[go: up one dir, main page]

GB2618414A - Method of one-time caller authentication passwords - Google Patents

Method of one-time caller authentication passwords Download PDF

Info

Publication number
GB2618414A
GB2618414A GB2302924.2A GB202302924A GB2618414A GB 2618414 A GB2618414 A GB 2618414A GB 202302924 A GB202302924 A GB 202302924A GB 2618414 A GB2618414 A GB 2618414A
Authority
GB
United Kingdom
Prior art keywords
identity
internet
telephone
doorstep
callers
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB2302924.2A
Other versions
GB2618414B (en
GB202302924D0 (en
Inventor
Ashley Brown Steven
Mcguire Henry
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of GB202302924D0 publication Critical patent/GB202302924D0/en
Publication of GB2618414A publication Critical patent/GB2618414A/en
Application granted granted Critical
Publication of GB2618414B publication Critical patent/GB2618414B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/436Arrangements for screening incoming calls, i.e. evaluating the characteristics of a call before deciding whether to answer it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/60Aspects of automatic or semi-automatic exchanges related to security aspects in telephonic communication systems
    • H04M2203/6045Identity confirmation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A method of identity authentication for telephone, internet and doorstep calling wherein a called party 1 can authenticate the identity of a caller in real time using a range of time-based one-time passwords (TOTP) 2 within voice, video, and face-to-face communication systems. When a call is received 4 the system or a called party requests that a caller verify their identity by accurately providing requested one-time password information to a called party or system within a set timescale prior to or after a call being answered or access being gained 5. Screen presentation content within this method can be personalised and edited in real time and one-time password time limitations can be set by system or an end user. The system operates across multiple accounts and is designed to be employed by corporate, commercial, organisation and institution callers calling a single consumer.

