APPARATUS AND METHOD FOR PREVENTING FRAUDULENT ACTIVITY IN A COMMUNICATION NETWORK
FIELD OF THE INVENTION
The present invention relates generally to monitoring the use of a communications network and, more particularly, to an apparatus and method for using characteristic information of a transmitter to determine whether the transmitter is authorized for use in a communications network prior to assigning the transmitter a network communication channel. The invention is particularly useful for identifying clone cellular phones before they gain access to a cellular telecommunications network.
BACKGROUND OF THE INVENTION Communications networks are often monitored for security and record keeping purposes. In restricted access systems, e.g., systems made available only to paying subscribers, security involves monitoring access requests to ensure that network use is limited to authorized users. Record keeping may involve recording information relating to the users involved in a particular communication and the time and duration of the communication. The case of a cellular telecommunications network is illustrative. Access to the network is initiated by transmission of a signal from a cellular telephone transmitter to a network receiver. The signal typically includes certain encoded information intended to identify the source and target transmitters. Within the network, the encoded information is used to verify that the source
transmitter belongs to an authorized subscriber and, upon verification of the encoded information, a voice channel is allocated for the telephone call, i.e., communication between the source and the target user is initiated by providing access to a selected voice channel. Once the voice channel is allocated, a network monitoring system begins recording information regarding the communication for billing purposes. When the call is completed, a hang¬ up signal is detected by the monitoring system which then terminates the voice channel and generates a billing report.
A growing concern to cellular network providers is the problem of clone cellular telephones. Clones are telephones which fraudulently access the network by employing stolen code information. The code information is typically stolen by intercepting and decoding a radio frequency (RF) signal from a cellular telephone transmitter to a network receiver. Once the stolen code information is programmed into a clone, access to the network by the clone may be billed to an unsuspecting subscriber. It is estimated that this form of fraud is currently costing network providers and subscribers millions of dollars per year.
SUMMARY OF THE INVENTION The present invention improves communications network security by using signal characteristics of a source transmitter to identify potentially fraudulent activity, e.g., use of a clone transmitter, to terminate an attempted
access to the network before a communication channel is allocated. In a cellular telecommunications network, such use of signal characteristics, in contrast to readily copied code information for identifying a transmitter, greatly reduces or substantially eliminates the opportunity for clone telephones to access a voice channel for fraudulent activities.
Moreover, by identifying and terminating potentially fraudulent activity before a communication channel is established, the present invention reduces record keeping and billing errors. For example, cellular telecom¬ munications networks generally begin recording billing information as soon as the voice channel is allocated. Accordingly, if the fraudulent communication is identified or terminated after channel allocation, a billing report is generated even though the voice channel may be terminated immediately upon identification of the fraud. As a result, erroneous billing statements are issued for authorized subscribers whose phones have been cloned. Correcting these statements creates a nuisance for subscribers and places a significant burden on network resources. According to the present invention, fraudulent activity can be pre-empted such that a voice channel is never established for the fraudulent activity, record keeping functions of the network are not instigated in connection with the attempted fraudulent activity and billing reports or other communication summary data are not disseminated through network systems.
According to one aspect of the present invention, a communications network is provided with a receiver for receiving signal characteristic information of a source transmitter, an authorization system for using the received signal characteristic information to determine whether the source transmitter is authorized to access the network, and an output system for providing a security clearance signal, e.g., indicating that access is authorized or denied, based on the authorization determination. The security clearance signal is communicated to the communication channel allocation system of the network so that a channel is only established upon receiving an indication that the source transmitter is authorized. In this manner, fraudulent activity can be identified based on signal characteristics before channel allocation is completed and a channel termination procedure is unnecessary for security purposes. That is, the channel monitoring and record keeping/billing functions of the network are substantially unaffected by the fraud management of the present invention. It will be appreciated that the transmission signals of a source transmitter have characteristics i.e., a signature, particular to that source. These characteristics can be identified in terms of amplitude and/or phase related or other parameters including derivative infor- mation such as time rate of change of amplitude/frequency and frequency band composition. Additionally, these characteristics can be recognized by analyses of the raw signal waveform or by various sampling techniques.
