US20030174684A1 - Method and system for identifying a user - Google Patents

Method and system for identifying a user Download PDF

Info

Publication number
US20030174684A1
US20030174684A1 US10/380,218 US38021803A US2003174684A1 US 20030174684 A1 US20030174684 A1 US 20030174684A1 US 38021803 A US38021803 A US 38021803A US 2003174684 A1 US2003174684 A1 US 2003174684A1
Authority
US
United States
Prior art keywords
user
identity
identification number
logic
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/380,218
Inventor
Timo Pohjanvuori
Per-Ake Minborg
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PHONE PAGES OF SWEDEN AB
Sony Mobile Communications AB
Original Assignee
PHONE PAGES OF SWEDEN AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PHONE PAGES OF SWEDEN AB filed Critical PHONE PAGES OF SWEDEN AB
Assigned to PHONE PAGES OF SWEDEN AB, THE reassignment PHONE PAGES OF SWEDEN AB, THE ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MINBORG, PER-AKE, POHJANVUORI, TIMO
Publication of US20030174684A1 publication Critical patent/US20030174684A1/en
Assigned to SONY ERICSSON MOBILE COMMUNICATIONS AB reassignment SONY ERICSSON MOBILE COMMUNICATIONS AB ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: THE PHONEPAGES OF SWEDEN AB
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present invention relates to a method and system for determining the identity of a system user. More specifically, the present invention pertains to a method and system for deriving the identity of a subscriber of a communications system for use in providing services to the subscriber.
  • GSM Global System for Mobile Communications
  • GPRS General Packet Radio Service
  • the Internet which uses packet data protocol
  • other data communication networks e.g., Intranets
  • Internet which uses packet data protocol
  • other data communication networks e.g., Intranets
  • Most consumers continue to interface with the Internet using personal computers. More specifically, a user typically interfaces with these networks by dialing a modem pool to connect to a server. From there, the user has access to both local and global data networks. Browsers, such as Microsoft ExplorerTM and Netscape NavigatorTM, allow the user to navigate on the Internet and switch between Internet pages or addresses.
  • a GSM telephone forwards a GSM internal identification number to the communication system when it makes a call.
  • This number is referred to as the Internal Mobile Subscriber Identity (IMSI) number.
  • the communications system associates this number with the subscriber's public telephone number.
  • This public number is formally referred to as the Mobile Subscriber Integrated Service Digital Network number (MSISDN).
  • MSISDN Mobile Subscriber Integrated Service Digital Network number
  • a data server derives information regarding the identities of users placing calls in a circuit-switched communications network. It performs this task by initially establishing at least one known and trusted identity “seed.” This trusted identity is stored in a “known list.” The data server then uses the trusted identity seed, in conjunction with information regarding calls placed in the circuit-switched communication network, to derive additional user identities. The data server stores the derived identities in the known list. The derived user identities also serve as new “seeds” for uncovering additional user identities. In this fashion, the data server may quickly supply the identities of unknown users without having access to the internal databases maintained by the circuit switched communication system.
  • the identities are defined by a pairing of secret and public identities used by the circuit-switched communications network to identify its subscribers (e.g., IMSI and MSISDN identification numbers, respectively).
  • a user device may encrypt its secret identification number before transmitting it to the data server to maintain the secrecy of this information.
  • the data server can additionally verify that the user identities stored in the known list remain valid.
  • the data server can be configured to invalidate or correct inaccurate entries.
  • FIG. 1 shows an exemplary system for implementing the techniques described herein
  • FIG. 2 shows an exemplary server for use in the system of FIG. 1;
  • FIGS. 3 - 5 show different types of terminals that can interact with the system of FIG. 1;
  • FIG. 6 shows a procedure for requesting and displaying data objects
  • FIG. 7 shows a procedure for servicing a request for data objects at a data server
  • FIG. 8 shows a procedure for requesting and displaying data objects in an A-class user device
  • FIG. 9 shows a procedure for requesting and displaying data objects in a B-class user device
  • FIG. 10 shows a procedure for requesting and displaying data objects with respect to a called (B-party) user device
  • FIG. 11 shows an exemplary technique for uncovering identity pairings based on one or more known “seed” pairings
  • FIG. 12 graphically shows (in tree-type format) the derivation of multiple identity pairings from an initial known “seed” pairing using the technique of FIG. 1;
  • FIG. 13 shows an exemplary technique using encryption for uncovering identity pairings based on one or more known “seed pairings”
  • FIG. 14 graphically shows (in tree-type format) the derivation of multiple identity pairings from an initial known “seed” pairing, particularly illustrating the effects of the erroneous mapping of identities;
  • FIG. 15 shows an exemplary technique for uncovering identity pairings based on one or more known “seed” pairings, including updating of erroneous identity mappings;
  • FIG. 16 graphically shows (in tree-type format) the derivation of multiple identity pairings from an initial known “seed” pairing, particularly illustrating the correction of erroneous identity mappings using the technique of FIG. 15.
  • the identity mapping technique is described with reference to specific types of communication systems, standards and protocols to facilitate explanation. However, the technique can be implemented using other types of systems, including various types of circuit and packet-switched systems. The technique likewise can be implemented with reference to any type of fixed or mobile terminals using any type of access technology, such as Time Division Multiple Access (TDMA), Code Division Multiple Access (CDMA), Frequency Division Multiple Access (FDMA), Orthogonal Frequency Division Multiple Access (OFDMA), Time Division Duplex (TDD), Frequency Division Duplex (FDD), etc., or any combinations thereof.
  • TDMA Time Division Multiple Access
  • CDMA Code Division Multiple Access
  • FDMA Frequency Division Multiple Access
  • OFDMA Orthogonal Frequency Division Multiple Access
  • TDD Time Division Duplex
  • FDD Frequency Division Duplex
  • FIG. 1 illustrates an overview of a system 10 that can implement the technique.
  • the system 10 combines multiple different network infrastructures 110 for providing communication resources to a user device 100 .
  • the system 10 includes a circuit-switched (CS) network and a packet-switched (PS) network.
  • the circuit-switched part of the network may be implemented according to the GSM standard. It includes a Mobile Switching Center (MSC) 118 and a Base Station Subsystem (BSS) 112 , which are well known to those skilled in the art.
  • the circuit-switched part of the communication network interfaces with the Public Switched Communication Network (PSTN) 140 .
  • PSTN Public Switched Communication Network
  • the PSTN can provide connection between a user device 100 and user device 150 .
  • the packet-switched part of the network may be implemented using the GPRS standard. It include a Serving GPRS Support Node (SGSN) 114 and a Gateway GPRS Support Node (GGSN) 116 .
  • the BSS 112 also provides communication resources to the packet-switched part of the system. Namely, the BSS 112 provides both packet-switched communication resources (denoted by communication 162 ) and circuit-switched communication resources (denoted by communication 161 ). As shown, the packet-switched and circuit-switched parts of the network may also be interconnected by way of an interface between the MSC 118 and the SGSN 114 .
  • the packet-switched part of the network interfaces with a data network 120 .
  • the data network can comprise any type of data network having limited or global access, such as an Intranet, the Internet, Local Area Network (LAN), etc.
  • the data network 120 typically includes one or more routers (not illustrated) and data bridges to interconnect nodes in the network and to enable the nodes to communicate with each other.
  • the data network provides connection between the user terminal 100 and one or more data server objects 130 .
  • a party using user device 100 may obtain a complete logical connection 171 to a user using user device 150 (referred to as the B-party).
  • This channel is formed by the BSS circuit-switched resources 161 of BSS 112 , MSC node 118 , and PSTN 140 .
  • this channel can be used to conduct real-time voice communication between user device 100 and user device 150 .
  • a party using user device 100 may obtain a complete logical connection 172 to data server 130 connected to the data network 120 .
  • This channel is formed by the BSS packet-switched resources 162 of BSS 112 , the SGSN 114 , GGSN 116 node, and data network 120 . This channel can be used to transmit data between the user device 100 and the data server 130 .
  • the user device 100 does not support the use of a packet-switched communication channel.
  • data objects from the server 130 can be retrieved by other means, such as a Short Message Service (SMS) or a temporary CS communication channel.
  • SMS Short Message Service
  • a packet-switched communication channel having a particular QoS is used for conveying speech within the communication system 10 , and the PSTN 140 and the data network 120 are interconnected by some alternative known means (not shown in FIG. 1).
  • the SGSN 114 typically includes functionality for the delivery of data packets from and to the user devices within its service area. It also performs packet routing and transfer, authentication and charging operations, mobility management, and logical link management.
  • the GGSN 116 acts as an interface between the GPRS system and external packet data networks. More specifically, this node converts the GPRS packets sent from the SGSN into the packet data protocol (PDP) format appropriate for the external network (e.g., Internet Protocol or X.25). It also transmits the converted packets to the packet data network. This node also converts PDP addresses of incoming data packets into the GSM address of destination user devices.
  • PDP packet data protocol
  • the data network 120 provides access to one or more data object servers 130 (only one is shown to simplify the discussion).
  • FIG. 2 identifies features of the data server 130 . It includes at least one CPU 210 connected to at least one memory device 220 , a cache memory 250 , at least one database 240 , and at least one communication interface 230 . Memory devices 220 and databases 240 can be non-volatile.
  • the interface 230 enables the CPU 210 to send and receive data to/from the data network 120 .
  • the cache memory 250 allows storage of frequently used data objects so that the CPU 210 may obtain them in an efficient manner.
  • the database 240 contains the actual data objects that can be requested by the user device 100 via the communication infrastructure 110 and the data network 120 .
  • the data object server 120 may also comprise a number of programs 260 .
  • the programs 260 can include a filter 270 allowing the data objects to be optimized according to the rendering capabilities of the user device 100 .
  • the programs 260 may also include an encryption/decryption engine 280 allowing data object requests to be decrypted and data objects to be encrypted.
  • various modules of the data server can be implemented as separate computers.
  • the computers may be located together in one facility or located remotely from each other.
  • the database 240 can comprise any type of storage media. For instance, it can comprise a hard-drive, RAM memory, magnetic media (e.g., discs, tape), optical media, printed media (e.g., lists), etc.
  • the database 240 can be formed using any type of organization, such as relational, object-oriented, etc.
  • the database 240 can be separated into two or more databases in a distributed fashion. Further, the database (or databases) 240 may contain redundant data. Any node can access the database (or databases) 240 , including internal nodes (e.g., nodes internal to the data server system) or external nodes (e.g., nodes external to the data server system).
  • the list 242 may be stored in the same physical storage media as the data objects (e.g., the phonepages), or in a separate database.
  • the database 240 is intended to very generally represent any type of means of retaining data objects and subscriber identification information.
  • the data objects stored in database 240 include graphical information objects associated with telephone numbers. These pages are alternatively referred to as “phonepages.” That is, for instance, selected phonepages might correspond to the telephone numbers of the subscribers of user device 100 and user device 150 .
  • the telephone number associated with user device 100 is referred to as an A-number pertaining to an A-party.
  • the telephone number associated with user device 150 is referred to as a B-number pertaining to a B-party.
  • the system can be configured in such a manner that the A-party, upon dialing the B-number, connects to a data object server 130 (by way of the packet-switched communication channel) and receives a data object, e.g., a “phonepage” stored in a memory position in the data object server, with a memory address corresponding to the B-number dialed.
  • a data object e.g., a “phonepage” stored in a memory position in the data object server, with a memory address corresponding to the B-number dialed.
  • the phonepage may, for example, comprise information about the B-party, such as phone number, address and other information. Alternatively, the phonepage may simply provide an immediate access to an internal or external data network as maintained by the B-party subscriber. After having received the B-party phonepage, the system can execute one or more procedures.
  • a circuit-switched voice connection can be set up. If the B-number is addressing another device, other events may occur. The procedures performed may also depend on the type of A-party device 100 being used.
  • the database 240 also stores a list 242 of known associations between secret and public identification numbers of the communications system subscribers. That is, if the data server 130 successfully determines the association (or mapping) between a secret and public identification number for a subscriber, it stores this association in the list 242 .
  • the secret identification number would correspond to the Internal Mobile Subscriber Identity (IMSI) number. This is an internal (non-public) number used for internal call routing, billing, etc.
  • the public identification number corresponds to the Mobile Subscriber Integrated Service Digital Network (MSISDN) number. This number is generally the same as the number that a third party enters to reach a subscriber.
  • IMSI Internal Mobile Subscriber Identity
  • MSISDN Mobile Subscriber Integrated Service Digital Network
  • the programs 260 also include an identity derivation module 272 .
  • This module 272 is used to derive the identities of communication system subscribers on the basis of information stored in the known list 242 of the database 240 . Further details regarding this function are discussed in section No. 3 below.
  • FIGS. 3 - 5 show different types of user devices 100 that can interface with the network infrastructure 110 .
  • the user device 100 shown in FIG. 3 comprises a mobile telephone or a PDA with mobile telephone capabilities.
  • the mobile telephone includes a central processing unit (hereafter CPU) 310 connected to at least one memory unit 324 , and at least one display 328 .
  • the CPU 310 may also be connected to a keyboard device 312 or other type of input device.
  • the memory unit 325 may be non-volatile (e.g., EEPROM or SIM card) in order to retain stored information, should power be temporarily unavailable.
  • the CPU 310 is further connected to a radio unit 326 that can convert incoming and out going data to RF modulated signals in well-known fashion.
  • the radio unit 326 also connects to an antenna 330 allowing the RF modulated signals to be received/transmitted from/to an RF compatible media (e.g., air).
  • the radio unit 326 may also directly or indirectly be connected to an earphone 320 and a microphone 322 to enable voice communication.
  • the user device may further comprise a plurality of programs 314 , such as a browser 316 .
  • the browser 316 presents at least one type of data object to a user for viewing.
  • the programs 314 may also include an encryption/decryption engine 318 that encrypts data object requests and decrypts received data objects.
  • the user device may optionally include cache memory (not shown) for storing and retrieving frequently used display objects, etc.
  • FIG. 4 illustrates another type of user device 100 that can be used to interface with network infrastructure 110 .
  • the device shown there is a fixed (non-mobile) telephone with graphic capabilities.
  • the user device includes the same basic components discussed above in connection with FIG. 3, including CPU 410 , keyboard 412 , memory 424 , earphone 420 , microphone 422 , display 428 , and programs 414 .
  • the programs include browser 416 and encryption/decryption engine 418 .
  • the user device 100 in FIG. 4 differs by replacing the radio unit 326 with a media adapter 450 , and by replacing the antenna 330 with a hardwired connection 452 .
  • the media adapter 450 converts incoming and outgoing signals to and from a particular media standard, including but not limited to ISDN, ADSL, HDSL, VDSL, various cable network-compatible formats, etc.
  • FIG. 5 shows yet another type of user device 100 , 500 that can interface with the communication infrastructure 110 .
  • the user device 500 shown here comprises a mobile telephone 502 that may lack data object rendering capabilities.
  • the mobile telephone 502 interfaces with a Personal Digital Assistance Device (PDA) device 504 (or similar device) via a communication link 506 .
  • the communication link 506 may comprise, for example, an infrared, radio (e.g., BluetoothTM) or wire communication arrangement.
  • the PDA 504 includes functionality for displaying and manipulating the data objects.
  • the mobile telephone 502 in FIG. 5 generally includes many of the same basic components discussed above in connection with FIG. 3, including CPU 510 , keyboard 512 , memory 524 , earphone 520 , microphone 522 , display 528 , radio unit 536 and antenna 530 .
  • the mobile telephone 502 may lack the programs 314 shown in FIG. 3.
  • the PDA 504 shown in FIG. 5 includes a CPU 570 connected to at least one memory unit 572 , and at least one display 582 .
