PROCESSING SENSITIVE INFORMATION OVER VOIP

Abstract

This invention relates to a method of processing sensitive information over VoIP. The method provides a method of processing, by a call processor, a media call comprising the steps of: receiving a first signalling stream from a first entity; creating a second signalling stream to a second entity; forwarding signals received from the first signalling stream to the second signalling stream; receiving a third signalling stream from the second entity; creating a fourth signalling stream to the first entity; and forwarding signals received on the third signalling stream to the fourth signalling stream; the first signalling stream containing instructions to set up a media call between the first entity and the second entity such that media is transmitted over a first media stream from the first entity to the second entity and a media is transmitted over a second media stream from the second entity to the first entity without intervention by said call processor.

Claims

1.-11. (canceled)

12. A call processor for processing a Voice over Internet Protocol (VoIP) media call between a first entity and a second entity, the VoIP media call including separate signalling streams and media streams, and in which the media streams include a Real-time Transport Protocol (RTP) stream over which media is transmitted from the first entity to the second entity without intervention by the call processor, the call processor embodied in computer hardware, the call processor configured to at least: redirect the VoIP media call via the call processor, the VoIP media call as redirected including respective RTP streams over which the media transmitted from the first entity is received at the call processor, and forwarded from the call processor to the second entity; and modify the media received at the call processor from the first entity to remove sensitive information before the media is forwarded to the second entity.

13. The call processor of claim 12, wherein the call processor is configured to modify the media to remove DTMF tones comprising the sensitive information before the media is forwarded to the second entity.

14. The call processor of claim 12, wherein the call processor is configured to modify the media to remove spoken sensitive information before the media is forwarded to the second entity.

15. The call processor of claim 12, wherein the media streams include a second RTP stream over which media is transmitted from the second entity to the first entity without intervention by the call processor, and the VoIP media call as redirected includes second respective RTP streams over which the media transmitted from the second entity is received at the call processor, and forwarded from the call processor to the first entity, and wherein the call processor is further configured to modify the media received at the call processor from the second entity to remove sensitive information before the media is forwarded to the first entity.

16. The call processor of claim 15, wherein the call processor is configured to modify the media to remove DTMF tones comprising the sensitive information before the media is forwarded to the first entity.

17. The call processor of claim 15, wherein the call processor is configured to modify the media to remove spoken sensitive information before the media is forwarded to the first entity.

18. The call processor of claim 12, wherein the call processor is further configured to receive a message from the second entity to redirect the VoIP media call, the call processor configured to redirect the VoIP media call responsive to the message.

19. The call processor of claim 12, wherein the second entity is a contact centre configured to send a message to a secure data collection server to indicate secure data collection is to be initiated on the VoIP media call, and receive a personal identification number from the secure data collection server, and wherein the call processor is configured to redirect the VoIP media call based on the personal identification number.

20. The call processor of claim 12, wherein the call processor is further configured to again redirect the VoIP media call after the media is modified to remove the sensitive information, the VoIP media call as again redirected being between the first entity and the second entity without intervention by the call processor.

21. The call processor of claim 20, wherein the call processor configured to again redirect the VoIP media call includes the call processor configured to recreate the RTP stream over which media is transmitted from the first entity to the second entity.

22. A method of processing, by a call processor, a Voice over Internet Protocol (VoIP) media call between a first entity and a second entity, the VoIP media call including separate signalling streams and media streams, and in which the media streams include a Real-time Transport Protocol (RTP) stream over which media is transmitted from the first entity and the second entity without intervention by the call processor, the method comprising: redirecting the VoIP media call via the call processor, the VoIP media call as redirected including respective RTP streams over which the media transmitted from the first entity is received at the call processor, and forwarded from the call processor to the second entity; and modifying the media received at the call processor from the first entity, the media modified using the call processor to remove sensitive information before the media is forwarded to the second entity.

23. The method of claim 22, wherein the media is modified to remove DTMF tones comprising the sensitive information before the media is forwarded to the second entity.

24. The method of claim 22, wherein the media is modified to remove spoken sensitive information before the media is forwarded to the second entity.

25. The method of claim 22, wherein the media streams include a second RTP stream over which media is transmitted from the second entity to the first entity without intervention by the call processor, and the VoIP media call as redirected includes second respective RTP streams over which the media transmitted from the second entity is received at the call processor, and forwarded from the call processor to the first entity, and wherein the method further comprises modifying the media received at the call processor from the second entity, the media modified using the call processor to remove sensitive information before the media is forwarded to the first entity.

