[go: up one dir, main page]

WO2013140193A1 - Method and system for establishing secure online video connection - Google Patents

Method and system for establishing secure online video connection Download PDF

Info

Publication number
WO2013140193A1
WO2013140193A1 PCT/HU2013/000028 HU2013000028W WO2013140193A1 WO 2013140193 A1 WO2013140193 A1 WO 2013140193A1 HU 2013000028 W HU2013000028 W HU 2013000028W WO 2013140193 A1 WO2013140193 A1 WO 2013140193A1
Authority
WO
WIPO (PCT)
Prior art keywords
customer
video
call
assistant
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/HU2013/000028
Other languages
French (fr)
Inventor
Éva HEGEDŰS
Sándor DEMJÁN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Magyar Toketarsasag Zartkoruen Mukodo Reszvenytarsasag
Original Assignee
Magyar Toketarsasag Zartkoruen Mukodo Reszvenytarsasag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Magyar Toketarsasag Zartkoruen Mukodo Reszvenytarsasag filed Critical Magyar Toketarsasag Zartkoruen Mukodo Reszvenytarsasag
Publication of WO2013140193A1 publication Critical patent/WO2013140193A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1069Session establishment or de-establishment

Definitions

  • the present invention generally relates to a video-based communication method and system. More particularly, the present invention relates to a method and a system for setting up a video call in an online mode through a secure data channel.
  • the various service providers in particular the service providers in the financial sector (banks, insurance companies, etc.) offer their services in an increasingly wider range through the internet. Due to the development of the telecommunication technologies, nowadays most of the public utility companies provide an online access for their clients to order services, to keep track of the ordered services, to set or modify user-specific data, etc.
  • One of the easiest and presently wide-spread way of online accessing services is a telephone call center, wherein certain services can be used only after an identification of the customer at an appropriate level.
  • the identification is generally based on inputting a unique customer identification code and a secret password (code).
  • code a secret password
  • One of the drawbacks of the telephone call center service is that a customer can set up only a voice transmission (audio) connection with an assistant of the service provider, which means a substantial limitation with respect to the efficient and reliable exchange of information.
  • a video-based communication may also be initiated with the service provider even from a computer or a mobile phone.
  • a menu item corresponding to the video call for example "video chat” or "video call center”
  • Such a communication connection in itself is, however, not enough secure for transmitting/receiving sensitive or secret data or information therethrough to/from the service provider.
  • the published document WO 2011/1371102 discloses online video-based communication for providing online banking services, wherein when a customer logs in an online banking application, first a full identification of the customer is performed, and the customer can initiate a video call setup with an assistant of the bank just after the identification process.
  • This solution has the drawback, that for accessing to a service based on a video call, the customer must, first of all, perform a customer identification step, and he can use the banking services based on a video call only subsequently, which requires the initiation of an additional video call setup with a video server of the bank.
  • Another disadvantage of this solution is that it does not allow a uniform presentation of those video calls that does not require a customer identification (for example, calls to request general information) and those video calls that require the customer's identification (for example, calls to receive or provide confidential data, to performing a transaction, etc.) on the customer-side interface, which is typically a webpage offering online services of the service provider (e.g. a bank).
  • a customer identification for example, calls to request general information
  • those video calls that require the customer's identification for example, calls to receive or provide confidential data, to performing a transaction, etc.
  • the present invention is based on the recognition that if for using a service based on a secure online video call, the customer at once initiates a video call and during the setup procedure of the video call, and identification of the customer is performed in an embedded manner on the service provider's side, then it will be possible to uniformly display (i.e. to display on a single shared interface) various kinds of services based on video calls for the customers.
  • At least one customer client device connected to the internet, said client device being adapted to run an internet browser or other application having an internet connection, wherein said client device is provided with a camera, a display, a microphone and a loudspeaker,
  • the authentication server comprises:
  • a service provider system for establishing a secure online video call connection between a customer-side client application and a service provider-side client application, wherein the customer-side client application is a communication application connected to the internet, said application being adapted to run an internet browser or another application having an internet connection, said application being further adapted to use a video camera, a display, a microphone and a loudspeaker, wherein the service provider system comprises:
  • an authentication server on the service provider side for the personal identification of the customer, said authentication server being connected to the customer-side client applications through the internet,
  • an authentication interface for providing communication between the authentication server and the video server.
  • the authentication server comprises:
  • the above objects are also achieved by providing a method for establishing a secure online video call connection between a service provider-side client application and a customer-side client application through the internet, wherein the method comprises the steps of: - in an authentication server, receiving a request for a video call connection from a customer-side client application, said request containing a unique session identifier of the initiated video call (video session ID),
  • FIG. 1 schematically illustrates the architecture of the system according to the invention
  • FIG. 2 is a communication diagram showing the major steps of the method according to the invention.
  • Figure 3 illustrates an exemplary application of the method according to the invention in an exemplary customer service system.
  • FIG 1 schematically shows the architectures of the system 100 for providing secure online video-based communication in accordance with the invention.
  • video-call or “video-based communication” refers to an interconnection primarily used for transmitting video and voice data, but in addition to those, it can optionally be used to transmit still image data, text data or other digital data (e.g. electronic documents).
  • the system 100 establishes a video connection basically between one or more customer and one or more assistant so that in one communication line, a video connection between preferably only one customer and one assistant can be established.
  • the system 100 may also be suitable for making a call, if necessary, in one communication line between several customers and/or several assistants.
  • a communication line 120 may be established through the internet.
  • Client applications 1 1 1 on the customer side run on client devices 1 10, typically on computers or mobile phones, but for the whole functionality of the system 100, the use of a microphone, loud speakers and a video camera, generally a web camera (none of them shown in the drawings) is essentially needed also on the customer side.
  • the customer-side interface is provided by a client application 11 1 that may be embedded in an internet homepage of the service provider (e.g. a bank) or may be implemented as a standalone application, and that can be freely accessed by using a browser or any other program having an internet connection.
  • the customers can access to the online video-based customers service function of the service provider. This function is also called video chat or video call center.
  • the customers-side client application 111 is adapted to connect one customer to one assistant, wherein the communication is always initiated by the customer.
  • client devices 130 executing client applications 1 12 on the service provider side are available, said client devices 130 being used by the assistants to receive the incoming video calls.
  • An assistant interface 130 allows the communication between a customer and an assistant, and also allows an assistant to perform administrative activities (change status, store call data).
  • the interface 1 13 is an application accessible for the supervisors and administrative staff on the service provider side. Such an application allows to modify system-specific settings and to access historical data.
  • the term "customer" refers to a person using video-based customer service functions through the internet.
  • a customer may be a new customer or a registered customer.
  • the registered customers can identify themselves by means of an authentication server 141.
  • the customers there may be VIP customers to whom the system 100 may assign a dedicated assistant.
  • an assistant is an employee of the service provider, who is responsible for receiving the incoming calls and to service the clients through the established online video call connection.
  • the assistants may be grouped into various assistant teams (transaction assistant, advisory assistant), wherein a security level may be associated with each of said teams. For example, in case of a transaction assistant, the highest level of security may be specified for the video call, whereas in case of an advisory assistant, a lower level of security may be appropriate.
  • a supervisor is an employee of the service provider who can access to the administrator interface 113, can check the status information and the statistic information, can search for a recorded call, but is not allowed to modify the settings of the system 00.
  • An administrator is an employee of the service provider, who is entitled to modify the system settings and the access permissions, and who has also an access right to all functions of the administrator interface 113.
  • the system 100 further comprises a video server 140 on the service provider side for managing the real-time video connections (setup, maintenance, termination).
  • the authentication server 141 performs identification of the customer initiating the call in an intermediate step by means of a customer identification module 145.
  • the authentication server 140 forwards the result of the authentication by means of a call re-direction module 146 through an authentication interface 143 to the video server 140.
  • the data of the registered customers are not stored on the video server 140, but stored in the subsystem performing the authentication, which is served by the authentication server 141.
  • the authenticating subsystem i.e. the authentication server 141
  • the authentication interface 143 all data necessary to continue the setup procedure of the video call to be established with the customer, for example a unique session identifier of the video call initiated by the customer (video session ID).
  • a customer-side video client application is a standalone application that can be embedded in an internet homepage of the service provider. This application is preferably placed in a specific dedicated page within the homepage of the service provider. Due to the system according to the invention, video call functions requiring customer identification and video call functions not requiring customer identification can be accessed from the same interface, which provides a high degree of convenience for the user.