  • the CPU 570 may also be connected to a keyboard device 574 or other known type of input device (to allow, for instance, a user to enter digits.)
  • the memory unit 572 may be non-volatile (e.g., EEPROM or SIM card) in order to retain stored information, should power be temporarily unavailable.
  • the PDA 504 further comprises a collection of programs 576 including but not limited to a browser 578 that can present at least one type of data object to the user.
  • the programs 576 also may include an encryption/decryption engine 580 allowing data object requests to be encrypted and data objects to be decrypted.
  • the PSTN 140 provides access to another user device 150 over the fixed network.
  • the user device 150 can also comprise any type of communication device, such as a “plain old telephone” (POT), facsimile or data modem devices, etc.
  • POT plain old telephone
  • the PSTN 140 can also interface (directly or indirectly) with a host of other types of devices or systems, such ISDN terminals and communication devices connected via a Digital Subscriber line (DSL).
  • DSL Digital Subscriber line
  • the PSTN can interface with another wireless system (e.g., having at least one MSC connected to at least one BSS) to provide wireless connection to a mobile telephone or like device.
  • another wireless system e.g., having at least one MSC connected to at least one BSS
  • user device 150 may comprise a mobile telephone having any of the features discussed above in connection with FIGS. 3 - 5 , or some other type of mobile device.
  • FIG. 6 is a flow diagram of a procedure used by the user device 100 for communicating a phonepage to an A-party.
  • the procedure starts by an initiation from the A-party, (e.g., a user device 100 is switched on).
  • Step 610 indicates the occurrence of some triggering event that causes the generation of a phonepage request.
  • the trigger may be attributed to an automatic event (e.g., as when a call is terminated by the other party), or may be attributed to a manual event (e.g., as when the A-party dials a number, such as the B-number).
  • the triggering event may be at least one of the following incidents: a) an outgoing call is (or is about to be) initiated.; b) an addressed B-party answers a call; c) an addressed B-party is busy; d) an addressed B-party does not answer; e) an addressed B-party rejects a call; f) an addressed B-party is unavailable (e.g., an addressed mobile phone is out of coverage); g) an incoming call is imminent or has just started; h) a conference call is or is about to be initiated; i) a call is disconnected; j) a call is conducted (under which several triggering events can be generated); k) a subscriber is put on hold; l) a new cell in the PLMN has been selected; m) the location of a subscriber has changed; n) a new Public Land Mobile Network (PLMN) operator is selected; o) a new country of registration is made; p) a user device is about to be switched off; q
  • the A-party initiates a request in step 630 , possibly after encryption in step 620 , and sends this request via a communication channel (e.g., a packet-switched channel as illustrated in FIG. 1) to a data object server.
  • a communication channel e.g., a packet-switched channel as illustrated in FIG. 1
  • the data object request may include at least one of the following parameters: a) a requested protocol to be used for transmission (e.g., WAP, WML, HDML, HTML, XML, etc.); b) an identification of a data object server (e.g., a server name or a plain IP address); c) a code denoting what kind of event triggered the data object request (e.g., outgoing call setup); d) the indicated B-number associated with at least one B-party equipment; e) an A-party identity and/or a secret A-party identity (e.g., an A-number of a mobile station); f) a network address of the A-party (e.g., IP address) used by the data object server when returning a requested data object; g) a capability code indicating the displaying capabilities of the A-party (e.g., screen resolution, audio, etc.); h) a code indicating an encryption scheme or encryption key used; i) a code indicating the
  • the data object request in step 630 may be answered by the data object server in an encrypted format.
  • the user device 100 decrypts the object in decryption step 650 following the reception of the object at the user device 100 (in step 640 ).
  • the user device 100 renders the data objects in step 660 in accordance with the capabilities of the user device 100 .
  • a number of additional procedures may be performed which depend on the capabilities of the A-party user device 100 and/or the type of equipment addressed by the B-number. For example, a call may be set up or a call may be disconnected.
  • FIG. 7 shows corresponding procedures performed in a data object server (such as data object server 130 ) in response to the procedures shown in FIG. 6.
  • the data object server receives a request for a data object.
  • the request typically includes (in exemplary embodiments) at least an indication specifying an A- or B-number and a specification of what kind of action triggered the request. If the request is encrypted, decryption will be performed in step 720 before interpreting the content.
  • the address indication (e.g., A- or B-number) in the request received in step 710 will be mapped to a memory address in the data object server, or to an address provided in another database maintained at some other site.
  • the address may specify a data object, such as a phonepage.
  • the data server retrieves the database in step 730 .
  • the request received in step 710 may also include an indication of a user device display capability; in this case, the data server may adapt the retrieved data object to the requested format.
  • the database may store the data objects in different formats. In this case, the data server complies with the request by retrieving the data object having the correct format.
  • Step 750 encrypts the request if requested or necessary.
  • the data server sends the encrypted data object in step 760 .
  • the above-described general technique for accessing a data object associated with a specified address may be varied in a number of different ways, depending on, for example, the communication capabilities of the user devices. For example, one or more of the steps described as being sequentially performed can be performed concurrently.
  • User devices such as mobile telephones, are currently capable of handling both packet-switched and circuit-switched communication simultaneously. These devices are generally referred to as “class A” mobile telephones. Other mobile telephones have designs that allow packet-switched and circuit-switched communication in an alternative fashion. That is, these phones can alternate between packet-switched and circuit-switched communication, but cannot conduct both types of communication at the same time. These mobile telephones are referred to as “class B” mobile stations.
  • FIG. 8 shows exemplary procedures used when a circuit-switched connection is initiated from a class A user device.
  • the user initiates a call session by indicating a B-number of a B-party, e.g., by pressing a digit, a button or by activating a voice recognition mechanism.
  • the user device then starts to set up two different connections, a circuit-switched connection for a voice communication channel in step 820 , and a packet-switched communication channel for retrieval of a phonepage in steps 840 - 880 .
  • These procedures may be performed simultaneously in a class A user device.
  • a voice connection with a B-party is initiated in step 820 .
  • the circuit-switched communication system assigns a communication resource over which a telephone conversation can take place.
  • the voice conversation ends (in step 830 ) in a conventional manner, for example by pressing a designated button on the mobile user device or hanging up a handheld part of a fixed network telephone. Ending the call also involves deallocation of relevant communication resources within the circuit-switched part of the mobile communication network, as well as, e.g., any PSTN resources involved in the connection.
  • the packet-switched procedures basically follow the procedures described with reference to FIG. 6. Namely, the procedure involves sending a data object request in step 850 , optionally after encryption in step 840 .
  • the user device receives the data objects in step 860 , decrypts the data objects in step 870 (if necessary), and displays the data objects in step 880 .
  • the packet-switched connection also ends.
  • FIG. 9 shows a procedure for handling voice and data communication under these constraints.
  • the class B type user device indicates a B-number in the manner described above with reference to FIG. 8.
  • the procedure then advances to step 930 , where the user device determines whether a phonepage is being requested or not. That is, a user may directly request the phonepage. Alternatively, the B-number that was dialed prompts such a request. For instance, in an exemplary embodiment, double clicking on a designated SEND button indicates that the phone page is to be requested. If no phone page is requested, the procedure advances to steps 970 and 980 where the circuit-switched call is conducted and then terminated.
  • the user device encrypts a data object request (in step 940 ) and then sends the request (in step 950 ) over a packet-switched communication channel. If the packet session is not interrupted (as determined in step 960 ) then the user terminal receives the data object (in step 962 ) and displays the data objects (in step 964 ). And if data packet transmission is complete (as determined in step 968 ) then the procedure advances to steps 970 and 980 where the circuit-switched communication is then conducted.
  • the downloading of the packet-switched data objects may be interrupted for various reasons. For example, a user may deliberately wish to terminate the download of the data object and proceed directly to the circuit-switched communication. The download may also be automatically terminated if it is taking too long or there is an error in the transmission, or because of some other reason. In any case, if the download is interrupted (as determined in step 960 ), the circuit-switched call is conducted in steps 970 and 980 .
  • the user device may download data objects when the user device is idle (e.g., not conducting a circuit-switched communication). Further, the user device may store the phonepages of commonly accessed numbers in its memory to obviate or reduce the need to access the data server upon every telephone call.
  • FIG. 10 shows the procedures used in a B-party user device for retrieval of A-party phonepages.
  • the user device is an A-class device (giving it the ability to simultaneously communicate over the circuit-switched network and the public switched network).
  • the procedure starts when the B-party receives a call.
  • the communication system allocates a communication channel for conducting the communication.
  • an indication of the call originating identity i.e., the A-party identity, and preferably an A number, is revealed to the B-party.
  • the B-party user device then sends a data object request (in step 1080 ) to a data object server after optionally encrypting the request (in step 1070 ).
  • the request is, when received in the server, treated in a manner similar to that outlined above for the A-party user device. Namely, the B-party user device obtains the data object (in step 1082 ), decrypts the data object if necessary (in step 1084 ) and displays the data object (in step 1086 ).
  • the voice connection may follow the same procedures (steps 1040 and 1050 ) as those described in relation to FIG. 8, for instance. If the call is not answered the voice communication terminates.
  • the user device includes a Subscriber Identification Module (SIM) that stores an Internal Mobile Subscriber Identity (IMSI) number.
  • SIM Subscriber Identification Module
  • IMSI Internal Mobile Subscriber Identity
  • MSISDN Mobile Subscriber Integrated Service Digital Network number
  • the circuit-switched communication system can translate the IMSI number to the MSISDN number by reference to databases which provide mapping between these two identities.
  • the data server 130 may not be directly affiliated with the circuit-switched service and therefore may not have direct access to the mapping between the IMSI and MSISDN numbers.
  • the following procedures allow the data server 130 to gain sufficient information regarding the identities of the subscribers to provide services to these users (e.g., to supply data objects, such as phonepages, to the users).
  • FIG. 11 shows a first procedure for uncovering public MSISD numbers.
  • secret identification numbers such as internal GSM IMSI numbers
  • public identification numbers such as GSM MSISDN numbers
  • PI for public identity
  • step 1110 the data server establishes a “seed” pairing which maps a known secret identity SI 1 to a known public identity PI 1 .
  • a seed which maps a known secret identity SI 1 to a known public identity PI 1 .
  • One simple way to establish a known identity is to have a circuit-switched system operator manually or automatically enter or forward the seed pairing.
  • the system may enable any subscriber to directly contact the data server 130 (e.g., by dialing a special telephone number assigned to the data server and retrieving a data object page sponsored by the data server).
  • the data server software will prompt the subscriber to directly register the seed pairing.
  • the data server may automatically derive or extract a subscriber's secret identification number and then prompt the subscriber to manually enter his or her public identification number (e.g., in an appropriate entry field of the page).
  • the secret identification number can be derived or extracted on the basis of information ordinarily transmitted in the course of setting up a connection. (Such a procedure is useful, as a subscriber may be unaware of his or her secret identification number.)
  • Other procedures for registering a seed pairing can be used.
  • the data server may execute a menu-based prerecorded dialogue with a subscriber to collect necessary identification information. Whatever method is used, the data server then stores the seed pairing in the database of the data server, e.g., in the “known list” 242 of database 240 (with reference to FIG. 2).
  • the data server then waits for a call event (in step 1112 ).
  • the call event may comprise any event discussed in section No. 2 above.
  • a call event may be caused by the A-party (e.g., using device 100 ) dialing the phone number of the B-party (e.g., using device 150 ) to set up a call, which may prompt the system to generate a request to the data server.
  • step 1114 the data server receives the request that accompanies a call set up, and the information contained therein.
  • the A-party user device may specify its secret identification number and the public identification number of the party it is calling.
  • the data server determines whether this call information pertains to any entry in the “known list.” For example, for illustration purposes, suppose that that the list contains the known pairing SI 1 , PI 1 corresponding to a first subscriber. Further suppose that this first subscriber makes a telephone call to another party “n.” In this case, the data server may receive the secret identity of the known user (i.e., SI 1 ) and the public identity of the other terminal n (denoted by PI n ).
  • Step block 1116 then derives a new identity pair (e.g., SI n , PI n ) from the gathered information. More specifically, in step 1118 , the data server accesses the known list to determine the public identity corresponding to the received known secret identity. That is, in one example, the data server determines PI 1 using SI 1 (which was received from the user device which initiated the call) as an index. In step 1120 , the data server obtains a ring response from the B-party. More specifically, in the course of setting up a call, the circuit-switched communication network pages the called party (i.e., the B-party) with a ring signal. The circuit-switched communication network may also inform the called party of the public identity of the calling party (e.g., PI 1 ).
  • a new identity pair e.g., SI n , PI n
  • the “ring response” refers to the called party's response to the ring signal.
  • the ring response is forwarded to the data server. It may contain the secret identification number of the called user (i.e., SI n ) and the public identification number of the calling A-party subscriber (i.e., PI 1 ).
  • step 1122 the data server then associates the pubic identification number PI 1 received in the ring response with the public identification number PI 1 received from the database look-up (i.e., from step 11118 ).
  • the gathered information now permits the data server to associate the secret identification number and public identification number of the called party (i.e., SI n , PI n ), and thus establish another known identity.
  • the data server adds the new identity pair (i.e., SI n , PI n ) to the known list 242 .
  • the system handles the call event, e.g., by conducting the call.
  • the user devices may access and display data objects obtained from the data server in the manner outlined section No. 2.
  • the data server may lack sufficient information to identify many subscribers in initial stages of its operation (e.g., when the known list contains only a few entries). In this case, the data server may be unable to retrieve and forward requested data objects until it-acquires sufficient knowledge of the subscribers' identities. The user would thus conduct his or her call without the supplement of phonepages or with restricted functionality.
  • the procedure of FIG. 11 repeats by waiting for a subsequent call event.
  • the known list now contains two known entries, i.e., corresponding to the initial seed subscriber (i.e., SI n , PI n ) and the party called in the previous call event (i.e., SI n , PI n ). Both of these entries can be used to uncover the identities of additional users. That is, if the initial seed subscriber calls yet another user, then the seed pairing (SI n , PI n ) can be used to uncover the identity of that other user. The same is true of the user SI n , PI n .
  • a subscriber having a known identity places a call to a subscriber having an unknown identity, thereby uncovering the unknown identity.
  • the basic procedure of FIG. 11 also applies to the case where a subscriber having an unknown identity places a call to a subscriber having a known identity. In this case too, the unknown identity can be uncovered.
  • the subscriber having the unknown identity places a call to the subscriber having a known identity (e.g., PI n , SI n ) over the circuit switched communication system.
  • the subscriber having the unknown identity may likewise forward a request to the data server.
  • the data server detects this event (in step 1112 ) and then determines whether the event pertains to an entry in the known list (in step 1114 ). More specifically, the subscriber having the unknown identity may forward its secret identification number (e.g., SI n ) along with the public identification number of the party it is calling (e.g., PI 1 ).
