Browse Prior Art Database

Enhanced Security for Voice-Response Systems

IP.com Disclosure Number: IPCOM000105969D
Original Publication Date: 1993-Sep-01
Included in the Prior Art Database: 2005-Mar-20
Document File: 2 page(s) / 62K

Publishing Venue

IBM

Related People

Irvin, DR: AUTHOR

Abstract

The use of voice-response systems to transact financial business increasingly poses a security risk. This risk arises from the possibility that an authorized user will listen to the transactions by means of a telephone extension set or a crude wiretap, record the in-band DTMF signalling tones that arise, and decipher these tones at his convenience to obtain the account numbers and personal identification numbers (PINs) of a large set of credit-card and bank accounts.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Enhanced Security for Voice-Response Systems

      The use of voice-response systems to transact financial
business increasingly poses a security risk.  This risk arises from
the possibility that an authorized user will listen to the
transactions by means of a telephone extension set or a crude
wiretap, record the in-band DTMF signalling tones that arise, and
decipher these tones at his convenience to obtain the account numbers
and personal identification numbers (PINs) of a large set of
credit-card and bank accounts.

      The technique described here thwarts such activities by
specifying a particular exchange of set-up information between the
voice-response system and the end-user's apparatus, which may be an
enhanced version of a touch-tone telephone set.  This exchange, which
involves the use of two PINs, one visible and the other hidden as
described later, relies on redefining the meaning of the DTMF
signals.

      The acronym "DTMF" comes from the words "dual-tone, multi-
frequency."  Each DTMF character is built from two tones that are
transmitted simultaneously, one tone from "group A", which comprises
four audio frequencies, and the other tone from "group B", which
comprises four additional audio frequencies selected in such a way
that they do not interfere with the tones from group A during
decoding.  By reference to a signalling map called here the "standard
map", these DTMF tones correspond to the characters on a standard
telephone keypad, and thereby correspond to the set of integers used
to construct PINs and account numbers.

      The technique described here works by altering the signalling
map.  By...