instances, well-known structures, materials, or operations are not shown or described in detail to avoid obscuring aspects of the illustrative - 1z Attorney Docket: 630-138US
Avaya Docket: 505076-A-O1-US
embodiments. It is understood that the various embodiments shown in the Figures are illustrative, and are not necessarily drawn to scale. Reference throughout the disclosure to "one embodiment" or "an embodiment" or "some embodiments" means that a particular feature, structure, material, or characteristic described in connection with the embodiments) is included in at least one embodiment of the present invention, but not necessarily all embodiments. Consequently, the appearances of the phrase "in one embodiment," "in an embodiment," or "in some embodiments" in various places throughout the Disclosure are not necessarily all referring to the same embodiment.
Furthermore, the particular features, structures, materials, or characteristics can be combined in any suitable manner in one or more embodiments. It is therefore intended that such variations be included within the scope of the following claims and their equivalents.
Avaya Docket: 505076-A-O1-US
(oo2sl For the purposes of this specification and claims, the term "telephone type"
refers to the type of the calling telecommunications terminal. The telephone type of each telephone is based on one or more properties of the telephone, wherein each possible value of telephone type represents a specific combination of values of those properties. The properties include, but are not limited to, the following:
i. the location of the telephone (e.g., home, work, car, etc.);
ii. the capability of the telephone (e.g., voice, video, data, facsimile, pager, etc.);
iii. the transmission media used by the telephone (e.g., wireless, Code-Division Multiple Access [CDMA], Global System for Mobile Communications [GSM], wireline, etc.);
iv. the network transmission protocol used by the telephone (e.g., Internet protocol,, Integrated Services Digital Network [ISDN], analog, etc.);
v, the manufacturer (e.g., Avaya, Motorola, Nokia, Cisco, etc. ); and vi. the service provider (e.g., Verizon, Vonage, AT&T, SBC, etc.), As those who are skilled in the art will appreciate, telecommunications terminals can be characterized by a telephone type that is based on other properties than those listed above.
~ooz4l For the purposes of this specification and claims, the term "signaling protocol" is defined as the agreed-upon format for transmitting data between two devices.
Unless otherwise specified, the signaling protocol of the calling telephone refers to the format for transmitting data in the attempting of a call between the calling telephone and the calling network. The signaling protocol represented might refer to a broad set of protocols (e.g., ISDN, etc.) or it might refer to a specific layer, or subset, within the protocoH
set (e. g., Q.931, etc.).
~oo2sl Figure 2 depicts a schematic diagram of a telecommunications system, in accordance with the illustrative embodiment of the present invention.
Telecommunications system 200 comprises:
telecommunications network 101, ii. network telephone 103, iii. enhanced private branch exchange 205, iv. on-premises telephones 106 and 107, v. Internet protocol network 108, vi Internet protocol telephone 109, vii. cellular protocol network 110, and viii. cellular telephones 112 and 113, Attorney Docket: 630-138US
Avaya Docket: 505076-A-O1-US
all of which are interconnected as shown.
(oozs7 All of the elements depicted in Figure 2-with the exception of enhanced private branch exchange 205-are described above and with respect to Figure 1.
(ooze Enhanced private branch exchange 205 is a data-processing system, the salient components of which are described below and with respect to Figure 3.
Enhanced private branch exchange 205 is capable of switching incoming calls (e.g., from telephone 103, etc.) from network 101 via one or more communications paths to on-premises terminals, such as telephones 106 and 107. Exchange 205 is also capable of handling outgoing calls from on-premises terminals to network 101 via one or more communications paths.
(oozs7 Enhanced private branch exchange 205 is also capable of extending an incoming call (e.g., from telephone 103, etc.) to a telephone number of an off-premises terminal. From exchange 205's perspective, an °off-premises" terminal is a terminal that is accessible through network 101 while still being affiliated with exchange 205 as an extension to exchange 205's enterprise network. For pedagogical purposes, telephones 103 and 112 are the off-premises terminals in telecommunications system 200.
Exchange 205 is capable of extending the incoming call to the intended off-premises terminal in addition to or independently of switching the same incoming call to an on-premises terminal within the enterprise area that exchange 205 serves.