  • the data server detects a previously stored pairing pertaining to PI 1 ; thus, decision step 1114 is answered in the affirmative (“Y”).
  • step 1118 the data server accesses the known list and retrieves the pairing PI 1 , SI 1 , e.g., using the identification number PI 1 as an index (which was forwarded by the subscriber having an unknown identity).
  • the data server gets the ring response from the called party, in this case the subscriber having a known identity (PI 1 , SI 1 ).
  • the ring response may contain the secret identification number of the called party (e.g., SI 1 ) and the public identification number of the calling party (e.g., PI n ).
  • the data server now has all the information it needs to derive the identity of the unknown subscriber, namely the association between SI n and PI n . This new identity is stored in the new list in step 1124 .
  • FIG. 12 graphically shows how multiple identities can be derived from a single seed identity.
  • the seed identity pairing is designated by the letter “A.” It additionally contains the label “k” to designate that it represents a known, i.e., trusted, mapping between secret and public identities.
  • the seed identity pairing is used to uncover the identity pairings for subscribers B and C (this may be because the subscriber A placed telephone calls to subscribers B and C, or subscribers Band C placed a call to subscriber A).
  • the B pailing is then used to derive the identity pairings of subscribers D and E.
  • the D pairing is used to derive the identity pairings for subscribers G, H and I
  • the E identity pairing is used to derive the identity pairings of subscribers J and K.
  • this pattern of derivation is exemplary. The pattern will differ if any of the identified subscribers make a different selection of calls. In a best case (where no subscriber calls the same party more than once), the data server can uncover more than 65,000 identity pairs when each subscriber makes only 16 calls. The data server can uncover more than 1,000,000 identity pairs when the subscribers each make at least 20 calls.
  • the operator of the data server may wish to provide a small number of known seed identity pairings in different countries. This is because the subscribers may be less likely to call subscribers from other countries, thus slowing the propagation of the known identity list.
  • the user devices forwarded their secret identities (e.g., SI n ) to the data server.
  • secret identities e.g., SI n
  • some subscribers may be reluctant to release any secret information over the Internet (or other public or private network).
  • a user device n may first encrypt its secret identity to provide a fingerprint identity, denoted, FI n .
  • the user device then forwards its fingerprint identity FI n instead of the unencrypted secret identity SI n .
  • Any one of a variety of encryption techniques can be used to accomplish this purpose, such as DES.
  • FIG. 13 shows a procedure which has the same principal steps as FIG. 11, but uses the fingerprint identification number FI n instead of the secret identification number. That is, in step 1310 the data server establishes one or more seed pairings of identities (e.g., FI 1 , PI 1 ). The data server then awaits for a call event in step 1312 . If the call event involves a known subscriber (as determined in step 1314 ), then the data server executes the procedure 1316 for uncovering an additional known identity. This procedure 1316 follows the same steps identified with reference to FIG. 11. Namely, the data server obtains PI 1 from the database using the known fingerprint identity FI 1 as an index (in step 1318 ).
  • identities e.g., FI 1 , PI 1
  • the-data server receives the ring response from the called party (i.e., B-party), containing the fingerprint identity of the called party (i.e., FI n ) and the public identification number of the calling party (i.e., PI 1 ).
  • the data server uses the gathered information to establish a known pairing between FI n and PI n .
  • the data server stores the new known pairing in the known list of the database.
  • the procedure shown in FIG. 13 can also be used when a subscriber having an unknown identity places a call to a subscriber having a known identity, thereby uncovering the unknown identity.
  • the basic steps in this procedure were outlined above in connection with FIG. 11.
  • the known list 242 may contain inaccurate entries.
  • the operator of the switched communication system may change a numbering plan in a region (e.g., to allow more subscribers).
  • a secret identity may remain valid, but it is now associated with another public identity within the circuit-switched communication system.
  • This invalidates the entry in the known list of the data server, which contains the previous mapping between the secret and public identities.
  • the data server may unintentionally use incorrect entries to derive additional known identities. This may propagate the errors in the known list.
  • FIG. 14 illustrates this concept.
  • the circuit-switched system may have executed a renumbering plan which invalidated the derived identity pairing for subscriber C.
  • the data server may have subsequently used the incorrect pairing for subscriber C to derive the identity pairings for subscribers F, L and M.
  • the pairings for subscribers F, L and M may therefore also be wrong, as they may incorporate the incorrect mapping used in subscriber C's pairing.
  • FIG. 15 presents an exemplary technique for reducing the deleterious impact of the above-described problems.
  • the procedure starts in the same manner as FIGS. 11 and 13, e.g., by establishing seed identities (step 1510 ), determining if a call event has occurred (in step 1520 ), determining whether the call event pertains to an entry in the known list (step 1522 ), and if so, finding a new identity pairing based on the known pairings in the list (step 1524 ).
  • Step 1524 may specifically include the substeps identified in FIG. 11 or 13 (that is, for example, steps 1118 - 1122 in FIG. 11 or steps 1318 - 1322 in FIG. 13).
  • the procedure in FIG. 15 can uncover the pairing SI n , PI n (or FI n , PI n ) based on the initial seed pairing of SI 1 , PI 1 (or FI 1 , PI 1 ).
  • the derived identity (SI n , PI n or FI n , PI n ) may not be completely unknown, but may, in fact, have been previously derived.
  • the database may already store an identity pairing (i.e., SI n , PI n or FI n , PI n that was derived in a previous iteration of the procedure.
  • SI n , PI n or FI n , PI n that was derived in a previous iteration of the procedure.
  • another known A-party from the known list
  • the data server may have previously derived the identity pairing (SI n , PI n or FI n , PI n ) of the B-party based on that previous known A-party.
  • step 1526 the data server determines whether the newly uncovered identity pairing conflicts with a previously stored identity pairing. This may be the case where the previously stored identity pairing is now inaccurate, whereas the currently derived identity pairing is accurate.
  • the data server assigns confidence levels to the old and new identity pairings to assess their relative accuracy.
  • the data server can use a variety of parameters to define a confidence level.
  • one confidence parameter pertains to the “distance” from a trusted identity pairing to the identity pairing in question.
  • the “distance” corresponds to the number of derivations that were made, starting with a trusted identity pairing, to derive the final identity pairing in question.
  • an identity pairing which was determined in a long chain of derivations starting from a trusted identity pairing may have a lower confidence level than an identity pairing that was directly determined from a trusted identity pairing (e.g., without an intervening chain of derivations).
  • Other indicia of confidence may be used instead of the distance measure, or as a supplement to the distance measure.
  • another possible confidence parameter pertains to the “age” of the pairing, indicating the length of time since it was first uncovered. That is, the data server may be configured to give priority to more recent pairings based on the assumption that “old” pairings are more likely to be inaccurate than “new” pairings (having had more time to be corrupted by subsequent events).
  • Other confidence parameters may attach significance to the characteristics of the subscriber (or subscribers) used to derive the new identity (under the assumption that some “seed” subscribers may be more reliable than others). Other confidence parameters may reflect errors or failures experienced in the past when using a pairing in the known list.
  • the choice of parameters may depend on the communications environment of a specific application. Whatever parameters are used, the database may be configured to store the parameters along with their associated pairings so that they can be accessed and evaluated when performing the procedure defined by FIG. 15.
  • Step 1528 compares the confidence level of the current identity pairing with the confidence level of the previously derived identity pairing.
  • Step 1530 determines whether the new identity pairing is superior to the previous identity pairing based on their respective confidence levels. If so, the data server replaces the previous identity pairing with the new identity pairing (in step 1532 ). If the new identity pairing does not have a higher confidence level, the data server maintains the previous pairing in the database (in step 1536 ). The procedure terminates by the handling of the call in step 1534 .
  • FIG. 16 graphically shows how the procedure of FIG. 15 can be used to modify the identity pairings in the database.
  • the identity pairing for subscriber C has become inaccurate, thus infecting the identity pairings of subscribers F, L and M, which are derived from the identity pairing for subscriber C.
  • another 15 may also treat the A-party as a potential inferior party, which must then itself submit to a change in identity.
  • This algorithm thus has the potential of quickly affecting corrective action in the known list.Other mechanisms for correcting identity pairings are possible.
  • the database may maintain a record which traces the chain of identity pairing derivations. That is, the database may maintain information describing the links shown FIG. 16.
  • the data server could then invalidate all identity pairings that were derived based on this inaccurate identity pairing. If sufficient information is available, the data server may also attempt to correct erroneously derived identity pairings.
  • the above described techniques offer a number of benefits. For instance, the techniques allow a data server to uncover sufficient information regarding the identities of circuit-switched communication system subscribers to provide these subscribers with various services. Moreover, the data server performs this task without having to “break into” (i.e., directly access) the internal data records maintained by the circuit-switched communication network.
  • the technique of encrypting the user's secret identity prior to transmission to the data server helps to protect the privacy of the user.
  • the seed pairing can be established in an automatic manner (without requiring that the subscriber manually specify his or her identification numbers).
  • the data server may log call event information in its database. Namely, for instance, when an A-party places a call, the data server may record its secret identification number and the public identification number of the B-party it is calling. Also, when a B-party receives a call and forwards a response to the data server, the data server may record its secret identification number and the public identification number of the calling A-party. Further, the data server may be configured to store a timestamp which indicates when each of the events occurred.
  • the data server may establish the association between a particular secret identification number SI x and public identification number (PI x ) for a subscriber “x” by statistical inference based on the entries in the database. More specifically, presume that there were plural call events (i.e., n call events) pertaining to subscriber “x” (e.g., constituting calls placed by subscriber “x” or calls placed to subscriber “x”). For each of these events, the data server should have logged the secret identification number and the public identification number for subscriber “x” within a time period T.
  • the time period T may empirically reflect an interval of time which typically (e.g., on average) separates the logging of a secret identification number from the logging of a public identification number.
  • the association between SI x and PI x can therefore be derived by examining the entries in the database for each of the call events within the prescribed time period T. That is, the data server may examine the events that occurred within +T of the secret identification number SI x and within ⁇ T of the secret identification number SI x .
  • the association between SI x and PI x can be computed by counting the number of times that SI x is paired with PI x for the n events. If there is a true association between SI x and PI x , then the database should indicate several (e.g., n) pairings for the n events. (Of course, if a pairing between SI x and some other public identification number is more prevalent, then this pairing may indicate the true association.) This association may also be computed using more advanced correlation techniques, such as least squares, etc. The entries in the database may also be weighted depending on their proximity to an expected separation between secret and public identification numbers.
  • the data server may decrease the relevancy of pairings that are located relatively far apart from each other (but still within the interval T). Whatever association/correlation technique is used, the confidence level of this inferred identity pairing will obviously increase if the number of events n that the data server examines is increased.
  • the above-described inference calculations can also be used to provide yet another confidence parameter for use in the procedure of FIG. 15.
  • the data server can examine a plurality of call events pertaining to a subscriber to assess the accuracy of its identity pairing.
  • the above-described inference calculations can also be used to automatically correct identity pairings that are assessed to be inaccurate. These corrections can be performed at any time (e.g., not necessarily during the call event), because they draw from the stored call event data.
  • the above-described inference calculation can be used to derive multiple unknown identities (that is, additional unknown identifies beyond the initial seed identity). For instance, all of the identities can be derived by inference. The desirability of this solution may diminish as the number of subscribers in the system increases.
  • the data server stores the encrypted secret identification number (i.e., FI n ) in the known list without decrypting it. In this way, the data sever cannot uncover the secret identification number of a subscribers.
  • the data server can decrypt the encrypted secret identification number and store the decrypted identification number (i.e, SI n ) in the known list (that is, providing that the data server is authorized to obtain and use the encryption key). In this way, the circuit-switched system can at least limit the disclosure of secret identification numbers to authorized data servers.
  • the user device may include security logic for adding security data to the encrypted secret identification number.
  • the security data changes for each transmission session (e.g., each call).
  • the data server also includes security logic that separately computes the security data.
  • the data server's security logic strips the received security data from the encrypted secret identification number and compares it to its separately-computed security data. If the separately-computed security data is the same as the received security data, then the data server may process the call in its typical manner (e.g., by accessing and downloading a data object and/or by determining the identity of a subscriber).
  • the data server may terminate the connection or take some other appropriate security-related action.
  • This technique therefore serves to authenticate the identity of a user device. For instance, it provides a way of detecting whether an unauthorized party is wrongfully using an encryption key of a user device, and thus attempting to impersonate the user device.
  • the use of the security data also provides a technique for preventing an unauthorized party from tracking the transactions (e.g., calls) made by a subscriber (because it is not easy for the unauthorized user to uncover the security data which changes for each transaction).
  • the user device uses a sequential counter in each communication session (e.g., each call) to generate a count value, which constitutes the security data.
  • the data server maintains a similarly-configured sequential counter which is synchronized to generate the same count value for the session. More specifically, the user device increases the counter by one preceding each communication session. After a session is established, the counter in the data server is also incremented by one. Thus, the user device counter and the data server counter should track each other. Also, since the counter is first increased in the user device, any signaling failures can be recovered by performing a retry and by also increasing the counter value in the data server.
  • the user device appends the count value to the encrypted secret identification number and forwards it to the data server.
  • the data server strips the count value from the encrypted secret identification number and compares the received count value with its own separately-computed count value. Lack of agreement potentially indicates that an unauthorized transmission has occurred. Namely, if the counter in the user device is found to be different from the counter value in the data sever, the user device may have been impersonated. That is, disagreement in the count values may indicate that someone has wrongly appropriated the encryption key of the user device. The extent to which these values differ may indicate the degree of wrongful activity by the impersonating party (e.g., the number of wrongful call attempts by the impersonating party).
  • the security data is appended to an encrypted secret identification number, to thereby provide an additional level of security.
  • this technique could also be used without encrypting the secret identification number (e.g., by appending the security data to the unencrypted secret identification number).
  • a timer can generate a time value as the security data (e.g., in the case where the user device and data server are configured to generate the same time values for a transaction).
  • a random number generator can generate a random value as the security data (e.g., in the case where the user device and data server are configured to generate the same random values for a transaction.)

