Verification of a telephone call initiation message

Abstract

The invention relates to a method for processing a telephone call initiation message. A verification server obtains (309) current data extracted from an initiation message, comprising a current telephone number and also comprising a current terminal network identifier and / or an initial network identifier. The verification server also obtains (313) reference data comprising a reference telephone number, and also comprising a reference terminal network identifier and / or a reference initial network identifier. A verification result is determined (314) by comparing the current data with the reference data.

Description

Verification of a telephone call initiation message Scope of the invention

[0001] The field of the invention is that of securing telephone calls, in particular to prevent identity theft attacks, also known as "spoofing" in English. Previous art

[0002] An identity spoofing attack in the context of a telephone call is implemented by a calling terminal of a calling entity that spoofs the identity of a person or organization trusted by the called entity, in order to obtain sensitive information from the called entity.

[0003] The term "calling entity" refers to the person or organization that makes the phone call, that is, the one likely to carry out an identity spoofing attack. The term "called entity" similarly refers to the person or organization that receives the phone call.

[0004] As an example of an identity spoofing attack, the calling entity presents itself as the bank of the called entity in order to obtain bank account information from the called entity.

[0005] To carry out such an attack, a malicious caller replaces their own legitimate phone number with a trusted phone number belonging to the person or organization whose identity they are impersonating. This replacement occurs in a source field indicating a caller ID number, known as the "from" field. The legitimate phone number is the one assigned to the caller by a telecommunications operator, for example, when a Subscriber Identification Module (SIM) is installed on the calling device.

[0006] Thus, upon receiving the phone call, the called entity's terminal displays the trusted phone number specified in the source field, which is the phone number of the impersonated person or organization. The called entity may even display a name stored in a directory on the called entity associated with the impersonated person's or organization's trusted phone number. The called entity therefore has a priori trust in the calling entity, which appears legitimate, allowing the calling entity to exploit this situation to obtain sensitive information.

[0007] Such an identity spoofing attack can target so-called entities that are individual customers or businesses.

[0008] To prevent such attacks, a set of procedures called STIR / SHAKEN, for "Secure Telephone Identity Revisited" and "Signature-based Handling of Asserted information using toKENs", was introduced.

[0009] The STIR procedure applies to telephone calls using Voice over IP (VoIP) technology and provides attestations to calling entities by integrating the attestation into SIP initiation messages when a telephone call is initiated to a called entity. The SHAKEN procedure aims to extend the protection provided by STIR to telephone calls other than VoIP calls, such as those made over the public switched telephone network (PSTN), based on SS7 (Signaling System No. 7) initiation messages, rather than SIP initiation messages.

[0010] As part of STIR procedures, the initial operator of an initial network from which the phone call is made (the one through which the calling entity initiates the phone call), consults the calling phone number indicated in the "From" source field of a SIP initiation message, and a source address (a network identifier of the calling entity's calling terminal, for example, a source IP address) of the phone call, and issues an attestation in the form of a header of the SIP initiation message.

[0011] The final network operator through which the initiation message is delivered to the called entity verifies the attestation added to the SIP initiation message before delivering the telephone call to the called entity.

[0012] The certificate may also indicate one of the following attestation levels: - a full attestation level, or "A", indicating that the originating operator knows the calling entity associated with the source address and its right to use the telephone number; - a partial attestation level, or "B", indicating that the originating operator knows the calling entity associated with the source address, but without verifying its right to use the telephone number; - a gateway attestation level, or "C", indicating that the originating operator confirms having initiated the telephone call, but without knowing the calling entity associated with the source address or its right to use the telephone number. Therefore, certificates at levels B and C do not guarantee that the calling entity is legitimately entitled to use the calling telephone number indicated in the first field of the initiation message.Furthermore, some network operators may issue Level A certificates without fully implementing all the necessary procedures to verify that the calling entity corresponding to a source address actually has the phone number listed in the certificate. In some cases, the originating operator may even be involved in a spoofing attack and could thus issue a Level A certificate to the calling entity upon receiving the call initiation message, even though the calling entity is malicious.

