Telecommunications – Radiotelephone system – Security or fraud prevention
Reexamination Certificate
1998-10-19
2001-09-25
Hunter, Daniel (Department: 2684)
Telecommunications
Radiotelephone system
Security or fraud prevention
C455S411000
Reexamination Certificate
active
06295446
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field
This invention relates to radio telecommunications networks in general and, more particularly, to a method and apparatus for detecting fraudulent telephone usage within such a system.
2. History of Related Art
Fraud has been identified as one of the cellular telephone industry's biggest problems. Because of fraud, the annual global loss in revenue now exceeds $1 billion. This amount does not account for indirect fraud costs, which include anti-fraud in-house personnel teams, the cost of anti-fraud equipment, and the negative impact such fraud has on wary potential subscribers.
Fraud appears in many forms, and new methods of committing fraud are conceived on almost a daily basis. Criminals who steal cellular phone services enjoy anonymity and other benefits, such as the ability to make an unlimited number of free calls, income from selling long-distance services at reduced rates, and the ability to bypass regulations that prohibit communications between certain countries.
Cellular systems are vulnerable to fraud at several points in the network. To date, the elements most frequently used to steal services are the phone itself, the radio interface, and the signaling network. Methods used to defeat the fraudulent use of telephone services are often frustrated by publication of the methods themselves. In fact, the Internet is a popular forum for fraudsters who, in a matter of minutes, are able to post detailed instructions to a global audience on how telephone fraud may be committed.
One of the most popular, and difficult to detect, methods of fraud is cloning, which can be described as the complete duplication of a legitimate mobile terminal, including the mobile identification number (MIN), the electronic serial number (ESN) and, in some cases, the subscriber's personal identification number (PIN). When cellular systems cannot distinguish between a clone and a legitimate subscriber, cloned telephones successfully pass pre-call validation checks, allowing fraudulent use that is billed to legitimate subscribers. In many cases, fraudulent calling activity is not detected until after thousands of dollars of non-recoverable calling charges have accrued.
The MIN-ESN represents a unique combination that may be used to validate a legitimate subscription. When a subscription is activated for the first time, the MIN-ESN are stored in the operator's database, or home location register (HLR). From that time onward, each access request to the MSC by the mobile terminal triggers a matching check by the MSC with the numbers received from the HLR. If the MIN-ESN transmitted by the phone matches the HLR data, then the MSC processes the access request.
The most common way of obtaining MIN-ESN combinations for use in cloning cellular phones is the theft of subscriber data from the operator, via interception, using a frequency scanner over the air interface. Since the MIN-ESN combination is transmitted on the air interface control channel whenever a mobile terminal registers with a Mobile Switching Center (MSC) or initiates/receives a call, the MIN-ESN combination is fairly easy to retrieve. One, if not many, cellular phones can easily be reprogrammed to use new MIN-ESN combinations.
Therefore, a method and apparatus capable of defeating cloned cellular telephone operations which make use of stolen MIN-ESN combinations is desirable. Further, it is also desirable to have a method and apparatus of defeating fraudulent cellular telephone operations which make use of stolen PINs.
SUMMARY OF THE INVENTION
In accord with one aspect of the present invention, an apparatus for detecting fraud in a radio network includes a Mobile Station (MS) having a nonvolatile memory to store an electronic identification number and a first calling event table. The nonvolatile memory may be battery-backed random access memory, electrically-erasable programmable read-only memory, or other types well known in the art. The apparatus also includes a MSC or HLR having a second calling event table that contains a mirror image of the first calling event table, as long as no fraud has occurred.
The first and second calling event tables contain identifying information for MS calling activity, such as outgoing call information, which may comprise a called number, a call time, a call duration, and/or a call date. The first and second calling event tables are updated with each outgoing call, and authorization to make future calls is based on conditioned correspondence between the information contained in each calling event table.
The nature of the information stored in the tables makes it very difficult for the fraudster to duplicate the content of the first calling event table in the cloned phone. A mismatch in table information (between the first and second calling event tables) is determined during an interrogation process that begins when the clone attempts to initiate a call, and, upon detection of the mismatch by the MSC or HLR, the fraudulent call connection is prevented.
The method for detecting fraud within a radio network begins when the MS initiates a call through the MSC. First, calling event data within the MSC or HLR is retrieved for the calling MS (from the second calling event table). Second, one or more queries based on the retrieved calling event data are sent to the MS to determine whether the first calling event table in the MS contains data that matches the contents of the second calling event table. Third, a response message containing the MS calling event data is sent from the MS to the MSC/HLR, and compared with the MSC/HLR query calling event data. If the data are equal, then the call can be completed. Call data, queries, and comparisons can be maintained and conducted within a MSC, a HLR, or by using some combination of a MSC and a HLR.
Any mismatch between data in the first and second calling event tables results in preventing the MS from being used to make calls in conjunction with the MSC. Such a mismatch indicates fraudulent cloning of a MS with a stolen MIN-ESN combination. Even if one or two events from the table are intercepted by fraudsters, as further calling event table updates occur, so as to provide some matching data within the calling event tables, the MSC or HLR query may include data for several events within the tables, selected in sequence, or randomly, such that only a complete copy of the table contents will enable a successful cloning operation.
REFERENCES:
patent: 5777558 (1998-07-01), Pennypacker et al.
patent: 5822691 (1998-10-01), Hosseini
patent: 5950121 (1999-09-01), Kaminsky et al.
patent: 5960338 (1999-09-01), Foti
patent: 5991617 (1999-11-01), Powell
patent: 6035043 (2000-03-01), Sansone et al.
patent: 0 656 733 A2 (1995-06-01), None
patent: WO 96/15643 (1996-05-01), None
patent: WO 98/31175 (1998-07-01), None
patent: WO 98/31178 (1998-07-01), None
Gantt Alan T.
Hunter Daniel
Jenkens & Gulchrist
Telefonaktiebolaget LM Ericsson (publ)
LandOfFree
Method and apparatus to detect fraudulent calls in a radio... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus to detect fraudulent calls in a radio..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus to detect fraudulent calls in a radio... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2485993