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A data server derives information regarding the identities of users placing calls in a circuit-switched communication network. It per forms this task by initially establishing at least one known and trusted identity “seed”. The data server uses the trusted identity seed, in conjunction with information regarding calls placed in the circuit-switched communication network, to derive additional user identities. Further, a user device may encrypt its secret identification number before transmitting it to the data server to maintain the secrecy of this information. The data server is additionally configured to modify previously derived identities when the server determines that they have become inaccurate.

Description

    BACKGROUND OF THE INVENTION
  • The present invention relates to a method and system for determining the identity of a system user. More specifically, the present invention pertains to a method and system for deriving the identity of a subscriber of a communications system for use in providing services to the subscriber. [0001]
  • The communications industry currently provides consumers with a wide array of new and/or enhanced communications technologies. The Global System for Mobile Communications (GSM), for instance, provides traditional circuit-switched communication to its subscribers. Circuit-switched systems allocate a fixed resource to a subscriber when making a call. The resource remains allocated even during idle periods in which the subscriber is transmitting no data. In contrast, the more recently developed General Packet Radio Service (GPRS) system provides packet-switched communication to its subscribers. Packet-based systems utilize communication resources only when information is being transmitted over the network. Further background details on GSM-compatible technology can be found in Lawrence Harte et al., GSM Superphones, McGraw-Hill, 1999. Further background details on the GPRS standard may be found in Christian Bettstetter et al., “GSM Phase 2+ General Packet Radio Service GPRS: Architecture, Protocols, and Air Interface,” IEEE Communications Surveys, <<http://www.comsoc.org/pubs/surveys>>, Third Quarter 1999, Vol. 2, No. 2. [0002]
  • In addition, the Internet (which uses packet data protocol) and other data communication networks (e.g., Intranets) now provide a wide variety of services to consumers. Most consumers continue to interface with the Internet using personal computers. More specifically, a user typically interfaces with these networks by dialing a modem pool to connect to a server. From there, the user has access to both local and global data networks. Browsers, such as Microsoft Explorer™ and Netscape Navigator™, allow the user to navigate on the Internet and switch between Internet pages or addresses. [0003]
  • Some efforts have been made in recent years to provide means for interfacing between different communication technologies and/or services. However, different communication services have generally evolved along independent paths, without giving adequate consideration to compatibility issues. It has therefore often proven challenging to provide an effective interface between these systems or to share information between these systems. For instance, service providers and communications operators are typically hesitant to release information concerning their subscribers' identities to other, non-affiliated, service providers. [0004]
  • For example, a GSM telephone forwards a GSM internal identification number to the communication system when it makes a call. This number is referred to as the Internal Mobile Subscriber Identity (IMSI) number. The communications system associates this number with the subscriber's public telephone number. This public number is formally referred to as the Mobile Subscriber Integrated Service Digital Network number (MSISDN). This protocol has a number of drawbacks. For instance, other service providers do not have access to the mappings between the secret and public identification numbers. This makes it difficult for these other service providers to provide supplemental services to the subscribers during the use of their communication devices. [0005]
  • One solution to the above problem would be to simply disclose the mappings of public and secret identities to all interested parties. However, in today's information age, many subscribers and operators are reluctant to divulge personal information over the Internet (and other public networks). There remains a general concern regarding invasion of privacy issues, and specific concerns regarding credit fraud and related issues. Accordingly, the above-identified solution may not be fully satisfactory. [0006]
  • There is therefore a need to provide more effective techniques for interfacing between different communication technologies, and in particular for conveying subscriber identity information between different communication technologies. [0007]
  • SUMMARY OF THE INVENTION
  • The technique disclosed herein addresses the above-identified problems. In accordance with one embodiment of the technique, a data server derives information regarding the identities of users placing calls in a circuit-switched communications network. It performs this task by initially establishing at least one known and trusted identity “seed.” This trusted identity is stored in a “known list.” The data server then uses the trusted identity seed, in conjunction with information regarding calls placed in the circuit-switched communication network, to derive additional user identities. The data server stores the derived identities in the known list. The derived user identities also serve as new “seeds” for uncovering additional user identities. In this fashion, the data server may quickly supply the identities of unknown users without having access to the internal databases maintained by the circuit switched communication system. [0008]
  • In one particular embodiment, the identities are defined by a pairing of secret and public identities used by the circuit-switched communications network to identify its subscribers (e.g., IMSI and MSISDN identification numbers, respectively). [0009]
  • Further, a user device may encrypt its secret identification number before transmitting it to the data server to maintain the secrecy of this information. [0010]
  • Further, the data server can additionally verify that the user identities stored in the known list remain valid. The data server can be configured to invalidate or correct inaccurate entries.[0011]
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present invention can be understood more completely by reading the following Detailed Description of exemplary embodiments, in conjunction with the accompanying drawings, in which: [0012]
  • FIG. 1 shows an exemplary system for implementing the techniques described herein; [0013]
  • FIG. 2 shows an exemplary server for use in the system of FIG. 1; [0014]
  • FIGS. [0015] 3-5 show different types of terminals that can interact with the system of FIG. 1;
  • FIG. 6 shows a procedure for requesting and displaying data objects; [0016]
  • FIG. 7 shows a procedure for servicing a request for data objects at a data server; [0017]
  • FIG. 8 shows a procedure for requesting and displaying data objects in an A-class user device; [0018]
  • FIG. 9 shows a procedure for requesting and displaying data objects in a B-class user device; [0019]
  • FIG. 10 shows a procedure for requesting and displaying data objects with respect to a called (B-party) user device; [0020]
  • FIG. 11 shows an exemplary technique for uncovering identity pairings based on one or more known “seed” pairings; [0021]
  • FIG. 12 graphically shows (in tree-type format) the derivation of multiple identity pairings from an initial known “seed” pairing using the technique of FIG. 1; [0022]
  • FIG. 13 shows an exemplary technique using encryption for uncovering identity pairings based on one or more known “seed pairings”; [0023]
  • FIG. 14 graphically shows (in tree-type format) the derivation of multiple identity pairings from an initial known “seed” pairing, particularly illustrating the effects of the erroneous mapping of identities; [0024]
  • FIG. 15 shows an exemplary technique for uncovering identity pairings based on one or more known “seed” pairings, including updating of erroneous identity mappings; and [0025]
  • FIG. 16 graphically shows (in tree-type format) the derivation of multiple identity pairings from an initial known “seed” pairing, particularly illustrating the correction of erroneous identity mappings using the technique of FIG. 15.[0026]
  • DETAILED DESCRIPTION OF THE INVENTION
  • 1. System Architecture [0027]
  • The identity mapping technique is described with reference to specific types of communication systems, standards and protocols to facilitate explanation. However, the technique can be implemented using other types of systems, including various types of circuit and packet-switched systems. The technique likewise can be implemented with reference to any type of fixed or mobile terminals using any type of access technology, such as Time Division Multiple Access (TDMA), Code Division Multiple Access (CDMA), Frequency Division Multiple Access (FDMA), Orthogonal Frequency Division Multiple Access (OFDMA), Time Division Duplex (TDD), Frequency Division Duplex (FDD), etc., or any combinations thereof. [0028]
  • FIG. 1 illustrates an overview of a [0029] system 10 that can implement the technique. The system 10 combines multiple different network infrastructures 110 for providing communication resources to a user device 100. More specifically, the system 10 includes a circuit-switched (CS) network and a packet-switched (PS) network. The circuit-switched part of the network may be implemented according to the GSM standard. It includes a Mobile Switching Center (MSC) 118 and a Base Station Subsystem (BSS) 112, which are well known to those skilled in the art. The circuit-switched part of the communication network interfaces with the Public Switched Communication Network (PSTN) 140. The PSTN can provide connection between a user device 100 and user device 150.
  • The packet-switched part of the network may be implemented using the GPRS standard. It include a Serving GPRS Support Node (SGSN) [0030] 114 and a Gateway GPRS Support Node (GGSN) 116. The BSS 112 also provides communication resources to the packet-switched part of the system. Namely, the BSS 112 provides both packet-switched communication resources (denoted by communication 162) and circuit-switched communication resources (denoted by communication 161). As shown, the packet-switched and circuit-switched parts of the network may also be interconnected by way of an interface between the MSC 118 and the SGSN 114.
  • The packet-switched part of the network interfaces with a [0031] data network 120. The data network can comprise any type of data network having limited or global access, such as an Intranet, the Internet, Local Area Network (LAN), etc. Also, the data network 120 typically includes one or more routers (not illustrated) and data bridges to interconnect nodes in the network and to enable the nodes to communicate with each other. The data network provides connection between the user terminal 100 and one or more data server objects 130.
  • Accordingly, a party using user device [0032] 100 (referred to as the A-party) may obtain a complete logical connection 171 to a user using user device 150 (referred to as the B-party). This channel is formed by the BSS circuit-switched resources 161 of BSS 112, MSC node 118, and PSTN 140. For example, this channel can be used to conduct real-time voice communication between user device 100 and user device 150. Similarly, a party using user device 100 may obtain a complete logical connection 172 to data server 130 connected to the data network 120. This channel is formed by the BSS packet-switched resources 162 of BSS 112, the SGSN 114, GGSN 116 node, and data network 120. This channel can be used to transmit data between the user device 100 and the data server 130.
  • In a variation of the present invention, the [0033] user device 100 does not support the use of a packet-switched communication channel. In this alternative embodiment (not shown), data objects from the server 130 (or some other network equipment) can be retrieved by other means, such as a Short Message Service (SMS) or a temporary CS communication channel.
  • In another variation, a packet-switched communication channel having a particular QoS is used for conveying speech within the [0034] communication system 10, and the PSTN 140 and the data network 120 are interconnected by some alternative known means (not shown in FIG. 1).
  • Having described the overall architecture of the [0035] system 10, further description of its structural components follows. Well known structure and protocol is not discussed so as to facilitate explanation.
  • The [0036] SGSN 114 typically includes functionality for the delivery of data packets from and to the user devices within its service area. It also performs packet routing and transfer, authentication and charging operations, mobility management, and logical link management.
  • The [0037] GGSN 116 acts as an interface between the GPRS system and external packet data networks. More specifically, this node converts the GPRS packets sent from the SGSN into the packet data protocol (PDP) format appropriate for the external network (e.g., Internet Protocol or X.25). It also transmits the converted packets to the packet data network. This node also converts PDP addresses of incoming data packets into the GSM address of destination user devices.
  • The [0038] data network 120 provides access to one or more data object servers 130 (only one is shown to simplify the discussion). FIG. 2 identifies features of the data server 130. It includes at least one CPU 210 connected to at least one memory device 220, a cache memory 250, at least one database 240, and at least one communication interface 230. Memory devices 220 and databases 240 can be non-volatile. The interface 230 enables the CPU 210 to send and receive data to/from the data network 120. The cache memory 250 allows storage of frequently used data objects so that the CPU 210 may obtain them in an efficient manner. The database 240 contains the actual data objects that can be requested by the user device 100 via the communication infrastructure 110 and the data network 120. The data object server 120 may also comprise a number of programs 260. The programs 260 can include a filter 270 allowing the data objects to be optimized according to the rendering capabilities of the user device 100. The programs 260 may also include an encryption/decryption engine 280 allowing data object requests to be decrypted and data objects to be encrypted.
  • According to a variation, various modules of the data server can be implemented as separate computers. The computers may be located together in one facility or located remotely from each other. [0039]
  • The [0040] database 240, including the known list 242, can comprise any type of storage media. For instance, it can comprise a hard-drive, RAM memory, magnetic media (e.g., discs, tape), optical media, printed media (e.g., lists), etc. The database 240 can be formed using any type of organization, such as relational, object-oriented, etc. The database 240 can be separated into two or more databases in a distributed fashion. Further, the database (or databases) 240 may contain redundant data. Any node can access the database (or databases) 240, including internal nodes (e.g., nodes internal to the data server system) or external nodes (e.g., nodes external to the data server system). The list 242 may be stored in the same physical storage media as the data objects (e.g., the phonepages), or in a separate database. Thus, the database 240 is intended to very generally represent any type of means of retaining data objects and subscriber identification information.
  • According to one aspect of the technique, the data objects stored in [0041] database 240 include graphical information objects associated with telephone numbers. These pages are alternatively referred to as “phonepages.” That is, for instance, selected phonepages might correspond to the telephone numbers of the subscribers of user device 100 and user device 150. The telephone number associated with user device 100 is referred to as an A-number pertaining to an A-party. The telephone number associated with user device 150 is referred to as a B-number pertaining to a B-party.
  • The system can be configured in such a manner that the A-party, upon dialing the B-number, connects to a data object server [0042] 130 (by way of the packet-switched communication channel) and receives a data object, e.g., a “phonepage” stored in a memory position in the data object server, with a memory address corresponding to the B-number dialed. The phonepage may, for example, comprise information about the B-party, such as phone number, address and other information. Alternatively, the phonepage may simply provide an immediate access to an internal or external data network as maintained by the B-party subscriber. After having received the B-party phonepage, the system can execute one or more procedures. For instance, if the B-number is addressing a POT (Plain Old Telephone) 150, a circuit-switched voice connection can be set up. If the B-number is addressing another device, other events may occur. The procedures performed may also depend on the type of A-party device 100 being used.
  • The [0043] database 240 also stores a list 242 of known associations between secret and public identification numbers of the communications system subscribers. That is, if the data server 130 successfully determines the association (or mapping) between a secret and public identification number for a subscriber, it stores this association in the list 242. In the exemplary GSM environment, the secret identification number would correspond to the Internal Mobile Subscriber Identity (IMSI) number. This is an internal (non-public) number used for internal call routing, billing, etc. The public identification number corresponds to the Mobile Subscriber Integrated Service Digital Network (MSISDN) number. This number is generally the same as the number that a third party enters to reach a subscriber.
  • The [0044] programs 260 also include an identity derivation module 272. This module 272 is used to derive the identities of communication system subscribers on the basis of information stored in the known list 242 of the database 240. Further details regarding this function are discussed in section No. 3 below.
  • FIGS. [0045] 3-5 show different types of user devices 100 that can interface with the network infrastructure 110. For instance, the user device 100 shown in FIG. 3 comprises a mobile telephone or a PDA with mobile telephone capabilities. The mobile telephone includes a central processing unit (hereafter CPU) 310 connected to at least one memory unit 324, and at least one display 328. The CPU 310 may also be connected to a keyboard device 312 or other type of input device. The memory unit 325 may be non-volatile (e.g., EEPROM or SIM card) in order to retain stored information, should power be temporarily unavailable. The CPU 310 is further connected to a radio unit 326 that can convert incoming and out going data to RF modulated signals in well-known fashion. The radio unit 326 also connects to an antenna 330 allowing the RF modulated signals to be received/transmitted from/to an RF compatible media (e.g., air). The radio unit 326 may also directly or indirectly be connected to an earphone 320 and a microphone 322 to enable voice communication.
  • The user device may further comprise a plurality of [0046] programs 314, such as a browser 316. The browser 316 presents at least one type of data object to a user for viewing. The programs 314 may also include an encryption/decryption engine 318 that encrypts data object requests and decrypts received data objects. The user device may optionally include cache memory (not shown) for storing and retrieving frequently used display objects, etc.
  • FIG. 4 illustrates another type of [0047] user device 100 that can be used to interface with network infrastructure 110. The device shown there is a fixed (non-mobile) telephone with graphic capabilities. According to this second variant, the user device includes the same basic components discussed above in connection with FIG. 3, including CPU 410, keyboard 412, memory 424, earphone 420, microphone 422, display 428, and programs 414. The programs include browser 416 and encryption/decryption engine 418. The user device 100 in FIG. 4 differs by replacing the radio unit 326 with a media adapter 450, and by replacing the antenna 330 with a hardwired connection 452. The media adapter 450 converts incoming and outgoing signals to and from a particular media standard, including but not limited to ISDN, ADSL, HDSL, VDSL, various cable network-compatible formats, etc.
  • FIG. 5 shows yet another type of [0048] user device 100, 500 that can interface with the communication infrastructure 110. The user device 500 shown here comprises a mobile telephone 502 that may lack data object rendering capabilities. The mobile telephone 502 interfaces with a Personal Digital Assistance Device (PDA) device 504 (or similar device) via a communication link 506. The communication link 506 may comprise, for example, an infrared, radio (e.g., Bluetooth™) or wire communication arrangement. The PDA 504 includes functionality for displaying and manipulating the data objects.
  • More specifically, the [0049] mobile telephone 502 in FIG. 5 generally includes many of the same basic components discussed above in connection with FIG. 3, including CPU 510, keyboard 512, memory 524, earphone 520, microphone 522, display 528, radio unit 536 and antenna 530. The mobile telephone 502, however,-may lack the programs 314 shown in FIG. 3.
