The present invention relates generally to the field of interactive voice response (IVR) systems; more specifically, to methods and apparatus for providing or inputting confidential information to an IVR system in a secure manner.
Electronic transactions over telephone networks or via the Internet are commonplace today. For example, electronic commerce over the Internet often involves an individual providing credit card information to a secure server using, e.g., DTMF (Dual Tone Multi-Frequency) communication, voice dialogs with either a machine, e.g., an IVR system or human operators. A graphical user interface (GUI) on a personal computer (PC) or other optical interfaces (e.g., touch-screens) may also be used to provide confidential information over a telephone or other network connection. Another common example is when a caller is asked to enter his social security number or other personal identification number (e.g., password/PIN, login, etc.) over the telephone or an internet connection.
Unfortunately, these methods potentially allow someone else to secretly acquire this information and use it for their own nefarious purposes. By way of example, providing secure information using speech input renders an IVR application useless when the caller is at a public place where there is a chance of being overheard by an eavesdropper. In addition, pressing DTMF keys to enter secure information such as Social Security or credit card numbers runs the risk of a spy noting down the keys that are pressed, or using a remote camera to record the key press sequence. The spy could then use this information for fraudulent purposes, such as to hack a bank account. Thus, a user may not feel safe to verbalize confidential numbers or to type in the numbers on a phone in a public place.
By way of further background, U.S. Pat. No. 5,794,218 discloses a system and method for allowing telephone-based interactive performance of financial transactions in multiple languages. The system prompts the customer of a financial institution in various languages until the customer's language and home country are identified. The system then connects the customer telephonically with a representative who speaks the customer's language and who can authorize the transaction by accessing the customer's records. U.S. Pat. No. 6,847,715 discloses a system with an IVR unit, wherein an interaction input from a caller is stored and then transmitted to an appropriate agent workstation. An Internet banking service called ING Direct (http://www.ingdirect.com) provides its customers with a “phone like” dial pad image which is sent to a web client. The dial pad image associates a digit to a random set of alphabets. The user then looks at the image and inputs the corresponding alphabet instead of sending the digit itself over the network. This system, however, is only useful on a client computer.
The present invention will be understood more fully from the detailed description that follows and from the accompanying drawings, which however, should not be taken to limit the invention to the specific embodiments shown, but are for explanation and understanding only.
A system and method that provides a user with the ability to transmit confidential information to an IVR system in a secure manner is described. In the following description specific details are set forth, such as device types, system configurations, protocols, methods, etc., in order to provide a thorough understanding of the present invention. However, persons having ordinary skill in the relevant arts will appreciate that these specific details may not be needed to practice the present invention.
According to one embodiment of the present invention, the system relies on a prompting mechanism, wherein the IVR reads out digits to the user and the user responds using “yes” or “no” as affirmative or negative responses to the IVR digits read out. Since the user does not press any DTMF keys or say anything other than “yes” or “no” it is impossible for listeners and/or observers to figure out what digits are being entered. When the IVR system requires the user to input digits, the user may opt to use this method of inputting digits to the system if the user is calling from a place where there is no privacy.
For example, if the user wants to enter the digits “1234”, the IVR system may sequentially guess or suggest random numbers between 0 and 9 to the user, to which the user may individually respond “yes” or “no.” Since the digits suggested may be randomly chosen each time, a person overhearing this conversation will be unable to discern or re-compute the digits that are being conveyed to the remote system. Various constructs may also be utilized by either the IVR system or the user. In other cases, the user might use a construct such as “8 less” when the IVR system makes an initial guess of “9” to send the first digit (i.e., “1”) in the sequence “1234”. In this manner, outside spies or eavesdroppers only hear “yes,” “no,” “8 less,” “6 more”, etc., without specific identification of the actual digits in the person's identification code or number.
In another embodiment, silence may replace the “no” responses. In this embodiment the user only responds when the correct digit is spoken by the IVR system, thereby reducing the number of affirmative verbal responses required from the user. Note that in a specific implementation the IVR system may optionally choose to confirm the digit being selected by repeating it and asking for an affirmative response.
Prompts from the IVR system may also be in a language other than English. For instance, in another embodiment the IVR system asks a user if they would like to respond in a language other than the predominant language of the region (e.g., English in the United States, German in Germany, etc.) or the default language programmed into the IVR system. This feature allows a user who speaks more than one language to respond in some language other than English (e.g., Japanese, French, Italian, Russian, etc.) that would not ordinarily be recognizable among the general population so that a casual listener overhearing the user would not likely be able to understand what digits the user is speaking.