[0013] Furthermore, in the case of a call originating from an organization's call center, the call center makes a phone call using the organization's phone number, even though the call center itself does not have a phone number. In such a scenario, only a Level B or C attestation can be issued for a voice call originating from the call center, making the organization vulnerable to identity spoofing attacks. Many organizations, such as banks and other institutions, use such call centers, and STIR / SHAKEN procedures are particularly inadequate for preventing identity spoofing attacks in this context.

[0014] There is therefore a need to prevent identity theft attacks in the context of telephone calls, regardless of the use case, particularly when a telephone call is made from a call center. Object and summary of the invention

[0015] One of the aims of the invention is to overcome at least one of the drawbacks of the aforementioned prior art by proposing a new technique for verifying a telephone call initiation message. This makes it possible to identify and prevent telephone calls from callers impersonating the legitimate owner of a telephone number, even when an organization allows a call center to use its telephone number.

[0016] To this end, an object of the present invention relates to a method for processing a telephone call initiation message comprising the following steps: - obtaining current data extracted from an initiation message, the current data comprising a current telephone number and further comprising a current terminal network identifier and / or a current initial network identifier; - obtaining reference data comprising a reference telephone number, and further comprising a reference terminal network identifier and / or a reference initial network identifier; - determining a verification result by comparison between the current data and the reference data.

[0017] The current terminal network identifier can be information used to identify a calling terminal within a network, and the current initial network identifier can be information used to identify an initial network receiving the initiation message from the calling terminal.

[0018] Thus, the invention provides access to reference data that links a reference telephone number, for example, an organization's telephone number, with a terminal network identifier of a terminal authorized to use such a reference telephone number, and / or with an originating network identifier from which the reference telephone number can be used. The use of reference data makes it possible to verify, when initiating a telephone call, whether the calling terminal associated with the terminal network identifier is authorized to use the current telephone number, because it corresponds to the reference network identifier indicated in the reference data, and / or whether the current telephone number is indeed being used by a calling terminal from an originating network corresponding to the one indicated in the reference data.

[0019] According to one embodiment, reference data can be obtained by querying a reference database storing reference data associations, each reference data association associating a reference telephone number with a reference terminal network identifier and / or with a reference initial network identifier.

[0020] Thus, a reference database can centralize reference data associations, which allows verification of initiation messages from several calling terminals, by the same verification server associated with the reference database.

[0021] In addition, querying the reference database may include: - sending a request including the current phone number to the reference database; - receiving the reference data associated with the reference phone number corresponding to the current phone number.

[0022] Thus, reference data can be indexed by reference telephone numbers, making it easier to search for reference data in the reference database.

[0023] According to one embodiment, current data can be obtained by receiving a verification request from a telephone application server, the verification request comprising current data extracted from the initiation message, the method further comprising transmitting the verification result to the telephone application server.

[0024] Thus, the telephone application server can block initiation messages for which the check is negative. Indeed, such a negative check indicates that the calling terminal is not authorized to use the current telephone number and / or that the initiation message originates from an initial network that is not authorized to initiate a telephone call with the current telephone number, because no reference data association corresponds to such authorization.

[0025] In addition, the telephone application server can be associated with an end network capable of communicating with a called terminal identified in the initiation message, and the telephone application server can transmit the initiation message to the called terminal, if the received verification result is positive.

[0026] Thus, the telephone application server can protect the called terminals served by the end network against identity theft of a legitimate owner of the current telephone number. Verification can therefore be implemented before transferring the initiation message to the called terminal.

[0027] In addition, the reference data obtained may further include a reference owner identifier, the reference owner identifier may be transmitted to the telephone application server with the verification result, and the telephone application server may add the reference owner identifier to the initiation message.

[0028] Thus, in the event of a positive verification, the initiation message transmitted to the called terminal can be enriched with the identifier of the owner of the current telephone number, which allows the calling entity, when legitimately using the current telephone number, to be identified as the owner of the current telephone number.

[0029] In addition, the process may include the following steps: - reception by the telephone application server of the initiation message from the initial network; - extraction by the telephone application server of the current data of the initiation message into predefined fields of the initiation message.

[0030] Thus, the extraction of current data is facilitated for the telephone application server.

[0031] In addition, the telephone application server can extract the current telephone number from a source field that can be modified by the calling terminal and can extract the current terminal network identifier and / or the current initial network identifier from a field defined by a network server.