(ooz9l In addition, enhanced private branch exchange 205 is capable of receiving an incoming call attempt from an off-premises terminal, such as from telephone 103 or 112, in which the call attempt is for accessing one or more PBX user features. Note that these user features are available outside of the enterprise network to only those terminals that are affiliated with exchange 205 (i.e., telephones 103 and 112).
(oosol Enhanced private branch exchange 205 is connected to telecommunications systems that are present in network 101 via communications paths that comprise Integrated Services Digital Network (ISDN) trunks, as are known in the art. As those who are skilled in the art will appreciate, other types of communications paths might connect exchange 205 to network 101. For example, exchange 205 might receive at least some of the incoming calls via the Session Initiation Protocol over an Internet Protocol-based network.
(oo3il It will be clear to those skilled in the art, after reading this disclosure, how 1.o make and use alternative embodiments of the present invention in which enhanced private branch exchange 205 provides telecommunications service to a different number of on-premises terminals and a different number of off-premises terminals than those depicted. It Attorney Docket: 630-138US
Avaya Docket:505076-A-01-US
will also be clear to those skilled in the art, after reading this disclosure, how to make and use alternative embodiments of the present invention in which exchange 205-or another data-processing system that operates in accordance with the illustrative embodiment-provides service to telecommunications terminals other than telephones (e.g., handheld personal computers, etc. ).
~oosz~ Enhanced private branch exchange 205 is also capable of performing the tasks described below and with respect to Figure 4, in accordance with the illustrative embodiment. It will be clear to those skilled in the art, after reading this disclosure, how to make and use enhanced private branch exchange 205. Moreover, as those who are skilled in the art will appreciate, there can be alternative embodiments of the present invention in which a central office switch, contact center, or other type of data-processing system than a private branch exchange performs the described tasks. The data-processing systems in those alternative embodiments can inter-operate with the Public Switched Telephone Network that constitutes network 101. In some other alternative embodiments, those data-processing systems-or exchange 205, for that matter-can inter-operate with another type of network entirely (e.g., an Internet Protocol-based network, a wireless network, etc.).
Putting it differently, the present invention is well suited for implementation in variety of networks: in public and private telecommunications networks, in circuit-switched and packet-switched networks, in wireline and wireless networks, and so forth.
(oossl Figure 3 depicts a block diagram of the salient components of enhanced private branch exchange 205 in accordance with the illustrative embodiment of the present invention. Enhanced private branch exchange 205 comprises switching fabric 301, processor 302, and memory 303, interconnected as shown.
~oo3a~ Switching fabric 301 is capable of switching calls between on-premises terminals (e.g., telephones 106 and 107, etc.), and terminals that are accessible through network 101. In addition, switching fabric 301 is capable of performing the tasks described below and with respect to Figure 4, under the direction of processor 302. It will be clear to those skilled in the art how to make and use switching fabric 301.
~ooss~ Processor 302 is a general=purpose processor that is capable of receiving called-related data from switching fabric 301, of reading data from and writing data to memory 303, and of executing the tasks described below and with respect to Figure 4. In some alternative embodiments of the present invention, processor 302 might be a special-purpose processor. In either case, it will be clear to those skilled in the art, after reading this disclosure, how to make and use processor 302.
_8 Attorney Docket: 630-138US
Avaya Docket: 505076-A-01-US
(oossl Memory 303 is a non-volatile random-access memory that stores the instructions and data used by processor 302. Memory 303 stores the PBX on-premises extension and affiliated off-premises telephone number for each PBX user, which are shown in Table 1. Memory 303 also stores the expected values of the characteristics for each off-premises telephone number, as described below and illustrated in Table 2. It will be clear to those skilled in the art how to make and use memory 303.
(003~~ Figure 4 depicts a flowchart of the operation of enhanced private branch exchange 205, in accordance with the illustrative embodiment of the present invention.
Exchange 205 receives information that is related to a calling telephone and determines whether to grant the calling telephone a privilege (e.g., establishing a call with exchange 205, etc.). It will be clear to those skilled in the art which tasks depicted in Figure 4 can be performed simultaneously or in a different order than that depicted.