Description

1 Method of One-time Caller Authentication Passwords
3 The present invention relates to the field of
4 telecommunications. In particular, it discloses a method whereby a consumer can authenticate the identity of a 6 telephone, internet or doorstep caller from a corporate, / commercial, organisation or institution.
9 Currently when a corporate, commercial, organisation or institution phones a customer or account holder or a 11 customer or account holder calls a corporate, commercial, 12 organisation or institution it is the consumer who must 13 authenticate their identity by various means such as 14 correctly answering specific personal or account questions or by correctly verifying a code generated and 16 supplied by the corporate, commercial, organisation or 17 institution. This process is one sided and leaves a 18 consumer at a distinct disadvantage and vulnerable to 19 criminal and other unwanted activity with no means of authenticating the identity of a corporate, commercial, 21 organisation or institution caller to their personal 22 satisfaction. Similar consumer disadvantages and 23 vulnerabilities apply to doorstep calls from a corporate, 24 commercial, organisation or institution.
26 One-time passwords (OTP) and time-based one-time password 27 (TOTP) are an automatically generated numeric or 28 alphanumeric string of characters that authenticate a 29 user for a single transaction or login session. One-time passwords (OTP) and time-based one-time passwords (TOT?) 31 are more secure than static passwords, especially user- 32 created passwords, which can be weak and or reused across 33 multiple accounts.
2 Currently time-based one-time password (TOT?) services 3 are commonly used within the area of internet technology 4 to replace static passwords as authentication for a login session or transaction and may be used as an additional 6 layer of security. For example, with the introduction of online banking and other online accounts one-time 8 passwords are used as two-factor authentication that is 9 sent to consumers by email or SMS to further verify their identity when making an online payment.
12 The limitations of much of the prior art systems are 13 readily apparent. For example, one-time passwords (CT?) 14 and time-based one-time passwords (TOTP) are limited by being one sided and generated solely by or on behalf of 16 commercial, corporate, organisation or institutions and 17 sent to a consumer via email, SMS or proprietary tokens 18 for one-time use to validate the identity of an account.
Currently utility companies operate a system whereby a 21 customer has a shared secret with each utility company in 22 order to identify a doorstep caller from a particular 23 company. Limitations of this prior art is also readily 24 apparent due to a customer of multiple utility companies having to remember multiple shared secrets and passwords.
27 With the further develop-rent of telecommunications, 28 intercom and doorbell systems it is now possible to 29 incorporate or integrate existing and developing intercom and doorbell systems with or within a consumer centric 31 one-time password (CT?) caller authentication system.
1 It is an object of the present invention to provide a 2 method of time-based one-time passwords (TOTP) caller 3 authentication within telephone, internet and doorstep 4 calling systems for use across multiple accounts to enable a consumer to authenticate the identity of 6 corporate, commercial, organisation or institution 4 callers.
9 It is a further object of the present invention to provide a method of time-based one-time passwords (TOTP) 11 caller authentication within telephone, internet and 12 doorstep calling systems to enable a corporate, 13 commercial, organisation or institution to authenticate 14 the identity of known or unknown callers prior to or after answering a call.
17 It is a further object of the present invention to 18 provide each user with or with access to at least one 19 one-time password generator.
21 It is a further object of the present invention to 22 provide each user with or with access to at least one 23 one-time password validator.
It is a further object of the present invention to 26 provide each user with or with access to at least one 27 one-time password display.
29 It is a further object of the present invention to provide a method whereby each user has control over who 31 has access to their one-time password information.
1 According to the present invention there is provided a 2 method of authenticating the identity of telephone, 3 internet and doorstep callers using a range of time-based 4 one-time passwords (TOTE) across multiple accounts, the method comprising the steps of: 4 1) Caller selects party to be called.
8 2) Prior to or after call being initiated by 9 caller system generates delivers and presents a one-time password on device of caller or 11 devices of caller and selected party.
12 3) Caller initiates call to selected party.
13 4) Prior to or after call being answered or access 14 being gained system or called party requests caller to authenticate their identity by 16 accurately providing a one-time password to 17 system or called party within set timesoale.
18 5) On requested one-time password being received 19 presented to and verified by system or called party called party answers call or rejects call 21 or continues with call or discontinues call or 22 allows access or denies access.
24 Preferably a call comprises mobile, landline, Internet, nearfield, intercom or doorbell or door knock cal:.
27 Preferably a call further comprises voice, video, access, 28 rhetorical, face to face calls or real-time electronic 29 messaging or other real-time communication systems or methods.