[0032] Thus, it is permissible to ensure legitimate use of the current telephone number, which can be modified by the calling terminal, by controlling field data that cannot be modified by the calling terminal, because it is filled in by a server of the initial network (or of an intermediate network between the initial and final networks).

[0033] In addition or alternatively, the process may further include, upon receipt of the initiation message by the telephone application server, a verification of an attestation included in the initiation message, and the telephone application server may extract the current data only if the attestation verification is positive.

[0034] Thus, the verification of the initiation message may include a prior attestation verification step, in accordance with the STIR / SHAKEN procedure for example, which improves the reliability associated with the verification.

[0035] According to one embodiment, the process may further include receiving, by the reference database, reference data from a registration terminal associated with an owner of the reference telephone number, and storing said received reference data in the reference database.

[0036] Thus, the owner of the reference phone number can declare the reference data on the basis of which initiation messages should be verified, when they include the reference phone number of the recorded reference data.

[0037] The invention also relates to a computer program comprising instructions for implementing the method of processing a telephone call initiation message according to the invention, according to particular embodiments described above, when said program is executed by a processor.

[0038] Such instructions can be stored permanently in a non-transient memory medium of the verification server implementing the method for processing a telephone call initiation message according to the invention.

[0039] This program can use any programming language, and be in the form of source code, object code, or code somewhere between source code and object code, such as in a partially compiled form, or in any other desirable form.

[0040] The invention also relates to a recording medium or information medium readable by a computer, and comprising instructions for a computer program as mentioned above.

[0041] The recording medium can be any entity or device capable of storing the program. For example, the medium can include a storage means, such as a ROM, for example a CD-ROM or a microelectronic circuit ROM, or a magnetic recording means, for example a mobile device, a hard drive or an SSD.

[0042] On the other hand, the recording medium can be a transmissible medium such as an electrical or optical signal, which can be transmitted via an electrical or optical cable, by radio, or by other means, so that the computer program it contains can be executed remotely. The program according to the invention can, in particular, be uploaded to a network, for example, an Internet-type network.

[0043] Alternatively, the recording medium may be an integrated circuit in which the program is incorporated, the circuit being adapted to execute or to be used in the execution of the aforementioned resource management process.

[0044] According to a material aspect, the invention relates to a verification server comprising a processor configured to: - obtain, through a first interface of the verification server, current data extracted from a telephone call initiation message, the current data comprising a current telephone number and further comprising a current terminal network identifier and / or a current initial network identifier; - obtain, through a second interface of the verification server, reference data comprising a reference telephone number, and further comprising a reference terminal network identifier and / or a reference initial network identifier; - determine a verification result by comparison between the current data and the reference data.

[0045] According to another material aspect, the invention relates to a system comprising a verification server according to the invention, a telephone application server, and a reference database. The telephone application server is configured to transmit a verification request to the verification server. The verification request includes the current data. The verification server is capable of querying the reference database to obtain the reference data, and the verification server is further capable of transmitting the verification result to the telephone application server.

[0046] Other features and advantages will become apparent upon reading particular embodiments of the invention, given by way of illustrative and non-limiting examples, and the accompanying drawings, among which:

[0047] Lare represents an architecture in which the process for processing a message initiating a telephone call is implemented, according to a particular embodiment of the invention,

[0048] Lare represents the steps of a preliminary phase of a process for handling a message initiating a telephone call, as implemented in the architecture of the; Lare represents the steps of a current phase of a process for handling a message initiating a telecommunications session, as implemented in the architecture of the;

[0049] Lare represents a structure of a server for verifying a message initiating a telephone call, according to an embodiment of the invention.

[0050] Detailed description of an embodiment of the invention

[0051] Lare represents an architecture, or system, in which is implemented a process for processing a message initiating a telephone call between a calling terminal 101, or source, and a called terminal 102, or recipient, according to an embodiment of the invention.

[0052] The calling terminal 101 can be associated with a calling entity 111, which can be an individual or an organization. For example, the calling entity 111 could be a call center of an organization, as described in detail below.

[0053] The terminal called 102 is associated with an entity called 112, which can also be an individual or an organization.

