AuthLoop Allows Efficient Cryptographic Authentication via Voice Channel
This caller ID verification system allows efficient authentication through the voice data channel, improving consumer security on phone calls occurring on any combination of available telephony networks. Sensitive information, including banking and credit card account authorizations, as well as confidential identity data, is exchanged via telephone networks daily. Legacy “Caller ID” is often the only information exchanged to verify identity between callers, and this information can be easily manipulated. This can allow a third party to pose as a banking institution or law enforcement agency in order to obtain a victim’s sensitive information. Caller ID “spoofing” enables global consumer fraud of more than $2 billion per year. Robust caller identity verification has been available only between devices with active internet connections, such as phones using VoIP networks. Since this excludes phones operating on the mobile and “land-line” networks, as well as any calls placed across multiple telephony networks, the vast majority of callers cannot be authenticated. Researchers at the University of Florida have created AuthLoop, a technique that can perform caller ID verification using strong cryptography via the telephone voice channel. This technique is effective during calls placed on any combination of available telephony networks and may provide a dramatic reduction in telephone-related fraud.
Efficient cryptographic authentication protocol that utilizes voice data channel to provide convenient caller ID verification across all telephony networks
- Provides real-time verification of caller identity and proof that verified parties remain on the call, reducing user risk of identity fraud
- Utilizes voice-channel data transmission, allowing implementation within and across all available telephony networks
- Employs a bandwidth-optimized authentication protocol, allowing caller verification within nine seconds
This technique is capable of providing authentication of a caller’s identity throughout a phone call, utilizing a codec-agnostic modem that allows for transmission of data through audio channels. In this system, an end user (i.e. the consumer) requests a certificate containing a cryptographic key from the caller (i.e. a call center), which provides a value to the end user that is used to calculate a series of verification values. If the verification results conflict with the telephone number provided by the caller, the caller’s asserted identity is rejected. This process is repeated throughout the call to ensure that the caller remains on the line, prohibiting “man in the middle” attacks. The addition of this protocol to new and existing devices may dramatically reduce the risk of consumer fraud via telephony networks.