  • The [0050] PDA 504 shown in FIG. 5 includes a CPU 570 connected to at least one memory unit 572, and at least one display 582. The CPU 570 may also be connected to a keyboard device 574 or other known type of input device (to allow, for instance, a user to enter digits.) The memory unit 572 may be non-volatile (e.g., EEPROM or SIM card) in order to retain stored information, should power be temporarily unavailable. The PDA 504 further comprises a collection of programs 576 including but not limited to a browser 578 that can present at least one type of data object to the user. The programs 576 also may include an encryption/decryption engine 580 allowing data object requests to be encrypted and data objects to be decrypted.
  • Returning to FIG. 1, the [0051] PSTN 140 provides access to another user device 150 over the fixed network. The user device 150 can also comprise any type of communication device, such as a “plain old telephone” (POT), facsimile or data modem devices, etc. The PSTN 140 can also interface (directly or indirectly) with a host of other types of devices or systems, such ISDN terminals and communication devices connected via a Digital Subscriber line (DSL).
  • Also, the PSTN can interface with another wireless system (e.g., having at least one MSC connected to at least one BSS) to provide wireless connection to a mobile telephone or like device. In this case, [0052] user device 150 may comprise a mobile telephone having any of the features discussed above in connection with FIGS. 3-5, or some other type of mobile device.
  • 2. System Operation [0053]
  • Having described the exemplary architecture of the [0054] system 10, its operation will now be discussed.
  • FIG. 6 is a flow diagram of a procedure used by the [0055] user device 100 for communicating a phonepage to an A-party. The procedure starts by an initiation from the A-party, (e.g., a user device 100 is switched on). Step 610 indicates the occurrence of some triggering event that causes the generation of a phonepage request. The trigger may be attributed to an automatic event (e.g., as when a call is terminated by the other party), or may be attributed to a manual event (e.g., as when the A-party dials a number, such as the B-number). More specifically, the triggering event may be at least one of the following incidents: a) an outgoing call is (or is about to be) initiated.; b) an addressed B-party answers a call; c) an addressed B-party is busy; d) an addressed B-party does not answer; e) an addressed B-party rejects a call; f) an addressed B-party is unavailable (e.g., an addressed mobile phone is out of coverage); g) an incoming call is imminent or has just started; h) a conference call is or is about to be initiated; i) a call is disconnected; j) a call is conducted (under which several triggering events can be generated); k) a subscriber is put on hold; l) a new cell in the PLMN has been selected; m) the location of a subscriber has changed; n) a new Public Land Mobile Network (PLMN) operator is selected; o) a new country of registration is made; p) a user device is about to be switched off; q) a user device has been switched on; r) a designated button on a user device is pressed; s) a talk spurt is received by a user device; t) a voice mail has been left to a subscriber; and u) an SMS has been sent to a subscriber.
  • The A-party initiates a request in [0056] step 630, possibly after encryption in step 620, and sends this request via a communication channel (e.g., a packet-switched channel as illustrated in FIG. 1) to a data object server. The data object request may include at least one of the following parameters: a) a requested protocol to be used for transmission (e.g., WAP, WML, HDML, HTML, XML, etc.); b) an identification of a data object server (e.g., a server name or a plain IP address); c) a code denoting what kind of event triggered the data object request (e.g., outgoing call setup); d) the indicated B-number associated with at least one B-party equipment; e) an A-party identity and/or a secret A-party identity (e.g., an A-number of a mobile station); f) a network address of the A-party (e.g., IP address) used by the data object server when returning a requested data object; g) a capability code indicating the displaying capabilities of the A-party (e.g., screen resolution, audio, etc.); h) a code indicating an encryption scheme or encryption key used; i) a code indicating the country that the mobile station is registered in (i.e., country code); j) a code identifying the current PLMN (V-PLMN) operator or the PLMN where the A-party has a subscription (H-PLMN) or both; k) a code indicating the vendor of the mobile station and the type of the mobile station.; l) a code indicating a unique equipment identity; and m) a validation code (e.g., a checksum) of the parameters.
  • The data object request in [0057] step 630 may be answered by the data object server in an encrypted format. In this case, the user device 100 decrypts the object in decryption step 650 following the reception of the object at the user device 100 (in step 640). The user device 100 renders the data objects in step 660 in accordance with the capabilities of the user device 100.
  • Following [0058] step 660, a number of additional procedures may be performed which depend on the capabilities of the A-party user device 100 and/or the type of equipment addressed by the B-number. For example, a call may be set up or a call may be disconnected.
  • FIG. 7 shows corresponding procedures performed in a data object server (such as data object server [0059] 130) in response to the procedures shown in FIG. 6. Namely, in step 710 the data object server receives a request for a data object. The request typically includes (in exemplary embodiments) at least an indication specifying an A- or B-number and a specification of what kind of action triggered the request. If the request is encrypted, decryption will be performed in step 720 before interpreting the content. The address indication (e.g., A- or B-number) in the request received in step 710 will be mapped to a memory address in the data object server, or to an address provided in another database maintained at some other site. The address may specify a data object, such as a phonepage. The data server retrieves the database in step 730. The request received in step 710 may also include an indication of a user device display capability; in this case, the data server may adapt the retrieved data object to the requested format. Alternatively, the database may store the data objects in different formats. In this case, the data server complies with the request by retrieving the data object having the correct format. Step 750 encrypts the request if requested or necessary. The data server sends the encrypted data object in step 760.
  • The above-described general technique for accessing a data object associated with a specified address may be varied in a number of different ways, depending on, for example, the communication capabilities of the user devices. For example, one or more of the steps described as being sequentially performed can be performed concurrently. [0060]
  • User devices, such as mobile telephones, are currently capable of handling both packet-switched and circuit-switched communication simultaneously. These devices are generally referred to as “class A” mobile telephones. Other mobile telephones have designs that allow packet-switched and circuit-switched communication in an alternative fashion. That is, these phones can alternate between packet-switched and circuit-switched communication, but cannot conduct both types of communication at the same time. These mobile telephones are referred to as “class B” mobile stations. [0061]
  • FIG. 8 shows exemplary procedures used when a circuit-switched connection is initiated from a class A user device. In [0062] step 810, the user initiates a call session by indicating a B-number of a B-party, e.g., by pressing a digit, a button or by activating a voice recognition mechanism. The user device then starts to set up two different connections, a circuit-switched connection for a voice communication channel in step 820, and a packet-switched communication channel for retrieval of a phonepage in steps 840-880. These procedures may be performed simultaneously in a class A user device.
  • For the circuit-switched procedures, a voice connection with a B-party is initiated in [0063] step 820. Further, the circuit-switched communication system assigns a communication resource over which a telephone conversation can take place. The voice conversation ends (in step 830) in a conventional manner, for example by pressing a designated button on the mobile user device or hanging up a handheld part of a fixed network telephone. Ending the call also involves deallocation of relevant communication resources within the circuit-switched part of the mobile communication network, as well as, e.g., any PSTN resources involved in the connection.
  • The packet-switched procedures basically follow the procedures described with reference to FIG. 6. Namely, the procedure involves sending a data object request in [0064] step 850, optionally after encryption in step 840. The user device receives the data objects in step 860, decrypts the data objects in step 870 (if necessary), and displays the data objects in step 880. At this point, the packet-switched connection also ends.
  • As mentioned above, a class B type user device cannot simultaneously handle packet-switched and circuit-switched communication. FIG. 9 shows a procedure for handling voice and data communication under these constraints. In [0065] step 920 the class B type user device indicates a B-number in the manner described above with reference to FIG. 8. The procedure then advances to step 930, where the user device determines whether a phonepage is being requested or not. That is, a user may directly request the phonepage. Alternatively, the B-number that was dialed prompts such a request. For instance, in an exemplary embodiment, double clicking on a designated SEND button indicates that the phone page is to be requested. If no phone page is requested, the procedure advances to steps 970 and 980 where the circuit-switched call is conducted and then terminated.
  • If a phonepage is requested, then the user device encrypts a data object request (in step [0066] 940) and then sends the request (in step 950) over a packet-switched communication channel. If the packet session is not interrupted (as determined in step 960) then the user terminal receives the data object (in step 962) and displays the data objects (in step 964). And if data packet transmission is complete (as determined in step 968) then the procedure advances to steps 970 and 980 where the circuit-switched communication is then conducted.
  • The downloading of the packet-switched data objects may be interrupted for various reasons. For example, a user may deliberately wish to terminate the download of the data object and proceed directly to the circuit-switched communication. The download may also be automatically terminated if it is taking too long or there is an error in the transmission, or because of some other reason. In any case, if the download is interrupted (as determined in step [0067] 960), the circuit-switched call is conducted in steps 970 and 980.
  • In alternative embodiments, the user device may download data objects when the user device is idle (e.g., not conducting a circuit-switched communication). Further, the user device may store the phonepages of commonly accessed numbers in its memory to obviate or reduce the need to access the data server upon every telephone call. [0068]
  • So far, the retrieval of phonepages for display at an A-party user device has been addressed. A B-party may similarly display a phonepage related to a connection, preferably a phonepage associated with the A-party number. FIG. 10 shows the procedures used in a B-party user device for retrieval of A-party phonepages. In the exemplary embodiment shown in FIG. 10, the user device is an A-class device (giving it the ability to simultaneously communicate over the circuit-switched network and the public switched network). [0069]
  • The procedure starts when the B-party receives a call. In [0070] step 1010, the communication system allocates a communication channel for conducting the communication. In step 1020, an indication of the call originating identity, i.e., the A-party identity, and preferably an A number, is revealed to the B-party. The B-party user device then sends a data object request (in step 1080) to a data object server after optionally encrypting the request (in step 1070). The request is, when received in the server, treated in a manner similar to that outlined above for the A-party user device. Namely, the B-party user device obtains the data object (in step 1082), decrypts the data object if necessary (in step 1084) and displays the data object (in step 1086).
  • If the call is answered (as determined in step [0071] 1030), the voice connection may follow the same procedures (steps 1040 and 1050) as those described in relation to FIG. 8, for instance. If the call is not answered the voice communication terminates.
  • Further details regarding the architecture and operation of the [0072] system 10 shown in FIG. 1 can be obtained by review of the copending application Ser. No. 09/644,307 (the '307 application), entitled “Method and Apparatus for Exchange of Information in a Communication Network,” and filed on Aug. 23, 2000, which is incorporated herein by reference in its entirety. The '307 application is based on provisional application No. 60/176,806, filed on Jan. 19, 2000, which is also incorporated herein by reference in its entirety.
  • 3. Identification Procedures [0073]
  • As described above, in the GSM standard, the user device includes a Subscriber Identification Module (SIM) that stores an Internal Mobile Subscriber Identity (IMSI) number. When the user device makes a call it forwards its IMSI number to the circuit-switched communications system. The user device does not typically transmit its actual public telephone number. This public number is formally referred to as its Mobile Subscriber Integrated Service Digital Network number (MSISDN). The circuit-switched communication system can translate the IMSI number to the MSISDN number by reference to databases which provide mapping between these two identities. [0074]
  • The [0075] data server 130 may not be directly affiliated with the circuit-switched service and therefore may not have direct access to the mapping between the IMSI and MSISDN numbers. The following procedures allow the data server 130 to gain sufficient information regarding the identities of the subscribers to provide services to these users (e.g., to supply data objects, such as phonepages, to the users).
  • For example, FIG. 11 shows a first procedure for uncovering public MSISD numbers. In the following discussion, secret identification numbers (such as internal GSM IMSI numbers) are denoted by “SI” (for secret identity). On the other hand, public identification numbers (such as GSM MSISDN numbers) are referred to as “PI” (for public identity). It should be recognized, however, that reference to the GSM subscriber identification scheme is illustrative. The disclosed technique finds application to other communications environments which use different identification numbers and/or protocols. Further, in the GSM context, the descriptive labels “secret” and “public” are used for convenience of explanation and do not necessary imply complete secrecy or public disclosure. In fact, the circuit-switched operators may choose to divulge secret identification numbers to the public, or the subscribers may opt to restrict the disclosure of public identification numbers from the public. [0076]
  • The procedure starts in [0077] step 1110, where the data server establishes a “seed” pairing which maps a known secret identity SI1 to a known public identity PI1. One simple way to establish a known identity is to have a circuit-switched system operator manually or automatically enter or forward the seed pairing. Alternatively, the system may enable any subscriber to directly contact the data server 130 (e.g., by dialing a special telephone number assigned to the data server and retrieving a data object page sponsored by the data server). At that time, the data server software will prompt the subscriber to directly register the seed pairing. More specifically, the data server may automatically derive or extract a subscriber's secret identification number and then prompt the subscriber to manually enter his or her public identification number (e.g., in an appropriate entry field of the page). The secret identification number can be derived or extracted on the basis of information ordinarily transmitted in the course of setting up a connection. (Such a procedure is useful, as a subscriber may be unaware of his or her secret identification number.) Other procedures for registering a seed pairing can be used. For instance, the data server may execute a menu-based prerecorded dialogue with a subscriber to collect necessary identification information. Whatever method is used, the data server then stores the seed pairing in the database of the data server, e.g., in the “known list” 242 of database 240 (with reference to FIG. 2).
  • The data server then waits for a call event (in step [0078] 1112). The call event may comprise any event discussed in section No. 2 above. For example, a call event may be caused by the A-party (e.g., using device 100) dialing the phone number of the B-party (e.g., using device 150) to set up a call, which may prompt the system to generate a request to the data server.
  • In [0079] step 1114 the data server receives the request that accompanies a call set up, and the information contained therein. In one embodiment, the A-party user device may specify its secret identification number and the public identification number of the party it is calling. The data server then determines whether this call information pertains to any entry in the “known list.” For example, for illustration purposes, suppose that that the list contains the known pairing SI1, PI1 corresponding to a first subscriber. Further suppose that this first subscriber makes a telephone call to another party “n.” In this case, the data server may receive the secret identity of the known user (i.e., SI1) and the public identity of the other terminal n (denoted by PIn).
  • [0080] Step block 1116 then derives a new identity pair (e.g., SIn, PIn) from the gathered information. More specifically, in step 1118, the data server accesses the known list to determine the public identity corresponding to the received known secret identity. That is, in one example, the data server determines PI1 using SI1 (which was received from the user device which initiated the call) as an index. In step 1120, the data server obtains a ring response from the B-party. More specifically, in the course of setting up a call, the circuit-switched communication network pages the called party (i.e., the B-party) with a ring signal. The circuit-switched communication network may also inform the called party of the public identity of the calling party (e.g., PI1).
  • The “ring response” refers to the called party's response to the ring signal. The ring response is forwarded to the data server. It may contain the secret identification number of the called user (i.e., SI[0081] n) and the public identification number of the calling A-party subscriber (i.e., PI1).
  • In [0082] step 1122 the data server then associates the pubic identification number PI1 received in the ring response with the public identification number PI1 received from the database look-up (i.e., from step 11118). The gathered information now permits the data server to associate the secret identification number and public identification number of the called party (i.e., SIn, PIn), and thus establish another known identity. In step 1124, the data server adds the new identity pair (i.e., SIn, PIn) to the known list 242.
  • In step [0083] 1126, the system handles the call event, e.g., by conducting the call. The user devices may access and display data objects obtained from the data server in the manner outlined section No. 2. However, the data server may lack sufficient information to identify many subscribers in initial stages of its operation (e.g., when the known list contains only a few entries). In this case, the data server may be unable to retrieve and forward requested data objects until it-acquires sufficient knowledge of the subscribers' identities. The user would thus conduct his or her call without the supplement of phonepages or with restricted functionality.
  • The procedure of FIG. 11 repeats by waiting for a subsequent call event. The known list now contains two known entries, i.e., corresponding to the initial seed subscriber (i.e., SI[0084] n, PIn) and the party called in the previous call event (i.e., SIn, PIn). Both of these entries can be used to uncover the identities of additional users. That is, if the initial seed subscriber calls yet another user, then the seed pairing (SIn, PIn) can be used to uncover the identity of that other user. The same is true of the user SIn, PIn. If this known subscriber calls another person, then the uncovered pairing SIn, PIn can be used to uncover the identity of that other person. It will therefore be appreciated that there will be a rapid “explosion” in the discovery of identities because the entries in the known list serve as seeds for uncovering yet further identities, and the known subscribers themselves serve as agents for propagating information to the data server.
  • In the above discussion of FIG. 11, a subscriber having a known identity places a call to a subscriber having an unknown identity, thereby uncovering the unknown identity. The basic procedure of FIG. 11 also applies to the case where a subscriber having an unknown identity places a call to a subscriber having a known identity. In this case too, the unknown identity can be uncovered. [0085]