[0054] The calling terminal 101 is capable of communicating, for example via radio, with an initial access network 121, which may be an LTE (Long Term Evolution) or 5G network, or their variants or evolutions. Wireless broadband communication standards, such as LTE, 5G, or others, intended for mobile devices and data terminals, are well-known and are not described further here.

[0055] In the following, it is considered, for illustrative purposes, that the telecommunications session that the calling entity 111 seeks to establish with the called entity 112 is a VoLTE (Voice over LTE) voice call. In this context, the initiation of the telecommunications session involves the transmission of an initiation message according to the SIP (Session Initiation Protocol).

[0056] However, no restrictions are attached to the telephone call according to the invention, which can be supported by any technology enabling the establishment of a telephone call between the calling terminal 101 and the called terminal 102. For example, the initiation message can alternatively be an SS7 type initiation message.

[0057] The initial network 121 is managed by an initial operator associated with a network server 161, which is responsible for receiving and routing communication session initiation messages, such as SIP initiation messages. Thus, when the calling entity 111 wishes to initiate a telecommunications session with the called entity 112, the calling terminal 101 transmits an initiation message to the network server 161, which is capable of determining that the destination network to which the initiation message should be routed is a final network 122 described below. For example, for an initial LTE network 121, the network server 161 can be a telephony application server of the initial network 121 (distinct from the telephony application server 162 described below) or a session router.

[0058] The terms "initial" and "final" indicate only the network positions within the specific context of a call initiated from calling terminal 101 to called terminal 112, and the initial and final networks therefore depend on the calling and called terminals. In particular, in the reverse situation, not described below, where terminal 102 initiates a telephone call to terminal 101, network 121 is the final network while network 122 is the initial network.

[0059] The initial network 121 may, in some embodiments, include an authentication server 131 capable of issuing an attestation based on an initiation message from the calling terminal 101, according to the STIR / SHAKEN procedure. The initiation message is then transmitted from the network server 161 to the authentication server 131 for insertion of the attestation into the initiation message. Once the attestation has been inserted into the initiation message, for example, in a header of the initiation message, the initiation message can be returned to the network server 161 for transmission to the final network 122 with which the called terminal 102 is capable of communicating. Alternatively, no attestation is issued to the calling terminal 101, and the initiation message is transmitted to the destination network 122 without attestation. In this alternative, the initial network 121 may not include an authentication server 131.

[0060] In the example described, the final network 122 can also be an LTE, 5G mobile phone network or their variants or evolutions.

[0061] The initial network 121 and the final network 122 can be connected by an IMS 120 core network, for "IP Multimedia Subsystem" in English, whose architecture is well known and is not described further in this description.

[0062] The final network 122 is managed by an end operator and, according to the invention, comprises a telephone application server 162, also called TAS in English for "Telephony Application Server", and a verification server 132. According to some embodiments not described herein, the verification server 132 may be integrated into the telephone application server 162. Alternatively, as shown in the figure, the verification server 132 is separate from the telephone application server 162.

[0063] During the transmission of the initiation message to the final network 122, the network server 161 is able to address the initiation message to the telephone application server 162. The telephone application server 162 is thus able to receive initiation messages in the final network 122, for transmission to the terminal called 102.

[0064] According to the invention, the architecture according to the invention further comprises a reference database 140 which the verification server 132 is able to access.

[0065] A recording terminal 150 associated with the calling entity 111 is able to access the reference database 140 during the preliminary phase described below with reference to [reference]. For this purpose, the reference database 140 can be interfaced with a third-party service provider server 170, with which the recording terminal 150 is able to communicate, for example via an application or a web browser.

[0066] The recording terminal 150 can be any terminal associated with the calling entity 111, for example the calling terminal.

[0067] The recording terminal 150 could, for example, be a server belonging to the organization (a bank, for example) to which the calling entity 111 is connected. For example, the calling entity 111 could be one of the organization's call centers.

[0068] The following describes an embodiment in which the organization associated with the recording terminal 150 authorizes the use of the telephone number it owns (the reference telephone number) by a calling terminal of a call center.

[0069] Laillustre une phase préalable d'un méthode de traitement d'envoi d'initiation de une session de télécommunications selon les modes d'animation de l'invention.

