US20010050984A1 - Clip-on fraud prevention method and apparatus - Google Patents

Clip-on fraud prevention method and apparatus Download PDF

Info

Publication number
US20010050984A1
US20010050984A1 US08/987,935 US98793597A US2001050984A1 US 20010050984 A1 US20010050984 A1 US 20010050984A1 US 98793597 A US98793597 A US 98793597A US 2001050984 A1 US2001050984 A1 US 2001050984A1
Authority
US
United States
Prior art keywords
call
call initiation
initiation equipment
equipment
exchange
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US08/987,935
Other versions
US6396916B2 (en
Inventor
David Jordan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Verizon Patent and Licensing Inc
Original Assignee
MCI Communications Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by MCI Communications Corp filed Critical MCI Communications Corp
Assigned to MCI COMMUNICATIONS CORPORATION reassignment MCI COMMUNICATIONS CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: JORDAN, DAVID
Priority to US08/987,935 priority Critical patent/US6396916B2/en
Publication of US20010050984A1 publication Critical patent/US20010050984A1/en
Publication of US6396916B2 publication Critical patent/US6396916B2/en
Application granted granted Critical
Assigned to VERIZON PATENT AND LICENSING INC. reassignment VERIZON PATENT AND LICENSING INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MCI COMMUNICATIONS CORPORATION
Assigned to VERIZON PATENT AND LICENSING INC. reassignment VERIZON PATENT AND LICENSING INC. CORRECTIVE ASSIGNMENT TO REMOVE THE PATENT NUMBER 5,835,907 PREVIOUSLY RECORDED ON REEL 032725 FRAME 0001. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT. Assignors: MCI COMMUNICATIONS CORPORATION
Anticipated expiration legal-status Critical
Application status is Expired - Lifetime legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/47Fraud detection or prevention means
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/90Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP using Intelligent Networks [IN] or Advanced Intelligent Networks [AIN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/38Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
    • H04M3/382Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections using authorisation codes or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/01Details of billing arrangements
    • H04M2215/0148Fraud detection or prevention means
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/01Details of billing arrangements
    • H04M2215/016Billing using Intelligent Networks [IN] or Advanced Intelligent Networks [AIN]

Abstract

Fraud prevention in a telecommunications network using call initiation equipment including intelligence capable of authentication is described. In order to initiate a call via a telecommunications network, the call initiation equipment sends authentication data to an adjunct platform. The adjunct platform uses the authentication data to determine if the call initiation equipment is authorized to use the customer wireline that interconnects the call initiation equipment to the telecommunications network.