  • the use of a video client application 111 may be initiated from an own webpage of the application or it may also be initiated from another point of the homepage of the service provider by using an initiation link.
  • the HTML code containing the initiation link may be inserted into the homepage of the service provider and its content (text, icon, link) may vary depending on what services the system 100 can actually provide (e.g. customer service or feedback).
  • a customer of the system 00 according to the invention starts the video client application 11 , he or she can preferably select from the following options:
  • inquiry initiation of a video call without customer identification
  • transaction initiation of a video call requiring customer identification
  • the period available for transactions in the system 100 is specified by the service provider itself, this can be typically between 8 and 18 o'clock (parameter). This assumes that at least one assistant is logged in the system during this period.
  • setup of the video call is started immediately, but no authentication takes place.
  • the function "transaction” is activated, during the video call setup procedure, as an intermediate step, the customer must identify (authenticate) himself or herself at the service provider by his or her registered unique identifier, and preferably by additionally inputting a secret code (password).
  • the identification of a customer is performed by the authentication server 141 that receives the video call, wherein the video server 140 communicates with said authentication server 141 through the authentication interface 143. If during the authentication it is determined that the customer who is logging in is a VIP client, the system 100 according to the invention will attempt to connect a pre-assigned assistant to the customer during call setup. If the selected assistant is not available, the customer will have the possibility to request a connection with another assistant or to request a call-back.
  • a holding text may be displayed for the customer.
  • the content and the format of this text may be parameterized.
  • the system 100 may inform the user about that the call will be recorded.
  • the client will have the possibility to request a call-back instead of waiting.
  • contact details e.g. name, e-mail address, telephone number, note
  • the system 100 may display a predefined HTML form to input said data.
  • a video communication interface is displayed to the customer which, for example, includes at least one of the following items:
  • chat window for sending and receiving text messages, wherein the new messages can be typed into said chat window and also the previously exchanged messages are shown therein (e.g. with indicating the time of sending and the name of the sender).
  • the chat window supports the use of a clipboard.
  • a window displaying a small reference screen of the local camera (optional item).
  • the microphone and the web camera of the customer are preferably active. During the call, however, the customer can switch off the camera and the microphone at any time.
  • the chat window which is displayed under the video window of the assistant, and which allows a free text-type, bidirectional communication, is always active.
  • the system 100 can further navigate the customer-side client application to a service evaluation webpage that is provided by another system. If needed, the whole communication session may be recorded (e.g. the text information transmitted in the chat window, the video and audio data recorded during the call, logging data).
  • the recorded information is stored by the video server 140 in a predetermined manner.
  • the assistant can access to the functions of its interface after an authentication based on a username and a password. It is preferred that through the assistant interface, a test interface can also be accessed, wherein certain functions of the assistant interface can be tried and tested (e.g. the microphone of the assistant can be checked).
  • the system 100 may allow for a logged-in assistant to change his or her password.
  • the assistant is not actually taking part in an active call, he or she can look at the requests for call-back.
  • the callback and the recording of the business data checked during the call-back will preferably be done by the assistant out of the system according to the invention.
  • the assistant can mark the serviced requests as completed in the system.
  • the system 100 handles availability of the assistants according to their statuses.
  • the logged-in assistants may, for example, be in the following statuses:
  • Non-available the assistant is unable to receive a video call.
  • the assistant is ready to receive a video call within a predetermined reaction time.
  • the assistant is within a video (or other) call (i.e. he or she is busy) or he or she is just after a call but has not recorded the data of the previous call yet.
  • the actual status of a particular assistant is preferably always displayed on the assistant interface. Any change in the assistant status may also be logged. As a default setting, the status of an assistant after entering the interface, is "Non- available", which must be changed to the status "Available” as soon as the assistant becomes ready to receive a call.
  • the system 00 can switch an incoming video call to an assistant being in an "Available" status at any time.
  • the incoming video call is displayed in a well-visible manner on the assistant interface (preferably together with presenting a sound signal).
  • the assistant can either receive or reject the call. In case of rejection, the assistant automatically gets to the status "Non-available". If the assistant does not receive the call within a predetermined period, this will mean a rejection of the call. In this case a well-visible warning may be displayed on the assistant interface to indicate that the assistant has missed to receive the call.
  • the video call has all of those functions of an ongoing call that have been introduced with respect to the customer-side interface for a video call.
  • data of the identified customer, who initiated the call are preferably displayed to the assistant.
  • the assistant can choose, from a previously uploaded document library, those files that can be provided for downloading by an authenticated customer during the video call.
  • the system according to the present invention thus allows to create a single shared customer interface, also allowing the use of other types of video call functions.
  • Such other types of video calls include, for example, an inquiry video call, wherein a video connection is established between a customer and an assistant of a service provider without the identification of the customer initiating the call.
  • a non-authenticated video call it is possible, upon the request and/or the approval of the customer, to switch the customer being in a non-authenticated video session to an assistant who is available for receiving an authenticated video call.
  • even the same assistant may continue the video call with the customer who, in the meantime, has become authenticated.
  • the customer has to identify himself or herself, and he or she can continue the video call only after said identification procedure.
  • the assistant performing the switch-over is capable of serving the customer even after switch-over (i.e. the assistant belongs to an appropriate assistant group), the customer will preferably be switched back to the same assistant. In this case, during switch-over the assistant cannot receive any other call (within a given period) and he or she will get to the status "Waiting for switch-over".
  • the assistant During the call or after the call, the assistant records call information relating to the call (type of the call, the need of doing further tasks, notes, result of the call).
  • the assistant can receive a new call only after recording the above mentioned data. It is preferred that the assistant can review the list of calls he or she has conducted and if any of the calls required a follow-up, he or she can mark the follow-up as having been done.
  • step S200 the customer navigates to the home page of a service provider and finds the webpage offering its online video services. Then in step S201 , by selecting the appropriate menu item or by activating a function button (or icon), the customer selects the online video service he or she intends to use. To this end, the customer clicks on, for example, an appropriate transaction button (e.g. "video chat" or "video call center” button).
  • an appropriate transaction button e.g. "video chat" or "video call center” button.
  • step S202 the customer-side client application 111 will send a unique session identifier of the video call to be identified (video session ID) as a parameter of the video call setup request sent to the authentication server 141.
  • the unique session ID of the initiated video call may be generated arbitrarily, the only restriction is that a particular video call must unambiguously be identified within the system.
  • step S203 the authentication server 141 sends a login webpage (login page) as a reply to the client application 111 which, in turn, displays said login page to the customer. The customer can identify himself or herself for the online customer service application through this webpage.
  • the identification is preferably carried out by providing a username and a password.
  • the authentication server 141 After checking the identification data, the authentication server 141 sends a reply message concerning the successful identification to the client application 111 in step S205. If the identification of a customer has failed, the process will return to the identification procedure, and in step S203 the login webpage will be re-transmitted to the customer's client application 11.
  • the authentication server 141 will inform the video server 140 about it in step S206 through a web service call (SOAP).
  • SOAP web service call
  • some important data relating to the authenticated customer such as a user ID, a username, etc., are passed to the video server 40.
  • the indication of the successful authentication and the reception of the customer- specific data are acknowledged by the video server 140 in a reply message in step S208.
  • the webpage representing the successful authentication is provided by the video server 140 for the customer-side client application 111.
  • the authentication server 141 redirects the browser (or other internet-capable application) run by the customer-side client application 111 to the video server 140.
  • the authentication server 141 forwards the video session ID to the video server 140 and based on said video session ID, the video server 140 continues the video connection setup procedure initiated by the customer.
  • step S210 the customer-side client application 111 automatically tries to get into contact with the video server 140 by using the video session ID.
  • step S211 the video server 140 checks the registration of the video session ID, and if it cannot find a respective registration, then in step S212, the video server 40 will generate an error message about the failure to check the video session ID and will disconnect the call.
  • step S213 the video server 140 determines that the video session ID has been registered or a valid video call has been received, then in step S214, it will send a video call request to any assistant client application 112 on the service provider's side, said request being either acknowledged or rejected in step S215.
  • step S216 the video server 140 determines that there is no available assistant to receive the video call of an authenticated user, meaning that the client application 112 has rejected the video call request, then the video server 140 tries again to send the video call request to the client application 112 of the same assistant or another assistant in step S214.