The IVR system may also prompt the user to add a random number of digits in front and at the back of the actual sequence of digits. These digits may be provided by the system or may be randomly chosen by the user. For an even more secured transaction, the IVR system may also ask the user to insert a randomly chosen digit between each of the actual digits in a sequence. For example, during the session the IVR system may randomly request that the user speak certain “dummy” digits (e.g., “Please say the number ‘3’ now”) or ask the user to press certain digits on his DTMF keypad (e.g., “Please press the number ‘6’ on your keypad now”) as a way to confuse or further encrypt the user's actual identification number or secret code. These random dummy numbers may either be provided by the IVR system or may be selected by the user.
In another embodiment, the IVR system of the contact center or server application (that the user is calling for service) is not the entity that implements the digit prompting mechanism; rather, the caller's own telephone device implements the mechanism locally using hardware or software/firmware modules installed in the telephone device. For example, when the user wants to invoke the assisted DTMF mechanism described above, the user may speak a special trigger word or “hotword” such as “Assisted DTMF” into the telephone device. An automated speech recognition (ASR) module installed and running on the user's telephone device would recognize this hotword and respond my executing a program or routine that implements the assisted DTMF function locally. The assisted DTMF function basically replicates the function of the IVR system described above by verbally prompting the user to say the words “yes” or “no” to sequential numbers of the user's secret code to be transmitted.
Instead of speaking a hotword the user may press a keypad combination, such as “*6” or some other code sequence, in order to invoke the assisted DTMF telephone function. Once invoked, the telephone device executes its own IVR and suggests random numbers to the user, to which the user may respond “yes” or “no”. After each digit has been correctly identified, the telephone device send the DTMF digit to the remote system in response to the “yes” or “no” answers of the user. Alternatively, the telephone device may store all of the digits in the entire sequence and send them in a single transmission after all of the digits have been correctly identified by the user.
In yet another embodiment, the interactive digit prompting mechanism may alternatively reside in a call control mechanism located on the network. For instance, an entity such as a Call Manager Media Termination Point (MTP), may be introduced into the media path when the hotword (spoken by the user) or code sequence command is detected. Once the hotword or code sequence command is detected, the Call Manager MTP invokes an IVR script or routine to provide assisted DTMF in the manner described above.
It is appreciated that the security mechanism of the present invention is also applicable to alpha-numeric sequences and codes; that is, it is not strictly limited to secure transmission of numbers or digits. For example, a user who wishes to enter a passcode “H32GX” may be prompted with an IVR script in which, for each character, the system first asks, “If the character is a number, say ‘yes’; if the character is a letter say ‘no’”. Since, in this example, the first character is a letter, the user would say “no”, in which case the IVR might respond “If the letter is after ‘G’ in the alphabet, say ‘yes’; if not, say ‘no’”, and so on. Alternatively, the IVR script may simply ask, “Does the letter appear on the digit ‘4’ of your keypad?” Practitioners in the art will note that the keypad associated with the digit 4 includes the letters GHI (see
In a specific embodiment, the present invention may be implemented by software or hardware (firmware) installed in an ACD system of a call control center. For instance, the present invention may be implemented by code running on a processor 15 located in IVR system 14 on an ACD. Alternative embodiments of the present invention may be implemented in PBX, telephony, telephone, and other telecommunications systems.
Also shown in
According to one embodiment, a user of telephone device 20 may invoke the assisted DTMF security routine in a variety of ways (e.g., pressing one of buttons 24, speaking a “hotword”, pressing a keypad sequence, etc.). At that point, a processor-executed routine resident within device 20 generates an IVR script to randomly suggest or guess at the individual numbers in the user's secret code or sequence. For example, the device might simply inquire if the first number in a sequence is “9.” If the first number in the sequence is “9”, the user could affirmatively respond by pressing the “*” button on keypad 26, or alternatively say the word “yes” into handset 22. If the first number in the sequence is not “9”, the user could press the “#” button, or say the word “no”.
After each number in the sequence is correctly identified by the security routine, it is transmitted to the destination recipient (e.g., application) over the network. Alternatively, telephone device 20 stores all of the digits and then transmits the entire sequence after the last digit has been identified.
By way of example, in
Now that it has determined that the first digit is “1”, the IVR system then inquires about the second digit. Note that for each digit, the determination algorithm proceeds in the manner of a decision-tree process. Again, the IVR system begins the digit query by attempting to bracket the digit, e.g., asking the user if the second digit is “5” or less. Because the second number is the sequence is “6”, the user answers “no.” The query continues with the IVR system asking the user whether the second digit is “8” or less. This time the user answers “yes.” Now the IVR system can begin guessing, and it asks, “Is it 6?” The user replies affirmatively, and the process continues until all four digits have been identified and transmitted to the destination. It is appreciated that since the digits suggested by the system are randomly chosen or suggested each time, a person overhearing the conversation cannot predictably re-compute the digits that are being conveyed to the remote application or system.