(oossl At task 401, exchange 205 receives a call attempt from a first, calling telephone, in well-known fashion. In some alternative embodiments, exchange 205 instead receives an initialization of a transaction of data (e.9., email messages, instant messaging messages, e>'c. ) to follow.
(oo3sl At task 402, exchange 205 receives a telephone number for the first telephone. The telephone number is a caller identifier, as is known in the art. In some alternative embodiments, exchange 205 receives some other type of identifier that identifies the calling (originating) party. Exchange 205 also receives one or both of (i) a telephone type and (ii) a signaling protocol. The telephone type is that of the calling telephone. For example, the telephone type might be based on the transmission media that the phone uses, in which case, the possible values for telephone type might represent "GSM," "CDMA,"
"Landline," and so forth. The signaling protocol is that which the calling telephone uses to place the call attempt. For example, the signaling protocol might have possible values that represent "ISDN," "SIP" (for "Session Initiation Protocol"), and so forth. It will be clear to those skilled in the art how the telephone type and the signaling protocol are transmitted from the calling network to exchange 205. In some embodiments, exchange 205 receives a plurality of identifiers that identifies the first telephon-e, wherein the plurality of identifiers comprises the telephone number.
(oo4ol At task 403, exchange 205 checks if the received telephone number matches any off-premises telephone number that is stored in memory 303. If so, the received telephone number might be that of a user and task execution proceeds to task 404 for _9 Attorney Docket: 630-1313US
Avaya Docket: 505076-A-01-US
verification. If not, the received telephone number is not of any user of exchange 205 and task execution ends.
~ooail At task 404, exchange 205 grants a privilege to the first telephone based on one or more criteria that exchange 205 uses to verify the identity of the first telephone.
Task 404 is described in detail below and with respect to Figure 5. Task execution then ends after task 404.
X0042) Figure 5 depicts a flowchart of the salient tasks that are related to task 404, in accordance with the illustrative embodiment of the present invention. In some alternative embodiments, as those who are skilled in the art will appreciate, other criteria than those described can be used to verify the identity of the first telephone. It will be clear to those skilled in the art which tasks depicted in Figure 5 can be performed simultaneously or in a different order than that depicted.
~ooa3~ At task 501, exchange 205 determines whether the received telephone type agrees with what is expected for the received telephone number. If the telephone type agrees with what is expected, task execution proceeds to task 502; otherwise, task execution proceeds to task 505.
(oo44I Exchange 205 has expected information for each affiliated telephone number stored in memory 303. Table 2 depicts an example of the type of information stored.
Off-PremisesTelecommunicationsTelephone Type Signaling Protocol Tele hone Network Number 103 201-555-1236 Landline ISDN
112 908-555-3381 GSM Cellular ISDN
Table 2 - Telephone Characteristics Database For example, for the telephone number "908-555-3381", exchange 205 expects a telephone type of "GSM Cellular". If the calling telephone's telephone type is "GSM
Cellular", then task:
execution proceeds to task 502. If the calling telephone's telephone type is something else, such as "Landline", then task execution proceeds to task 505.
~oo4s~ At task 502, exchange 205 determines whether the received signaling protocol agrees with what is expected for the received telephone number. If the signaling protocol agrees with what is expected, then task execution proceeds to task 503; otherwise, task execution proceeds to task 505.
(ooasl For example, for the telephone number "908-555-3381" as shown in Table 2, exchange 205 expects the calling telephone to be using a signaling protocol of "ISDN". If Attorney Docket: 630-138US
Avaya Docket: 505076-A-O1-US
the calling telephone is using a signaling protocol of "ISDN", then task execution proceed s to task 503; otherwise, task execution proceeds to task 505.
~ooa~) At task 503, exchange 205 determines whether the ordering of the identifiers within the received plurality of identifiers agrees with what is expected for the received telephone number. If the ordering of the identifiers agrees with what is expected, then task execution proceeds to task 504; otherwise, task execution proceeds to task 505.
(ooasl For example, suppose exchange 205 expects four identifiers A through D
in the order "A-B-C-D" in the signaling message. If exchange 205 receives the four identifiers, but in the order "A-B-D-C" (i.e., not in the order expected), then task execution proceeds to task 505.