Accordingly, the signal characteristic information can comprise the raw signal or characteristic information obtained by processing the signal.
Preferably, the receiver includes an antenna for receiving the transmission signal and related circuitry for communicating signal information to the authorization system, which may be existing equipment utilized by a wireless telecommunications carrier. The authorization system stores information pertaining to authorized transmitters and conducts security clearance based on a comparison of the received signal information to the stored information. Based on this comparison, a security clearance signal is communicated to the network communication channel allocation system according to a predetermined protocol. The invention may also include structure/methodology for delaying channel allocation to ensure that the signal characteristic analysis can be completed before a channel is allocated. At the present time, the signal character¬ istic analysis can take longer than the time required to execute existing clearance procedures. Consequently, a communication channel could be allocated before the signal characteristic analysis was completed absent some delay to the existing clearance procedures. An appropriate delay can be provided by implementing the signal characteristic analysis as a step within the existing clearance procedures or by otherwise inserting a pause or delay in the existing clearance procedures. In this manner, fraud management is enhanced and erroneous record keeping and billing is
reduced at the expense of only a minor delay where necessary.
In one embodiment, the present invention is incorporated into a conventional cellular telephone network. Conveniently, the present invention can be integrated with existing network monitoring systems so that minimal alteration is required. Conventional network monitoring systems analyze encoded information to identify authorized users prior to allocating a voice channel. Generally, the functionality of such monitoring systems can be understood by reference to three sequential time periods. In the first time period, the stand-by period, the network stands prepared to process an incoming call including the encoded information. The stand-by period ends when a call is detected by a network receiver. The second time period, the set-up period, involves establishing a voice channel for the call. During this time period, a regional channel allocation system issues an authorization inquiry to an authorization system which compares the encoded information to predetermined authorization codes and outputs an authorization signal to the allocation system based on the comparison. The set-up period ends when a voice channel is established by the allocation system. The final period, the record keeping period, begins as soon as the voice channel is established. During this period, a record of the communication is compiled which is used to generate billing statements.
In the cellular telecommunications network embodiment of the present invention, security clearance based on signal characteristics of the source transmitter is completed during the set-up period. The signal character- istic information is obtained via the remote receiver which detects the incoming call. This information is communicated to a signature device. The signature device also receives the authorization inquiry from the voice channel allocation system which is encoded for communication to a conventional authorization system. The authenticity of the source transmitter is verified by the signature device based on both the conventional encoded ID information and the signal characteristic or signature information. The signature device then outputs a security signal to the channel allocation system in accordance with the network protocol to allocate or deny a voice channel based on the transmitter identification. In this manner, channel allocation is delayed if necessary until a positive transmitter identification based on code and signature information is completed.
BRIEF DESCRIPTION OF THE DRAWINGS For a more complete understanding of the present invention and further understanding thereof, reference is now made to the following detailed description taken in conjunction with the drawings, in which:
Fig. 1A is a diagram illustrating a typical cellular telecommunications network;
Fig. IB is a schematic illustration of a cellular telecommunications network that employs home location and visitor location registers;
Fig. 1C is a block diagram illustrating pre-call communications between a home and a remote MSC;
Fig. 2 is a schematic illustration of a cellular telecommunications network including a signature verification device according to the present invention;
Fig. 3 is a schematic illustration of a cellular telecommunications network that employs home location and visitor location signature verification devices according to the present invention;
Fig. 4 is a flow diagram illustrating the signature verification method of the present invention; Fig. 5 is a schematic illustration of a telecommunications network employing a signature device and a delay device according to the present invention; and
Fig. 6 is a schematic illustration of a telecommunications network employing a signature device without conventional ID verification components according to the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
The present invention is generally directed to reducing fraudulent activity in a communications network by identifying and terminating potentially fraudulent access requests before a communication channel is established.