1 Preferably a caller comprises a corporate, commercial, 2 organisation, institution representative or agent or a 3 consumer or hardware or software or machine.
Preferably a called party comprises a consumer or a 6 corporate, commercial, organisation, institution 4 representative or agent or hardware or software or 8 machine.
Preferably a one-time password is time-based (TOTP).
12 Preferably a one-time password is not time-based (OTP).
14 Preferably method consists one-time password generators.
16 Preferably method consists one-time password validators.
18 Preferably a one-time password timing is system or user 19 controlled.
21 Preferably a one-time password comprises for example, 22 numeric, alpha-numeric (including; post, zip or area 23 codes), graphics, coloured characters, colour blocks or 24 QR codes or biometrics or any combination of.
26 Preferably a one-time password comprises a shared secret 27 or unique ID code or secure key or any combination of.
29 Preferably a one-time password is presented to caller or called party or caller and called party.
1 Preferably a one-time password presentation is in for 2 example, visual, audio, text, graphical, verbal or sign 3 language form or in any combination of.
Preferably a one-time password presentation is presented 6 on screen or audio output or screen and audio output of / tor example, mobile phone, pc, laptop, tablet, games 8 console, intercom, doorbell or handheld OTP or other 9 device of called party or caller or called party and caller.
12 Preferably one-time password presentation comprises 13 customisation or personalisation.
Preferably one-time password presentation comprises 16 customisation or personalisation by user.
18 Preferably one-time password customisation Or 19 personalisation presentation comprises for example, numeric, alpha-numeric, multi-media or rich media or any 21 combination of.
23 Preferably one-time password presentation comprises 24 customisation and personalisation containing for example, additional consumer, corporate, commercial, organisation, 26 institution, representative or agent identificaion and 27 or other information and or data.
29 Preferably one-time password presentation additional identification or other information or data comprises for 31 example numeric, alpha-numeric, multi-media or rich media 32 or biometric information.
1 Preferably one-time password presentation additional 2 information comprises verified information.
4 Preferably one-time password presentation additional information comprises verifiable information.
4 Preferably one-time password presentation numeric, alpha- 8 numeric, multi-media, rich media and additional 9 identification and or other information and or data is editable in real-time.
12 Preferably one-time password presentation is edited in 13 rea-time by a user using screen, keypad and or microphone 14 of a communication device of user.
16 Preferably one-time password presentation is edited in 17 real-time using graphical user interface (GUI) on 18 communicating device of user or from website.
Preferably one-time password presentation additional 21 identification and or other information and or data 22 comprises interactive information and or data.
24 Preferably one-time password is combined with or incorporated into existing caller identification or user 26 profile or one-time and single password systems.
28 Preferably method comprises request features.
Preferably request is from system or called party or 31 caller requesting one-time password verification or 32 additional identification or other informationor data.
1 Preferably request is prior or after call activation or 2 connection or delivery or answering or access.
4 Preferably request for additional identification or other information or data continues prior to and or beyond 6 answering or access depending on sensitivities or level / of security required by system or called party or calling 8 party.
Preferably presentation or additional identification or 11 other information and or data is pulled from local or 12 remote databases or internet or cloud or manually input.
14 Alternatively, presentation or additional identification or other information and or data is pushed directly from 16 calling or called or calling and called device.
18 Preferably one-time password system comprises 19 authentication.
21 Preferably one-time password system comprises 22 authentication by system or caller or called party or 23 called party and caller.
Preferably one-time password comprises authentication 26 prior to call connection or delivery or answer or access.
28 Preferaly one-time password comprises authentication 29 after connection or delivery or answer or access.
31 Preferably, one-time password comprises authentication 32 continuing beyond connection or delivery or answer or 33 access.
2 Preferably one-time password authentication is in for 3 example, visual or audio or verbal, text or graphical or 4 physical or electronic or automatic form.
6 Preferably on one-time password being authenticated by / system or called party called party answers or continues 8 or discontinues or rejects call or allows or denies 9 access.
11 Preferably method comprises presentation generators.
13 Preferably method comprises password creators, scanners 14 and readers.
16 Preferably the method is programmable.
18 Preferably the method is programmed in real-time by a 19 user using screen, keypad and or microphone of a communication device of user.
22 Preferably the method is programmed using graphical user 23 interface (GUI) on communicating device of user or from 24 website.