26. The method of claim 25, wherein the media is modified to remove DTMF tones comprising the sensitive information before the media is forwarded to the first entity.

27. The method of claim 25, wherein the media is modified to remove spoken sensitive information before the media is forwarded to the first entity.

28. The method of claim 22, wherein the method further comprises the call processor receiving a message from the second entity to redirect the VoIP media call, and the VoIP media call is redirected responsive to the message.

29. The method of claim 22, wherein the second entity is a contact centre that sends a message to a secure data collection server to indicate secure data collection is to be initiated on the VoIP media call, and receives a personal identification number from the secure data collection server, and wherein the VoIP media call is redirected based on the personal identification number.

30. The method of claim 22, wherein the method further comprises again redirecting the VoIP media call after the media is modified to remove the sensitive information, the VoIP media call as again redirected being between the first entity and the second entity without intervention by the call processor.

31. The method of claim 30, wherein again redirecting the VoIP media call includes recreating the RTP stream over which media is transmitted from the first entity to the second entity.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0032] FIG. 1 is an illustration of a call processing environment for use in a system for collection of sensitive information;

[0033] FIG. 2 is a simplified illustration of call paths when a call is in unsecured mode;

[0034] FIG. 3 is a simplified illustration of call paths showing a call conferenced with the call processor;

[0035] FIG. 4 is a simplified illustration of call paths showing removal of sensitive information from a media stream sent to a contact centre; and

[0036] FIG. 5 is a simplified illustration of call paths showing removal of sensitive information from a media stream sent to a user.

DETAILED DESCRIPTION

[0037] Referring to FIG. 1, a call processor 14 is accessed via a firewall 11 (eg AWS), and a Session Border Controller 12 (SBC) (eg AudioCodes or Sonus). The call processor 14 interfaces with a secure data collection environment 16.

[0038] A first entity, in the embodiment described here, a user 17 initiates a VoIP call to a second entity, in the embodiment described here, a contact centre 18. The VoIP call may originate from the PSTN via a trunk provider. When the contact centre's address is detected in the signalling stream (for example, when during call set up using a SIP INVITE message) the trunk provider redirects the signalling stream to the call processor 14.

[0039] When call processor 14 receives a first signalling stream 20 from a user 17 the call processor 14 creates a second signalling stream 21 to the contact centre 18 and forwards any messages received via the first signalling stream 20 from the user to the contact centre 18 via the second signalling stream 21. Reciprocally the call processor 14 forwards any messages received via a third signalling stream 22 from the contact centre to the user 17 via a fourth signalling stream 23. The user is unaware that the signalling messages are intercepted and passed on by the call processor 14. Hence once signalling messages are exchanged to set up a VoIP call between the user 17 and the contact centre 18 the VoIP call is created between the user 17 and the contact centre 18 without intervention by the call processor 14. Hence, the bandwidth of the data that the call processor 14 needs to process is approximately 5 Kbps?2. As the call processor 14 retains signalling paths to both the user and to the contact centre the call processor 14 has the ability to control the interaction between the user 17 and the contact centre 18.

[0040] In more detail, using SIP protocol the call set up process may be as follows: [0041] 1) SIP INVITE (first call ID) is sent by the user 17 to the call processor 14. [0042] 2) SIP INVITE (second call ID) is sent by the call processor 14 to the contact centre 18. [0043] 3) SIP OK (second call ID) is sent by the contact centre 18 to the call processor 14. [0044] 4) SIP OK (first call ID) is sent by the call processor 14 to the user 17. [0045] 5) A first voice media stream 24 (usually using RTP) is created from the user 17 to the contact centre 18. [0046] 6) A second voice media stream 25 (usually using RTP) is created from the contact centre 18 to the user 17.

[0047] FIG. 2 is a simplified illustration showing the signalling and media streams when the call is in an unsecured mode ie when it is not required to transmit sensitive information between the user 14 and the contact centre 17.

[0048] When it becomes necessary to transmit sensitive information between the user 17 and the contact centre 18 a request 26, which may be initiated by an agent in the call centre, is sent to the secure data collection server 16. The request 16 may be sent via the internet, via a private network or any other suitable means. The request from the contact centre 18 contains a unique identifier (sometimes called a SessionID) that identifies the contact centre agent within the contact centre. The unique identifier may be created (for example) when the contact centre agent logs onto the web interface of the Secure Data Collection 16 system.

[0049] The Secure Data Collection 16 system generates a Personal Identification Number (PIN) that is sends back to the contact centre agent over the Internet (typically displaying in a web browser).