~ooa9~ At task 504, exchange 205 grants one or more privileges to the calling telephone, having validated the identity of the calling telephone in tasks 501 through 503.
In accordance with the illustrative embodiment, the calling telephone has indicated, as part of the call attempt, the privilege that it wants. In some alternative embodiments, however, exchange 205 determines the privilege to grant to the calling telephone. The privilege, for example, might comprise establishing a call with exchange 205 or with another data-processing system. The privilege might further comprise calling a second telephone (e.g.,, telephone 103, etc.) through exchange 205. Alternatively, the privilege might be to access one or more user features at exchange 205. After task 504, task execution ends.
~ooso~ At task 505, exchange 205, having received at least one unexpected value for the received telephone number, ends the call attempt from the first telephone.
Task execution then ends.
~oo5y As described with respect to Figure 5 and in accordance with the illustrative embodiment, exchange 205 will not grant privileges if the result of any check-that of telephone type, for example-is unexpected. In some alternative embodiments, however, exchange 205 might still grant privileges, or a limited set of privileges, even if at least one of the results is unexpected, indeterminate, or unknown-for example, the received telephone type is unexpected but the received signaling protocol is as expected.
Furthermore, in some other alternative embodiments, exchange 205 might nat check the three characteristics of telephone type, signaling protocol, and the ordering of the identifiers; instead, it might check only one or two of those characteristics.
(oosz~ Two examples are now presented to explain further the operation of exchange 205. The first example is of an off-premises terminal, telephone 112, attempting Attorney Docket: 630-138US
Avaya Docket: 505076-A-01-US
a call to enhanced private branch exchange 205. The second example is of a spoofing terminal, telephone 109, attempting a call to exchange 205.
~ooss~ In the first example, the user of telephone 112, who is a legitimate user of exchange z05, wishes to access one or more features at exchange 205 and, to that end, attempts a call to exchange 205. Exchange 205 receives the call attempt, along with the telephone number (908-555-3381), telephone type (GSM Cellular), and signaling protocol (ISDN). Exchange 205 first verifies that the telephone number matches a number of a valid PBX user. Exchange 205 then checks the telephone type and signaling protocol and verifies that they match with the expected values. The identifier information has also arrived in the correct ordering. Therefore, exchange 205 determines that the calling telephone is valid and grants the telephone the one or more privileges that it is attempting to access.
(oos4) In the second example, the user of landline telephone 109 is attempting to hack into exchange 205 to access illegitimately one or more features. The user attempts a call to exchange 205, manipulating the terminal and infrastructure to send a spoofed calling party number, such as telephone 112's number (i.e., "908-555-3381"), to exchange 205.
As those who are skilled in the art will appreciate, some voice over Internet protocol networks do not prevent the sending of a spoofed telephone number as the calling number.
Exchange 205 receives the call attempt, along with the telephone number (908-555-3381), telephone type, and signaling protocol. Exchange 205 first verifies that the telephone number matches a number of a valid PBX user, in well-known fashion. Exchange 205 then checks the telephone type and determines that instead of being °GSM
Cellular", the received telephone type is actually °Landline". Having determined that the calling telephone is bogus, exchange 205 consequently does not grant the spoofing terminal any privileges and ends the call attempt.
(oossl It is to be understood that the above-described embodiments are merely illustrative of the present invention and that many variations of the above-described embodiments can be devised by those skilled in the art without departing from the scope of the invention. For example, in this Disclosure, numerous specific details are provided in order to provide a thorough description and understanding of the illustrative embodiments of the present invention. Those skilled in the art will recognize, however, that the invention can be practiced without one or more of those details, or with other methods, materials, components, et~c.
~ooss~ Furthermore, in some instances, well-known structures, materials, or operations are not shown or described in detail to avoid obscuring aspects of the illustrative - 1z Attorney Docket: 630-138US
Avaya Docket: 505076-A-O1-US
embodiments. It is understood that the various embodiments shown in the Figures are illustrative, and are not necessarily drawn to scale. Reference throughout the disclosure to "one embodiment" or "an embodiment" or "some embodiments" means that a particular feature, structure, material, or characteristic described in connection with the embodiments) is included in at least one embodiment of the present invention, but not necessarily all embodiments. Consequently, the appearances of the phrase "in one embodiment," "in an embodiment," or "in some embodiments" in various places throughout the Disclosure are not necessarily all referring to the same embodiment.