26 Preferably one-time password is generated using for 27 example. shared secrets or unique ID codes, secure key or 28 verified credentials or any combination of.
Preferably one-time password is randomly generated.
32 Preferably one-time password generation comprises 33 algorithms.
2 Preferably method is independent of call processes.
4 Alternatively, method is incorporated within call processes.
4 Preferably method is in digital form.
9 Alternatively, method is in analogue form.
11 Preferably method comprises additional features.
13 Preferably additional features comprise for example, 14 permission, contact list, lookup, answering service or call barring or any combination of.
17 Preferably call barring comprises barring of for example, 18 phone numbers, names, usernames, short codes or other 19 contact details.
21 Preferably call barring feature comprises auto-block.
23 Preferably system comprises user control of for example 24 additional features, presentations, displays and call barring.
27 Preferably method comprises corporate, commercial, 28 organisation or institution data stores.
Preferably method comprises consumer personal data 31 stores.
U-
1 Preferably method comprises corporate, commercial, 2 organisation or institution one-time permission-based 3 access to consumer personal data stores.
Preferably method comprises consumer one time permission- 6 based access to corporate, commercial, organisation or 4 institutions data stores.
9 Preferably method comprises encryption.
11 Preferably method comprises cross platform technology.
13 Preferably method comprises interoperability.
Preferably method comprises in-app, out-app and cross-app 16 features and applications.
18 The method is not restricted to use within any single 19 communication system or method or signalling or device or interface or application.
22 Embodiments of the present invention will now be 23 described, by way of example only, with reference to the 24 accompanying drawings, in which: 26 Figure 1 illustrates a flow chart of steps involved 27 in a method whereby a consumer authenticates the 28 identity of a corporate telephone caller.
Figure 2 illustrates a flow chart of steps involved 31 in a method of registration.
1 Figure 3 illustrates a flow chart of steps involved 2 in a method whereby a consumer authenticates the 3 identity of a corporate caller from a call centre.
This invention describes a method whereby a called party 6 can authenticate the identity of a telephone or internet 4 or doorstep caller by the system or a called party 8 requesting that a caller verify their identity by 9 accurately supplying the system or a called party with requested time-based one-time password (TOTE') information 11 prior to or after a call being answered or access being 12 granted.
14 On registration a user shares a secret with the system and thereafter the system allocates a unique ID code to 16 each corporate, commercial, organisation or institution 17 or consumer with permission to access one-time passwords 18 of a user.
Figure 1 presents a flow chart that schematically 21 outlines this method. The initial step of this process is 22 for a caller or system to select a party to be called 23 (1).
The second stage of the process is prior to or after 26 initiating a call to selected party the system verifies 27 that a caller has permission to access the one-time 28 password information of a selected party and thereafter 29 presents one-time password information of a selected party on device of caller by matching the unique ID code 31 of a selected party and unique ID code and one time 32 password information of a caller (2). One-time password 33 information of a called party can be presented to a 1 caller in a variety of ways depending on the 2 communication system or device or method of calling being 3 used, for example, one-time password presentation can be 4 presented in visual, audio, text, graphical, verbal or other form.
4 The next stage of the process is tor a caller to initiate 8 a call to selected party (3). Call initiation can be in a 9 variety of ways depending on the communication system or device or method of calling being used, for example, call 11 initiation can be from mobile, landline, internet soft 12 phone or phone plus independent handheld OTP device, 13 intercom or doorbell.
The next stage of the process is for a device of a called 16 party to receive incoming call from caller (4) which 17 initiates a ringtone or vibration or buzzer or ringer of 18 a receiving device and thereafter presents caller 19 identification information to called party. The method of receiving a call can be in a variety of ways depending on 21 the communication system or device or method of calling 22 being used, for example, on screen and or audio output of 23 a mobile phone, landline phone, internet soft phone, 24 phone plus independent handheld OTP device, intercom or doorbell.
27 The next stage of the process is prior to or after 28 answering a call is for system or called party to request 29 that a caller authenticate their identity by accurately supplying requested one-time password (OTP) information 31 to system or called party within a set timescale (5). The 32 method of caller authentication can take place in a 33 variety of ways, for example, by one-time password 1 verification and by further requesting and accurately 2 supplying additional identification and or other 3 information and or data.
On caller authenticating their identity by accurately 6 supplying requested one-time password information to / system or called party within set timescale (6) a called 8 party can then make an informed decision as to whether 9 they wish to answer a call (7) or continue with a call (8) or reject a call (9). The method of a called party 11 responding to a call can be in a variety of ways 12 depending on the communication system or device or method 13 of calling being used. For example, a called party can 14 answer call or reject call or continue with call or discontinue call or allow access or deny access.