  • the video server 140 connects the customer-side client application 111 and the service provider-side client application 112 in steps S217 and S218, respectively, and as a result, in step S219 a secure (encrypted) video call connection is established between the customer and an assistant of the service provider through video server 140.
  • Disconnection of the secure bidirectional online video call may be initiated either by the customer or the assistant in steps S220 and S221 , respectively.
  • the video server 140 registers out of the authenticated call, during which it releases (e.g. deletes) the video session ID.
  • the administrator interface may be manipulated at two access levels, namely, at a supervisory level and an administrator level.
  • the access right of the supervisor is limited, he or she is only allows to view the status of the customer service assistants and the call history, whereas an administrator has a full access to the system.
  • status of the customer service assistants may be tracked, the history of the calls can be accessed and searched, the calls can be searched according to their date and/or call identifier and assistant; the voice/video matters and text of the non-archived (but in the system still accessible) calls that are recorded in the call history can be reviewed. Any review of the video records is preferably logged.
  • the administrator interface allows to archive the results of the previously agreed reports (e.g. data of the calls, data of logged-in customers), and are exported, for example, into Excel data sheets.
  • a special assistant (a so-called VIP assistant) may be assigned to a customer (e.g. based on the customer's code registered at the particular service provider).
  • the documents that can be issued by the assistants can be loaded up from the administrator operating service into the system.
  • the administrator interface allows to manage the customers on the service provider-side and to define the access rights associated therewith. (The source of the customer data is, in fact, the authenticating subsystem, and not the administrator interface.)
  • the administrator interface also allows to set which one of the assistants belongs to which group of assistants, and it also allows to set parameters affecting the operation of the system (e.g. time-outs, parameterized messages).
  • the data transmission technology of the video client applications should be secure enough.
  • the authentication interface should be secure enough.
  • the assistant functions, the supervisor functions and administrator functions should exclusively be accessible from the network of the service provider.
  • the recorded video streams should normally be accessible within the network of the service provider only through the administrator interface (except backup/archiving).
  • Figure 3 illustrates various optional functions of the video chat subsystem 300 of the system according to the present invention, as well as their mutual operational relations.
  • the following functions can be accessed only by an assistant 390: function 301 of "login/logout", function 302 of “retrieve list of calls", function 303 of "change status of assistant", function 304 of "record call data”.
  • the following functions that are addressed to an assistant 390 can be initiated by a customer 391 : function 305 of "call initiation”, function 306 of "call termination”, function 307 of "request for call- back” and function 308 of "download document”.
  • the function 309 of "evaluation of service” can be accessed only by a customer 391.
  • the function 305 of "call initiation” may be activated through a function 310 of "inquiry call” available for a non-identified customer, a function 311 of "authenticated call” initiated by the authentication server 141 or a function 312 of "VIP/switched-back call”.
  • the function 306 of "call termination” may be activated also by a function 313 of "termination with switchover”.
  • a condition of accessing to this function is the existence of an active customer service assistant in the system.
  • the customer should click on a button "inquiry" displayed on the webpage of the service provider, using a browser application (or another application with internet connection).
  • the service provider-side client application performs the following steps: 1.
  • the client application requests for a permission to access to the camera and the microphone belonging to the device of the customer.
  • the video connection is established to an assistant who belongs to the group serving the inquiry calls.
  • the customer can see and hear the assistant, and the chat window is active.
  • the camera and the microphone of the customer is also active.
  • a warning message is displayed, said warning message informing on that only the chat function (text-based communication) will be available for the customer.
  • chat function text-based communication
  • the service provider-side client application does not permit to access to the camera and the microphone for some reason. If the customer interrupts the call, the call setup procedure will be interrupted. However, if within a period preset in the system, switching an assistant fails, the option "request for call-back" will be displayed for the customer.
  • the login page of the subsystem carrying out the authentication will be displayed in the browser (or other application having an internet connection) of the customer.
  • the customer performs the steps that are needed to login into the authentication subsystem.
  • the authentication subsystem forwards the data relating to the successful login to the customer service dealing with the video calls (i.e. the video server).
  • the client application running in the browser of the customer requests for a permission to access to the camera and the microphone.
  • the customer can see and hear the assistant, and the chat window is active.
  • the microphone and the camera of the customer are also active.
  • the process terminates and the call connection will not be setup.
  • the customer-side device has no camera, nor microphone (or the camera is not accessible by the application)
  • a warning message will be displayed to the customer, said warning message informing about that only the chat function will be available for the customer.
  • the customer-side client device does not allow to access to the camera and the microphone, another warning message will be displayed informing on that only the chat function will be available for the customer. If the customer interrupts the call, the call setup process will be interrupted.
  • a warning message about the incoming call is displayed on the interface of the assistant (preferably in combination with a sound signal).
  • the assistant receives the incoming call by pushing a specific button.
  • the call commences, the camera and the microphone of the assistant is active.
  • the assistant does not receive a call within a predetermined period or the assistant clicks on the button "reject", the non-reception of the call will be logged and the status of the assistant will change to "Non-available”. A warning message is then displayed on the assistant interface. If there is another assistant with the status "Available”, the call will be directed to that assistant. If there is no other assistant with the status "Available”, the call will not be directed to another assistant until one of the assistants will become available. When an assistant cannot hear a customer or apparently the customer cannot hear the assistant, the assistant can send a predetermined message by pushing a button, said message warning the customer about this error and shortly describing the things to be checked on the customer's computer. After switching the call the assistant is not allowed to take part in another call.
  • a window is displayed to confirm termination of the conversation.
  • connection will be terminated and the customer may optionally be redirected to an externally operated webpage for evaluating the service.
  • the assistant notes the circumstances of the call termination (e.g. successfully terminated, interrupted by the customer, broken, interrupted because of technical reasons, etc.).
  • a window is displayed for confirmation of the termination of the conversation.
  • connection is terminated, but the customer is not redirected to a webpage to evaluate the service.
  • the assistant gets to the status "waiting for reception". In this case the assistant can receive only the call of the returning customer.
  • the maximum duration of the waiting time is a parameter that can be preset.
  • downloading a document comprises the following steps.
  • the assistant selects a document intended to be shared.
  • the customer downloads the shared document which can be opened by means of an appropriate program installed on the computer or the mobile telephone of the customer.
  • the customer may request a call-back by clicking on an appropriate button on the webpage of the service provider.
  • the customer may give all data required for the call-back on a form intended for this purpose on the webpage of the service provider (e.g. name, phone number, e-mail address). This request is recorded on the video server and it can be retrieved by the assistants at any time.
  • a request for a call-back is dealt with in the following way.
  • the assistant who does not deal with any active call at the same time, has entered the assistant interface, he or she selects the menu item "review of requests for call-back". Thereafter the process comprises the following steps:
  • the assistant chooses a particular request and view its details.
  • the assistant performs the call-back by phone (externally to the system of the invention).
  • the method and the system according to the present invention have the following benefits.
  • the data connection set up during the video call is established in a secure and closed system, which prevents or at least minimizes the possibility of interception or tampering by unauthorized persons.
  • a secure, encrypted text message exchange may also be carried out.
  • the customer identifies himself or herself by a unique identifier and a password, thus he/she can give an order for the assistant of his/her service provider in an authentic and secure way.
  • the identification may be supplemented by using a onetime password as an additional security element that can be transmitted to the customer during the secure video call, for example, via SMS, e-mail or other similar prompt message.
  • the customer can download documents from the service provider in a secure manner.
  • an efficient and reliable communication is provided between the customers and the assistants in the online customer service system of the financial institutes. It is another advantage of the invention that the customers can initiate the video-based communication both from a browser (or other application with an internet connection) running on a desktop computer or a mobile device (e.g. devices with Android or iOS operating system).
  • the communication is primarily used for voice and video transmission, but optionally, text-based communication may also be included.
  • Yet another advantage of the method and system of the present invention is that the customer first initiates a video call to a bank, and then during the call setup procedure, as an intermediate step, the customer is subject to a personal identification, and after a successful identification the call will be redirected to the video chat server performing the video call.
  • the banking services based on an online video call may be offered through a uniform customer interface, in addition to the registered customers of the bank, also for those who are not customers of the bank and whose identification has not took place yet. Those who are customers of the bank, can use the online video banking services after the customer identification without the need of initiating a further call setup.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Telephonic Communication Services (AREA)