[0070] At step 201, the recording terminal 150 of the organization associated with the calling entity 111 prepares a reference data registration request, which includes reference data. The reference data includes: - a reference telephone number, which is a telephone number of the organization or person associated with the recording terminal 150. This is the telephone number that is authorized for use by the calling terminal 101 during the current phase described below, allowing it to be specified in a source or "from" field of a communication session initiation message, such as a SIP message; and

[0071] - a reference terminal network identifier and / or an initial reference network identifier.

[0072] In some embodiments, the reference data may further include a reference owner identifier, which may be a name or other designation (e.g., company name) of the organization or person represented by the recording terminal 150 and who owns the reference telephone number.

[0073] A network terminal identifier is information that uniquely identifies a terminal in a telecommunications network.

[0074] An initial network identifier is information that uniquely identifies a network or its associated network operator, either globally or locally.

[0075] The term "reference" here indicates that this refers to information declared beforehand by the organization or person associated with the recording terminal 150, and used during the current phase to validate or invalidate current data. Thus, it is this reference data that allows the verification server 132, accessing the reference database 140, to verify current data collected during the current phase in an initiation message as described below.

[0076] It should be noted that the telephone number indicated in the source field of the initiation message can be modified by a calling terminal. However, the terminal's network identifier cannot be modified by a calling terminal: this identifier is assigned by a network server of an initial network (for calling terminal 101, this is network server 161 of the initial network 121) or is derived from an identifier assigned by a network server of the initial network.

[0077] The reference terminal network identifier thus identifies the terminal authorized to use the reference phone number, enabling the use of the reference phone number by an entity possessing the authorized terminal. A current terminal network identifier used by a calling terminal using the reference phone number can therefore be compared, during a normal call, with the reference terminal network identifier to verify that the calling terminal is indeed authorized to use the current phone number, even though it does not own it. This allows differentiation between a spoofing attack and the legitimate use of a phone number by a call center that does not own it.

[0078] For example, the current terminal network identifier of calling terminal 101 can be specified in a PAI field of a SIP initiation message, PAI standing for "P-Asserted Identity". Such a field is added by a P-CSCF device on the IMS 120 network upon receipt of a SIP initiation message, replacing "P-Preferred Identity" information previously added by the network server 161 in a header of the SIP initiation message. The terminal network identifier, or PAI network identifier, can be in the form of a telephone Uniform Resource Indentant (URI). Such a telephone URI might include a prefix "tel:" followed by a telephone number including a "+" sign and a series of digits, for example:<tel :+123456789012> .

[0079] The terminal network identifier more generally covers any identifier assigned by the initial network, or by the IMS network in the described embodiment, to the calling terminal, and which cannot be modified by the calling terminal.

[0080] The initial network identifier can correspond to an identifier specified in a P-Access-Network-Info (PANI) header of a SIP initiation message. This identifier is added by a network server, not by the calling terminal. For example, in France, the PANI header might include a code called R1R2, issued by a regulatory authority, which uniquely identifies a network or its associated network operator. Generally, the initial network identifier encompasses any identifier that uniquely designates, at least within a given territory, a network or network operator, and which is not configurable by a calling terminal in the initiation message.

[0081] At step 202, the registration terminal 150 transmits the registration request including the reference data described above, to the third-party service provider server 170.

[0082] At step 203, the third-party service provider server 170 can verify the reference data included in the registration request. Such verification can, in particular, check that the reference terminal network identifier has not been previously reported as associated with fraudulent calls. Other verification criteria can be applied to the reference data according to the invention, relating, for example, to the consistency between the reference telephone number and the reference owner identifier.

[0083] In the event of a positive verification, the third-party service provider server 170 transmits, at a step 204, the reference data to the reference database 140, for storage at a step 205. At step 205, the database stores the reference data in association, the association being able to be indexed by the reference telephone number.Thus, as will be described below, the reference database 140 can be queried on the basis of a current telephone number, and the reference database 140 compares the current telephone number to the reference telephone numbers of the associations it stores, and - if the current telephone number corresponds to a stored reference telephone number, the reference database 140 returns the reference data associated with the corresponding reference telephone number, at least the reference terminal network identifier and / or the reference initial network identifier; - if the current telephone number does not correspond to any stored reference telephone number, the reference database 140 issues a message including information indicating the absence of the current telephone number in the reference database 140.