18 Figure 2 presents a flow chart that schematically 19 outlines the process wherein a corporate entity and a consumer register to become a user within the method. The 21 initial step of the registration process is for a 22 corporate entity applicant (1) or a consumer applicant 23 (4) to supply system with all requested contact and 24 identity information, documents, data, or other information which is thereafter validated by system (2 26 and 5). Validation of contact and identity information, 27 documents, data, or other information supplied by an 28 applicant can also be carried out by an independent third 29 party or by a registered corporate entity when an existing consumer of a specific corporate entity makes 31 their application through that registered corporate 32 entity.
1 The next stage of the registration process is on 2 successful identity validation a corporate entity 3 applicant is thereafter allocated their own unique key 4 (3) and a consumer applicant is thereafter allocated their own unique key (6) which is securely stored within 6 the system. A representative, agent or service provider / ot a corporate entity can also make calls within the 8 system using the unique key of a specific corporate 9 entity.
11 A registered consumer can then informs the system of each 12 registered corporate entity with whom they are prepared 13 to accept calls from (7) whereafter a combined key is 14 generated (8) which is unique to each corporate entity with permission to call and registered consumer 16 relationship, this combined key is stored securely in the 17 system. A combined key (2) is then utilised for the 18 generation of a unique time-based one-time password (9) 19 each time a permitted corporate entity calls a specific consumer. A representative, agent or service provider of 21 a registered corporate entity can also make a call within 22 the system using the unique key of a permitted corporate 23 entity or can be registered separately with their own 24 unique key which can also be combined with a unique key of a specific corporate entity and or a specific 26 consumer.
28 Figure 3 presents a flow chart that schematically 29 outlines the process wherein a registered corporate entity calls a consumer from a call centre utilising a 31 combined key as generated in (Figure 2 step 8) within 32 this method. The initial step of this process is for a 33 registered corporate entity call centre operator to 1 select or have selected for them by internal software a 2 consumer to call (1) if selected consumer is not 3 registered with system call centre operator or internal 4 software proceeds with a call as normal (16).
6 If selected consumer is registered with system and 4 registered corporate entity has permission to call 8 consumer (Figure 2 step 7) and to access combined key 9 that is securely stored within the system (Figure 2 step 8) call centre software requests time-based one-time 11 password from system (3) on receiving unique time-based 12 one-time password from system call centre software 13 presents unique combined time-based one-time password to 14 call centre software and to call centre operator, call centre operator or software then proceeds to make a call 16 to selected consumer (5).
18 If call receiving device of selected consumer supports 19 inbuilt automatic system functionality (6) call centre software presents combined time-based one-time password 21 in electronic format on device of consumer (7) inbuilt 22 automatic system functionality (6) also presents 23 additional corporate caller identification information on 24 device of consumer and at same time confirms to the consumer that corporate caller is verified and that call 26 is safe to answer (8), a consumer can now answer call 27 safe in the knowledge that corporate caller is exactly 28 who they claim to be (9).
Alternatively, if a call receiving device of selected 31 consumer does not support the incorporation of automatic 32 system functionality (6) a manual process can be 33 followed. On answering a call from corporate caller (10) 1 selected consumer requests that caller identifies the 2 corporate entity calling by providing selected consumer 3 with combined time-based one-time password (11) and other 4 corporate information, on receiving combined time-based one-time password and addition information from corporate 6 caller selected consumer validates all information / received (12 and 13) using an independent authenticating 8 device and thereafter answers call safe in the knowledge 9 that the caller is who they claim to be (14).
11 Alternatively, if requested time-based one-time password 12 and other corporate information from caller is not 13 validated by independent authenticating device of 14 selected consumer a selected consumer can discontinue a call (15).
17 Incorporating additional information within a time-based 18 one-time password method presentation allows a caller to 19 also rate the importance of a call. For example, on reading additional information contained within a one- 21 time password method presentation a called party will 22 immediately know if the call is of a business or personal 23 nature.
The choice to send or allow or not to send or allow 26 access to personal information or contact details of a 27 corporate, commercial, organisation, institution or other 28 entity representative or agent or a consumer allows a 29 caller or a called party to maintain a degree of confidentiality if this is required and therefore not 31 compromising their privacy or revealing too much 32 information unnecessarily.