Description

Method and system for establishing secure online video connection
The present invention generally relates to a video-based communication method and system. More particularly, the present invention relates to a method and a system for setting up a video call in an online mode through a secure data channel.
The various service providers, in particular the service providers in the financial sector (banks, insurance companies, etc.) offer their services in an increasingly wider range through the internet. Due to the development of the telecommunication technologies, nowadays most of the public utility companies provide an online access for their clients to order services, to keep track of the ordered services, to set or modify user-specific data, etc.
One of the easiest and presently wide-spread way of online accessing services is a telephone call center, wherein certain services can be used only after an identification of the customer at an appropriate level. The identification is generally based on inputting a unique customer identification code and a secret password (code). One of the drawbacks of the telephone call center service is that a customer can set up only a voice transmission (audio) connection with an assistant of the service provider, which means a substantial limitation with respect to the efficient and reliable exchange of information.
To use (online) services accessible through the internet, a video-based communication may also be initiated with the service provider even from a computer or a mobile phone. To this end, after opening the internet webpage of the service provider, the activation of a menu item corresponding to the video call (for example "video chat" or "video call center") is needed, in response to which an online video connection will be set up between the customer and an assistant of the service provider. Such a communication connection in itself is, however, not enough secure for transmitting/receiving sensitive or secret data or information therethrough to/from the service provider.
The published document WO 2011/1371102 discloses online video-based communication for providing online banking services, wherein when a customer logs in an online banking application, first a full identification of the customer is performed, and the customer can initiate a video call setup with an assistant of the bank just after the identification process. This solution has the drawback, that for accessing to a service based on a video call, the customer must, first of all, perform a customer identification step, and he can use the banking services based on a video call only subsequently, which requires the initiation of an additional video call setup with a video server of the bank. Another disadvantage of this solution is that it does not allow a uniform presentation of those video calls that does not require a customer identification (for example, calls to request general information) and those video calls that require the customer's identification (for example, calls to receive or provide confidential data, to performing a transaction, etc.) on the customer-side interface, which is typically a webpage offering online services of the service provider (e.g. a bank).
It is an object of the present invention to eliminate the above mentioned drawbacks.
The present invention is based on the recognition that if for using a service based on a secure online video call, the customer at once initiates a video call and during the setup procedure of the video call, and identification of the customer is performed in an embedded manner on the service provider's side, then it will be possible to uniformly display (i.e. to display on a single shared interface) various kinds of services based on video calls for the customers.
The above objects are achieved by providing a system for establishing a secure online video call connection between a customer and an assistant of a service provider, said system comprising:
- at least one customer client device connected to the internet, said client device being adapted to run an internet browser or other application having an internet connection, wherein said client device is provided with a camera, a display, a microphone and a loudspeaker,
- an authentication server on the service provider-side for the personal identification of the customers of the system,
- a video server on the service provider-side for serving video calls initiated by the customers, said video server being connected through the internet to the customer client devices,
- an authentication interface for providing communication between the authentication server and the video server, and - at least one client device on the service provider-side for receiving the video calls, wherein the authentication server comprises:
- a module for processing the request for video calls from the customer client devices,
- a module for identifying the customers initiating the video calls, and
- a module for redirecting the video calls initiated by the identified customers through the authentication interface to the video server.
The above objects are further achieved by providing a service provider system for establishing a secure online video call connection between a customer-side client application and a service provider-side client application, wherein the customer-side client application is a communication application connected to the internet, said application being adapted to run an internet browser or another application having an internet connection, said application being further adapted to use a video camera, a display, a microphone and a loudspeaker, wherein the service provider system comprises:
- an authentication server on the service provider side for the personal identification of the customer, said authentication server being connected to the customer-side client applications through the internet,
- a video server on the service provider side for serving a video call initiated by a customer, said video server being connected to the customer-side client application through the internet, and
- an authentication interface for providing communication between the authentication server and the video server.
The authentication server comprises:
- a module for processing a video call originating from the customer-side client application,
- a module for identifying the customer initiating the video call, and
- a module for redirecting the video call initiated by the identified customer through the authentication interface) to the video server.
The above objects are also achieved by providing a method for establishing a secure online video call connection between a service provider-side client application and a customer-side client application through the internet, wherein the method comprises the steps of: - in an authentication server, receiving a request for a video call connection from a customer-side client application, said request containing a unique session identifier of the initiated video call (video session ID),
- in the authentication server, in response to the call request, requesting personal identification data of the customer from the customer-side client application,
- in the authentication server, receiving the customer identification data and informing the customer-side client application about the result of the identification,
- informing a video server about successful identification of the customer through an authentication interface,
- redirecting the video call initiated by the customer to the video server by sending the session ID of the video call (video session ID) to the video server, and
- setting up the video call connection between the customer-side client application and the service provider-side client application through the video server.
The invention will now be described in detail with reference to the drawings, in which:
Figure 1 schematically illustrates the architecture of the system according to the invention,
Figure 2 is a communication diagram showing the major steps of the method according to the invention,
Figure 3 illustrates an exemplary application of the method according to the invention in an exemplary customer service system.
Figure 1 schematically shows the architectures of the system 100 for providing secure online video-based communication in accordance with the invention. In the present description the term "video-call" or "video-based communication" refers to an interconnection primarily used for transmitting video and voice data, but in addition to those, it can optionally be used to transmit still image data, text data or other digital data (e.g. electronic documents).
The system 100 establishes a video connection basically between one or more customer and one or more assistant so that in one communication line, a video connection between preferably only one customer and one assistant can be established. Of course, due to its architecture, the system 100 may also be suitable for making a call, if necessary, in one communication line between several customers and/or several assistants. Between a customer and a service provider, a communication line 120 may be established through the internet. Client applications 1 1 1 on the customer side run on client devices 1 10, typically on computers or mobile phones, but for the whole functionality of the system 100, the use of a microphone, loud speakers and a video camera, generally a web camera (none of them shown in the drawings) is essentially needed also on the customer side.
The customer-side interface is provided by a client application 11 1 that may be embedded in an internet homepage of the service provider (e.g. a bank) or may be implemented as a standalone application, and that can be freely accessed by using a browser or any other program having an internet connection. By using said client application 1 1 1 , the customers can access to the online video-based customers service function of the service provider. This function is also called video chat or video call center. It is preferred that the customers-side client application 111 is adapted to connect one customer to one assistant, wherein the communication is always initiated by the customer.
For the assistants, client devices 130 executing client applications 1 12 on the service provider side are available, said client devices 130 being used by the assistants to receive the incoming video calls. An assistant interface 130 allows the communication between a customer and an assistant, and also allows an assistant to perform administrative activities (change status, store call data).
For the operation and the maintenance of the system 100 there are additional administrator interfaces 1 13 running on client devices 131 on the service provider side. The interface 1 13 is an application accessible for the supervisors and administrative staff on the service provider side. Such an application allows to modify system-specific settings and to access historical data.
From the point of view of the system 100 according to the invention, the term "customer" refers to a person using video-based customer service functions through the internet. A customer may be a new customer or a registered customer. The registered customers can identify themselves by means of an authentication server 141. Among the customers there may be VIP customers to whom the system 100 may assign a dedicated assistant.
