Browse Prior Art Database

Secure Access to Telephony Processors Voice Response Units

IP.com Disclosure Number: IPCOM000112770D
Original Publication Date: 1994-Jun-01
Included in the Prior Art Database: 2005-Mar-27
Document File: 2 page(s) / 57K

Publishing Venue

IBM

Related People

Rogge, TO: AUTHOR

Abstract

Disclosed is a security technique for telephone security banking whereby a variety of personal information is utilised to generate authorisation questions on a random basis. An analogous technique is already practised in non-automated context by human agents but this method is machine programmed. Special hardware such as encoding of DTMF keys is avoided.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Secure Access to Telephony Processors Voice Response Units

      Disclosed is a security technique for telephone security
banking whereby a variety of personal information is utilised to
generate authorisation questions on a random basis.  An analogous
technique is already practised in non-automated context by human
agents but this method is machine programmed.  Special hardware such
as encoding of DTMF keys is avoided.

      Currently voice response units suffer from the problem that
they are quite easy to break in to unless the user has special
encoding hardware to use in conjunction with his telephone.  Consider
a Voice Response Unit (VRU) being used to access bank account
details.  Here the user calls the unit, enters his account number
(either using the DTMF keypad on the phone, or speaking the number)
then entering a PIN number in the same manner.

      Unfortunately, if someone taps into the line or tapes the
transaction on a normal voice recorder the information obtained can
then be edited and played back to gain access to the account.  It is
not simple to do but definitely possible and a problem as more and
more service providers with confidential information want to use
automated systems.

      The solution to this problem is to introduce a random but
predetermined element into the identification data being passed to
the system.  With a system like Direct Talk this is really easy.  All
one needs is to get account holder to provide some personal...