1 The continuous request and real-time editing of 2 additional information and other features contained 3 within the time-based one-time password method enables a 4 caller or called party to adapt their one-time password presentations in an ongoing dynamic fashion.
4 If a called party is away from their device the system 8 can be programmed to instantly or after a pre-determined 9 time interval default to an answering service.
11 On a caller being unable to authenticate their identity 12 to the satisfaction of the system or a called party prior 13 to or after answering, a called party can decide whether 14 to answer call or reject call or continue with call or discontinue call or allow access or deny access.
17 A corporate, commercial, organisation or institution 18 would experience particular benefits from the flexible 19 consumer centric time-based one-time caller authentication password system by the higher degree of 21 security and reassurance that it offers consumers due to 22 their representatives, agents and service providers 23 having the ability to authenticate their corporate, 24 commercial, organisation or institution identity credentials to a consumer when calling, the incorporation 26 of additional data and information within a one-time 27 password presentation would further help in the promotion 28 and advertisement of a corporate, commercial, 29 organisation or institution and further help a consumer identify individual representatives, agents or service 31 providers each time a consumer receives a corporate, 32 commercial, organisation or institution call.
1 The method as outlined above is not restricted to use 2 within any one particular communication system. It may be 3 employed across a wide range of wireless or wired 4 communication systems that employ a variety of signalling and interfaces including fixed-line, mobile or soft 6 phones or phones or phone systems connected to a smart / television, computer, laptop, tablet, pager, gaming 8 console, intercom and smart doorbell systems or any other 9 suitable communications device. A scaling facility is also incorporated such that text and graphical displays 11 can be adjusted to fit either the LCD of a phone system 12 or the screen of a computer or television or any other 13 suitable communication device.
The system outlined above has been designed to be 16 incorporated into or integrated with or within present 17 and developing digital, analogue, mobile and fixed line 18 communication technology so as to be compatible with 19 broadband, cable, wi-fi, voip, nearfield, p2p, radio, satellite, smart doorbell and intercom systems. Present 21 systems that do not incorporate the time-based one-time 22 caller authentication password system will simply treat a 23 call in the normal fashion. Software or hardware adapter 24 units can be easily incorporated into such systems to enable them to be compatible with one-time password 26 technology.
28 The universal (b2c/c2b/b2b/c2c) system would be ideal for 29 incorporation into corporate, commercial, organisation or institutions own call centres or outsourced to third 31 party call centres where operators can access the one- 32 time passwords of a called party on their own behalf or 33 on behalf of multiple corporate, commercial, 1 organisations or institutions. Alternatively, the system 2 can be adapted for use by consumers to provide a two- 3 factor method wherein a consumer can authenticate the 4 identity of another consumer when receiving personal calls.
4 An advantage of the present invention is that it is user 8 controlled and can be programmed by user to only allow 9 TOTP calls from callers who have prior permission from a called party to access the TOTP information of a called 11 party or allow TOTP calls from all registered callers or 12 allow calls from TOTP registered and unregistered callers 13 or permanently or temporarily bar any caller. The method 14 also allows a called party and a caller to further authenticate the identity of one another by permitting 16 each other access to additional verified or verifiable 17 identification information and or data.
19 A further advantage of the present invention is that it can be used within video calls, group calls or face to 21 face calls or meetings to verify that any person present 22 is exactly who they say they are.
24 An even further advantage of the present invention is that any customisation or personalisation or additional 26 corporate, commercial, organisation, institution or 27 consumer information or data contained within method 28 presentations can be stored locally or remotely, 29 alternatively customisation or personalisation or additional information or data is not required to be pre- 31 stored within a database accessed by called party as it 32 can also be contained completely within a transmitted 1 information signal depending on communication system 2 being used.
4 A yet further advantage of the present invention is that it is permission based and highly flexible and so can be 6 used with existing or developing systems, for example, it 4 can be combined with present digital systems that 8 incorporate devices that are capable of downloading new 9 software updates and applications or combined with analogue systems that use phones with no software update 11 or application download capabilities by the incorporation 12 or integration of additional plugin or wires free 13 hardware adapter units.
Further modifications and improvements may be added 16 without departing from the scope of the invention herein 17 intended.