From the point of view of the system 100 according to the invention, an assistant is an employee of the service provider, who is responsible for receiving the incoming calls and to service the clients through the established online video call connection. The assistants may be grouped into various assistant teams (transaction assistant, advisory assistant), wherein a security level may be associated with each of said teams. For example, in case of a transaction assistant, the highest level of security may be specified for the video call, whereas in case of an advisory assistant, a lower level of security may be appropriate.
A supervisor is an employee of the service provider who can access to the administrator interface 113, can check the status information and the statistic information, can search for a recorded call, but is not allowed to modify the settings of the system 00.
An administrator is an employee of the service provider, who is entitled to modify the system settings and the access permissions, and who has also an access right to all functions of the administrator interface 113.
The system 100 according to the invention further comprises a video server 140 on the service provider side for managing the real-time video connections (setup, maintenance, termination). During a video call setup procedure, after receiving a request for a video call by a call reception module 144, the authentication server 141 performs identification of the customer initiating the call in an intermediate step by means of a customer identification module 145. After initiating an identification on the customer side and a performing a personal identification (authentication), the customer and the two servers come into contact with each other, wherein after a successful authentication, the authentication server 140 forwards the result of the authentication by means of a call re-direction module 146 through an authentication interface 143 to the video server 140.
The data of the registered customers are not stored on the video server 140, but stored in the subsystem performing the authentication, which is served by the authentication server 141. After a successful identification, the authenticating subsystem (i.e. the authentication server 141 ) hands over, through the authentication interface 143, all data necessary to continue the setup procedure of the video call to be established with the customer, for example a unique session identifier of the video call initiated by the customer (video session ID).
Now the operation of the system 100 according to the invention will be described from the point of view of a user (customer) and a service provider (assistant).
A customer-side video client application is a standalone application that can be embedded in an internet homepage of the service provider. This application is preferably placed in a specific dedicated page within the homepage of the service provider. Due to the system according to the invention, video call functions requiring customer identification and video call functions not requiring customer identification can be accessed from the same interface, which provides a high degree of convenience for the user. The use of a video client application 111 may be initiated from an own webpage of the application or it may also be initiated from another point of the homepage of the service provider by using an initiation link.
The HTML code containing the initiation link may be inserted into the homepage of the service provider and its content (text, icon, link) may vary depending on what services the system 100 can actually provide (e.g. customer service or feedback).
When a customer of the system 00 according to the invention starts the video client application 11 , he or she can preferably select from the following options:
- during the customer service hours: inquiry (initiation of a video call without customer identification), transaction (initiation of a video call requiring customer identification)
- beyond the customer service hours: requesting a call-back.
The period available for transactions in the system 100 is specified by the service provider itself, this can be typically between 8 and 18 o'clock (parameter). This assumes that at least one assistant is logged in the system during this period. In case of the option "inquiry", setup of the video call is started immediately, but no authentication takes place. When the function "transaction" is activated, during the video call setup procedure, as an intermediate step, the customer must identify (authenticate) himself or herself at the service provider by his or her registered unique identifier, and preferably by additionally inputting a secret code (password).
The identification of a customer is performed by the authentication server 141 that receives the video call, wherein the video server 140 communicates with said authentication server 141 through the authentication interface 143. If during the authentication it is determined that the customer who is logging in is a VIP client, the system 100 according to the invention will attempt to connect a pre-assigned assistant to the customer during call setup. If the selected assistant is not available, the customer will have the possibility to request a connection with another assistant or to request a call-back.
While an assistant is under connection (i.e. while the authentication server 141 re-directs the incoming call to the video server 140), a holding text may be displayed for the customer. Preferably, the content and the format of this text may be parameterized. By means of the holding text, for example, the system 100 may inform the user about that the call will be recorded.
If the assistant cannot be connected within a predetermined period (parameter), in a preferred embodiment the client will have the possibility to request a call-back instead of waiting. For requesting a call-back, contact details (e.g. name, e-mail address, telephone number, note) are to be stored. For recording the need of a call-back, the system 100 may display a predefined HTML form to input said data.
After successfully setting up the video call between the customer and the selected assistant, a video communication interface is displayed to the customer which, for example, includes at least one of the following items:
- a video window (obligatory item) displaying the video image of the assistant, wherein said video window allows to access to the following functions:
- volume control
- switching on and switching off the local microphone
- switching on and switching off the local camera
- zoom in.
- a so called chat window (optional item) for sending and receiving text messages, wherein the new messages can be typed into said chat window and also the previously exchanged messages are shown therein (e.g. with indicating the time of sending and the name of the sender). Preferably, the chat window supports the use of a clipboard.
- a list of the documents shared by the assistant (optional item).
- when the camera is switched on, a window displaying a small reference screen of the local camera (optional item).
At the initiation of a video call, the microphone and the web camera of the customer are preferably active. During the call, however, the customer can switch off the camera and the microphone at any time.
In a preferred embodiment of the system 100, the chat window, which is displayed under the video window of the assistant, and which allows a free text-type, bidirectional communication, is always active. After terminating the video connection, the system 100 can further navigate the customer-side client application to a service evaluation webpage that is provided by another system. If needed, the whole communication session may be recorded (e.g. the text information transmitted in the chat window, the video and audio data recorded during the call, logging data). The recorded information is stored by the video server 140 in a predetermined manner.
Now use of the assistant interface running on a client device 130 of the service provider will be described. The assistant can access to the functions of its interface after an authentication based on a username and a password. It is preferred that through the assistant interface, a test interface can also be accessed, wherein certain functions of the assistant interface can be tried and tested (e.g. the microphone of the assistant can be checked). The system 100 may allow for a logged-in assistant to change his or her password. When the assistant is not actually taking part in an active call, he or she can look at the requests for call-back. The callback and the recording of the business data checked during the call-back will preferably be done by the assistant out of the system according to the invention. The assistant can mark the serviced requests as completed in the system.
The system 100 handles availability of the assistants according to their statuses. The logged-in assistants may, for example, be in the following statuses:
- "Non-available": the assistant is unable to receive a video call.
- "Available": the assistant is ready to receive a video call within a predetermined reaction time.
- "Within call": the assistant is within a video (or other) call (i.e. he or she is busy) or he or she is just after a call but has not recorded the data of the previous call yet.
- "Waiting for switch-over": during a video call established with a non- authenticated customer, the system will re-direct the particular customer to the assistant once the customer has been authenticated, therefore the assistant can receive only a switched-back call. If the returned customer is not connected in a predetermined time, the assistant will automatically get to the status "Available".
The actual status of a particular assistant is preferably always displayed on the assistant interface. Any change in the assistant status may also be logged. As a default setting, the status of an assistant after entering the interface, is "Non- available", which must be changed to the status "Available" as soon as the assistant becomes ready to receive a call.
The processing of a video call reception will be described below. The system 00 can switch an incoming video call to an assistant being in an "Available" status at any time. The incoming video call is displayed in a well-visible manner on the assistant interface (preferably together with presenting a sound signal). The assistant can either receive or reject the call. In case of rejection, the assistant automatically gets to the status "Non-available". If the assistant does not receive the call within a predetermined period, this will mean a rejection of the call. In this case a well-visible warning may be displayed on the assistant interface to indicate that the assistant has missed to receive the call.
On the assistant side, the video call has all of those functions of an ongoing call that have been introduced with respect to the customer-side interface for a video call. During a call of an authenticated customer, data of the identified customer, who initiated the call, are preferably displayed to the assistant.
The assistant can choose, from a previously uploaded document library, those files that can be provided for downloading by an authenticated customer during the video call.