[0084] At step 206, the third-party service provider server 170 can validate the registration of the reference data with the registration terminal 150.

[0085] Laillustrates the steps of a common phase of a process for processing a message initiating a telephone call, according to embodiments of the invention.

[0086] During the current phase, the calling entity 111 seeks to initiate a telephone call with the called entity 112.

[0087] To initiate the phone call, the calling terminal 101 prepares an initiation message, the initiation message including information indicating a current telephone number, which is configurable by the calling entity 111. In the case of a SIP type initiation message, the initiation message includes a "from" source field indicating a current telephone number.

[0088] The adjective "current" describes data that is specific to the current phase, as opposed to reference data which is stored in the reference database 140 and which serves as a reference to validate or invalidate the current data of an initiation message.

[0089] In a legitimate use case of the current telephone number, the current telephone number is the number of the organization to which the calling entity 111 is attached, which may be a call center as previously described.

[0090] At step 301, the calling terminal 101 transmits the initiation message prepared at step 300 to the network server 161 of the initial network 121.

[0091] At a stage 302, upon receipt of the initiation message, the network server 161 enriches the initiation message before routing it to the final network 122. The network server 161 may in particular add the initial network identifier associated with the initial network 121, referred to as the current initial network identifier in what follows, as well as a current terminal network identifier that identifies the calling terminal 101 in the initial network 121 (for example the PPI identifier described previously).

[0092] At an optional step 303, network server 161 can transmit the initiation message to authentication server 131 for adding an attestation according to the STIR / SHAKEN procedure.

[0093] At step 304, upon receipt of the initiation message, the authentication server 132 can generate an attestation from information contained in the initiation message, in accordance with the STIR / SHAKEN procedure, and the initiation message is modified to incorporate the generated attestation. No restrictions are attached to the generated attestation level. In the described embodiment, the calling terminal 101 does not have the current telephone number, so the generated attestation level is level B or C as previously described.

[0094] At step 305, the authentication server 131 returns the initiation message, including the attestation, to the network server 161.

[0095] At step 306, following step 302, or following step 305 when the STIR / SHAKEN procedure is implemented, the network server 161 of the initial network 121 transmits the initiation message to the telephone application server 162 of the final network 122. It should be noted that the initiation message addressed to the telephone application server 162 of the final network corresponds to the initiation message enriched by the network server 161 of the initial network and possibly includes the attestation generated by the authentication server 131 according to the STIR / SHAKEN procedure.

[0096] During transmission to the telephone application server 162, the PPI identifier (information "P-Preferred Identity") serving as the current terminal network identifier can be replaced by the PAI identifier described previously, by a P-CSCF server of the IMS network 120, and the PAI identifier is therefore the current terminal network identifier in what follows.

[0097] At step 307, upon receipt of the initiation message, the telephone application server 162 can verify the attestation contained in the initiation message, if the initiation message includes such an attestation (in embodiments where the attestation is generated by the authentication server 131 as described above). Subsequent steps are implemented only if the telephone application server 162 successfully verifies the attestation. A successful attestation verification means that the attestation is present in the initiation message, whether it is level A, B, or C (level B or C in particular in the described embodiment).

[0098] Indeed, in the event of a negative verification, the telephone application server 162 can send a rejection message to the network server 161 of the initial network 121, which interrupts the initiation of the telephone call. A negative attestation verification means that the initiation message does not include an attestation or that the attestation present in the initiation message is invalid, for example, because it is a fraudulent certificate not corresponding to the current telephone number.

[0099] At step 308, the telephone application server 162 can extract the following current data from the initiation message: - the current telephone number from the source field; and - the current terminal network identifier and / or the current initial network identifier. At step 309, the telephone application server 162 can transmit a verification request to the verification server 132. The verification request includes the extracted current data, namely the current telephone number, the current terminal network identifier, and / or the current initial network identifier. At an optional step 310, the verification server 132 can verify that the current telephone number included in the verification request is present in a list stored on the verification server 132.The list stored in the verification server 132 can include all the telephone numbers that are part of the reference data stored in the reference database 140. Thus, the verification in step 310 avoids an unnecessary query of the reference database 140 (if the current telephone number does not match any reference telephone number stored in the reference database 140).