Furthermore, the particular features, structures, materials, or characteristics can be combined in any suitable manner in one or more embodiments. It is therefore intended that such variations be included within the scope of the following claims and their equivalents.
Claims (20)
1. A method comprising:
receiving a telephone number and a telephone type for a first telephone; and granting a privilege to said first telephone based on whether or not said telephone type agrees with what is expected for said telephone number.
receiving a telephone number and a telephone type for a first telephone; and granting a privilege to said first telephone based on whether or not said telephone type agrees with what is expected for said telephone number.
2. The method of claim 1 wherein said privilege comprises establishing a call with a data-processing system.
3. The method of claim 2 wherein said privilege further comprises calling a second telephone through said data-processing system.
4. The method of claim 3 wherein said data-processing system is a private branch exchange, and wherein said second telephone is off-premises in relation to said private branch exchange.
5. The method of claim 1 further comprising:
receiving a call attempt from said first telephone; and ending said call attempt when said telephone type is different from what is expected for said telephone number.
receiving a call attempt from said first telephone; and ending said call attempt when said telephone type is different from what is expected for said telephone number.
6. The method of claim 1 wherein said first telephone is an Internet Protocol-capable telephone.
7. The method of claim 1 wherein the granting of said privilege is also based on the signaling protocol that said first telephone uses to originate a call.
8. A method comprising:
receiving a telephone number and a signaling protocol for a first telephone;
and granting a privilege to said first telephone based on whether or not said signaling protocol agrees with what is expected for said telephone number.
receiving a telephone number and a signaling protocol for a first telephone;
and granting a privilege to said first telephone based on whether or not said signaling protocol agrees with what is expected for said telephone number.
9. The method of claim 8 wherein said privilege comprises establishing a call with a data-processing system.
10. The method of claim 9 wherein said privilege further comprises calling a second telephone through said data-processing system.
11. The method of claim 10 wherein said data-processing system is a private branch exchange, and wherein said second telephone is off-premises in relation to said private branch exchange.
12. The method of claim 8 further comprising:
receiving a call attempt from said first telephone; and ending said call attempt when said signaling protocol is different from what is expected for said telephone number.
receiving a call attempt from said first telephone; and ending said call attempt when said signaling protocol is different from what is expected for said telephone number.
13. The method of claim 8 wherein said signaling protocol is based on a protocol other than the Integrated Services Digital Network protocol set.
14. The method of claim 8 wherein the granting of said privilege is also based on the telephone type of said first telephone.
15. A method comprising:
receiving a plurality of identifiers that identifies a first telephone, wherein said plurality of identifiers comprises a telephone number; and granting a privilege to said first telephone based on whether or not the ordering of said identifiers within said plurality agrees with what is expected for said telephone number.
receiving a plurality of identifiers that identifies a first telephone, wherein said plurality of identifiers comprises a telephone number; and granting a privilege to said first telephone based on whether or not the ordering of said identifiers within said plurality agrees with what is expected for said telephone number.
16. The method of claim 15 wherein said privilege comprises establishing a call with a data-processing system.
17. The method of claim 16 wherein said privilege further comprises calling a second telephone through said data-processing system.
18. The method of claim 17 wherein said data-processing system is a private branch exchange, and wherein said second telephone is off-premises in relation to said private branch exchange.
19. The method of claim 15 further comprising:
receiving a call attempt from said first telephone; and ending said call attempt when the ordering of said identifiers within said plurality is different from what is expected for said telephone number.
receiving a call attempt from said first telephone; and ending said call attempt when the ordering of said identifiers within said plurality is different from what is expected for said telephone number.
