Browse Prior Art Database

IDENTIFICATION AND AUTHENTICATION OF USER JOINING MEETING OVER VOICE CHANNEL TO PREVENT UNAUTHORIZED ATTENDEES

IP.com Disclosure Number: IPCOM000249717D
Publication Date: 2017-Mar-24
Document File: 4 page(s) / 289K

Publishing Venue

The IP.com Prior Art Database

Related People

Ollie Fagan: AUTHOR [+4]

Abstract

Dial in or dial back users over a public switched telephone network channel are prevented from joining meetings when they have the meeting access code but are not on the allowed participant list for an online meeting.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 47% of the total text.

Copyright 2017 Cisco Systems, Inc. 1

IDENTIFICATION AND AUTHENTICATION OF USER JOINING MEETING OVER VOICE CHANNEL TO PREVENT UNAUTHORIZED ATTENDEES

AUTHORS: Ollie Fagan

John Costello Owen Friel

Mercion Wilathgamuwage Don

CISCO SYSTEMS, INC.

ABSTRACT

Dial in or dial back users over a public switched telephone network channel are

prevented from joining meetings when they have the meeting access code but are not on

the allowed participant list for an online meeting.

DETAILED DESCRIPTION

When an online/web-based meeting is set up, the invitation to attendees may

include a required meeting password that the parties must enter to join. However, there is

nothing preventing a legitimate invitation recipient from forwarding that meeting to an

unauthorized party. The unauthorized party may then dial in, mute, and listen to the

conversation. For confidential meetings, this is a potentially significant security exposure.

Accordingly, a second Hypertext Transfer Protocol (HTTP) channel associated

with a collaboration application may run on the user's device. The meeting service may

send an authorization code over this HTTP channel to the authorize user's client

application. The client application may encode the authorization code as an audio snippet

using Dual-Tone Multi-Frequency (DTMF) tones (analog) or Session Traversal Utilities

for Network Address Translator (STUN) for use by the Session Initiation Protocol (SIP).

The client application may embed this authorization code in the audio stream early in the

call to indicate that the participant is a trusted user. A user on a mobile device may dial in

to the meeting using a native dialer, or may request dial back from the meeting to call the

mobile device. In addition, the client application running on the device may have access to

the calling service stack on the device to monitor inbound/outbound calls to/from the

meeting service.

Copyright 2017 Cisco Systems, Inc. 2

Figure 1 below illustrates an overview of this system.

Figure 1

Analog or Plain Public Switched Telephone Network (PSTN) Media Channels

A user authentication token is encoded as a series of DTMF digits with an access

token marker. The access token marker differentiates the series of DTMF digits from

standard DTMF digits typed by the user. When decoding the stream, the meeting server

detects the DTMF packets, decodes the user's access token, and authenticates and identifies

the user via an identity service. This allows the meeting service to determine whether this

user should participate in the meeting based on the roster, and also to update the roster to

identify the user who has dialed in over a PSTN.

SIP-Based Audio Stream Channels

The client application may encode its authentication token and meeting

identity/passcode in the audio stream as a STUN packet containing a short term credential.

If the authentication token is very long, it may be relayed over multiple packets. The

meeting service may detect the STUN packet containing the authen...