This is accomplished by verifying the identity of a source
transmitter based on its transmission signal signature as part of the set-up procedures preliminary to channel allocation. It will thus be appreciated that various aspects of the invention are applicable to a broad range of communications networks employing transmitters which are identifiable by virtue of their specific transmission signatures. In the following description, the invention is set forth with respect to specific implementations in the context of a cellular telecommunications network. A diagram illustrating a typical cellular telecommunications network is illustrated in FIG. 1A. Referring to FIG. 1A, each predetermined fixed geographic region is served by a separate Mobile Switching Center (MSC) . Additionally, each MSC region may comprise one or more cells, wherein each cell is served by its own base station connected to the MSC for that region. In FIG. 1A, Region I is served by a first MSC 101 while Region II is served by a second MSC 102. Region I comprises four cells each having its own base station 104 connected to the first MSC 101. Region II comprises three cells each having its own base station 106 connected to the second MSC 102.
One function of a MSC is to receive and route both cellular originated calls and cellular terminated calls. A cellular originated call is one placed by a cellular telephone located within the MSC serving area to either another cellular telephone or a physical line telephone. A cellular terminated call is one received by a cellular
telephone located within the MSC serving area, regardless if placed by a cellular or physical line telephone.
The MSC which serves the geographic region in which a subscriber is based is considered a subscriber's "home" MSC. For example, MSC 101 would be the home MSC for a subscriber based in Region I. Similarly, MSC 102 would be the home MSC for a subscriber based in Region II. In addition to routing calls, each MSC is ultimately responsible for monitoring its home subscriber's usage. When a subscriber originates a call, the cellular telephone 103 communicates via a base station with the particular MSC serving that geographic region by means of wireless RF transmission. The subscriber may either remain within the particular cell from which the call was originated or the subscriber may roam across cell and MSC region boundaries. For example, a cellular call may be originated by a subscriber in Cell A and the call would be handled initially by the first MSC 101. However, because cellular telephones are mobile, the subscriber could travel from Cell A into Cell B during the course of the call. Upon crossing from Cell A into Cell B, the call would cease being handled by the first MSC 101 and may be picked up mid-call and handled by the second MSC 102.
Multiple MSCs are dispersed throughout the United States, and much of the world, so that a subscriber may call from any geographic region served by a MSC. Many of the various MSCs are interconnected so that tele¬ communications may occur between two cellular telephones.
or between a cellular telephone and a physical line telephone, even if they are in different geographic regions.
Each subscriber's cellular telephone has its own unique ID code corresponding to a set of identification numbers. The identification numbers comprise two individual identifiers — a Mobile Identification Number (MIN) , and (2) a Mobile Serial Number (MSN) also referred to as an Electronic Serial Number (ESN) . The MSN/ESN is a unique serial number associated with the cellular telephone. The MIN is a ten-digit number, corresponding to the ten-digit telephone number used in North America, having the format npa-nxx-xxxx, where npa corresponds to the first three digits in the area code in North America, nxx corresponds to the next three digits which identify the serving switch in North America, and xxxx corresponds to the last four digits which identify the individual subscriber or physical line number. It will be appreciated by one of ordinary skill in the art that the format of the MIN may change based upon particular requirements. For example, the MIN may be modified to include a code which identifies the country in which the subscriber resides. The combination of the npa and nxx components form a number which identifies a subscriber's "home" MSC. At the initiation of each call, the cellular telephone transmits to the MSC its unique combination of MIN and ESN. The RF signal is received by an appropriate antenna associated with the base station receiver. The base station receiver in turn transmits a
signal either by RF or by land line telephone including the MIN and ESN to the regional MSC.