20. The method of claim 15 wherein the granting of said privilege is also based on the telephone type of said first telephone.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US11/237,537 US7974395B2 (en) | 2005-09-28 | 2005-09-28 | Detection of telephone number spoofing |
| US11/237,537 | 2005-09-28 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2558616A1 true CA2558616A1 (en) | 2007-03-28 |
Family
ID=37667492
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002558616A Abandoned CA2558616A1 (en) | 2005-09-28 | 2006-09-05 | Detection of telephone number spoofing |
Country Status (3)
| Country | Link |
|---|---|
| US (1) | US7974395B2 (en) |
| EP (1) | EP1770973A1 (en) |
| CA (1) | CA2558616A1 (en) |
Families Citing this family (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| MXPA05003493A (en) * | 2002-10-02 | 2005-09-30 | Catalyst Biosciences | Methods of generating and screenign for porteases with altered specificity. |
| US20080005241A1 (en) * | 2006-06-30 | 2008-01-03 | Searete Llc, A Limited Liability Corporation Of The State Of Delaware | Usage parameters for communication content |
| US8949337B2 (en) | 2006-06-30 | 2015-02-03 | The Invention Science Fund I, Llc | Generation and establishment of identifiers for communication |
| US8346872B2 (en) * | 2006-06-30 | 2013-01-01 | The Invention Science Fund I, Llc | Context parameters and identifiers for communication |
| US9152928B2 (en) * | 2006-06-30 | 2015-10-06 | Triplay, Inc. | Context parameters and identifiers for communication |
| US9219815B2 (en) * | 2006-08-18 | 2015-12-22 | Triplay, Inc. | Identifier technique for communication interchange |
| US9398491B2 (en) * | 2006-09-13 | 2016-07-19 | Nokia Technologies Oy | Methods and apparatus for resource allocation based on changeable service levels |
| US20090041205A1 (en) * | 2007-08-10 | 2009-02-12 | Tekelec | Methods, systems, and computer program products for detecting and mitigating ping call events in a communications network |
| ES2400166T3 (en) | 2008-10-20 | 2013-04-08 | Koninklijke Kpn N.V. | Protection of services in a mobile network against impersonation of CLI |
| KR101281882B1 (en) * | 2009-10-12 | 2013-07-03 | 한국전자통신연구원 | Caller certification method and system for phishing prevention |
| GB2524302A (en) | 2014-03-20 | 2015-09-23 | Ibm | Verifying telephone caller origin |
| US9589566B2 (en) | 2014-03-21 | 2017-03-07 | Wells Fargo Bank, N.A. | Fraud detection database |
| US9781255B1 (en) * | 2015-06-08 | 2017-10-03 | Sprint Communications Company L.P. | Authentication of phone call origination |
| CN106504768B (en) * | 2016-10-21 | 2019-05-03 | 百度在线网络技术(北京)有限公司 | Phone testing audio frequency classification method and device based on artificial intelligence |
| US9762728B1 (en) | 2016-12-02 | 2017-09-12 | TrustID, Inc. | Using calling party number for caller authentication |
| US10205825B2 (en) | 2017-02-28 | 2019-02-12 | At&T Intellectual Property I, L.P. | System and method for processing an automated call based on preferences and conditions |
| US20180249005A1 (en) * | 2017-02-28 | 2018-08-30 | At&T Intellectual Property I, L.P. | System and method for identifying, authenticating, and processing an automated call |
| US10091349B1 (en) | 2017-07-11 | 2018-10-02 | Vail Systems, Inc. | Fraud detection system and method |
| US10623581B2 (en) | 2017-07-25 | 2020-04-14 | Vail Systems, Inc. | Adaptive, multi-modal fraud detection system |
| CN110677848B (en) * | 2018-07-02 | 2022-08-30 | 中国电信股份有限公司 | Method and device for identifying counterfeit number and computer readable storage medium |
| US10681206B1 (en) | 2018-12-05 | 2020-06-09 | At&T Intellectual Property I, L.P. | Detecting a spoofed call |
| US10938982B1 (en) | 2019-04-04 | 2021-03-02 | Next Caller, Inc. | Telecommunications validation system and method |
| EP4099670A1 (en) * | 2019-12-13 | 2022-12-07 | Google LLC | Detection of spoofed calls using call header |
| US10750010B1 (en) | 2019-12-31 | 2020-08-18 | First Orion Corp. | Call authorization and verification via a service provider code |
