Browse Prior Art Database

Secure Access Method to Computers Via Voice Response Unit

IP.com Disclosure Number: IPCOM000119247D
Original Publication Date: 1991-Jan-01
Included in the Prior Art Database: 2005-Apr-01
Document File: 2 page(s) / 64K

Publishing Venue

IBM

Related People

Nolte, RR: AUTHOR

Abstract

Use a Voice Response Unit (VRU) to validate the user and to get the phone number at which to call back the user's remote terminal. Thus, the validation and user session use two distinct and different interfaces.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 53% of the total text.

Secure Access Method to Computers Via Voice Response Unit

      Use a Voice Response Unit (VRU) to validate the user and
to get the phone number at which to call back the user's remote
terminal.  Thus, the validation and user session use two distinct and
different interfaces.

      Scenario (see the figure):
1.   User calls into VRU phone number
2.   VRU prompts for the following information:
      a.  User name
      b.  User Password
      c.  Phone number at which to call user's remote
      terminal.
      d.  Any other accounting information needed by the host
      computer.
      The sequence in which these items are asked for can be
      selected at random or in a fixed sequence.  The
      advantage of using a random sequence is that a "hacker
      program" trying a series of names, passwords, etc.,
      will be more involved because the sequence of the data
      is varying and the method used to ask for them is not a
      computer message but rather a voice.  It can be made
      even more secure by varying the voice message text and
      the voice used so that a "hacker" with a voice
      recognition device would have an additional problem of
      not always "hearing" the same words and voice pattern.
3.   The VRU, once it has obtained the necessary information
      from the user, will then interact with the host
      computer to validate the user.
4.   Once validated, it can then "tell" the user an access
      password to be entered when the data connection is
    ...