Once a voice channel for a call has been allocated, each MSC handling the call begins recording billing and record keeping information. At the termination of each call, whether cellular originated or cellular terminated, each MSC handling the call creates a separate Call Detail Record (CDR) which contains several items of information describing the call and the subscriber. For example., the CDR contains the following call information items: MIN, ESN, number called, call duration, call origination date and time, country called, information identifying the MSC, etc.
As mentioned above, each individual subscriber has a home MSC identified by the combination of the npa and nxx components of the subscriber's MIN. In many cases today, unless a cellular subscriber has previously notified the home MSC of his or her whereabouts, the subscriber may only receive a cellular terminated call when that subscriber is within his or her home MSC region. In many cases, a subscriber may initiate a cellular originated call, however, from any MSC region without any special proactive requirements.
A subscriber who engages in telecommunication activity from a region other than his or her home MSC region is referred to as a "roamer." For example, a subscriber based in Region I who originates a call from Region II would be considered a roaming subscriber in Region II. In current
practice, when a roaming subscriber places a call, the visited MSC incurs charges for the call. These charges are then billed back to the user's home MSC which, in turn, bills the user. Because only the subscriber's home MSC or independent databases maintain records of that subscriber's ID code and usage data, a MSC handling a roa er call is typically unable to independently verify the subscriber's ID code. Therefore, it is desirable to allow a MSC handling a roamer call to communicate with the home MSC to validate the particular call.
FIG. IB depicts a system whereby separate MSCs communicate to provide verification of the ESN/MIN ID code. In the description of FIG. IB, it is presumed that the MSC for Region I correspond's to a subscriber's home MSC 101 and the MSC 102 for Region II is a visited MSC. As illustrated in FIG. IB, when a roaming subscriber attempts to place a call in Region II, the user's cellular telephone communicates with the visited MSC 102. The visited MSC 102, upon determining that the attempted call is being placed by a roamer, communicates pre-call address information to Visitor Location Register (VLR) 130. VLR 130 uses the pre- call address information to contact a Home Location Register (HLR) 142 associated with the subscriber's home MSC 101. The subscriber's home HLR 142 then uses the information to verify the ESN/MIN ID code. Substantially the same procedure occurs when a user roaming outside his or her home region turns the power to his or her cellular telephone on, or when a user crosses system or cell
boundaries with the power on, or during an intermittent polling procedure initiated by the visited MSC 102. It should be appreciated that not all MSCs currently have an HLR, therefore, in such cases, VLRs are required to contact an independently maintained database of valid MIN/ESN combinations.
The HLR/VLR interface communicates pursuant to an industry standard, the IS-41 standard. The IS-41 standard defines, among other things, the format of messages transmitted across the HLR/VLR interface between two MSCs. This format will be referred to as the IS-41 format. It should be appreciated, however, that the present invention is not limited to an architecture defined by the IS-41 standard and could be implemented using a different industry standard, including a proprietary standard.
FIG. 1C illustrates pre-call communications across an HLR/VLR interface. As illustrated in FIG. 1C, when a 'roaming' call is initiated, the visited MSC 102 generates a Registration Notification (REGNOT) message which, pursuant to the IS-41 standard, is passed to the VLR 130 associated with the visited MSC 102. The VLR 130 forwards the REGNOT message to the HLR 142 associated with the user's home MSC 101 based on the pre-call address information. The HLR 142 receives the REGNOT and utilizes portions of the REGNOT to determine whether the particular subscriber's current ESN/MIN is authorized. The HLR 142 may then communicate a response to the visited MSC 102 via the HLR/VLR interface which indicates whether the particular
subscriber's current ESN/MIN is authorized. Specifically, in accordance with the IS-41 standard, the HLR responds with, among other things, an authorization signal if the call is good, i.e., if the call request is by an authorized subscriber. If the call is bad, indicating an unauthorized ESN/MIN ID code, the HLR responds with an authorization denied signal. This information is communicated to the visited MSC 102 via the HLR/VLR interface and a voice channel is allocated or denied by the visited MSC 102 based on this information.