Description

    BACKGROUND OF THE INVENTION
  • 1. Field of the Invention [0001]
  • The present invention relates generally to anti-fraud devices for use in telecommunications networks and, more particularly, to a system and method for preventing clip-on fraud using telephone authentication. [0002]
  • 2. Related Art [0003]
  • Anti-fraud devices are used in telecommunications networks to prevent calls from being billed to a customer or subscriber that did not authorize the call. Because payment for calls made using traditional local calling and dial-1 long distance telephone is obtained by billing the owner of the telephone for all calls made on the telephone at the end of a month, fraud occurs with these services when someone has access to a telephone and makes a telephone call that they are not authorized to make. [0004]
  • Unauthorized interconnection with a customer's wireline or private exchange equipment is referred to as clip-on fraud. Private exchanges provide switching capabilities to a large number of telephones or other telecommunications network access equipment, such as personal computers, that are owned by one private entity. Clip-on fraud occurs by an unauthorized individual attaching their telecommunications equipment to the wires that interconnect the authorized customer's telecommunications equipment to the central office switch. A central office switch is a switch that provides access to the telecommunications network and switching capability for local calls. [0005]
  • Clip-on fraud allows a user of equipment that is clipped-onto a customer's telephone lines to place as many unauthorized calls as he or she wishes. Because calls from privately owned telephones are typically billed to an account associated with the telephone at the end of each month, the owner of the telephone may not be aware of the unauthorized access until the end of the month. In addition, because calls can be made from privately owned telephones without the caller demonstrating authorization, the owner of the telephone is unable to prevent fraud occurring via an unauthorized access to their telephone lines. [0006]
  • A telecommunications company's ability to detect clip-on fraud is limited. Telecommunications companies currently do not have the capability to determine what equipment is authorized to interconnect with a customer's wirelines. Using calling patterns to detect clip-on fraud is not helpful because a large volume of calls made with a telephone may not be detectable as unusual. [0007]
  • The charges for the unauthorized services are most often billed to the authorized customer who must convince the telecommunications company that he or she has not made the calls. The authorized customer must prove that he or she did not make the calls, pay any long distance charges, and then approach the long distance company for compensation. Clip-on fraud places a burden on the customer who may have little technical ability to resolve the unauthorized interconnection. The charges jeopardize the credit worthiness of the victim and may result in their telephone services being shut-off or being toll restricted. [0008]
  • Current attempts to address clip-on fraud include locking access boxes and attempting to obstruct access to the local network. These attempts do not prevent the problem but only make access slightly more difficult. In addition, millions of access points, such as interconnections, junction boxes, and demarcations, exist. Attempts to secure these points are expensive and often fail as an individual wishing unauthorized access can easily circumvent the locks. [0009]
  • SUMMARY OF THE INVENTION
  • The present invention includes call initiation equipment that contains intelligence which authenticates the call initiation equipment to the central office switch. Call initiation equipment is equipment that is capable of establishing a call via a telecommunications network. The authentication of the call initiation equipment takes place by providing an appropriate response to a validation request message from the central office switch. The intelligence contained in the call initiation equipment ensures that it will only operate successfully when used from the authorized customer's wireline. [0010]
  • The use of the validation request message removes the ability of an individual wishing unauthorized access to clip-on to the customer's wireline with a standard analog telephone equipment or other device. The requirement that the call initiation equipment contain intelligence that ensures that it operates successfully only when used from the authorized customer's wireline prevents an individual wishing unauthorized service from being able to make unauthorized calls by physically stealing the customer's phone and using it on another wireline. [0011]
  • The system of the present invention includes call initiation equipment that has an authentication unit that is capable of sending authentication data. The call initiation equipment accesses a telecommunications network via a customer's wireline that interfaces with an exchange. The exchange is connected to an adjunct platform which stores information needed to authenticate the call initiation equipment. [0012]
  • Examples of call initiation equipment include but are not limited to a telephone, a mobile telephone, or a personal computer with a modem. The authentication unit included in the call initiation equipment authenticates the call initiation equipment to the telecommunications network. An authentication unit is intelligence within the call initiation equipment that is capable of sending authentication data, which is data that identifies that the call initiation equipment is authorized to operate on a particular customer's wireline. The customer wireline is a line that connects the telephone or other call initiation equipment with an exchange. Customer wirelines may be copper lines in the ground or carried on telephone poles or fiber optic cable. [0013]
  • An exchange, also referred to as a switch, which is connected to the call initiation equipment via the customer wireline, is a component of the telecommunications network that provides access for call initiation equipment and switching functionality for access to other exchanges and to local call initiation equipment. The exchange is connected to an adjunct platform. An adjunct platform stores the information needed to authenticate the call initiation equipment. [0014]
  • The method of the present invention involves originating a call, using call initiation equipment, to the adjunct platform via an exchange. The adjunct platform responds to the call origination by sending a validation request message to the call initiation equipment, again via an exchange. The call initiation equipment responds to the validation request message by sending authentication data to the adjunct platform via an exchange. The adjunct platform sends a validation response message to the exchange and the exchange either allows the call to be initiated or denies access with either no indication or with an access denied message sent to the call initiation equipment indicating that access is denied. [0015]
  • Further features and advantages of the invention, as well as the structure and operation of various embodiments of the invention, are described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers generally indicate identical, functionally similar, and/or structurally similar elements. The drawing in which an element first appears is indicated by the leftmost digit(s) in the corresponding reference number. [0016]
  • BRIEF DESCRIPTION OF THE FIGURES
  • The present invention will be described with reference to the accompanying drawings, wherein: [0017]
  • FIG. 1 is a block diagram of an authentication unit call set-up environment according to a preferred embodiment of the present invention; [0018]
  • FIG. 2 depicts a flowchart illustrating the operation of an authentication unit call set-up environment according to a preferred embodiment of the present invention; and [0019]
  • FIG. 3 depicts a flowchart illustrating the messages for authentication unit operation.[0020]
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • FIG. 1 is a block diagram of an authentication unit call set-up environment [0021] 102 according to an embodiment of the present invention. The authentication unit call set-up environment 102 allows for call set-up by ensuring that the caller is using call initiation equipment 104 that is authorized to be interconnected to the customer's wireline 108.
  • The authentication unit call set-up environment [0022] 102 comprises call initiation equipment 104 that includes an authentication unit 106. The call initiation equipment 104 is interconnected to a central office switch 110 via a wireline 108. The central office switch 110 provides access to the global telecommunications network 118.
  • The central office switch [0023] 110 is interconnected to an adjunct platform, such as intelligent service network (ISN) 112 for authentication of the call initiation equipment 104. The ISN 112 provides a validation request message 306 (of FIG. 3) to the call initiation equipment 104 for authentication.