[0100] At a step 311, the verification server 132 (or the telephone application server 162 when the verification server is embedded in the telephone application server) queries the reference database 140 by transmitting a request including the current telephone number.

[0101] Upon receiving the request, the reference database 140 compares the current telephone number to the reference telephone numbers, in order to detect a match at a step 312. If a match is found with a reference telephone number, the reference database 140 obtains the reference terminal network identifier and / or the reference initial network identifier associated with the corresponding reference telephone number.

[0102] At a step 313, the reference database 140 returns a response including the obtained reference data, namely the obtained reference terminal network identifier and / or the obtained initial reference network identifier, to the verification server 132.

[0103] If there is no match between the current telephone number and the reference telephone numbers, the reference database 140 may return a no-match message to the verification server 132 at step 313. Alternatively, the database may not respond, indicating no match.

[0104] Database 140 may be included in the verification server, in the telephone application server, or elsewhere.

[0105] Upon receiving the reference data, the verification server 132 checks, at step 314, whether the current data corresponds to the reference data by comparing the current data with the reference data. To this end, the verification server compares: - the current terminal network identifier with the reference terminal network identifier; and / or - the current initial network identifier with the reference initial network identifier.

[0106] The verification is successful if each comparison (one or two checks depending on the implementation) is positive, that is, if the current data and the reference data are identical. If at least one comparison is negative, the verification of the current data is also negative.

[0107] In other words, according to a first embodiment, the verification server implements only one of the verifications presented below.

[0108] In this first embodiment, the verification server can be configured to check if the current terminal network identifier matches the reference terminal network identifier.

[0109] According to a variant of this first embodiment, the verification server can be configured to check whether the current initial network identifier matches the reference initial network identifier.

[0110] According to a second embodiment, the verification server implements the two checks described below. In this case, the verification server can be configured to return a positive result if both checks are positive, and a negative result if at least one of the checks is negative. In another variant, the verification server can be configured to return a positive result if at least one of the two checks is positive and a negative result if both checks are negative.

[0111] The verification server 132 thus obtains a verification result, positive or negative, at step 314.

[0112] At step 315, the verification server 132 transmits the verification result to the telephone application server 162.

[0113] If a no-match message is received from database 140 at step 313, the verification server 132 can transmit the no-match message to the telephone application server 162 at step 315.

[0114] According to another embodiment, the telephone application server 162 integrates the verification server 132 and implements steps 310, 311 and 314 itself.

[0115] If the comparison result is positive, the telephone application server 162 transmits the initiation message to the terminal called 102 at a step 317.

[0116] In some embodiments, before transmitting the initiation message in step 317, the telephone application server 162 can enrich the initiation message with an owner identifier associated with the current telephone number. The owner identifier can be the reference owner identifier stored in association with the reference telephone number corresponding to the current telephone number. For this purpose, the reference database 140 can integrate the reference owner identifier into the response returned in step 313. The owner identifier can be transmitted with the verification result to the telephone application server in step 315, which can then enrich the initiation message in step 316.

[0117] If the comparison result is negative, the telephone application server 162 can send a rejection message to the network server 161, and the telephone call initiation is interrupted. In another embodiment, if the comparison result is negative, the telephone application server 162 does not send a message.

[0118] If a no-match message is received from database 140, from verification server 132, or if there is no response from database 140, the telephone application server 162 can transmit the initiation message to the called terminal 102, or can alternatively refuse call initiation by sending a refusal message to the network server 161 of the initial network 121.

[0119] Following step 317, which transmits the initiation message (in the event of a positive verification result), the called terminal 102 broadcasts an alert (e.g., rings or vibrates) at step 318, while displaying the current telephone number and, in some embodiments, the owner's identifier. If the entity called 112 validates the establishment of the telephone call, the telephone call is established between the calling terminal 101 and the called terminal 102 at step 319. If the entity called 112 refuses, the initiation of the telephone call is aborted.

[0120] Lare represents a structure of the verification server 132, according to an embodiment of the invention.