Claims (15)

1 Claims 3 1) According to the present invention there is provided a 4 method of authenticating the identity of telephone, internet and doorstep callers using a range of time- 6 based one-time passwords (TOTP) across multiple 4 accounts, the method comprising the steps of: 9 1) Caller selects party to be called.
2) Prior to or after call being initiated by 11 caller system generates delivers and presents a 12 one-time password on device of caller or 13 devices of caller and selected party.
14 3) Caller initiates call to selected party.
4) Prior to or after call being answered or access 16 being gained system or called party requests 17 caller to authenticate their identity by 18 accurately providing a one-time password to 19 system or called party within set timescale.
5) On requested one-time password being received 21 presented to and verified by system or called 22 party called party answers call or rejects call 23 or continues with call or discontinues call or 24 allows access or denies access.26 2) Provides a method of authenticating the identity of 27 telephone, internet and doorstep callers as claimed in 28 Claim 1, wherein a time-based one-time password (TOTP) 29 comprises a password generated from one or more from a group comprising numeric or alpha-numeric characters, 31 coloured characters, colour blocks, graphics, QR codes 32 or biometrics.1 3) Provides a method of authenticating the identity of 2 telephone, internet and doorstep callers as claimed in 3 Claim 1 and Claim 2, wherein a time-based one-time 4 password further comprises one-time passwords generated for a caller or a called party or a caller 6 and a called party or combined one-time passwords 4 generated for a caller and a called party 9 4) Provides a method of authenticating the identity of telephone, internet and doorstep callers as claimed in 11 Claim 1 to Claim 3, wherein multiple accounts 12 comprise a user holding an account with one or more 13 from a group comprising a corporate, commercial, 14 organisation, institution or other entity.16 5) Provides a method of authenticating the identity of 17 telephone, internet and doorstep callers as claimed in 18 Claim 1 to Claim 4, wherein a call comprises 19 a call from one from a group comprising a call centre, fixed line or mobile telephone, internet soft phone, 21 apps, intercom, doorbell, software or hardware.23
6) Provides a method of authenticating the identity of 24 telephone, internet and doorstep callers as claimed in Claim 5, wherein a call further comprises one from a 26 group comprising a voice, video, audio, rhetorical or 27 face to face calls or real-time electronic messaging.29
7) Provides a method of authenticating the identity of telephone, internet and doorstep callers as claimed in 31 any of the preceding Claims, wherein a caller within a 32 B2C call comprises one from a group comprising a 33 corporate, commercial, organisation, institution 1 representative, agent or service provide.3
8) Provides a method of authenticating the identity of 4 telephone, internet and doorstep callers as claimed in any of the preceding Claims, wherein a called party 6 within a business to consumer (B2C) call comprises a consumer.9
9) Provides a method of authenticating the identity of telephone, internet and doorstep callers as claimed in 11 Claim 7 and Claim 8, wherein a caller or a called 12 party further comprises participants within one from a 13 group comprising consumer to business (C2B), business 14 to business (B2B) and consumer to consumer(C2C) calls.16
10) Provides a method of authenticating the identity of 17 telephone, internet and doorstep callers as claimed 18 in any of the preceding Claims, wherein the step of 19 selecting party to be called comprises selection by system.22
11) Provides a method of authenticating the identity of 23 telephone, internet and doorstep callers as claimed 24 in Claim 10, wherein the step of selecting party to be called further comprises selection by caller.27
12) Provides a method of authenticating the identity of 28 telephone, internet and doorstep callers as claimed 29 in any of the preceding Claims, wherein the step of requesting comprises request being made by system.32
13) Provides a method of authenticating the identity of 33 telephone, internet and doorstep callers as claimed 1 in Claim 12, wherein the step of requesting further 2 comprises request being made by user.4
14) Provides a method of authenticating the identity of telephone, internet and doorstep callers as claimed 6 in Claim 12 and Claim 13, wherein the step of requesting further comprises requests continuing to 8 be made throughout duration of call.
15) Provides a method of authenticating the identity of 11 telephone, internet and doorstep callers as claimed 12 in any of the preceding Claims, wherein the step of 13 caller identity verification comprises verification 14 by system.16 16) Provides a method of authenticating the identity of 17 telephone, internet and doorstep callers as claimed 18 in Claim 15, wherein the step of caller identity 19 verification further comprises verification user.21 17) Provides a method of authenticating the identity of 22 telephone, internet and doorstep callers as claimed 23 in any of the preceding Claims, wherein one-time 24 password comprises real-time editable presentation.26 18) Provides a method of authenticating the identity of 27 telephone, internet and doorstep callers as claimed 28 in Claim 17, wherein one-time password presentation 29 further comprises additional information.31 19) Provides a method of authenticating the identity of 32 telephone, internet and doorstep callers as claimed 33 in Claim 17 and Claim 18, wherein one-time password 1 presentation additional information comprises one or 2 more from a group comprising further identification 3 information, non-identification information and data.20) Provides a method of authenticating the identity of 6 telephone, internet and doorstep callers as claimed in any of the preceding Claims, wherein the method 8 comprises additional features.21) Provides a method of authenticating the identity of 11 telephone, internet and doorstep callers as claimed 12 in Claims 20, wherein additional features comprise 13 one or more from a group comprising permission, 14 contact lists, look up, answering service and call barring.17 22) Provides a method of authenticating the identity of 18 telephone, internet and doorstep callers as claimed 19 in any of the preceding Claims, wherein a user has real-time control over features within the method.22 23) Provides a method of authenticating the identity of 23 telephone, internet and doorstep callers as claimed 24 in Claim 22, wherein real-time user control further comprises control over one or more features from a 26 group comprising called party selection, requests, 27 timescale, verification, one-time password 28 presentations, one-time password displays, 29 customisation and personalisation, additional information and data, interactivity, editing and 31 programming.33 24) Provides a method of authenticating the identity of 1 telephone, internet and doorstep callers as claimed 2 in any of the preceding Claims, wherein the method 3 comprises permissions.25) Provides a method of authenticating the identity of 6 telephone, internet and doorstep callers as claimed 4 in Claim 25, wherein permissions comprise permission 8 from users.26) Provides a method of authenticating the identity of 11 telephone, internet and doorstep callers as claimed 12 in any of the preceding Claims, wherein method 13 comprises one or more from a group comprising one- 14 time password generator, validator, scanner or reader.17 27) Provides a method of authenticating the identity of 18 telephone, internet and doorstep callers as claimed 19 in any of the preceding Claims, wherein method comprises one-time password being combined with or 21 incorporated into one or more from the following 22 existing caller identification or user profile or 23 one-time and single password systems.
GB2302924.2A 2022-03-04 2023-02-28 Method of one-time caller authentication passwords Active GB2618414B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GBGB2203035.7A GB202203035D0 (en) 2022-03-04 2022-03-04 Method of one-time authentication passwords