  • In addition, the central office switch [0024] 110 is interconnected to an interexchange carrier switch 114 for access to other global telecommunications network switches and termination equipment 116. The central office switch 110 is also interconnected to additional call initiation equipment (not shown) and provides switching capability to terminate local calls.
  • The authentication unit call set-up environment [0025] 102 will be described further with respect to an exemplary call. Call initiation equipment 104 is used to initiate a telephone call via customer wireline 108 to the central office switch 110. Call initiation equipment 104 may include, but is not limited to, a telephone, a mobile telephone (also referred to as a wireless telephone), a personal computer or any other equipment that can be used to initiate a call via a telecommunications network. The call initiation equipment 104 includes an authentication unit 106. The authentication unit 106 includes intelligence (implemented using hardware, software, or a combination of hardware and software) needed to authenticate that call initiation equipment 104 is authorized to use customer wireline 108.
  • The authentication unit [0026] 106 need not be a particular component within call initiation equipment 104. Authentication unit 106 may be any intelligence that can authenticate call initiation equipment 104. For example, authentication unit 106 can use existing circuitry within call initiation equipment 104 that is used for other functions. Authentication unit 106 can alternatively be a dedicated hardware state machine, or a processor operating according to software. If the authentication unit 106 is outside the call initiation equipment 104, an unauthorized user may be able to interconnect between call initiation equipment 104 and authentication unit 106 and obtain authorization via authentication unit 106. Thus, in embodiments where the authentication unit 106 is outside the call initiation equipment 104, preferably the authentication unit 106 is sufficiently close to call initiation equipment 104, so that it is would be difficult for an unauthorized user to interconnect between call initiation equipment 104 and authentication unit 106. Nevertheless, preferably, authentication unit 106 is within call initiation equipment 104.
  • Customer wireline [0027] 108 carries signals between call initiation equipment 104 and central office switch 110. Customer wireline 108 may be any transmission line that is capable of carrying signals in the telecommunications network. A customer wireline may be, but is not limited to, a cooper wire, fiber optic cable or frequency assignment of a signal that will be received by an antenna. Customer wireline 108 may include other equipment that combines various customers' call initiation equipment prior to reaching the central office switch 110. Examples of equipment that combines wirelines from various customers' call initiation equipment are demarcation blocks, junctions, and other facilities that interconnect wires.
  • Central office switch [0028] 110 is an exchange within a local exchange network. An exchange is a component of a telecommunications network that is capable of providing access to call initiation equipment and switching functionally to other exchanges. Switching functionality allows a call to be routed via a telecommunications network, comprising wirelines and exchanges, to access databases containing information, components that play recordings, or to call initiation equipment used by other customers. A central office is a building or other facility owned by a local exchange network provider. Therefore, an exchange within a central office, such as central office switch 110, is within a local exchange network. A local exchange network comprises switches and termination equipment within a localized area. An example of a local exchange network is a local telephone operating company network such as Bell Atlantic.
  • The central office switch [0029] 110 is interconnected to an ISN 112 which provides authentication of call initiation equipment 104. An ISN 112 is one type of adjunct platform. An adjunct platform provides the capability needed to authorize call initiation equipment 104. The capability needed to authorize call initiation equipment 104 includes the ability to send a validation request message and data to determine whether the authenticating data received from call initiation equipment 104 is valid. In addition, an adjunct platform may need processors that can interact with call initiation equipment 104 by providing translations and querying one or more databases to respond to call initiation equipment 104.
  • As just noted, ISN [0030] 112 is one type of adjunct platform. ISN 112 preferably includes an automated call distributor which accesses automated response units. Automated response units can play messages and obtain data. An automated response unit on ISN 112 can interact with the call initiation equipment to receive and send signals. In addition, the automated response unit can interact with databases on ISN 112 to obtain the data needed to validate call initiation equipment 104. An example intelligent service network is described in further detail in co-pending U.S. Patent Application Attorney Docket No. CDR-96-008 (1575.2230000) entitled, “A System and Method for Providing Operator and Customer Services for Intelligent Overlay Networks,” assigned to the assignee of the present invention and incorporated herein by reference in its entirety. The adjunct platform may also be implemented as a standalone database on a computer system such as the RISC 6000 manufactured by International Business Machines Corp. (IBM).
  • After call initiation equipment authentication is complete, if the call is a long-distance call, central office switch [0031] 110 sends the call to interexchange carrier switch 114. Interexchange carrier switch 114 is a switch on an interexchange network. An interexchange network comprises a plurality of switches that are located throughout a geographic area. However, in contrast to a local exchange network, interexchange networks typically comprise of switches throughout a large geographic area to process long distance telephone calls. For example, a national interexchange network comprises switches throughout the nation.
  • Interexchange carrier switch [0032] 114 completes the call via one or more components within global telecommunications network 118. Global telecommunications network 118 comprises the components shown in FIG. 1 and other global telecommunications network switches and termination equipment 116. Other global telecommunications network switches and termination equipment 116 comprises various interexchange networks that include interexchange carrier switches and various local exchange networks that include central office switches. In addition, other global telecommunications network switches and termination equipment 116 includes other equipment that can be used to access databases, listen to messages, and interconnect with other users using the global telecommunications network 118.
  • FIG. 2 depicts a flowchart illustrating the operation of an authentication unit call set-up environment [0033] 202. FIG. 2 is described with respect to FIG. 3 which illustrates the messages for authentication unit operation 302. The operation of an authentication unit call set-up environment 202 is described with reference to components of FIG. 1.
  • In step [0034] 206, central office switch 110 receives a call origination request 304 from call initiation equipment 104. A call origination request 304 informs the central office switch 110 that the call initiation equipment 104 is initiating a call.
  • If call initiation equipment [0035] 104 is a telephone, the customer preferably effects transmission of the call origination request signal by removing the handset of the telephone from the telephone base. When the handset of the telephone is removed from the telephone base, the telephone sends a call origination request 304 to the interconnecting switch, such as central office switch 110. One example of call origination request 304 is an off-hook signal which is a signal that indicates that the telephone will be used to initiate a call and complies with the International Telecommunications Union (ITU) signaling standards. The International Telecommunications Union (ITU) standards are publicly available as evidenced by the exemplary International Telecommunications Union (ITU) Signaling System Number 7 (SS7) Integrated Services Digital Network (ISDN) User Part (ISUP) NCT 1.113 (1995) document and the International Telecommunications Union (ITU) Signaling system 7 (SS7) Message Transfer Part (MTP) NCT 1.111 (1992) document. Conventionally, the central office switch 110 sends a dial tone in response to the call origination request 304.
  • However, with the present invention, additional processing is needed before the central office switch [0036] 110 sends a dial tone to call initiation equipment 104. Specifically, the call origination equipment 104 must first be authenticated by the adjunct platform, in this embodiment ISN 112, before a dial tone is sent from central office switch 110 to call initiation equipment 104.