| US11122032B2 (en) | 2019-12-31 | 2021-09-14 | First Orion Corp. | Call authorization and verification via a service provider code |
| US11330101B2 (en) | 2020-05-21 | 2022-05-10 | Micron Technology, Inc. | Managing spoofed calls to mobile devices |
| US11729313B2 (en) | 2021-05-17 | 2023-08-15 | T-Mobile Usa, Inc. | Spoofed telephone call identifier |
Family Cites Families (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5081667A (en) * | 1989-05-01 | 1992-01-14 | Clifford Electronics, Inc. | System for integrating a cellular telephone with a vehicle security system |
| US5634122A (en) | 1994-12-30 | 1997-05-27 | International Business Machines Corporation | System and method for multi-level token management for distributed file systems |
| JP3567519B2 (en) | 1995-03-17 | 2004-09-22 | 富士通株式会社 | Information exchange system |
| KR100193824B1 (en) * | 1995-07-06 | 1999-06-15 | 윤종용 | Incoming service method of exchange |
| US5684869A (en) * | 1995-12-27 | 1997-11-04 | Lucent Technologies, Inc. | Telephone station remote access device and method |
| US5974133A (en) * | 1996-04-30 | 1999-10-26 | Southwestern Bell Technology Resources, Inc. | Method and apparatus for facilitating communication across multiple locations |
| US5889952A (en) * | 1996-08-14 | 1999-03-30 | Microsoft Corporation | Access check system utilizing cached access permissions |
| US5684950A (en) * | 1996-09-23 | 1997-11-04 | Lockheed Martin Corporation | Method and system for authenticating users to multiple computer servers via a single sign-on |
| US6122631A (en) * | 1997-03-28 | 2000-09-19 | International Business Machines Corporation | Dynamic server-managed access control for a distributed file system |
| US6845453B2 (en) * | 1998-02-13 | 2005-01-18 | Tecsec, Inc. | Multiple factor-based user identification and authentication |
| US6445783B1 (en) * | 1998-07-14 | 2002-09-03 | At&T Corp. | System and method that provides specialized processing of communications based on automatically generated identifiers |
| US6941552B1 (en) * | 1998-07-30 | 2005-09-06 | International Business Machines Corporation | Method and apparatus to retain applet security privileges outside of the Java virtual machine |
| US6249575B1 (en) * | 1998-12-11 | 2001-06-19 | Securelogix Corporation | Telephony security system |
| US6510523B1 (en) * | 1999-02-22 | 2003-01-21 | Sun Microsystems Inc. | Method and system for providing limited access privileges with an untrusted terminal |
| FI110975B (en) * | 1999-12-22 | 2003-04-30 | Nokia Corp | Prevention of fraud in telecommunication systems |
| JP2002132722A (en) | 2000-10-30 | 2002-05-10 | Nippon Telegr & Teleph Corp <Ntt> | Surrogate authentication method, respective devices therefor, processing method for the same and program recording medium |
| US7370351B1 (en) * | 2001-03-22 | 2008-05-06 | Novell, Inc. | Cross domain authentication and security services using proxies for HTTP access |
| US8005965B2 (en) * | 2001-06-30 | 2011-08-23 | International Business Machines Corporation | Method and system for secure server-based session management using single-use HTTP cookies |
| US6768792B2 (en) * | 2001-12-17 | 2004-07-27 | International Business Machines Corporation | Identifying call parties to a call to an incoming calling party |
| US7200215B2 (en) * | 2002-02-21 | 2007-04-03 | International Business Machines Corporation | Time based regulation of access to callees |
| US7092942B2 (en) | 2002-05-31 | 2006-08-15 | Bea Systems, Inc. | Managing secure resources in web resources that are accessed by multiple portals |
| US7770212B2 (en) * | 2002-08-15 | 2010-08-03 | Activcard | System and method for privilege delegation and control |
| US7379544B2 (en) * | 2002-11-05 | 2008-05-27 | Telebuyer, Llc | Comprehensive telephone call screening system |
| US7616748B1 (en) * | 2002-11-05 | 2009-11-10 | Telebuyer, Llc | Central call screening system |