  • More specifically, the subscriber having the unknown identity (e.g., SI[0086] n, PIn) places a call to the subscriber having a known identity (e.g., PIn, SIn) over the circuit switched communication system. The subscriber having the unknown identity may likewise forward a request to the data server. The data server detects this event (in step 1112) and then determines whether the event pertains to an entry in the known list (in step 1114). More specifically, the subscriber having the unknown identity may forward its secret identification number (e.g., SIn) along with the public identification number of the party it is calling (e.g., PI1). The data server detects a previously stored pairing pertaining to PI1; thus, decision step 1114 is answered in the affirmative (“Y”).
  • In [0087] step 1118 the data server accesses the known list and retrieves the pairing PI1, SI1, e.g., using the identification number PI1 as an index (which was forwarded by the subscriber having an unknown identity). In step 1120 the data server gets the ring response from the called party, in this case the subscriber having a known identity (PI1, SI1). The ring response may contain the secret identification number of the called party (e.g., SI1) and the public identification number of the calling party (e.g., PIn). In step 1122, the data server now has all the information it needs to derive the identity of the unknown subscriber, namely the association between SIn and PIn. This new identity is stored in the new list in step 1124.
  • FIG. 12 graphically shows how multiple identities can be derived from a single seed identity. In this case, the seed identity pairing is designated by the letter “A.” It additionally contains the label “k” to designate that it represents a known, i.e., trusted, mapping between secret and public identities. The seed identity pairing is used to uncover the identity pairings for subscribers B and C (this may be because the subscriber A placed telephone calls to subscribers B and C, or subscribers Band C placed a call to subscriber A). The B pailing is then used to derive the identity pairings of subscribers D and E. The D pairing is used to derive the identity pairings for subscribers G, H and I, while the E identity pairing is used to derive the identity pairings of subscribers J and K. The reader will appreciate that this pattern of derivation is exemplary. The pattern will differ if any of the identified subscribers make a different selection of calls. In a best case (where no subscriber calls the same party more than once), the data server can uncover more than 65,000 identity pairs when each subscriber makes only 16 calls. The data server can uncover more than 1,000,000 identity pairs when the subscribers each make at least 20 calls. [0088]
  • In a multi-country context, the operator of the data server may wish to provide a small number of known seed identity pairings in different countries. This is because the subscribers may be less likely to call subscribers from other countries, thus slowing the propagation of the known identity list. [0089]
  • In the FIG. 11 procedure, the user devices forwarded their secret identities (e.g., SI[0090] n) to the data server. However, some subscribers may be reluctant to release any secret information over the Internet (or other public or private network). Thus, as an alternative to the procedure of FIG. 11, a user device n may first encrypt its secret identity to provide a fingerprint identity, denoted, FIn. The user device then forwards its fingerprint identity FIn instead of the unencrypted secret identity SIn. Any one of a variety of encryption techniques can be used to accomplish this purpose, such as DES.
  • FIG. 13 shows a procedure which has the same principal steps as FIG. 11, but uses the fingerprint identification number FI[0091] n instead of the secret identification number. That is, in step 1310 the data server establishes one or more seed pairings of identities (e.g., FI1, PI1). The data server then awaits for a call event in step 1312. If the call event involves a known subscriber (as determined in step 1314), then the data server executes the procedure 1316 for uncovering an additional known identity. This procedure 1316 follows the same steps identified with reference to FIG. 11. Namely, the data server obtains PI1 from the database using the known fingerprint identity FI1 as an index (in step 1318). In step 1320, the-data server receives the ring response from the called party (i.e., B-party), containing the fingerprint identity of the called party (i.e., FIn) and the public identification number of the calling party (i.e., PI1). In step 1322, the data server uses the gathered information to establish a known pairing between FIn and PIn. In step 1324, the data server stores the new known pairing in the known list of the database.
  • Further, the procedure shown in FIG. 13 can also be used when a subscriber having an unknown identity places a call to a subscriber having a known identity, thereby uncovering the unknown identity. The basic steps in this procedure were outlined above in connection with FIG. 11. [0092]
  • The known [0093] list 242 may contain inaccurate entries. For instance, the operator of the switched communication system may change a numbering plan in a region (e.g., to allow more subscribers). In this case, a secret identity may remain valid, but it is now associated with another public identity within the circuit-switched communication system. This invalidates the entry in the known list of the data server, which contains the previous mapping between the secret and public identities. Moreover, the data server may unintentionally use incorrect entries to derive additional known identities. This may propagate the errors in the known list. FIG. 14 illustrates this concept. In this exemplary case, the circuit-switched system may have executed a renumbering plan which invalidated the derived identity pairing for subscriber C. This is graphically indicated by the symbol “w” associated with subscriber C, designating that the list contains the “wrong” pairing. Further, the data server may have subsequently used the incorrect pairing for subscriber C to derive the identity pairings for subscribers F, L and M. The pairings for subscribers F, L and M may therefore also be wrong, as they may incorporate the incorrect mapping used in subscriber C's pairing.
  • Similar problems are encountered when a subscriber is issued a new SIM card containing a new secret identity. In this case, the public identity of the subscriber remains the same, but the secret identity may have changed. This invalidates the identity pairing in the known list of the data server (which is based on a previous association of secret and public identity pairings). [0094]
  • FIG. 15 presents an exemplary technique for reducing the deleterious impact of the above-described problems. The procedure starts in the same manner as FIGS. 11 and 13, e.g., by establishing seed identities (step [0095] 1510), determining if a call event has occurred (in step 1520), determining whether the call event pertains to an entry in the known list (step 1522), and if so, finding a new identity pairing based on the known pairings in the list (step 1524). Step 1524 may specifically include the substeps identified in FIG. 11 or 13 (that is, for example, steps 1118-1122 in FIG. 11 or steps 1318-1322 in FIG. 13). Thus, as with the FIG. 11 procedure, the procedure in FIG. 15 can uncover the pairing SIn, PIn (or FIn, PIn) based on the initial seed pairing of SI1, PI1(or FI1, PI1).
  • In the procedure of FIG. 15, however, the derived identity (SI[0096] n, PIn or FIn, PIn) may not be completely unknown, but may, in fact, have been previously derived. Thus, the database may already store an identity pairing (i.e., SIn, PIn or FIn, PIn that was derived in a previous iteration of the procedure. For example, another known A-party (from the known list) may have previously placed a call to the currently contacted B-party, and the data server may have previously derived the identity pairing (SIn, PIn or FIn, PIn) of the B-party based on that previous known A-party.
  • Accordingly, in [0097] step 1526, the data server determines whether the newly uncovered identity pairing conflicts with a previously stored identity pairing. This may be the case where the previously stored identity pairing is now inaccurate, whereas the currently derived identity pairing is accurate.
  • The data server assigns confidence levels to the old and new identity pairings to assess their relative accuracy. The data server can use a variety of parameters to define a confidence level. [0098]
  • For instance, one confidence parameter pertains to the “distance” from a trusted identity pairing to the identity pairing in question. The “distance” corresponds to the number of derivations that were made, starting with a trusted identity pairing, to derive the final identity pairing in question. For instance, an identity pairing which was determined in a long chain of derivations starting from a trusted identity pairing may have a lower confidence level than an identity pairing that was directly determined from a trusted identity pairing (e.g., without an intervening chain of derivations). [0099]
  • Other indicia of confidence may be used instead of the distance measure, or as a supplement to the distance measure. For instance, another possible confidence parameter pertains to the “age” of the pairing, indicating the length of time since it was first uncovered. That is, the data server may be configured to give priority to more recent pairings based on the assumption that “old” pairings are more likely to be inaccurate than “new” pairings (having had more time to be corrupted by subsequent events). Other confidence parameters may attach significance to the characteristics of the subscriber (or subscribers) used to derive the new identity (under the assumption that some “seed” subscribers may be more reliable than others). Other confidence parameters may reflect errors or failures experienced in the past when using a pairing in the known list. [0100]
  • The choice of parameters may depend on the communications environment of a specific application. Whatever parameters are used, the database may be configured to store the parameters along with their associated pairings so that they can be accessed and evaluated when performing the procedure defined by FIG. 15. [0101]
  • [0102] Step 1528 compares the confidence level of the current identity pairing with the confidence level of the previously derived identity pairing. Step 1530 determines whether the new identity pairing is superior to the previous identity pairing based on their respective confidence levels. If so, the data server replaces the previous identity pairing with the new identity pairing (in step 1532). If the new identity pairing does not have a higher confidence level, the data server maintains the previous pairing in the database (in step 1536). The procedure terminates by the handling of the call in step 1534.
  • FIG. 16 graphically shows how the procedure of FIG. 15 can be used to modify the identity pairings in the database. As in the FIG. 14 depiction, the identity pairing for subscriber C has become inaccurate, thus infecting the identity pairings of subscribers F, L and M, which are derived from the identity pairing for subscriber C. In this situation, presume that another [0103] 15 may also treat the A-party as a potential inferior party, which must then itself submit to a change in identity. This algorithm thus has the potential of quickly affecting corrective action in the known list.Other mechanisms for correcting identity pairings are possible. For instance, the database may maintain a record which traces the chain of identity pairing derivations. That is, the database may maintain information describing the links shown FIG. 16. Upon discovery of an inaccurate identity pairing, the data server could then invalidate all identity pairings that were derived based on this inaccurate identity pairing. If sufficient information is available, the data server may also attempt to correct erroneously derived identity pairings.
  • The above described techniques offer a number of benefits. For instance, the techniques allow a data server to uncover sufficient information regarding the identities of circuit-switched communication system subscribers to provide these subscribers with various services. Moreover, the data server performs this task without having to “break into” (i.e., directly access) the internal data records maintained by the circuit-switched communication network. [0104]
  • Further, the technique of encrypting the user's secret identity prior to transmission to the data server helps to protect the privacy of the user. [0105]
  • The method and system described above can be modified in various ways. For instance, the seed pairing can be established in an automatic manner (without requiring that the subscriber manually specify his or her identification numbers). For instance, in an alternative embodiment, the data server may log call event information in its database. Namely, for instance, when an A-party places a call, the data server may record its secret identification number and the public identification number of the B-party it is calling. Also, when a B-party receives a call and forwards a response to the data server, the data server may record its secret identification number and the public identification number of the calling A-party. Further, the data server may be configured to store a timestamp which indicates when each of the events occurred. [0106]
  • In the above-described variation, the data server may establish the association between a particular secret identification number SI[0107] x and public identification number (PIx) for a subscriber “x” by statistical inference based on the entries in the database. More specifically, presume that there were plural call events (i.e., n call events) pertaining to subscriber “x” (e.g., constituting calls placed by subscriber “x” or calls placed to subscriber “x”). For each of these events, the data server should have logged the secret identification number and the public identification number for subscriber “x” within a time period T. The time period T may empirically reflect an interval of time which typically (e.g., on average) separates the logging of a secret identification number from the logging of a public identification number. The association between SIx and PIx can therefore be derived by examining the entries in the database for each of the call events within the prescribed time period T. That is, the data server may examine the events that occurred within +T of the secret identification number SIx and within −T of the secret identification number SIx.
  • The association between SI[0108] x and PIx can be computed by counting the number of times that SIx is paired with PIx for the n events. If there is a true association between SIx and PIx, then the database should indicate several (e.g., n) pairings for the n events. (Of course, if a pairing between SIx and some other public identification number is more prevalent, then this pairing may indicate the true association.) This association may also be computed using more advanced correlation techniques, such as least squares, etc. The entries in the database may also be weighted depending on their proximity to an expected separation between secret and public identification numbers. That is, the data server may decrease the relevancy of pairings that are located relatively far apart from each other (but still within the interval T). Whatever association/correlation technique is used, the confidence level of this inferred identity pairing will obviously increase if the number of events n that the data server examines is increased.
  • The above-described inference calculations can also be used to provide yet another confidence parameter for use in the procedure of FIG. 15. Namely, the data server can examine a plurality of call events pertaining to a subscriber to assess the accuracy of its identity pairing. The above-described inference calculations can also be used to automatically correct identity pairings that are assessed to be inaccurate. These corrections can be performed at any time (e.g., not necessarily during the call event), because they draw from the stored call event data. [0109]
  • In yet another alternative embodiment, the above-described inference calculation can be used to derive multiple unknown identities (that is, additional unknown identifies beyond the initial seed identity). For instance, all of the identities can be derived by inference. The desirability of this solution may diminish as the number of subscribers in the system increases. [0110]
  • In the above-described encryption technique (e.g., with reference to FIG. 13), the data server stores the encrypted secret identification number (i.e., FI[0111] n) in the known list without decrypting it. In this way, the data sever cannot uncover the secret identification number of a subscribers. In an alternative technique, the data server can decrypt the encrypted secret identification number and store the decrypted identification number (i.e, SIn) in the known list (that is, providing that the data server is authorized to obtain and use the encryption key). In this way, the circuit-switched system can at least limit the disclosure of secret identification numbers to authorized data servers.
  • Further, additional measures can be taken to protect the security of transmission within the system. For instance, the user device may include security logic for adding security data to the encrypted secret identification number. The security data changes for each transmission session (e.g., each call). The data server also includes security logic that separately computes the security data. In operation, the data server's security logic strips the received security data from the encrypted secret identification number and compares it to its separately-computed security data. If the separately-computed security data is the same as the received security data, then the data server may process the call in its typical manner (e.g., by accessing and downloading a data object and/or by determining the identity of a subscriber). If the separately-computed security data differs from the received security data, then there has been a potential security violation. In this case, the data server may terminate the connection or take some other appropriate security-related action. This technique therefore serves to authenticate the identity of a user device. For instance, it provides a way of detecting whether an unauthorized party is wrongfully using an encryption key of a user device, and thus attempting to impersonate the user device. The use of the security data also provides a technique for preventing an unauthorized party from tracking the transactions (e.g., calls) made by a subscriber (because it is not easy for the unauthorized user to uncover the security data which changes for each transaction). [0112]
  • In one specific example of the above-described technique, the user device uses a sequential counter in each communication session (e.g., each call) to generate a count value, which constitutes the security data. The data server maintains a similarly-configured sequential counter which is synchronized to generate the same count value for the session. More specifically, the user device increases the counter by one preceding each communication session. After a session is established, the counter in the data server is also incremented by one. Thus, the user device counter and the data server counter should track each other. Also, since the counter is first increased in the user device, any signaling failures can be recovered by performing a retry and by also increasing the counter value in the data server. [0113]
  • In the above example, the user device appends the count value to the encrypted secret identification number and forwards it to the data server. Upon receipt, the data server strips the count value from the encrypted secret identification number and compares the received count value with its own separately-computed count value. Lack of agreement potentially indicates that an unauthorized transmission has occurred. Namely, if the counter in the user device is found to be different from the counter value in the data sever, the user device may have been impersonated. That is, disagreement in the count values may indicate that someone has wrongly appropriated the encryption key of the user device. The extent to which these values differ may indicate the degree of wrongful activity by the impersonating party (e.g., the number of wrongful call attempts by the impersonating party). [0114]
  • It should be noted that other nodes in the system can be used to perform the above-described authentication processing (e.g., besides the data server node). Further, in the above-described embodiments, the security data is appended to an encrypted secret identification number, to thereby provide an additional level of security. However, this technique could also be used without encrypting the secret identification number (e.g., by appending the security data to the unencrypted secret identification number). [0115]
  • Further, other techniques for generating security data can be used. For instance, a timer can generate a time value as the security data (e.g., in the case where the user device and data server are configured to generate the same time values for a transaction). Also, a random number generator can generate a random value as the security data (e.g., in the case where the user device and data server are configured to generate the same random values for a transaction.) [0116]
  • Generally, while the foregoing description includes many details and specificities, it is to be understood that these have been included for purposes of explanation only, and are not to be interpreted as limitations of the present invention. Many modifications to the embodiments described above can be made without departing from the spirit and scope of the invention, as is intended to be encompassed by the following claims and their legal equivalents. [0117]