  • In step [0037] 208, central office switch 110 sends the call origination request 304 to ISN 112. The call origination request 304 notifies the ISN 112 that the call initiation equipment 104 will be authenticated. The notification provided by the call origination request 304 distinguishes call initiation equipment 104 that will be authenticated from other call initiation equipment that may use conventional methods of call origination not involving authentication. The notification provided in the call origination request 304 allows the central office switch 110 and ISN 112 to provide access to both authenticating call initiation equipment 104 and non-authenticating call initiation equipment simultaneously. In addition, the ISN 112 may perform an initial authentication or identification of call initiation equipment 104 if information is provided in the call origination request 304 for an initial authentication or identification of call initiation equipment 104.
  • In step [0038] 210, the ISN 112 sends a validation request message 306 to central office switch 110. The validation request message 306 requests authentication data 308. Authentication data 308 that includes a random challenge corresponds to call initiation equipment 104 and is used to ensure that the call initiation equipment 104 is authorized to use customer wireline 108. In a preferred embodiment of the present invention, the authentication data 308 includes both a customer wireline identification number which identifies customer wireline 108 and an authentication identification number which is a response unique to call initiation equipment 104 that corresponds to a random challenge provided in the validation request message 306. In contrast to the consistency from call to call of the information that is provided by the call origination request 304 for initial identification or authentication, the authentication data 308 that authenticates the call initiation equipment 104 will vary in response to the validation request message 306 that was sent. Further description of authentication data 308 is given in the description of step 214 and Table 1.
  • The validation request message [0039] 306 will vary from call to call to make it difficult for a person who wants to gain unauthorized access to customer wireline 108 to gain access by interconnecting into the global telecommunications network 118, watching the data transmitting in the global telecommunications network 118, and determining from the data transmission how to respond to the validation request message 306. If the unauthorized individual could determine the appropriate authentication data 308 to respond to a validation request message 306, the unauthorized individual could then transmit the same authentication data 308 as transmitted by call initiation equipment 104 and gain access to customer wireline 108.
  • One type of validation request message [0040] 306 is a random challenge. The random challenge is a stream of digits that are sent in the validation request message 306. When the random digits are sent, the ISN 112 expects a stream of digits in return that correspond to the random challenge. For example, if the ISN 112 sends a validation request message 306 containing a random challenge of a digit stream 11011, the ISN 112 may be expecting authentication data 308 of a digit stream 01111. In contrast, if the ISN 112 sends a validation request message 306 with random challenged digits, 11110, the ISN 112 may be expecting authentication data 308 with digits 11101. As demonstrated in the example above, both the challenge and the response are random. Because the challenge is random, the ISN 112 will not send 00001, 00011 and so forth in sequential order. Because the response is random, the authentication data 308 will not be able to be determined with an algorithm. Therefore, an individual viewing data on an unauthorized interconnection with customer wireline 108, cannot at any given time determine the random challenge that will be sent or the authentication data 308 response needed, and gain access to central office switch 110 via customer wireline 108.
  • In step [0041] 212, the central office switch 110 sends the validation request message received from the ISN 112 to the call initiation equipment 104.
  • In step [0042] 213, the call initiation equipment 104 calculates the response using a one-way hashing function. As mentioned, the authentication data that is used to respond to the validation request message includes a customer wireline identification number and an authentication identification number shown in Table of step 214. The authentication identification number is calculated by call initiation equipment 104.
  • The authentication unit [0043] 106 calculates the authentication identification number using the random challenge in the validation request message 306. Several available algorithms for calculating the authentication identification number include the secure hash algorithm developed by NIST or the MD5 Message Digest algorithm developed by IETF. However, the present invention is not limited to these algorithms. In another embodiment of the invention, the authentication identification number is stored in a database and the authentication unit 106 retrieves the authentication identification number from memory.
  • In step [0044] 214, the call initiation equipment 104 sends authentication data 308 to central office switch 110 which comprises both a customer wireline identification number and an authentication identification number shown in Table 1 below. A customer wireline identification number is a number or other identifying information that is associated with customer wireline 108. If call initiation equipment 104 is a telephone, then the customer wireline identification number is a number that is dialed to terminate to call initiation equipment 104. For example, if a person on global network 116 wants to call a person using call initiation equipment 104, the person on customer network 116 will dial digits into a telephone. The number dialed is the customer wireline identification number.
    TABLE 1
    Authentication Data 308
    Customer Wireline Identifi- Identifies customer wireline 108. For
    cation Number example, the customer wireline identification
    number may be the customer's ANI.
    Authentication Identi- Responds to the validation request message
    fication Number 308. For example, the authentication
    identification number may be a random digit
    stream that is calculated using a random
    challenge provided in the validation request
    message 308.
  • The authentication identification number is the stream of random digits that was calculated in step [0045] 213 using the random challenge sent by the ISN 112. As mentioned previously, the ISN 112 expects the call initiation equipment 104 to respond with a unique digit stream corresponding to the digit stream sent in the validation request message 306. In other words, if the ISN sends 00001, the ISN 112 expects an authentication identification number of 10000 from call initiation equipment 104.
  • In step [0046] 216, the central office switch 110 sends the authentication data 308 (received from the authentication unit 106) to the ISN 112.
  • In step [0047] 218, the ISN 112 determines whether the caller may proceed. The ISN 112 compares the authentication data 308 with the authentication data obtained by implementing a stored algorithm that is the same as that used by the call initiation equipment or retrieved from in its database corresponding to call initiation equipment 104. If the authentication data 308 received from call initiation equipment 104 corresponds to authentication data obtained by the ISN 112 as corresponding to call initiation equipment 104, then call initiation equipment 104 is authenticated. If the authentication data required was a customer wireline identification number and an authentication identification number, then if call initiation equipment 104 sent the call initiation equipment identification number that is the same as the number retrieved from memory corresponding to customer wireline 108 and the authentication identification number corresponding to the number calculated using the random challenge, the call initiation equipment 104 is authorized to use customer wireline 108. If the authentication data 308 does not correspond to the authentication data that is needed to authorize call initiation equipment 104 to use customer wireline 108, then the caller may not initiate a call.
  • In step [0048] 220, the ISN 112 sends a validation response message 310 to central office 110 indicating whether the caller may proceed to initiate a call. The validation response message indicates whether call initiation equipment 104 is authorized to use customer wireline 108. If call initiation equipment 104 sent the appropriate authentication data, then call initiation equipment 104 is authorized to use customer wireline 108.