It should be understood that elements of the present invention may also be provided as a computer program product which may include a machine-readable medium having stored thereon instructions which may be used to program a computer (e.g., a processor or other electronic device) to perform a sequence of operations. Alternatively, the operations may be performed by a combination of hardware and software. The machine-readable medium may include, but is not limited to, floppy diskettes, optical disks, CD-ROMs, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, magnet or optical cards or other type of machine-readable medium suitable for storing electronic instructions.
Additionally, although the present invention has been described in conjunction with specific embodiments, numerous modifications and alterations are well within the scope of the present invention. Accordingly, the specification and drawings are to be regarded in an illustrative rather than a restrictive sense.
Number | Name | Date | Kind |
---|---|---|---|
4805210 | Griffith, Jr. | Feb 1989 | A |
5206905 | Lee et al. | Apr 1993 | A |
5432844 | Core et al. | Jul 1995 | A |
5608786 | Gordon | Mar 1997 | A |
5615213 | Griefer | Mar 1997 | A |
5794218 | Jennings et al. | Aug 1998 | A |
5905448 | Briancon et al. | May 1999 | A |
5937040 | Wrede et al. | Aug 1999 | A |
5999599 | Shaffer et al. | Dec 1999 | A |
6044081 | Bell et al. | Mar 2000 | A |
6259405 | Stewart et al. | Jul 2001 | B1 |
6271764 | Okamura | Aug 2001 | B1 |
6298324 | Zuberec et al. | Oct 2001 | B1 |
6421544 | Sawada | Jul 2002 | B1 |
6438600 | Greenfield et al. | Aug 2002 | B1 |
6522726 | Hunt et al. | Feb 2003 | B1 |
6526293 | Matsuo | Feb 2003 | B1 |
6542583 | Taylor | Apr 2003 | B1 |
6545596 | Moon | Apr 2003 | B1 |
6564261 | Gudjonsson et al. | May 2003 | B1 |
6587680 | Ala-Laurila | Jul 2003 | B1 |
6643774 | McGarvey | Nov 2003 | B1 |
6654455 | Isaka | Nov 2003 | B1 |
6769000 | Akhtar et al. | Jul 2004 | B1 |
6792296 | Van Bosch | Sep 2004 | B1 |
6792297 | Cannon et al. | Sep 2004 | B2 |
6798874 | Ohlinger et al. | Sep 2004 | B1 |
6799052 | Agness et al. | Sep 2004 | B2 |
6804334 | Beasley et al. | Oct 2004 | B1 |
6816469 | Kung et al. | Nov 2004 | B1 |
6839761 | Kadyk et al. | Jan 2005 | B2 |
6847715 | Swartz | Jan 2005 | B1 |
6870835 | Chen et al. | Mar 2005 | B1 |
6876734 | Summers et al. | Apr 2005 | B1 |
6905414 | Danieli et al. | Jun 2005 | B2 |
6907123 | Schier | Jun 2005 | B1 |
6912275 | Kaplan | Jun 2005 | B1 |
6917672 | Brown et al. | Jul 2005 | B2 |
6918034 | Sengodan et al. | Jul 2005 | B1 |
6931001 | Deng | Aug 2005 | B2 |
6934858 | Woodhill | Aug 2005 | B2 |
6947417 | Laursen et al. | Sep 2005 | B2 |
6985745 | Quaid | Jan 2006 | B2 |
6987744 | Harrington et al. | Jan 2006 | B2 |
7209549 | Reynolds et al. | Apr 2007 | B2 |
7466801 | Miller et al. | Dec 2008 | B2 |
7694138 | O'Gorman et al. | Apr 2010 | B2 |
20020010008 | Bork et al. | Jan 2002 | A1 |
20020068537 | Shim et al. | Jun 2002 | A1 |
20020086680 | Hunsinger | Jul 2002 | A1 |
20020178228 | Goldberg | Nov 2002 | A1 |
20020198004 | Heie et al. | Dec 2002 | A1 |
20030061496 | Ananda | Mar 2003 | A1 |
20030126010 | Barns-Slavin | Jul 2003 | A1 |
20040131206 | Cao et al. | Jul 2004 | A1 |
20040248586 | Patel et al. | Dec 2004 | A1 |
20050157708 | Chun | Jul 2005 | A1 |
20050177622 | Spielman et al. | Aug 2005 | A1 |
20050272413 | Bourne | Dec 2005 | A1 |
20050273333 | Morin et al. | Dec 2005 | A1 |
20060034336 | Huh et al. | Feb 2006 | A1 |
20060116175 | Chu | Jun 2006 | A1 |
20060206454 | Forstall et al. | Sep 2006 | A1 |
Number | Date | Country | |
---|---|---|---|
20070280456 A1 | Dec 2007 | US |