[0050] The secure data collection server 16 returns a response 27 containing a unique identifier identifying the signalling streams and the media call in question.

[0051] The contact centre agent enters the PIN and generates a message requesting that a media call goes into secure mode which is sent via signalling stream 22 to the call processor 14. This message contains the PIN. Call processor 14 liaises with the secure data collection server 16 to confirm that the request is legitimate, for example by comparing the PIN received to those which have been previously been sent out.

[0052] Assuming the request is legitimate call processor 14 reroutes the media stream so that it is redirected via the call processor.

[0053] In more detail, using SIP protocol the call rerouting process may be as follows: [0054] 1) re-INVITE (first call ID) is sent by the call processor 14 to the user 17 [0055] 2) SIP OK (first call ID) is sent by the user to the call processor 14 [0056] 3) re-INVITE (second call ID) is sent by the call processor 14 to the contact centre [0057] 4) Slp OK (second call ID) is sent by the contact centre 18 to the call processor 14.

[0058] The call processor 14 then initiates a conference call with the user 17 and the contact centre 18. FIG. 3 is a simplified illustration of the resultant signalling and media streams.

[0059] A third VoIP media stream 30 is created between the user 17 and the call processor 14. VoIP data is transmitted over the third VoIP media stream 30 to the call processor 14. The call processor 14 creates a fourth VoIP media stream 31 and forwards VoIP data received from the user 17 via the VoIP third media stream 30 to the contact centre 18 over the VoIP fourth media stream 31.

[0060] This will enable the call processor to modify VoIP data received from the user, for example by removing DTMF tones or spoken sensitive information before forwarding the media to the contact centre 18.

[0061] FIG. 4 shows schematically sensitive data being removed from the fourth media stream 31 before being forwarded to the contact centre 18.

[0062] A fifth VoIP media stream 32 is created between the contact centre 18 and the call processor 14. VoIP data is transmitted over the fifth VoIP media stream 32 to the call processor 14. The call processor 14 creates a sixth VoIP media stream 33 and forwards VoIP data received from the contact centre 18 via the VoIP fifth media stream 32 to the user 17 over the VoIP sixth media stream 33.

[0063] This will enable the call processor to modify VoIP data received from the contact centre 18, for example by removing DTMF tones or spoken sensitive information before forwarding the media to the user 17.

[0064] FIG. 5 shows schematically sensitive data being removed from the sixth media stream 33 before being forwarded to the user 17.

[0065] The call processor 14 liaises with the secure data collection system 16 to obtain the required sensitive data from the user 17 and removes the sensitive data from the media that is forwarded to the contact centre 18, thus preventing the sensitive information from ever entering the contact centre 18.

[0066] The call processor 14 only needs to process the bandwidth required for the media call during the time that the call is in secure mode. Once the sensitive data has been collected the media stream can be reconnected directly between the user 17 and the call centre 18 and the call processor 14 will drop out of the media stream.

[0067] The call is rerouted in a similar manner to previously: [0068] 1) re-INVITE (first call ID) is sent by the call processor 14 to the user 17 [0069] 2) SIP OK (first call ID) is sent by the user to the call processor 14 [0070] 3) re-INVITE (second call ID) is sent by the call processor 14 to the contact centre 18 [0071] 4) Slp OK (second call ID) is sent by the contact centre 18 to the call processor 14.

[0072] The call paths revert to those shown in FIG. 2.

[0073] It will be appreciated that features of the invention which are, for brevity, described in the context of a single embodiment, may also be provided separately, or in another suitable combination.

[0074] It will be recognised that various alterations, modifications, and/or additions may be introduced into the constructions and arrangements of parts described above whilst remaining within the scope of the invention as claimed.

PROCESSING SENSITIVE INFORMATION OVER VOIP

Inventors

Cpc classification

Classification Explorer

H04L65/65

ELECTRICITY

Classification Explorer

H04M7/0066

ELECTRICITY

Classification Explorer

H04L65/765

ELECTRICITY

Classification Explorer

H04L65/1046

ELECTRICITY

Classification Explorer

H04L65/1069

ELECTRICITY

Classification Explorer

H04L65/1104

ELECTRICITY

International classification

Classification Explorer

H04L65/1069

ELECTRICITY

Classification Explorer

H04L65/1046

ELECTRICITY

Classification Explorer

H04M7/00

ELECTRICITY

Classification Explorer

H04L65/75

ELECTRICITY

Classification Explorer

H04L65/1104

ELECTRICITY

Abstract

Claims

Description