  • In step [0049] 222, the central office switch 110 determines whether the caller may initiate a call. If the validation response message 310 indicates that the call initiation equipment 104 is authorized to use customer wireline 108, the caller may initiate a call. If the caller may initiate a call, central office switch 110 proceeds to step 224. If the caller may not initiate a call, the central office switch 110 proceeds to step 228.
  • In step [0050] 224, central office switch 110 sends an access allowed signal 312 to call initiation equipment 104. An access allowed signal 312 indicates to the call initiation equipment 104 or the caller that a call may be initiated. An access allowed signal 312 varies depending on the type of call initiation equipment used. For example, if call initiation equipment 104 is a telephone, then the access allowed signal 312 may be a dial tone. If call initiation equipment 104 is a personal computer, the access allowed signal 312 may be a message requesting that a destination number be entered.
  • In step [0051] 226, the caller uses call initiation equipment 104 to establish a call. If call initiation equipment 104 is a telephone, the caller will use the keys to dial and place a call. If call initiation equipment 104 is a personal computer, the caller will either enter a destination number 314, or the computer will dial an already entered number to a destination, such as a personal computer of another individual. The digits dialed may be a destination number 314 which is a number associated with a second customer wireline within a network of the other global telecommunication network switches and termination equipment 116. The second customer wireline interconnects to call initiation equipment that receives the call. Messages are sent between the components of global telecommunications network 118 to establish and monitor the call. The messages that are used to communicate between components of the global telecommunications network 118 comply with the industry standard as defined by the International Telecommunications Union (ITU) mentioned previously.
  • In step [0052] 228, central office switch 110 generates an alarm and sends an access denied message to call initiation equipment 104 to deny the customer access to the global telecommunications network 118. If call initiation equipment 104 is a telephone, the access denied message may be a recording that states that a call cannot be placed because call initiation equipment 104 is not authorized to use customer wireline 108. If call initiation equipment 104 is a personal computer, the access denied message may be a message on the screen of the personal computer stating that the customer is not allowed access.
  • In addition to sending an access denied message, the central office switch [0053] 110 generates an alarm in step 228. The central office switch 110 sends the alarm to downstream systems that process alarms. The downstream systems that process alarms watch various circuits within the telecommunications network such as, customer wireline 108 to determine if a large number of alarms are generated for a particular circuit. Observing alarms alerts a telecommunications provider that an unauthorized user is attempting to access customer wireline 108. For example, if a large number of alarms are generated for a particular circuit, this alerts a telecommunications provider that a party may be attempting to determine based on the transmitted data between call initiation equipment 104 and ISN 112, the appropriate authentication data to respond to a random challenge. If a large number of alarms are generated, this can alert the telecommunications provider to alert the owner of customer wireline 108. In addition, the telecommunications provider can focus efforts in establishing that an unauthorized interconnection is the cause of the alarms, and if so, unauthorized interconnection is being made.
  • Alternate embodiments of the present invention are possible. One alternate embodiment, described with reference to components of FIG. 1, is that central office switch [0054] 110 is not connected to ISN 112. Rather, interexchange carrier switch 114 is connected to ISN 112. If interexchange carrier switch 114 is interconnected to ISN 112, central office switch 110 sends messages received from call initiation equipment 104 to interexchange carrier switch 114 rather than ISN 112.
  • With respect to FIG. 2, if ISN [0055] 112 is interconnected to interexchange carrier switch 114 rather than central office switch 110, then in step 208, after the central office switch receives the call origination request 304, the central office switch 110 will send the call origination request 304 to interexchange carrier switch 114 rather than to ISN 112. Interexchange carrier switch 114 will send the call origination request 304 to ISN 112.
  • With respect to step [0056] 210 of FIG. 2, ISN 112 will send a validation request message 306 to interexchange carrier switch 114. Interexchange carrier switch 114 will send a validation request message 306 to central office switch 110.
  • In step [0057] 216 of FIG. 2, the central office switch 110 will send authentication data 308 to interexchange carrier switch 114. Interexchange carrier switch 114 will send the authentication data 308 to ISN 112.
  • In step [0058] 220 of FIG. 2, the ISN 112 will send a validation response message 310 indicating whether the caller may proceed to interexchange carrier switch 114. Interexchange carrier switch 114 will send a validation response message 310 to central office switch 110.
  • Additional embodiments include additional exchanges used to transmit the validation request and response messages and authentication data. In addition, the central office switch [0059] 110 may be connected directly to global network 116 rather than or in addition to interexchange network 114. If the central office switch 110 is connected directly to global network 116, then the central office switch 110 may send some or all calls directly to global network 116.
  • An additional alternate embodiment as stated previously, is the authentication unit [0060] 106 does not need to be within call initiation equipment 104. However, authentication unit 106 should be as close as possible to call initiation equipment 104 to insure that an unauthorized user cannot interconnect between call initiation equipment 104 and authentication unit 106. For example, if authentication unit 106 was a box, authentication unit 106 should sit next to the personal computer, telephone or other piece of call initiation equipment 104 that will be used to place the call. Authentication unit 106 should not be downstairs in a basement of a building or outside on a telephone pole because an unauthorized user would have the ability to interconnect between call initiation equipment 104 and authentication unit 106 and gain access via authorization unit 106 to place calls via customer wireline 108.
  • In addition, authentication unit [0061] 106 need not be a separate unit. If call initiation equipment 104 is a personal computer, authentication unit 106 may be a program or a routine of a program on that computer or that can be accessed by the computer that can send the appropriate signals and authentication data to establish a call. A separate component within the computer may not be necessary.
  • In another embodiment, the adjunct platform is not ISN [0062] 112 but another platform or database that is capable of sending validation request and response messages and analyzing authentication data to ensure call initiation equipment 104 is authorized to use customer wireline 108. Also, the adjunct platform may be a database within either central office switch 110 or interexchange carrier switch 114. If the adjunct platform is a database within central office switch 110 or interexchange carrier switch 114, the exchange including the adjunct platform would send the validation request and response messages rather than waiting for them to be sent. In addition, the exchange would analyze the authentication data based on information contained in its database rather than sending the authentication to another exchange or to the adjunct platform.
  • A variety of call origination requests [0063] 304, validation request messages 306, authentication data 308, and validation response messages 310 are possible that provide messaging between the global telecommunication network 118 and the call initiation equipment 104. Not all of the messages are required to authenticate call initiation equipment 104. A validation response message 310 may be an access allowed signal 312 or an access denied signal, especially if the adjunct platform is contained within an exchange. In addition, authentication data 308 may be provided without responding to a validation response message 310 if a random challenge authentication is not used.
  • While various embodiments of the present invention have been described above, it should be understood that they have been presented by way of example only, not limitation. Thus, the breadth and scope of the present invention should not be limited by any of the above-described exemplary embodiments, but should be defined only in accordance with the following claims and their equivalents. [0064]