The system according to the present invention thus allows to create a single shared customer interface, also allowing the use of other types of video call functions. Such other types of video calls include, for example, an inquiry video call, wherein a video connection is established between a customer and an assistant of a service provider without the identification of the customer initiating the call. During such a non-authenticated video call, however, it is possible, upon the request and/or the approval of the customer, to switch the customer being in a non-authenticated video session to an assistant who is available for receiving an authenticated video call. In this case, even the same assistant may continue the video call with the customer who, in the meantime, has become authenticated. During such a switchover within the system 100 according to the invention, the customer has to identify himself or herself, and he or she can continue the video call only after said identification procedure.
If the assistant performing the switch-over is capable of serving the customer even after switch-over (i.e. the assistant belongs to an appropriate assistant group), the customer will preferably be switched back to the same assistant. In this case, during switch-over the assistant cannot receive any other call (within a given period) and he or she will get to the status "Waiting for switch-over".
During the call or after the call, the assistant records call information relating to the call (type of the call, the need of doing further tasks, notes, result of the call). The assistant can receive a new call only after recording the above mentioned data. It is preferred that the assistant can review the list of calls he or she has conducted and if any of the calls required a follow-up, he or she can mark the follow-up as having been done.
Now the major steps of the communication between the video server and the authentication server will be described with reference to Figure 2.
Before the initiation of a video call, in step S200 the customer navigates to the home page of a service provider and finds the webpage offering its online video services. Then in step S201 , by selecting the appropriate menu item or by activating a function button (or icon), the customer selects the online video service he or she intends to use. To this end, the customer clicks on, for example, an appropriate transaction button (e.g. "video chat" or "video call center" button).
If the user has initiated a video call requiring an authentication, then in step S202 the customer-side client application 111 will send a unique session identifier of the video call to be identified (video session ID) as a parameter of the video call setup request sent to the authentication server 141. The unique session ID of the initiated video call may be generated arbitrarily, the only restriction is that a particular video call must unambiguously be identified within the system. The video call setup request may, for example, have the following format: https://loginpage.netbank login?videosession=123456. Subsequently, in step S203, the authentication server 141 sends a login webpage (login page) as a reply to the client application 111 which, in turn, displays said login page to the customer. The customer can identify himself or herself for the online customer service application through this webpage.
In the next step S204, the identification is preferably carried out by providing a username and a password. After checking the identification data, the authentication server 141 sends a reply message concerning the successful identification to the client application 111 in step S205. If the identification of a customer has failed, the process will return to the identification procedure, and in step S203 the login webpage will be re-transmitted to the customer's client application 11.
If the identification of the customer has been successful, the authentication server 141 will inform the video server 140 about it in step S206 through a web service call (SOAP). In this step, some important data relating to the authenticated customer, such as a user ID, a username, etc., are passed to the video server 40. The indication of the successful authentication and the reception of the customer- specific data are acknowledged by the video server 140 in a reply message in step S208.
The webpage representing the successful authentication is provided by the video server 140 for the customer-side client application 111. After the web service call, in step S209, the authentication server 141 redirects the browser (or other internet-capable application) run by the customer-side client application 111 to the video server 140. As a part of the redirection, in a preceding step S207, the authentication server 141 forwards the video session ID to the video server 140 and based on said video session ID, the video server 140 continues the video connection setup procedure initiated by the customer.
After the redirection message has been sent to the customer-side client application 111 in step S209, in step S210 the customer-side client application 111 automatically tries to get into contact with the video server 140 by using the video session ID. Next, in step S211 , the video server 140 checks the registration of the video session ID, and if it cannot find a respective registration, then in step S212, the video server 40 will generate an error message about the failure to check the video session ID and will disconnect the call.
If in step S213, the video server 140 determines that the video session ID has been registered or a valid video call has been received, then in step S214, it will send a video call request to any assistant client application 112 on the service provider's side, said request being either acknowledged or rejected in step S215.
If in step S216, the video server 140 determines that there is no available assistant to receive the video call of an authenticated user, meaning that the client application 112 has rejected the video call request, then the video server 140 tries again to send the video call request to the client application 112 of the same assistant or another assistant in step S214.
As soon as one of the assistants can receive the video call, the video server 140 connects the customer-side client application 111 and the service provider-side client application 112 in steps S217 and S218, respectively, and as a result, in step S219 a secure (encrypted) video call connection is established between the customer and an assistant of the service provider through video server 140.
Disconnection of the secure bidirectional online video call may be initiated either by the customer or the assistant in steps S220 and S221 , respectively. After disconnecting the line, the video server 140 registers out of the authenticated call, during which it releases (e.g. deletes) the video session ID.
Now the main features of the administrator operating service will be described.
Supervisor functions:
The administrator interface may be manipulated at two access levels, namely, at a supervisory level and an administrator level. The access right of the supervisor is limited, he or she is only allows to view the status of the customer service assistants and the call history, whereas an administrator has a full access to the system. Using the administrator interface, status of the customer service assistants may be tracked, the history of the calls can be accessed and searched, the calls can be searched according to their date and/or call identifier and assistant; the voice/video matters and text of the non-archived (but in the system still accessible) calls that are recorded in the call history can be reviewed. Any review of the video records is preferably logged.
The administrator interface allows to archive the results of the previously agreed reports (e.g. data of the calls, data of logged-in customers), and are exported, for example, into Excel data sheets.
It is an important feature of the system that a special assistant (a so-called VIP assistant) may be assigned to a customer (e.g. based on the customer's code registered at the particular service provider).
The documents that can be issued by the assistants can be loaded up from the administrator operating service into the system.
Administrator functions:
The administrator interface allows to manage the customers on the service provider-side and to define the access rights associated therewith. (The source of the customer data is, in fact, the authenticating subsystem, and not the administrator interface.)
It is preferred that the administrator interface also allows to set which one of the assistants belongs to which group of assistants, and it also allows to set parameters affecting the operation of the system (e.g. time-outs, parameterized messages).
All of the changes made in the administrator interface, at least concerning the administrator functions, must be approved by another administrator so that the new settings will be saved. The system according to the present invention must meet the following nonfunctional requirements.
- The data transmission technology of the video client applications should be secure enough.
- The authentication interface should be secure enough.
- The assistant functions, the supervisor functions and administrator functions should exclusively be accessible from the network of the service provider.
- The recorded video streams should normally be accessible within the network of the service provider only through the administrator interface (except backup/archiving).
- All of the events relevant to the audit should be logged by the system in a data base.
Figure 3 illustrates various optional functions of the video chat subsystem 300 of the system according to the present invention, as well as their mutual operational relations. The following functions can be accessed only by an assistant 390: function 301 of "login/logout", function 302 of "retrieve list of calls", function 303 of "change status of assistant", function 304 of "record call data". The following functions that are addressed to an assistant 390 can be initiated by a customer 391 : function 305 of "call initiation", function 306 of "call termination", function 307 of "request for call- back" and function 308 of "download document". The function 309 of "evaluation of service" can be accessed only by a customer 391. The function 305 of "call initiation" may be activated through a function 310 of "inquiry call" available for a non-identified customer, a function 311 of "authenticated call" initiated by the authentication server 141 or a function 312 of "VIP/switched-back call". The function 306 of "call termination" may be activated also by a function 313 of "termination with switchover".
Now the major steps of the method for operating the system according to the present invention will be described in detail.
First the major steps of starting an inquiry video call initiated by a non-identified customer will be described. A condition of accessing to this function is the existence of an active customer service assistant in the system. To start a call, the customer should click on a button "inquiry" displayed on the webpage of the service provider, using a browser application (or another application with internet connection). Then the service provider-side client application performs the following steps: 1. The client application requests for a permission to access to the camera and the microphone belonging to the device of the customer.