[0121] The verification server 132 includes a processor 401 configured to communicate unidirectionally or bidirectionally, via one or more buses or via a direct wired connection, with a memory 402 such as Random Access Memory (RAM), Read Only Memory (ROM), or any other type of memory (Flash, EEPROM, etc.). Alternatively, the memory 402 comprises several memories of the aforementioned types.

[0122] Memory 402 includes at least one non-volatile memory in which the data used and / or resulting from the implementation of steps 309 to 311 and 313 to 315 described previously are stored temporarily or permanently.

[0123] In particular, memory 402 can store, at least temporarily, the current data received in step 309 and the reference data received in step 315, so that this data can be compared. Furthermore, as described previously, memory 402 can store the list used during the implementation of step 310 described earlier.

[0124] The processor 401 is capable of executing instructions, stored in memory 402, for the implementation of steps 310, 311, 314 and 315 described previously.

[0125] The verification server 132 further includes a first interface 403 capable of communicating with the telephone application server 162, and a second interface 404 capable of communicating with the reference database 140.

Claims

A method for processing a telephone call initiation message comprising the following steps: - obtaining (309) current data extracted from said initiation message, the current data comprising a current telephone number and further comprising a current terminal network identifier and / or a current initial network identifier; - obtaining (313) reference data comprising a reference telephone number, and further comprising a reference terminal network identifier and / or a reference initial network identifier; - determining (314) a verification result by comparison between the current data and the reference data. A method according to claim 1, wherein the reference data are obtained (313) by querying (311) a reference database (140) storing reference data associations, each reference data association associating a reference telephone number with a reference terminal network identifier and / or with a reference initial network identifier. A method according to claim 2, wherein the query of the reference database (140) comprises: - a transmission (311) of a query including the current telephone number to the reference database; - a reception (313) of the reference data associated with the reference telephone number corresponding to the current telephone number. A method according to any one of the preceding claims, wherein the current data is obtained by receiving (309) a verification request from a telephone application server (162), the verification request comprising the current data extracted from the initiation message, the method further comprising transmitting (315) the verification result to the telephone application server. A method according to claim 4, wherein the telephone application server (162) is associated with an end network (122) capable of communicating with a called terminal (102) identified in the initiation message, and wherein the telephone application server transmits (317) the initiation message to the called terminal, if the received verification result is positive. A method according to claim 5, wherein the reference data obtained further include a reference owner identifier, and wherein the reference owner identifier is transmitted (315) to the telephone application server (162) with the verification result and wherein the telephone application server adds the reference owner identifier to the initiation message. A method according to any one of claims 4 to 6, comprising the following steps: - reception (306) by the telephone application server (162) of the initiation message from the initial network (121); - extraction (308) by the telephone application server of the current data of the initiation message into predefined fields of the initiation message. Method according to claim 7, wherein the telephone application server (162) extracts the current telephone number from a source field modifiable by the calling terminal, wherein the telephone application server extracts the current terminal network identifier and / or the current initial network identifier from a field defined by a network server (161). A method according to claim 7 or 8, further comprising, upon receipt (306) of the initiation message by the telephone application server (162), a verification (307) of an attestation included in the initiation message, and wherein the telephone application server extracts (308) the current data only if the attestation verification is positive. A method according to claim 2 or 3, further comprising receiving (204) reference data from a recording terminal (150) associated with an owner of the reference telephone number by the reference database (140), and storing (205) said received reference data in the reference database. Computer program comprising program code instructions for implementing the telephone call initiation message processing method according to any one of claims 1 to 10, when executed by a processor (401). Computer-readable information carrier, and comprising instructions for a computer program according to claim 11. Verification server (132) comprising a processor (401) configured to: - obtain, through a first interface (403) of the verification server, current data extracted from a telephone call initiation message, the current data including a current telephone number and also including a current terminal network identifier and / or an initial network identifier; - obtain, through a second interface (404) of the verification server, reference data including a reference telephone number, and also including a reference terminal network identifier and / or a reference initial network identifier; - determine a verification result by comparison between the current data and the reference data. System comprising a verification server (132) according to claim 13, a telephone application server (162) and a reference database (140), wherein the telephone application server is configured to transmit a verification request to the verification server, the verification request comprising the current data, wherein the verification server is capable of querying the reference database to obtain the reference data, and wherein the verification server is further capable of transmitting the verification result to the telephone application server.

Images