Claims (20)

What is claimed is:
1. Call initiation equipment, comprising:
equipment for initiating a call via a telecommunications network; and
an authentication unit capable of sending authentication data.
2. The system of
claim 1
, wherein said authentication unit comprises:
means for sending a customer wireline identification number; and
means for sending an authentication identification number.
3. A system for initiating a call via a telecommunications network, comprising:
an exchange coupled to call initiation equipment; and
an adjunct platform coupled to said exchange;
wherein said adjunct platform is capable of authenticating said call initiation equipment by analyzing authentication data sent by said call initiation equipment.
4. A system for initiating a call via a telecommunications network, comprising:
a customer wireline coupled to call initiation equipment;
an exchange coupled to said customer wireline; and
an adjunct platform coupled to said exchange;
wherein said adjunct platform is capable of authenticating said call initiation equipment by analyzing authentication data sent by said call initiation equipment.
5. A system for initiating a call via a telecommunications network, comprising:
a central office exchange coupled to call initiation equipment;
an interexchange carrier exchange coupled to said central office exchange; and
an adjunct platform coupled to said interexchange carrier exchange;
wherein said adjunct platform is capable of authenticating said call initiation equipment by analyzing authentication data sent by said call initiation equipment.
6. A method for authenticating call initiation equipment, comprising the steps of:
(a) sending a call origination request to an exchange;
(b) receiving a validation request message; and
(c) sending authentication data.
7. The method of
claim 6
, further comprising the steps of:
receiving an access allowed signal from said exchange;
providing dial tone; and
accepting digits entered into the call initiation equipment.
8. The method of
claim 6
, further comprising the steps of:
receiving an alarm from said exchange; and
receiving an access denied message from said exchange.
9. The method of
claim 6
, wherein step (a) comprises:
sending a call origination request to an exchange, wherein said call origination request authenticates the call initiation equipment.
10. The method of
claim 6
, wherein step (b) comprises:
receiving from said exchange a validation request message, wherein said validation request message includes random challenge digits.
11. The method of
claim 6
, wherein step (c) comprises:
sending authentication data to said exchange, wherein said authentication data includes a customer wireline identification number and an authentication identification number.
12. The method of
claim 6
, wherein step (c) comprises:
sending authentication data to said exchange, wherein said authentication data includes a customer wireline identification number and an authentication identification number wherein said authentication identification number is calculated using a one-way hashing function and said validation request message.
13. A method for authenticating call initiation equipment, comprising the steps of:
(a) receiving a call origination request message providing notification that additional processing is needed to authenticate the call initiation equipment;
(b) sending a validation request message to obtain authentication data; and
(c) receiving said authentication data to be used to determine whether the call initiation equipment is authenticated.
14. The method of
claim 13
, further comprising the step of:
sending an access allowed signal.
15. The method of
claim 13
, further comprising the steps of:
generating an alarm; and
sending an access denied message.
16. The method of
claim 13
, wherein step (a) comprises:
receiving said call origination request signal, wherein said call origination request authenticates the call initiation equipment.
17. The method of
claim 13
, wherein step (c) comprises:
receiving said validation request message, wherein said validation request message includes random challenge digits.
18. The method of
claim 13
, wherein step (e) comprises:
receiving said authentication data, wherein said authentication data includes a customer wireline identification number and an authentication identification number.
19. A method for authenticating call initiation equipment, comprising the steps of:
sending authentication data; and
receiving a validation response message.
20. A method for authenticating call initiation equipment, comprising the steps of:
receiving authentication data; and
sending a validation response message.
US08/987,935 1997-12-10 1997-12-10 Clip-on fraud prevention method and apparatus Expired - Lifetime US6396916B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US08/987,935 US6396916B2 (en) 1997-12-10 1997-12-10 Clip-on fraud prevention method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US08/987,935 US6396916B2 (en) 1997-12-10 1997-12-10 Clip-on fraud prevention method and apparatus