Claims (21)

What is claimed is:
1. A method for deriving the identity of a user, characterized in that the method comprises the steps of:
establishing a first known identity associated with a first user;
storing the first known identity in a database;
receiving information regarding a communication between the first user and a second user;
deriving a second known identity associated with the second user based on the first known identity and the received information regarding the communication with the second user; and
updating the database to store the second known identity in the database.
2. The method according to claim 1, characterized in that the step of establishing a known identity comprises establishing a mapping between a secret identification number (SI1) and public identification number (PI1) for the first user.
3. The method according to claim 2, characterized in that the secret identification number (SI1) comprises an IMSI number and the public identification number (PI1) comprises a MSISDN number.
4. The method according to claim 2 or 3, characterized in that the information regarding the communication includes: a) in the case where the first user initiates a call, the secret identification number (SI1) corresponding to the first user and a public identification number (PI2) corresponding to the second user; or b) in the case where the second user initiates a call, the secret identification number (SI2) corresponding to the second user and a public identification number (PI1) corresponding to the first user.
5. The method according to any one of claims 2 to 4, characterized in that the secret identification number (SI1 or SI2) is encrypted prior to transmission to form an encrypted secret identification number (FI1 or FI2).
6. The method according to any one of claims 2 to 5, characterized in that the step of deriving includes:
accessing the database to determine the identification numbers (SI1, PI1) of the first user based on the received information;
in the case where the first user initiates the call, receiving a message from the second user, the message including an indication of the secret identification number (SI2) of the second user and the public identification number (PI1) of the first user, or, in the case where the second user initiates the call, receiving a message from the first user, the message including an indication of the secret identification number (SI1) of the first user and the public identification number (PI2) of the second user; and
using the information obtained in the accessing and receiving substeps to derive a known mapping between the secret identification number of the second user (SI2) and the public identification number of the second user (PI2).
7. The method according to any one of claims 1 to 6, characterized in that the method further comprises the steps of:
determining the identity of the second user using another known identity to form an updated identity;
determining whether the updated identity has a higher confidence level than a previously stored identity for the second user; and
storing the updated identity in the database if it has a higher confidence level than the previously stored identity.
8. The method according to claim 7, characterized in that the confidence level is at least one of:
a distance measure which indicates the number of derivations from a trusted identity to a final derived identity; or
an age measure which indicates the lapse of time since an identity was uncovered.
9. The method according to any one of claims 1 to 8, characterized in that the establishing, storing, receiving, deriving and updating steps are performed in a data server in a first communication network, and wherein the identities pertain to users of a second communication network.
10. The method according to claim 9, characterized in that the first data network is a packet-switched communication network, and the second network is a circuit-switched communication network.
11. A system for deriving the identity of a user, comprising:
at least first and second user devices operated by first and second users, respectively;
a data server for providing at least one service to the first and/or second users;
a first data network connected to the data server; and
a second communications network providing communication services to the first and second users,
characterized in that the data server includes a database and a processing unit, wherein said processing unit includes:
establishing logic for establishing a first known identity associated with the first user;
storing logic for storing the first known identity in the database;
receiving logic for receiving information regarding a communication between the first user and the second user;
deriving logic for deriving a second known identity associated with the second user based on the first known identity and the received information regarding the communication with the second user; and
updating logic for updating the database to store the second known identity in the database.
12. The system according to claim 11, characterized in that the processing logic for establishing a known identity comprises logic for establishing a mapping between a secret identification number (SI1) and public identification number (PI1) for the first user.
13. The system according to claim 12, characterized in that the secret identification number (SI1) comprises an IMSI number and the public identification number (PI1) comprises a MSISDN number.
14. The system according to claim 12 or 13, characterized in that the information regarding the communication includes: a) in the case where the first user initiates a call, the secret identification number (SI1) corresponding to the first user and a public identification number (PI2) corresponding to the second user; or b) in the case where the second user initiates a call, the secret identification number (SI2) corresponding to the second user and a public identification number (PI1) corresponding to the first user.
15. The system according to any one of claims 12 to 14, characterized in that the secret identification number (SI1, or SI2) is encrypted prior to transmission to form an encrypted secret identification number (FI1 or FI2).
16. The system according to any one of claims 12 to 15, characterized in that the logic for deriving includes:
accessing logic for accessing the database to determine the identification numbers (SI1, PI1) of the first user based on the received information;
receiving logic for receiving, in the case where the first user initiates a call, a message from the second user, the message including an indication of the secret identification number (SI2) of the second user and the public identification number (PI1) of the first user or, in the case where the second user initiates the call, receiving a message from the first user, the message including an indication of the secret identification number (SI1) of the first user and the public identification number (PI2) of the second user; and
mapping logic for using the information obtained by the accessing and message receiving logic to derive a known mapping between the secret identification number of the second user (SI2) and the public identification number of the second user (PI2).
17. The system according to any one of claims 11 to 16, characterized in that the processing unit further includes:
determining logic for determining the identity of the second user using another known identity to form an updated identity;
determining logic for determining whether the updated identity has a higher confidence level than a previously stored identity; and
storing logic for storing the updated identity in the database if it has a higher confidence level than the previously stored identity.
18. The system according to claim 17, characterized in that the confidence level is at least one of:
a distance measure which indicates the number of derivations from a trusted identity and a final derived identity; or
an age measure which indicates the lapse of time since an identity was uncovered.
19. The system according to any one of claims 11 to 15, characterized in that the identities pertain to users of the second communication network.
20. The system according to any one of claims 11 to 19, characterized in that the first data network is a packet-switched communication network, and the second network is a circuit-switched communication network.
21. A data server for deriving the identity of a user, comprising a database and a processing unit, characterized in that said processing unit includes:
establishing logic for establishing a first known identity associated with a first user;
storing logic for storing the first known identity in the database;
receiving logic for receiving information regarding a communication between the first user and a second user;
deriving logic for deriving a second known identity associated with the second user based on the first known identity and the received information regarding the communication with the second user; and
updating logic for updating the database to store the second known identity in the database.
US10/380,218 2000-09-12 2001-09-11 Method and system for identifying a user Abandoned US20030174684A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/660,400 US6826403B1 (en) 2000-09-12 2000-09-12 Method and system for identifying a user
PCT/SE2001/001939 WO2002023931A1 (en) 2000-09-12 2001-09-11 Method and system for identifying a user

Publications (1)

Publication Number Publication Date
US20030174684A1 true US20030174684A1 (en) 2003-09-18

Family

ID=24649394

Family Applications (2)

Application Number Title Priority Date Filing Date
US09/660,400 Expired - Lifetime US6826403B1 (en) 2000-09-12 2000-09-12 Method and system for identifying a user
US10/380,218 Abandoned US20030174684A1 (en) 2000-09-12 2001-09-11 Method and system for identifying a user

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US09/660,400 Expired - Lifetime US6826403B1 (en) 2000-09-12 2000-09-12 Method and system for identifying a user

Country Status (4)

Country Link
US (2) US6826403B1 (en)
EP (1) EP1323319A1 (en)
AU (1) AU2001286360A1 (en)
WO (1) WO2002023931A1 (en)

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010027109A1 (en) * 2000-01-19 2001-10-04 Per-Ake Minborg Method and apparatus for retrieving calling party information in a mobile communications system
US20020021696A1 (en) * 2000-01-19 2002-02-21 Per-Ake Minborg Method and apparatus for exchange of information in a communication network
US20020057668A1 (en) * 2000-11-13 2002-05-16 Alcatel Method to route a packet switched mode call
US20050271041A1 (en) * 2000-10-17 2005-12-08 The Phonepages Of Sweden Ab Exchange of information in a communication system
US20060062162A1 (en) * 2000-01-19 2006-03-23 Phonepages Of Sweden Ab Method and apparatus for exchange of information in a communication exchange
US20060067320A1 (en) * 2004-09-30 2006-03-30 Alcatel Method of transferring messages
US20070124481A1 (en) * 2000-01-19 2007-05-31 Sony Ericsson Mobile Communications Ab System and method for sharing event-triggered, location-related information between communication devices
US20070127645A1 (en) * 2000-01-19 2007-06-07 Sony Ericsson Mobile Communications Ab Technique for providing secondary information to a user equipment
US20070129074A1 (en) * 2000-01-19 2007-06-07 Bloebaum L S System, Method and Device For Providing Secondary Information To A Communication Device
US20070237321A1 (en) * 2000-01-19 2007-10-11 Sony Ericsson Mobile Communications Ab Technique for obtaining caller-originated alert signals in ip-based communication sessions
US20080062893A1 (en) * 2000-01-19 2008-03-13 Sony Ericsson Mobile Communications Ab Method and apparatus for event-based exchange of information between communication devices conditioned on personal calendar information
US20100016007A1 (en) * 2006-04-27 2010-01-21 Kyocera Corporation Mobile Phone Terminal, Server, and Group Call System
US20100100940A1 (en) * 2008-10-17 2010-04-22 Comcast Cable Communications, Llc System and Method for Supporting Multiple Identities for a Secure Identity Device
US20100313273A1 (en) * 2009-06-06 2010-12-09 Walter Stewart Freas Securing or Protecting from Theft, Social Security or Other Sensitive Numbers in a Computerized Environment
US20110125910A1 (en) * 2008-06-16 2011-05-26 Nippon Telegraph And Telephone Corporation Communication control system, communication control method, call control server device, and call control program
US8027443B2 (en) 2001-08-15 2011-09-27 Sony Ericsson Mobile Communications Ab Method and apparatus for exchange of data objects between network nodes depending on terminal capability
US20110299458A1 (en) * 2010-02-07 2011-12-08 Runcom Technologies Ltd. VoIP CALL OVER WIRELESS SYSTEMS USING ANY PREFERRED DIALING NUMBER
US20120044050A1 (en) * 2010-08-23 2012-02-23 Samir Vig Smart Doorbell Security System and Method to Identify Visitors
US8400946B2 (en) 2000-01-19 2013-03-19 Sony Corporation System and method for sharing common location-related information between communication devices
US8548010B2 (en) 2000-01-19 2013-10-01 Sony Corporation Method and apparatus for event-based synchronization of information between communication devices
US20140004825A1 (en) * 2012-06-29 2014-01-02 Gyan Prakash Mobile platform software update with secure authentication
US20170230390A1 (en) * 2006-10-17 2017-08-10 Threatmetrix Pty Ltd Method And System For Uniquely Identifying A User Computer In Real Time Using A Plurality Of Processing Parameters And Servers
US10027665B2 (en) 2005-11-28 2018-07-17 ThreatMETRIX PTY LTD. Method and system for tracking machines on a network using fuzzy guid technology
US10142369B2 (en) 2005-11-28 2018-11-27 Threatmetrix Pty Ltd Method and system for processing a stream of information from a computer network using node based reputation characteristics

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1172741A3 (en) * 2000-07-13 2004-09-01 Sony Corporation On-demand image delivery server, image resource database, client terminal, and method of displaying retrieval result
FR2821222B1 (en) * 2001-02-16 2003-04-18 Bull Cp8 ANONYMOUS COMMUNICATION ESTABLISHMENT METHOD
AU2002305875A1 (en) * 2001-06-04 2002-12-16 At And T Wireless Services, Inc. Hotline routing of pre-activated gsm subscribers using pseudo-msisdns
US7844055B2 (en) * 2001-06-26 2010-11-30 Link Us All, Llc Detecting and transporting dynamic presence information over a wireless and wireline communications network
KR100619827B1 (en) * 2004-01-30 2006-09-13 엘지전자 주식회사 Methods and a apparatus of confirmation message sender for mobile communication system
US20050215238A1 (en) * 2004-03-24 2005-09-29 Macaluso Anthony G Advertising on mobile devices
US20050282556A1 (en) * 2004-06-16 2005-12-22 Morris Robert P Method and system for distributing and collecting location sensitive information over a wireless local area network
US20060031118A1 (en) * 2004-08-06 2006-02-09 Morris Robert P Method and system for locating a service by an electronic device
CN102224725A (en) * 2008-11-24 2011-10-19 艾利森电话股份有限公司 Method and apparatus for aquiring an imei associated to an imsi
US8918086B2 (en) 2012-11-29 2014-12-23 Maqsood A. Thange Telecommunications addressing system and method
CN112615966B (en) * 2020-12-14 2023-04-14 南方电网海南数字电网研究院有限公司 Cat pool terminal identification method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6047174A (en) * 1993-06-08 2000-04-04 Corsair Communications, Inc. Cellular telephone anti-fraud system
US6064887A (en) * 1996-10-18 2000-05-16 Telefonaktiebolaget Lm Ericsson Telecommunications network with portability of mobile subscriber number
US6097942A (en) * 1997-09-18 2000-08-01 Telefonaktiebolaget Lm Ericsson Method and apparatus for defining and updating mobile services based on subscriber groups
US6240069B1 (en) * 1998-06-16 2001-05-29 Ericsson Inc. System and method for location-based group services
US6469998B1 (en) * 1998-10-06 2002-10-22 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for communicating data packets from an external packet network to a mobile radio station
US20030050052A1 (en) * 2000-01-19 2003-03-13 Per-Ake Minborg Method and apparatus for retrieving calling party information in a mobile communications system