2. Setup of the call starts, the text set to be shown in the holding period to the customer is displayed, and it is also indicated that the call will be recorded.
3. The video connection is established to an assistant who belongs to the group serving the inquiry calls.
4. The customer can see and hear the assistant, and the chat window is active. The camera and the microphone of the customer is also active.
When the device on which the service provider-side client application is running is equipped neither with a camera, nor with a microphone (or the camera is not accessible for the application), a warning message is displayed, said warning message informing on that only the chat function (text-based communication) will be available for the customer. The same situation occurs when the service provider-side client application does not permit to access to the camera and the microphone for some reason. If the customer interrupts the call, the call setup procedure will be interrupted. However, if within a period preset in the system, switching an assistant fails, the option "request for call-back" will be displayed for the customer.
When an authenticated call is started, it is also a precondition that a there must be a customer service assistant having the status "Available" in the system. After the customer clicks on the button "transaction" on the webpage of the service provider, the following steps will be performed.
1. The login page of the subsystem carrying out the authentication will be displayed in the browser (or other application having an internet connection) of the customer.
2. The customer performs the steps that are needed to login into the authentication subsystem.
3. The authentication subsystem forwards the data relating to the successful login to the customer service dealing with the video calls (i.e. the video server).
4. The client application running in the browser of the customer requests for a permission to access to the camera and the microphone.
5. Setup of the video call between the customer and the assistant commences, the holding text is displayed to the customer, and it is also indicated that the call will be recorded. 6. The connection is setup through the video server with an assistant who belongs to the assistant group dealing with authenticated video calls. If the customer is a VIP customer, the call will be setup to a dedicated assistant.
7. The customer can see and hear the assistant, and the chat window is active. The microphone and the camera of the customer are also active.
If within a predetermined period no positive result concerning the successful authentication of the customer is received from the authentication subsystem (i.e. the authentication server), the process terminates and the call connection will not be setup. When the customer-side device has no camera, nor microphone (or the camera is not accessible by the application), a warning message will be displayed to the customer, said warning message informing about that only the chat function will be available for the customer. Similarly, if the customer-side client device does not allow to access to the camera and the microphone, another warning message will be displayed informing on that only the chat function will be available for the customer. If the customer interrupts the call, the call setup process will be interrupted. If within a period preset in the system, no assistant can be switched, the option of requesting for a call-back will be displayed to the customer. If switching a dedicated assistant to a VIP customer fails, either a call-back or a switch-over to another assistant may be requested.
It is precondition of receiving a call that at least one assistant is logged in, whose status is "Available", meaning that the assistant does not take part in an active call. At receiving a video call, the system directs the call to this assistant. The steps of receiving such a call are as follow:
1. A warning message about the incoming call is displayed on the interface of the assistant (preferably in combination with a sound signal).
2. The assistant receives the incoming call by pushing a specific button.
3. The call commences, the camera and the microphone of the assistant is active.
4. It is displayed to the assistant whether the customer is authenticated (in such a case the name and the identification number of the customer are also shown on the interface), and the assistant can also see whether voice is received from the customer (whether he or she should hear the customer). 5. When the assistant finds that the customer's microphone is active, the assistant makes sure that the customer can hear him or her, and he or she can also hear the customer.
If the assistant does not receive a call within a predetermined period or the assistant clicks on the button "reject", the non-reception of the call will be logged and the status of the assistant will change to "Non-available". A warning message is then displayed on the assistant interface. If there is another assistant with the status "Available", the call will be directed to that assistant. If there is no other assistant with the status "Available", the call will not be directed to another assistant until one of the assistants will become available. When an assistant cannot hear a customer or apparently the customer cannot hear the assistant, the assistant can send a predetermined message by pushing a button, said message warning the customer about this error and shortly describing the things to be checked on the customer's computer. After switching the call the assistant is not allowed to take part in another call.
To terminate a call, the customer or the assistant clicks on the button "end of conversation", and the following steps will then be performed.
1. A window is displayed to confirm termination of the conversation.
2. After confirmation, the connection will be terminated and the customer may optionally be redirected to an externally operated webpage for evaluating the service.
3. The assistant notes the circumstances of the call termination (e.g. successfully terminated, interrupted by the customer, broken, interrupted because of technical reasons, etc.).
4. After recording data of the call, the assistant gets again into the status
"Available".
If switch-over of an active call to another group of assistants becomes necessary, the assistant clicks on a button to initiate the redirection. Subsequently, the following steps are performed.
1. A window is displayed for confirmation of the termination of the conversation.
2. The connection is terminated, but the customer is not redirected to a webpage to evaluate the service.
3. As the ground of the call termination the option "redirection" is set. 4. When during redirection the customer gets back to the previous assistant, the assistant gets to the status "waiting for reception". In this case the assistant can receive only the call of the returning customer. The maximum duration of the waiting time is a parameter that can be preset.
5. The customer logs in according to the above specified scenario of "starting an authenticated call" and then an authenticated video call will commence.
During an active call, downloading a document comprises the following steps.
1. The assistant selects a document intended to be shared.
2. The customer downloads the shared document which can be opened by means of an appropriate program installed on the computer or the mobile telephone of the customer.
If there is no assistant logged in the customer service system when the video call comes in, or no assistant could be switched within a predetermined period, the customer may request a call-back by clicking on an appropriate button on the webpage of the service provider.
In case of requesting a call-back, the customer may give all data required for the call-back on a form intended for this purpose on the webpage of the service provider (e.g. name, phone number, e-mail address). This request is recorded on the video server and it can be retrieved by the assistants at any time.
A request for a call-back is dealt with in the following way. After the assistant, who does not deal with any active call at the same time, has entered the assistant interface, he or she selects the menu item "review of requests for call-back". Thereafter the process comprises the following steps:
1. The assistant chooses a particular request and view its details.
2. The assistant performs the call-back by phone (externally to the system of the invention).
3. The request for call-back is marked with the status "completed" in the system. This request for call-back will not be listed among the uncompleted requests.
The method and the system according to the present invention have the following benefits. The data connection set up during the video call is established in a secure and closed system, which prevents or at least minimizes the possibility of interception or tampering by unauthorized persons. Simultaneously to the video connection, a secure, encrypted text message exchange (chat) may also be carried out. The customer identifies himself or herself by a unique identifier and a password, thus he/she can give an order for the assistant of his/her service provider in an authentic and secure way. The identification may be supplemented by using a onetime password as an additional security element that can be transmitted to the customer during the secure video call, for example, via SMS, e-mail or other similar prompt message. During the call or immediately after the call, the customer can download documents from the service provider in a secure manner.
In a particularly preferred application of the system and the method according to the invention, an efficient and reliable communication is provided between the customers and the assistants in the online customer service system of the financial institutes. It is another advantage of the invention that the customers can initiate the video-based communication both from a browser (or other application with an internet connection) running on a desktop computer or a mobile device (e.g. devices with Android or iOS operating system). The communication is primarily used for voice and video transmission, but optionally, text-based communication may also be included.
Yet another advantage of the method and system of the present invention is that the customer first initiates a video call to a bank, and then during the call setup procedure, as an intermediate step, the customer is subject to a personal identification, and after a successful identification the call will be redirected to the video chat server performing the video call. Thereby the banking services based on an online video call may be offered through a uniform customer interface, in addition to the registered customers of the bank, also for those who are not customers of the bank and whose identification has not took place yet. Those who are customers of the bank, can use the online video banking services after the customer identification without the need of initiating a further call setup.