| JP2004310581A (en) | 2003-04-09 | 2004-11-04 | Nec Corp | Network connecting method, and network system |
| US20040213172A1 (en) * | 2003-04-24 | 2004-10-28 | Myers Robert L. | Anti-spoofing system and method |
| GB0317124D0 (en) * | 2003-07-22 | 2003-08-27 | Nokia Corp | Charging in a communication system |
| US7665147B2 (en) * | 2004-02-05 | 2010-02-16 | At&T Mobility Ii Llc | Authentication of HTTP applications |
| US7565547B2 (en) * | 2004-02-27 | 2009-07-21 | Sesame Networks Inc. | Trust inheritance in network authentication |
| US20060153346A1 (en) * | 2005-01-11 | 2006-07-13 | Metro Enterprises, Inc. | On-line authentication registration system |
| US8718258B2 (en) * | 2005-01-24 | 2014-05-06 | Sprint Communication Company L.P. | System and method for jurisdictional routing |
| US7336772B1 (en) * | 2005-04-26 | 2008-02-26 | Verizon Data Services Inc. | Methods and systems for connecting a call using a name or series of characters |
| US7643624B2 (en) * | 2005-05-03 | 2010-01-05 | Vtech Telecommunications Limited | Remote line access for a multi-line residential telephone |
| US7653188B2 (en) * | 2005-07-20 | 2010-01-26 | Avaya Inc. | Telephony extension attack detection, recording, and intelligent prevention |
| US7437755B2 (en) * | 2005-10-26 | 2008-10-14 | Cisco Technology, Inc. | Unified network and physical premises access control server |
-
2005
- 2005-09-28 US US11/237,537 patent/US7974395B2/en active Active
-
2006
- 2006-09-05 CA CA002558616A patent/CA2558616A1/en not_active Abandoned
- 2006-09-22 EP EP06019830A patent/EP1770973A1/en not_active Withdrawn
Also Published As
| Publication number | Publication date |
|---|---|
| US7974395B2 (en) | 2011-07-05 |
| US20070081648A1 (en) | 2007-04-12 |
| EP1770973A1 (en) | 2007-04-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7974395B2 (en) | Detection of telephone number spoofing | |
| US9515850B2 (en) | Non-validated emergency calls for all-IP 3GPP IMS networks | |
| US8526426B2 (en) | Configuring guest users for a VoIP device of a primary user | |
| CA3013899C (en) | Methods, telecommunication switches and computer programs for processing call setup signalling | |
| US8175580B1 (en) | End-to-end secure wireless communication for requesting a more secure channel | |
| JP5212071B2 (en) | Communication device and mobile terminal | |
| Mustafa et al. | End-to-end detection of caller ID spoofing attacks | |
| JP2008546245A (en) | System and method for proxy signal manipulation in an IP telephone network | |
| US7133516B2 (en) | Prevention of call forwarding loops in communication networks | |
| US20050002506A1 (en) | System and method for routing telephone calls over a voice and data network | |
| EP2178323B1 (en) | Protection of services in mobile network against CLI-spoofing | |
| CN110324819A (en) | The management method and management server of vice card terminal | |
| US10178136B2 (en) | Systems and methods of providing multimedia service to a legacy device | |
| US7751547B2 (en) | Extending a call to a telecommunications terminal through an intermediate point | |
| US9160861B2 (en) | Managing held telephone calls at the call-forwarding system | |
| US9083793B2 (en) | Method and apparatus for providing network based services to private branch exchange endpoints | |
| US20070049331A1 (en) | Continuing a call on a call appearance that has been excluded from the call | |
| US20070280454A1 (en) | Signaling a Telecommunications Terminal Through a Remote System | |
| JP4433895B2 (en) | Notification number verification system | |
| JP4715946B2 (en) | Notification number verification system | |
| Chaudhry et al. | Secure Calls and Caller ID Spoofing Countermeasures Towards building a Cyber Smart Societies | |
| JP5454707B2 (en) | Communication device | |
| JP5454708B2 (en) | Communication device | |
| JP2003061137A (en) | Mobile communication system | |
| KR20070012067A (en) | Communication system for performing a ring back tone service and method the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| FZDE | Discontinued |