Publications (2)

Publication Number Publication Date
US20010050984A1 true US20010050984A1 (en) 2001-12-13
US6396916B2 US6396916B2 (en) 2002-05-28

Family

ID=25533711

Family Applications (1)

Application Number Title Priority Date Filing Date
US08/987,935 Expired - Lifetime US6396916B2 (en) 1997-12-10 1997-12-10 Clip-on fraud prevention method and apparatus

Country Status (1)

Country Link
US (1) US6396916B2 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020146005A1 (en) * 2001-03-20 2002-10-10 Worldcom, Inc. Method for billing in a telecommunications network
US20030084169A1 (en) * 2001-10-31 2003-05-01 Min Zhu System and method for accessing a target computer from a remote location using a remote computer
US20030126257A1 (en) * 2001-12-17 2003-07-03 Worldcom, Inc. Method for recording events in an IP network
US20050160280A1 (en) * 2003-05-15 2005-07-21 Caslin Michael F. Method and system for providing fraud detection for remote access services
US20050243984A1 (en) * 2003-05-15 2005-11-03 Mahone Saralyn M Method and apparatus for providing fraud detection using hot or cold originating attributes
US20050249341A1 (en) * 2003-05-15 2005-11-10 Mahone Saralyn M Method and apparatus for providing fraud detection using geographically differentiated connection duration thresholds
US20050278550A1 (en) * 2003-05-15 2005-12-15 Mahone Saralyn M Method and system for prioritizing cases for fraud detection
US20090222457A1 (en) * 2001-03-20 2009-09-03 Verizon Business Global Llc Xml based transaction detail records
CN105897753A (en) * 2016-06-02 2016-08-24 山东中烟工业有限责任公司 Cigarette factory one-site data cross-network fusion system and method for multi-dimensional application

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2279684C (en) * 1999-08-05 2007-05-15 Vtech Communications, Ltd. Method and apparatus for telephone call fraud detection and prevention
US7106845B1 (en) * 2000-06-26 2006-09-12 Accessline Communications Corporation Dynamic security system and method, such as for use in a telecommunications system
US9185109B2 (en) * 2008-10-13 2015-11-10 Microsoft Technology Licensing, Llc Simple protocol for tangible security
US8467512B2 (en) * 2009-07-30 2013-06-18 International Business Machines Corporation Method and system for authenticating telephone callers and avoiding unwanted calls
US9032217B1 (en) 2012-03-28 2015-05-12 Amazon Technologies, Inc. Device-specific tokens for authentication

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4920567A (en) * 1986-07-03 1990-04-24 Motorola, Inc. Secure telephone terminal
US5216517A (en) * 1988-08-24 1993-06-01 Kabushiki Kaisha Toshiba Communication terminal apparatus
US5113430A (en) * 1990-10-01 1992-05-12 United States Advanced Network, Inc. Enhanced wide area audio response network
US5455861A (en) * 1991-12-09 1995-10-03 At&T Corp. Secure telecommunications
US5353331A (en) * 1992-03-05 1994-10-04 Bell Atlantic Network Services, Inc. Personal communications service using wireline/wireless integration
TW200624B (en) * 1992-04-06 1993-02-21 American Telephone & Telegraph A universal authentication device for use over telephone lines
DE4307122A1 (en) * 1993-03-06 1994-09-08 Sel Alcatel Ag smart card
US5521966A (en) * 1993-12-14 1996-05-28 At&T Corp. Method and system for mediating transactions that use portable smart cards
FR2719730B1 (en) * 1994-05-06 1996-05-31 France Telecom System for secure transactions by phone.
FR2744818B1 (en) * 1996-02-12 1998-03-27 Bull Sa Audit Process for the preservation of the integrity of a request emitted unprotected by a client to a server by means of the integrity of the answer
US5787154A (en) * 1996-07-12 1998-07-28 At&T Corp Universal authentication device for use over telephone lines
US5878124A (en) * 1996-10-03 1999-03-02 At&T Corp Universal telephone system and method