Claims

Claims
1. A system (100) for establishing a secure online video call connection between a customer and an assistant of a service provider, said system comprising: - at least one customer client device (110) connected to the internet (120), said client device being adapted to run an internet browser or other application having an internet connection, wherein said client device (110) is provided with a camera, a display, a microphone and a loudspeaker,
- an authentication server (141 ) on the service provider-side for the personal identification of the customers of the system,
- a video server on the service provider-side for serving video calls initiated by the customers, said video server being connected through the internet (120) to the customer client devices (110),
- an authentication interface (143) for providing communication between the authentication server (141 ) and the video server (140), and
- at least one client device (130) on the service provider-side for receiving the video calls,
characterized in that the authentication server (141 ) comprises:
- a module (144) for processing the request for video calls from the customer client devices (110),
- a module (145) for identifying the customers initiating the video calls, and
- a module (146) for redirecting the video calls initiated by the identified customers through the authentication interface ( 43) to the video server (140).
2. The system according to claim 1 , characterized in that the customer client device (110) is selected from the group of a personal computer, laptop, notebook, PDA, tablet PC, mobile phone.
3. A service provider system for establishing a secure online video call connection between a customer-side client application (111 ) and a service provider- side client application (112), wherein the customer-side client application (111 ) is a communication application connected to the internet (120), said application being adapted to run an internet browser or another application having an internet connection, said application being further adapted to use a video camera, a display, a microphone and a loudspeaker, wherein the service provider system comprises:
- an authentication server (141 ) on the service provider side for the personal identification of the customer, said authentication server being connected to the customer-side client applications (111 ) through the internet (120),
- a video server (140) on the service provider side for serving a video call initiated by a customer, said video server being connected to the customer-side client application (111 ) through the internet (120), and
- an authentication interface (143) for providing communication between the authentication server (141 ) and the video server (140),
characterized in that the authentication server (141 ) comprises
- a module for processing a video call originating from the customer-side client application ( 11 ),
- a module ( 45) for identifying the customer initiating the video call, and - a module (146) for redirecting the video call initiated by the identified customer through the authentication interface (143) to the video server (140).
4. A method for establishing a secure online video call connection between a service provider-side client application (111) and a customer-side client application (112) through the internet (120), characterized in that the method comprises the steps of:
- in an authentication server (141 ), receiving a request for a video call connection from a customer-side client application (111 ), said request containing a unique session identifier of the initiated video call ( video session ID),
- in the authentication server (141 ), in response to the call request, requesting personal identification data of the customer from the customer-side client application (111 ),
- in the authentication server (141 ), receiving the customer identification data and informing the customer-side client application (111 ) about the result of the identification,
- informing a video server (140) about the successful identification of the customer through an authentication interface (143), - redirecting the video call initiated by the customer to the video server (140) by sending the session ID of the video call (video session ID) to the video server (140), and
- setting up the video call connection between the customer-side client application (111 ) and the service provider-side client application (112) through the video server (141 ).
5. The method according to claim 4, characterized in that after establishing the video call connection, as a further step, the video call is completed through a real- time communication line.
PCT/HU2013/000028 2012-03-22 2013-03-14 Method and system for establishing secure online video connection Ceased WO2013140193A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
HU1200183A HUP1200183A2 (en) 2012-03-22 2012-03-22 Method and system for secure online video-based communication
HUP1200183 2012-03-22

Publications (1)

Publication Number Publication Date
WO2013140193A1 true WO2013140193A1 (en) 2013-09-26

Family

ID=89990657

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/HU2013/000028 Ceased WO2013140193A1 (en) 2012-03-22 2013-03-14 Method and system for establishing secure online video connection

Country Status (2)

Country Link
HU (1) HUP1200183A2 (en)
WO (1) WO2013140193A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017088396A1 (en) * 2015-11-27 2017-06-01 乐视控股(北京)有限公司 Video service providing method, access authentication method, server, and system
CN113630574A (en) * 2018-05-14 2021-11-09 聚好看科技股份有限公司 Video call method and terminal equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030202088A1 (en) * 2002-04-25 2003-10-30 Knight Timothy D. Videoconference with a call center
US20070171274A1 (en) * 2006-01-25 2007-07-26 Wai Yim Videoconference data relay server
WO2011137110A1 (en) 2010-04-30 2011-11-03 Alstom Technology Ltd. Dynamically auto-tuning a gas turbine engine
WO2011137102A1 (en) * 2010-04-27 2011-11-03 Bank Of America Corporation Video collaboration call center queuing

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030202088A1 (en) * 2002-04-25 2003-10-30 Knight Timothy D. Videoconference with a call center
US20070171274A1 (en) * 2006-01-25 2007-07-26 Wai Yim Videoconference data relay server
WO2011137102A1 (en) * 2010-04-27 2011-11-03 Bank Of America Corporation Video collaboration call center queuing
WO2011137110A1 (en) 2010-04-30 2011-11-03 Alstom Technology Ltd. Dynamically auto-tuning a gas turbine engine

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
I3SP: "Web Single Sign-On Technology", 13 January 2002 (2002-01-13), XP002711204, Retrieved from the Internet <URL:http://web.archive.org/web/20020113102845/http://www.i3sp.com/whitepapers/i3SP-WebSingleSignOn.PDF> [retrieved on 20130812] *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017088396A1 (en) * 2015-11-27 2017-06-01 乐视控股(北京)有限公司 Video service providing method, access authentication method, server, and system
CN113630574A (en) * 2018-05-14 2021-11-09 聚好看科技股份有限公司 Video call method and terminal equipment
CN113630574B (en) * 2018-05-14 2023-09-29 聚好看科技股份有限公司 Video call method and terminal equipment

Also Published As

Publication number Publication date
HUP1200183A2 (en) 2013-06-28

Similar Documents

Publication Publication Date Title
US11727128B2 (en) Method and apparatus for multi-channel secure communication and data transfer
US9444878B1 (en) Systems and methods for device emulation on mobile channel
CA2774622C (en) Interactive audio/video system and device for use in a secure facility
US8505077B2 (en) Acquisition of authentication rules for service provisioning
US8861540B2 (en) Industry-specific communication framework
US10757255B2 (en) System and method for secure interactive voice response
EP2116010A2 (en) Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US12126765B1 (en) Designated agent for caller authentication and authorization
US9860367B1 (en) Dial pattern recognition on mobile electronic devices
CN101473331B (en) User authenticating method, user authenticating system, user authenticating device
WO2024163639A1 (en) Contact center passwordless authentication
JP4266625B2 (en) External LAN connection IP key telephone system, its terminal and main device, and its external LAN connection method
WO2013140193A1 (en) Method and system for establishing secure online video connection
US10855666B2 (en) Alternate user communication handling based on user identification
CN101365021B (en) Systems and methods for connecting heterogeneous networks
WO2022092266A1 (en) Information processing device
Lupu Securing web accounts by graphical password and voice notification
JP7791100B2 (en) Information processing device
US11356441B2 (en) Alternate user communication routing
JP7216441B2 (en) One-time password system
US20220245747A1 (en) System and method for caller verification
CA3110613A1 (en) System and method for caller verification

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13725474

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13725474

Country of ref document: EP

Kind code of ref document: A1