An increasing problem associated with the system as described above is clone telephones. A clone can be constructed, for example, by intercepting the RF call request signal from the cellular telephone 103 to the base station 104 and decoding the ESN/MIN ID code. The code information can then be programmed into a clone which appears to be authorized to the MSC. As a result, fraudulent activities by such clones can escape detection by the FMS prior to channel allocation. Even if the fraudulent activity is later detected, a CDR may already have been generated by the MSC, resulting in a nuisance to the network provider and users and requiring significant resources to correct, particularly when considered on a network-wide basis. An improved system for addressing the problems of clones and network management is shown in Fig. 2. Referring to Fig. 2, it is assumed for the purposes of illustration that the call is placed by cellular telephone
103 via base station 104 in its home region. The system conveniently makes use of various existing network components including the base station 104, MSC 101 and VLR 140. In addition, as will be described below, the communications of the illustrated system 201 are fully compliant with the IS-41 standard.
In order to distinguish calls initiated by authorized subscribers from fraudulent activity involving clones, the system 201 employs a signature device 202 to analyze the signal characteristics or signature of the source cellular telephone 103. As previously noted, this signature can be defined by any of various signal characteristic information sufficient to identify the cellular telephone 103. A function of the signature device, then, is to store a database of subscriber-specific signature information, receive signature information for a particular call request and perform a comparison for the call request based on the database to determine whether the signature of the cellular telephone's call request signal matches the signature of an authorized subscriber. The signature device 202 may either be a stand alone system or incorporated into the system's HLR (or vice versa) .
In the illustrated system 201, a signal including the signature information is communicated directly from a remote computing device at the base station 104 to the signature device 202. In this manner, the information is made available to the signature device without affecting the IS-41 standard communications. Additionally, the
signature analysis is best performed based on data closely correlated to the raw request signal. By directly communicating with the remote computing device at the base station, the signature information can be obtained before the signal loses valuable information due to buffering, filtering, analog-to-digital conversation or other conditioning or processing incident to transmission via the MSC. In this regard, a signal for use by the signature device 202 can be taken from the base station by a Y-link in the base station antenna substantially without disturbing base station/MSC communication. To obtain derivative signature information based on the call request signal, the signal can be processed at the base station 104 and/or signature device 202. An advantage of the illustrated system 201 is the ability to identify fraudulent activity prior to allocating a voice channel. This is accomplished by incorporating the signature device 202 into the IS-41 standard pre-call protocol. Referring to Figs. 2 and 4, a call is initiated when a call request is transmitted from the cellular telephone 103 to the base station 104. As part of the call set-up process, the ESN/MIN ID code information is transmitted from the base station 104 to the MSC 101. Signature information is also transmitted from the base station to the signature device 202 as described above.
The MSC 101 is programmed to treat all call requests as roamers. That is, for all call requests, the MSC 101 communicates pre-call address information to the VLR in
accordance with the IS-41 standard. In this case, the pre- call address information directs the VLR to communicate a REGNOT to the signature device 202. The signature device 202 performs the IS-41 standard ESN/MIN ID code check and also conducts the signature check. In this regard, the ESN/MIN ID code can be utilized by the signature device 202 to facilitate location of the corresponding signature information in the signature information database. Alternatively, the system's HLR can be queried by the VLR provided the HLR is programmed to query the signature device 202 for a signature check prior to responding to the VLR. If both the code check and the signature check indicate that the call request originated from an authorized subscriber, then the IS-41 standard authorization signal is communicated from the signature device 202 or the HLR 202 to the MSC 101 via the VLR 140 and channel allocation ensues. Otherwise, the IS-41 standard authorization denied signal is output by the signature device 202 or the HLR and the attempted fraudulent activity is prevented.