Family Cites Families (90)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2251763B (en) 1991-01-11 1995-06-21 Technophone Ltd Telephone apparatus with calling line identification
FI92895C (en) 1993-04-06 1995-01-10 Nokia Telecommunications Oy A method and system for controlling the use of a telephone exchange from a subscriber interface
US6075993A (en) 1994-11-16 2000-06-13 Sony Corporation Personal station and information providing system
JPH08168074A (en) 1994-12-15 1996-06-25 Nec Corp Position management system for moving body communication
US5613205A (en) 1995-03-31 1997-03-18 Telefonaktiebolaget Lm Ericsson System and method of locating a mobile terminal within the service area of a cellular telecommunication system
US5854982A (en) 1995-08-21 1998-12-29 Motorola, Inc. Communication system architecture and method of routing therefor
GB9519087D0 (en) 1995-09-19 1995-11-22 Cursor Positioning Sys Ltd Navigation and tracking system
US5712979A (en) 1995-09-20 1998-01-27 Infonautics Corporation Method and apparatus for attaching navigational history information to universal resource locator links on a world wide web page
US6185184B1 (en) 1995-09-25 2001-02-06 Netspeak Corporation Directory server for providing dynamically assigned network protocol addresses
FI101508B (en) 1995-09-29 1998-06-30 Nokia Mobile Phones Ltd Cellular extension of the fixed communication network
US5812950A (en) 1995-11-27 1998-09-22 Telefonaktiebolaget Lm Ericsson (Publ) Cellular telephone system having prioritized greetings for predefined services to a subscriber
WO1997022211A1 (en) 1995-12-11 1997-06-19 Hewlett-Packard Company Method of providing telecommunication services
ATE298172T1 (en) 1995-12-11 2005-07-15 Hewlett Packard Co METHOD FOR ACCESSING SERVICE ITEMS FOR USE IN A REMOTE COMMUNICATION SYSTEM
GB9603582D0 (en) 1996-02-20 1996-04-17 Hewlett Packard Co Method of accessing service resource items that are for use in a telecommunications system
US5633922A (en) 1995-12-29 1997-05-27 At&T Process and apparatus for restarting call routing in a telephone network
GB9603590D0 (en) 1996-02-20 1996-04-17 Hewlett Packard Co Method of accessing a target entity over a communciations network
US5930703A (en) 1996-03-21 1999-07-27 Ericsson Inc. Methods and systems for programming a cellular radiotelephone
US5878347A (en) 1996-03-26 1999-03-02 Ericsson, Inc. Routing a data signal to a mobile station within a telecommunications network
US5850433A (en) 1996-05-01 1998-12-15 Sprint Communication Co. L.P. System and method for providing an on-line directory service
US5761279A (en) 1996-05-20 1998-06-02 Northern Telecom Limited Visual calling person display
US6205204B1 (en) 1996-06-28 2001-03-20 Distributed Software Development, Inc. System and method for identifying an unidentified person using an ambiguity-resolution criterion
US6005870A (en) 1996-08-12 1999-12-21 At&T Corp. Method for called party control of telecommunications network services
US6202023B1 (en) 1996-08-22 2001-03-13 Go2 Systems, Inc. Internet based geographic location referencing system and method
US6031836A (en) 1996-09-13 2000-02-29 Lucent Technologies Inc. Web-page interface to telephony features
FI103546B (en) 1996-09-16 1999-07-15 Nokia Telecommunications Oy Data service in a mobile telephone network
US6356956B1 (en) 1996-09-17 2002-03-12 Microsoft Corporation Time-triggered portable data objects
KR19980021532A (en) 1996-09-17 1998-06-25 유기범 How to locate MS location in CDM personal mobile communication
US6181935B1 (en) 1996-09-27 2001-01-30 Software.Com, Inc. Mobility extended telephone application programming interface and method of use
US6091808A (en) 1996-10-17 2000-07-18 Nortel Networks Corporation Methods of and apparatus for providing telephone call control and information
SE510663C2 (en) 1996-10-28 1999-06-14 Ericsson Telefon Ab L M Device and method of communication between computer networks and telecommunications networks
EP0848567B1 (en) 1996-12-11 2006-11-22 Agilent Technologies, Inc. (a Delaware corporation) Cellular mobile radio network discovery method and apparatus therefor
US6088598A (en) 1996-12-17 2000-07-11 Telefonaktiebolaget L M Ericsson Method and system for displaying greetings in a mobile radio communications system
TW391092B (en) 1996-12-27 2000-05-21 Hitachi Ltd Cellular mobile telephone apparatus and method for transmitting a response message to an caller
FI106990B (en) 1996-12-31 2001-05-15 Nokia Mobile Phones Ltd A method of transmitting information to a user
US5940598A (en) 1997-01-28 1999-08-17 Bell Atlantic Network Services, Inc. Telecommunications network to internetwork universal server
US5889852A (en) 1997-02-10 1999-03-30 Nokia Mobile Phones Limited Photo screen scroll graphic user interface
US5978806A (en) 1997-02-18 1999-11-02 Ameritech Corporation Method and apparatus for communicating information about a called party to a calling party
US5946684A (en) 1997-02-18 1999-08-31 Ameritech Corporation Method and system for providing computer-network related information about a calling party
US5901352A (en) 1997-02-20 1999-05-04 St-Pierre; Sylvain System for controlling multiple networks and associated services
US6215790B1 (en) 1997-03-06 2001-04-10 Bell Atlantic Network Services, Inc. Automatic called party locator over internet with provisioning
US5948066A (en) 1997-03-13 1999-09-07 Motorola, Inc. System and method for delivery of information over narrow-band communications links
FI113431B (en) 1997-04-04 2004-04-15 Nokia Corp Method and apparatus for transmitting a service page in a communication system
US6226367B1 (en) 1997-04-23 2001-05-01 Nortel Networks Limited Calling line identification with location icon
SE9701669L (en) 1997-05-02 1999-02-05 Anders Bjoerhn Procedure and device in telephone
JP4243344B2 (en) 1997-05-23 2009-03-25 株式会社Access Mobile communication equipment
JP3956064B2 (en) 1997-05-29 2007-08-08 カシオ計算機株式会社 Communication apparatus and communication system
US6002749A (en) 1997-05-30 1999-12-14 Nortel Networks Corporation Telephone system integrated text based communication apparatus and systems to establish communication links to TDD and/or TTY devices and other telephone and text server systems
US5970414A (en) 1997-05-30 1999-10-19 Lucent Technologies, Inc. Method for estimating a mobile-telephone's location
US6870828B1 (en) 1997-06-03 2005-03-22 Cisco Technology, Inc. Method and apparatus for iconifying and automatically dialing telephone numbers which appear on a Web page
SE521479C2 (en) 1997-06-04 2003-11-04 Telia Ab A cell radio communication system adapted to present geographically related information
US5895471A (en) 1997-07-11 1999-04-20 Unwired Planet, Inc. Providing a directory of frequently used hyperlinks on a remote server
US6219696B1 (en) 1997-08-01 2001-04-17 Siemens Corporate Research, Inc. System for providing targeted internet information to mobile agents
US5952969A (en) 1997-08-18 1999-09-14 Telefonakiebolaget L M Ericsson (Publ) Method and system for determining the position of mobile radio terminals
US6181928B1 (en) 1997-08-21 2001-01-30 Ericsson Inc. Method and apparatus for event notification for wireless devices
DE19737126A1 (en) 1997-08-26 1999-03-04 Siemens Ag Mobile station configuration method for wireless telephone system
US6157841A (en) 1997-09-18 2000-12-05 At&T Corp. Cellular phone network that provides location-based information
JP3300262B2 (en) 1997-09-22 2002-07-08 富士通株式会社 Mobile communication system and mobile terminal
US5963626A (en) 1997-09-25 1999-10-05 Us West, Inc. Method and system for posting messages to callers based on caller identity
US6049713A (en) 1997-10-08 2000-04-11 Telefonaktiebolaget Lm Ericsson (Publ) System and method of providing calling-line identification (CLI) information to a mobile terminal in a radio telecommunications network
US6226668B1 (en) 1997-11-12 2001-05-01 At&T Corp. Method and apparatus for web messaging
US6006097A (en) 1997-11-24 1999-12-21 Telefonaktiebolaget L M Ericsson (Publ) Method for determining position of mobile communication terminals
US6065120A (en) 1997-12-09 2000-05-16 Phone.Com, Inc. Method and system for self-provisioning a rendezvous to ensure secure access to information in a database from multiple devices
US6014090A (en) 1997-12-22 2000-01-11 At&T Corp. Method and apparatus for delivering local information to travelers
US6208659B1 (en) 1997-12-22 2001-03-27 Nortel Networks Limited Data processing system and method for providing personal information in a communication network
US6163598A (en) 1997-12-24 2000-12-19 Nortel Networks Limited Interactive graphic payphone
US6115754A (en) 1997-12-29 2000-09-05 Nortel Networks Limited System and method for appending location information to a communication sent from a mobile terminal operating in a wireless communication system to an internet server
FI974662A0 (en) 1997-12-31 1997-12-31 Finland Telecom Oy Web telefon
FI980291A (en) 1998-02-09 1999-08-10 Nokia Mobile Phones Ltd Mobile Internet access
US6009091A (en) 1998-03-13 1999-12-28 Motorola, Inc. Method and apparatus for mobile station location within a communication system
US6173316B1 (en) 1998-04-08 2001-01-09 Geoworks Corporation Wireless communication device with markup language based man-machine interface
AU747302B2 (en) 1998-04-17 2002-05-16 Swisscom Mobile Ag Roaming method and devices appropriate therefor
US6138158A (en) 1998-04-30 2000-10-24 Phone.Com, Inc. Method and system for pushing and pulling data using wideband and narrowband transport systems
US6219694B1 (en) 1998-05-29 2001-04-17 Research In Motion Limited System and method for pushing information from a host system to a mobile data communication device having a shared electronic address
GB2383723B (en) 1998-06-03 2003-09-10 Orange Personal Comm Serv Ltd Mobile communications
SE521263C2 (en) 1998-06-22 2003-10-14 Ericsson Telefon Ab L M Device and method for establishing connection between a first and second subscriber by means of a public register
US6154646A (en) 1998-09-10 2000-11-28 Telefonaktiebolaget L M Ericsson System and method for real-time interactive selection of call treatment in a radio telecommunications network
US20020128002A1 (en) * 1998-11-13 2002-09-12 Trinh D. Vu Wireless communication unit programming
US6161008A (en) 1998-11-23 2000-12-12 Nortel Networks Limited Personal mobility and communication termination for users operating in a plurality of heterogeneous networks
DE19859081C2 (en) 1998-12-21 2001-03-29 Plus Mobilfunk Gmbh E Method for routing messages in at least one telecommunications network according to the GSM standard
SE524391C2 (en) 1998-12-28 2004-08-03 Spyglass Inc Method and system for content conversion of electronic documents for wireless clients.
WO2000046697A1 (en) 1999-02-04 2000-08-10 Roundpoint, Inc. Telephonic connection support for internet browser
US6199099B1 (en) 1999-03-05 2001-03-06 Ac Properties B.V. System, method and article of manufacture for a mobile communication network utilizing a distributed communication network
US6141413A (en) 1999-03-15 2000-10-31 American Tel-A-System, Inc. Telephone number/Web page look-up apparatus and method
WO2000078016A1 (en) 1999-06-15 2000-12-21 Siemens Aktiengesellschaft Method and device for optical representation of information
DK1194739T3 (en) 1999-06-24 2008-01-28 Teliasonera Ab Mobile navigation system
US6301609B1 (en) 1999-07-07 2001-10-09 Lucent Technologies Inc. Assignable associate priorities for user-definable instant messaging buddy groups
KR100344786B1 (en) 1999-07-15 2002-07-19 엘지전자주식회사 Caller Information Providing System and Forwarding Method in Mobile Communication Network
US6134450A (en) 1999-08-02 2000-10-17 Motorola, Inc. Method of initializing a mobile communication device for making a dispatch call
EP1221103A4 (en) 1999-09-17 2006-06-21 Sirenic Inc Methods and apparatus for accessing personalized internet information using a mobile device
EP1089519A3 (en) 1999-09-29 2002-08-21 Phone.Com Inc. Method and system for integrating wireless and Internet infrastructures to facilitate higher usage of services by users

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6047174A (en) * 1993-06-08 2000-04-04 Corsair Communications, Inc. Cellular telephone anti-fraud system
US6064887A (en) * 1996-10-18 2000-05-16 Telefonaktiebolaget Lm Ericsson Telecommunications network with portability of mobile subscriber number
US6097942A (en) * 1997-09-18 2000-08-01 Telefonaktiebolaget Lm Ericsson Method and apparatus for defining and updating mobile services based on subscriber groups
US6240069B1 (en) * 1998-06-16 2001-05-29 Ericsson Inc. System and method for location-based group services
US6469998B1 (en) * 1998-10-06 2002-10-22 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for communicating data packets from an external packet network to a mobile radio station
US20030050052A1 (en) * 2000-01-19 2003-03-13 Per-Ake Minborg Method and apparatus for retrieving calling party information in a mobile communications system

Cited By (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070127645A1 (en) * 2000-01-19 2007-06-07 Sony Ericsson Mobile Communications Ab Technique for providing secondary information to a user equipment
US8548010B2 (en) 2000-01-19 2013-10-01 Sony Corporation Method and apparatus for event-based synchronization of information between communication devices
US20070129074A1 (en) * 2000-01-19 2007-06-07 Bloebaum L S System, Method and Device For Providing Secondary Information To A Communication Device
US7248862B2 (en) 2000-01-19 2007-07-24 Sony Ericsson Mobile Communications Ab Method and apparatus for retrieving calling party information in a mobile communications system
US6977909B2 (en) * 2000-01-19 2005-12-20 Phonepages Of Sweden, Inc. Method and apparatus for exchange of information in a communication network
US20060062162A1 (en) * 2000-01-19 2006-03-23 Phonepages Of Sweden Ab Method and apparatus for exchange of information in a communication exchange
US9781257B2 (en) 2000-01-19 2017-10-03 Sony Mobile Communications Ab Technique for obtaining caller-originated alert signals in IP-based communication sessions
US20070124481A1 (en) * 2000-01-19 2007-05-31 Sony Ericsson Mobile Communications Ab System and method for sharing event-triggered, location-related information between communication devices
US7929470B2 (en) 2000-01-19 2011-04-19 Sony Ericsson Mobile Communications Ab Method and apparatus for exchange of information in a communication network
US8009592B2 (en) 2000-01-19 2011-08-30 Sony Ericsson Mobile Communications Ab Method and apparatus for exchange of information in a communication system
US20010027109A1 (en) * 2000-01-19 2001-10-04 Per-Ake Minborg Method and apparatus for retrieving calling party information in a mobile communications system
US20070237321A1 (en) * 2000-01-19 2007-10-11 Sony Ericsson Mobile Communications Ab Technique for obtaining caller-originated alert signals in ip-based communication sessions
US20080062893A1 (en) * 2000-01-19 2008-03-13 Sony Ericsson Mobile Communications Ab Method and apparatus for event-based exchange of information between communication devices conditioned on personal calendar information
US20020021696A1 (en) * 2000-01-19 2002-02-21 Per-Ake Minborg Method and apparatus for exchange of information in a communication network
US8400946B2 (en) 2000-01-19 2013-03-19 Sony Corporation System and method for sharing common location-related information between communication devices
US7787872B2 (en) 2000-01-19 2010-08-31 Sony Ericsson Mobile Communications Ab Method and apparatus for event-triggered exchange of location-based information in a communications network
US20050271041A1 (en) * 2000-10-17 2005-12-08 The Phonepages Of Sweden Ab Exchange of information in a communication system
US20020057668A1 (en) * 2000-11-13 2002-05-16 Alcatel Method to route a packet switched mode call
US8027443B2 (en) 2001-08-15 2011-09-27 Sony Ericsson Mobile Communications Ab Method and apparatus for exchange of data objects between network nodes depending on terminal capability
US20060067320A1 (en) * 2004-09-30 2006-03-30 Alcatel Method of transferring messages
US10893073B2 (en) 2005-11-28 2021-01-12 Threatmetrix Pty Ltd Method and system for processing a stream of information from a computer network using node based reputation characteristics
US10505932B2 (en) 2005-11-28 2019-12-10 ThreatMETRIX PTY LTD. Method and system for tracking machines on a network using fuzzy GUID technology
US10142369B2 (en) 2005-11-28 2018-11-27 Threatmetrix Pty Ltd Method and system for processing a stream of information from a computer network using node based reputation characteristics
US10027665B2 (en) 2005-11-28 2018-07-17 ThreatMETRIX PTY LTD. Method and system for tracking machines on a network using fuzzy guid technology
US20100016007A1 (en) * 2006-04-27 2010-01-21 Kyocera Corporation Mobile Phone Terminal, Server, and Group Call System
US8565749B2 (en) * 2006-04-27 2013-10-22 Kyocera Corporation Mobile phone terminal, server, and group call system
US10116677B2 (en) * 2006-10-17 2018-10-30 Threatmetrix Pty Ltd Method and system for uniquely identifying a user computer in real time using a plurality of processing parameters and servers
US20170230390A1 (en) * 2006-10-17 2017-08-10 Threatmetrix Pty Ltd Method And System For Uniquely Identifying A User Computer In Real Time Using A Plurality Of Processing Parameters And Servers
US10841324B2 (en) * 2007-08-24 2020-11-17 Threatmetrix Pty Ltd Method and system for uniquely identifying a user computer in real time using a plurality of processing parameters and servers
US8700783B2 (en) * 2008-06-16 2014-04-15 Nippon Telegraph And Telephone Corporation Communication control system, communication control method, call control server device, and call control program
US20110125910A1 (en) * 2008-06-16 2011-05-26 Nippon Telegraph And Telephone Corporation Communication control system, communication control method, call control server device, and call control program
US20100100940A1 (en) * 2008-10-17 2010-04-22 Comcast Cable Communications, Llc System and Method for Supporting Multiple Identities for a Secure Identity Device
US10334305B2 (en) 2008-10-17 2019-06-25 Comcast Cable Communications, Llc System and method for supporting multiple identities for a secure identity device
US8782746B2 (en) * 2008-10-17 2014-07-15 Comcast Cable Communications, Llc System and method for supporting multiple identities for a secure identity device
US11553234B2 (en) 2008-10-17 2023-01-10 Comcast Cable Communications, Llc System and method for supporting multiple identities for a secure identity device
US11895351B2 (en) 2008-10-17 2024-02-06 Comcast Cable Communications, Llc System and method for supporting multiple identities for a secure identity device
US20100313273A1 (en) * 2009-06-06 2010-12-09 Walter Stewart Freas Securing or Protecting from Theft, Social Security or Other Sensitive Numbers in a Computerized Environment
US20110299458A1 (en) * 2010-02-07 2011-12-08 Runcom Technologies Ltd. VoIP CALL OVER WIRELESS SYSTEMS USING ANY PREFERRED DIALING NUMBER
US20120044050A1 (en) * 2010-08-23 2012-02-23 Samir Vig Smart Doorbell Security System and Method to Identify Visitors
US9953165B2 (en) 2012-06-29 2018-04-24 Intel Corporation Mobile platform software update with secure authentication
US20140004825A1 (en) * 2012-06-29 2014-01-02 Gyan Prakash Mobile platform software update with secure authentication
US9369867B2 (en) * 2012-06-29 2016-06-14 Intel Corporation Mobile platform software update with secure authentication

Also Published As

Publication number Publication date
AU2001286360A8 (en) 2008-12-04
EP1323319A1 (en) 2003-07-02
WO2002023931A1 (en) 2002-03-21
US6826403B1 (en) 2004-11-30
AU2001286360A1 (en) 2002-03-26
WO2002023931A9 (en) 2008-11-06

Similar Documents

Publication Publication Date Title
US6826403B1 (en) Method and system for identifying a user
US7787872B2 (en) Method and apparatus for event-triggered exchange of location-based information in a communications network
US6996072B1 (en) Method and apparatus for exchange of information in a communication network
US8009592B2 (en) Method and apparatus for exchange of information in a communication system
USRE45485E1 (en) Method and arrangement for concealing true identity of user in communications system
EP1058872B1 (en) Method, arrangement and apparatus for authentication through a communications network
CN101222550B (en) Determining pairings of telephone numbers and ip addresses from caching and peer-to-peer lookup
KR20030019356A (en) Secure dynamic link allocation system for mobile data communication
US8400946B2 (en) System and method for sharing common location-related information between communication devices
US8548010B2 (en) Method and apparatus for event-based synchronization of information between communication devices
WO2000044130A1 (en) A method, system and arrangement for providing services on the internet
EP1176760A1 (en) Method of establishing access from a terminal to a server
EP2267974A1 (en) System and method for local policy enforcement for internet service providers
EP1407585B1 (en) Method and apparatus for exchange of information in a communication network
WO2001054421A2 (en) Method for location event based information
JP3521837B2 (en) Location information service system and method, and storage medium storing location information service program
JPH09238383A (en) Protocol for local routing for call sent from exchange telephone network in cellular network
KR20080077342A (en) Driver calling service method using relay type communication
JP2007510338A (en) Protected data withdrawal method for telecommunications subscribers
JP2001148736A (en) System and method for position information service, and storage medium stored with position information service program

Legal Events

Date Code Title Description
AS Assignment

Owner name: PHONE PAGES OF SWEDEN AB, THE, SWEDEN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MINBORG, PER-AKE;POHJANVUORI, TIMO;REEL/FRAME:014058/0427;SIGNING DATES FROM 20030429 TO 20030502

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

AS Assignment

Owner name: SONY ERICSSON MOBILE COMMUNICATIONS AB, SWEDEN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:THE PHONEPAGES OF SWEDEN AB;REEL/FRAME:018327/0925

Effective date: 20060921