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020146005A1 (en) * 2001-03-20 2002-10-10 Worldcom, Inc. Method for billing in a telecommunications network
US8161080B2 (en) 2001-03-20 2012-04-17 Verizon Business Global Llc XML based transaction detail records
US7945592B2 (en) 2001-03-20 2011-05-17 Verizon Business Global Llc XML based transaction detail records
US9094408B2 (en) 2001-03-20 2015-07-28 Verizon Business Global Llc Method for recording events in an IP network
US8886682B2 (en) 2001-03-20 2014-11-11 Verizon Patent And Licensing Inc. XML based transaction detail records
US20090222457A1 (en) * 2001-03-20 2009-09-03 Verizon Business Global Llc Xml based transaction detail records
US8315593B2 (en) 2001-03-20 2012-11-20 Verizon Business Global Llc Method for billing in a telecommunications network
US7406306B2 (en) * 2001-03-20 2008-07-29 Verizon Business Global Llc Method for billing in a telecommunications network
US20090010409A1 (en) * 2001-03-20 2009-01-08 Verizon Business Global Llc Method for billing in a telecommunications network
US20030084169A1 (en) * 2001-10-31 2003-05-01 Min Zhu System and method for accessing a target computer from a remote location using a remote computer
US20030126257A1 (en) * 2001-12-17 2003-07-03 Worldcom, Inc. Method for recording events in an IP network
US8380840B2 (en) 2001-12-17 2013-02-19 Verizon Business Global Llc Method for recording events in an IP network
US7774842B2 (en) 2003-05-15 2010-08-10 Verizon Business Global Llc Method and system for prioritizing cases for fraud detection
US20100080372A1 (en) * 2003-05-15 2010-04-01 Verizon Patent And Licensing Inc. Method and apparatus for providing fraud detection using hot or cold originating attributes
US7783019B2 (en) 2003-05-15 2010-08-24 Verizon Business Global Llc Method and apparatus for providing fraud detection using geographically differentiated connection duration thresholds
US7817791B2 (en) * 2003-05-15 2010-10-19 Verizon Business Global Llc Method and apparatus for providing fraud detection using hot or cold originating attributes
US20050278550A1 (en) * 2003-05-15 2005-12-15 Mahone Saralyn M Method and system for prioritizing cases for fraud detection
US7971237B2 (en) 2003-05-15 2011-06-28 Verizon Business Global Llc Method and system for providing fraud detection for remote access services
US8015414B2 (en) 2003-05-15 2011-09-06 Verizon Business Global Llc Method and apparatus for providing fraud detection using connection frequency thresholds
US20050268113A1 (en) * 2003-05-15 2005-12-01 Mahone Saralyn M Method and apparatus for providing fraud detection using connection frequency thresholds
US20050262563A1 (en) * 2003-05-15 2005-11-24 Mahone Saralyn M Method and apparatus for providing fraud detection using connection frequency and cumulative duration thresholds
US8340259B2 (en) 2003-05-15 2012-12-25 Verizon Business Global Llc Method and apparatus for providing fraud detection using hot or cold originating attributes
US20050249341A1 (en) * 2003-05-15 2005-11-10 Mahone Saralyn M Method and apparatus for providing fraud detection using geographically differentiated connection duration thresholds
US8638916B2 (en) 2003-05-15 2014-01-28 Verizon Business Global Llc Method and apparatus for providing fraud detection using connection frequency and cumulative duration thresholds
US20050243984A1 (en) * 2003-05-15 2005-11-03 Mahone Saralyn M Method and apparatus for providing fraud detection using hot or cold originating attributes
US20050160280A1 (en) * 2003-05-15 2005-07-21 Caslin Michael F. Method and system for providing fraud detection for remote access services
CN105897753A (en) * 2016-06-02 2016-08-24 山东中烟工业有限责任公司 Cigarette factory one-site data cross-network fusion system and method for multi-dimensional application

Also Published As

Publication number Publication date
US6396916B2 (en) 2002-05-28

Similar Documents

Publication Publication Date Title
US6097939A (en) Method and apparatus for event data maintenance per MIN/ESN pair in a mobile telephone system
AU709790B2 (en) Interactive and information data services telephone billing system
US5301246A (en) Data communications equipment security device using calling party directory number
US5222125A (en) System for providing personalized telephone calling features
US5859900A (en) Universal call access with reverse billing
JP2768876B2 (en) How to access the deposit account to be used in the billing of the call
CN1278537C (en) Telephone status notification system and its method
US6101242A (en) Monitoring for key words with SIV to validate home incarceration
EP0463384B1 (en) Method of access to a cordless telephone service
US5513250A (en) Telephone based credit card protection
CA2054567C (en) Telephone network credit card calling apparatus and method of operation
EP0539101B1 (en) Calling line identification
US5276444A (en) Centralized security control system
US5561706A (en) System for managing access by mobile users to an interconnected communications network where a billing authority is identified by a billing code from the user
CA2197676C (en) User authentication in a communications network
CA1289649C (en) Method and apparatus for providing virtual facility communication service
CN1222181C (en) Method for excuting business in mobile intelligent network
CA2122988C (en) Apparatus for detecting and preventing subscriber number cloning in a cellular mobile telephone system
US4799255A (en) Communication facilities access control arrangement
JP2872416B2 (en) Privacy protection method and apparatus of the telephone system
US6996220B2 (en) Method and apparatus for forwarding caller identification for a credit card or calling card call to an automatic number identification system of a telephone network
US5430719A (en) Mediation of open advanced intelligent network interface by shared execution environment
US5621787A (en) Prepaid cash card
US6853636B1 (en) Reverse call origination via a packet switched network
US6122357A (en) Providing enhanced services through double SIV and personal dial tone

Legal Events

Date Code Title Description
AS Assignment

Owner name: MCI COMMUNICATIONS CORPORATION, DISTRICT OF COLUMB

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:JORDAN, DAVID;REEL/FRAME:008898/0690

Effective date: 19971121

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

FPAY Fee payment

Year of fee payment: 8

FPAY Fee payment

Year of fee payment: 12

AS Assignment

Owner name: VERIZON PATENT AND LICENSING INC., NEW JERSEY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MCI COMMUNICATIONS CORPORATION;REEL/FRAME:032725/0001

Effective date: 20140409

AS Assignment

Owner name: VERIZON PATENT AND LICENSING INC., NEW JERSEY

Free format text: CORRECTIVE ASSIGNMENT TO REMOVE THE PATENT NUMBER 5,835,907 PREVIOUSLY RECORDED ON REEL 032725 FRAME 0001. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNOR:MCI COMMUNICATIONS CORPORATION;REEL/FRAME:033408/0235

Effective date: 20140409