A similar procedure is employed for call requests initiated by roamers. Referring to Fig. 3, for the purposes of illustration it is assumed that the cellular telephone 103 is now roaming in Region II outside of its home. Region I. A call request initiated by cellular telephone 103 is received by visited base station 106 serviced by MSC 102 of Region II. A signal including the signature information is communicated from a remote
computing device at the visited base station 106 to the home signature device 202 directly, via inter-signature device connections or, through a modification to the IS-41 standard, along with the VLR/HLR communication. The ESN/MIN ID code information is communicated from the visited base station 106 to the visited MSC 102.
As before, the MSC is programmed to treat all call requests, including true roaming requests, as roaming requests. In this case, the visited MSC communicates pre- call address information to the VLR 130 which issues a REGNOT to the home signature device 202 and/or the system HLR. The signature device 202 conducts an ESN/MIN ID code check and a signature check as described above. In response to these checks, the home signature device 202 communicates an IS-41 standard authorization or authorization denied signal to the visited MSC 102 via the visited VLR 130 so that the MSC is directed to allocate a voice channel or prevent allocation based on the ESN/MIN ID code and signature information. One purpose of conducting communication between the signature device 202 and the MSC 101 via the VLR 130 as described above, is to provide a delay in the conventional channel allocation process. At the present time, the signature checking process can take longer than the conventional ESN/MIN ID checking process. As a result, a voice channel could be allocated prior to completion of the signature check absent a delay. As previously noted, this is problematic in that record keeping and billing functions
are generally instigated as soon as a voice channel is allocated thereby potentially resulting in erroneous records in the case of fraudulent activity. In the system 201 of Figs. 2-4, an appropriate delay is provided by inserting the signature check as a step within the existing fraud management system. However, any other mechanism for providing a suitable delay may be employed.
One such alternative system for providing a suitable delay is shown in Fig. 5. Referring to Fig. 5, the illustrated system employs a base station 104, MSC 101, VLR 140 and HLR 142 which are employed to conduct an authorization check based on the ESN/MIN ID code as discussed above. Although not shown, the system also employs conventional interfaces between the VLR 140 and HLR 142 and corresponding components of other regional MSCs to handle roamers as previously discussed.
The illustrated system also employs the signature device 202 to conduct a signature check based on signal characteristics of the call request signal from cellular telephone 103. However, as shown in Fig. 5, the signature check is conducted outside of the MSC/VLR/HLR protocol. In particular, the signature device 202 receives a signal including signature information from the base station or remote computing device at the base station 104, performs a signature check and communicates with the MSC 101 to enable voice channel allocation for authorized call requests without involving the VLR 140. In order to ensure that a voice channel is not allocated prior to completion
of the signature check, a delay device 210 is employed to provide an appropriate delay of voice channel allocation by the MSC 101. In this regard, the delay can be for a predetermined time sufficient to allow completion of the signature check or, optionally, the delay device 210 can be interconnected to the signature device 202 to receive a signal indicating that the signature check is complete, thereby determining the delay interval.
As long as the MSC does not decide whether or not to allocate a voice channel until the results of both the ESN/MIN ID check and signature check are received, a number of system configurations are possible. As another example, the MSC can be structured to postpone the allocation decision until the results of both checks have been received.
Fig. 6 illustrates a further alternative system in which the check provided by the signature device 202 is relied upon to the exclusion of the conventional ESN/MIN ID check. It will be appreciated that the specific signature for a cellular telephone 103 can be represented as a digital code which can serve functions similar to the conventional ESN/MIN ID code, e.g., the "signature code" can be used to identify an authorized subscriber for record keeping and billing purposes. In the illustrated system, the signature device receives a signal including signature information from the base station or a remote computing device at the base station 104, conducts a signature check and outputs a signal to the MSC 101 including voice channel
security clearance information and subscriber identification information for record keeping purposes. Alternatively, the ESN/MIN ID code may be employed by the signature device 202 to refer call requests by roamers to a signature device of the roamer's home region. While various embodiments of the present invention have been described in detail, it is apparent that further modifications and adaptations of the invention will occur to those skilled in the art. However, it is to be expressly understood that such modifications and adaptations are within the spirit and scope of the present invention.