Publications (3)

Publication Number Publication Date
GB202302924D0 GB202302924D0 (en) 2023-04-12
GB2618414A true GB2618414A (en) 2023-11-08
GB2618414B GB2618414B (en) 2025-05-07

Family

ID=81175464

Family Applications (2)

Application Number Title Priority Date Filing Date
GBGB2203035.7A Ceased GB202203035D0 (en) 2022-03-04 2022-03-04 Method of one-time authentication passwords
GB2302924.2A Active GB2618414B (en) 2022-03-04 2023-02-28 Method of one-time caller authentication passwords

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GBGB2203035.7A Ceased GB202203035D0 (en) 2022-03-04 2022-03-04 Method of one-time authentication passwords

Country Status (1)

Country Link
GB (2) GB202203035D0 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9942752B1 (en) * 2016-12-30 2018-04-10 Symantec Corporation Method and system for detecting phishing calls using one-time password
US20180103144A1 (en) * 2016-10-12 2018-04-12 Mastercard International Incorporated Methods, apparatus and devices for authenticating a call session

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180103144A1 (en) * 2016-10-12 2018-04-12 Mastercard International Incorporated Methods, apparatus and devices for authenticating a call session
US9942752B1 (en) * 2016-12-30 2018-04-10 Symantec Corporation Method and system for detecting phishing calls using one-time password

Also Published As

Publication number Publication date
GB2618414B (en) 2025-05-07
GB202302924D0 (en) 2023-04-12
GB202203035D0 (en) 2022-04-20

Similar Documents

Publication Publication Date Title
US8385888B2 (en) Authentication of mobile devices over voice channels
US8347364B2 (en) Systems and methods for user interface control
EP2334111B1 (en) Authentication of mobile devices over voice channels
US20020080942A1 (en) Origin-independent custom caller ID
EP3637727B1 (en) Mobile user authentication applying a call identifier
KR20080069210A (en) System and method for user interface access control
WO2001044940A9 (en) Dual network system and method for online authentication or authorization
GB2401745A (en) Controlling access to a secure computer system
US20240414173A1 (en) Systems and methods for verified messaging via short-range transceiver
KR102748605B1 (en) Technology for currency authentication
CN100574345C (en) Method and device for anonymous call establishment
US20060147000A1 (en) Method for in-band entity authentication via telephone
TWI640189B (en) System for verifying a user's identity of telecommunication certification and method thereof
CN107786566A (en) Method for protecting privacy, system, server and receiving terminal
GB2618414A (en) Method of one-time caller authentication passwords
EP1119147A1 (en) Provision of secure access for telecommunications system
GB2547885A (en) Establishing a communication session
US20240022408A1 (en) Non-fungible tokens for virtual accessories during virtual meetings
KR100321297B1 (en) Communication terminal apparatus embedded the function generating One Time Password based on time synchronization
WO2022173354A1 (en) Method for validating the identity of parties to a call
WO2022092266A1 (en) Information processing device
JP7216441B2 (en) One-time password system
US20230169160A1 (en) Method and system for user authentication
CN113055536B (en) Method, device, equipment and medium for verifying telephone customer service identity and telephone customer service
KR102376486B1 (en) Method for providing financial counseling with enhanced security