WO2009018840A1 - Method and system for preventing unsolicited calls in a communication network - Google Patents

Method and system for preventing unsolicited calls in a communication network Download PDF

Info

Publication number
WO2009018840A1
WO2009018840A1 PCT/EP2007/006967 EP2007006967W WO2009018840A1 WO 2009018840 A1 WO2009018840 A1 WO 2009018840A1 EP 2007006967 W EP2007006967 W EP 2007006967W WO 2009018840 A1 WO2009018840 A1 WO 2009018840A1
Authority
WO
WIPO (PCT)
Prior art keywords
call
caller interaction
analysis
selection
caller
Prior art date
Application number
PCT/EP2007/006967
Other languages
French (fr)
Inventor
Saverio Niccolini
Thilo Ewald
Juergen Quittek
Original Assignee
Nec Europe Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nec Europe Ltd. filed Critical Nec Europe Ltd.
Priority to PCT/EP2007/006967 priority Critical patent/WO2009018840A1/en
Publication of WO2009018840A1 publication Critical patent/WO2009018840A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/436Arrangements for screening incoming calls, i.e. evaluating the characteristics of a call before deciding whether to answer it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1076Screening of IP real time communications, e.g. spam over Internet telephony [SPIT]
    • H04L65/1079Screening of IP real time communications, e.g. spam over Internet telephony [SPIT] of unsolicited session attempts, e.g. SPIT
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/212Monitoring or handling of messages using filtering or selective blocking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2203/00Aspects of automatic or semi-automatic exchanges
    • H04M2203/20Aspects of automatic or semi-automatic exchanges related to features of supplementary services
    • H04M2203/2027Live party detection

Definitions

  • the present invention relates to a method for preventing unsolicited calls in a communication network, wherein an incoming call from a caller is analysed by means of a caller interaction procedure, and wherein the handling of the call - forwarding of the call to the callee or blocking the call - is performed depending on the result of said caller interaction analysis.
  • the invention concerns a system for preventing unsolicited calls in a communication network, the system comprising an analysing engine for performing a caller interaction procedure, and a processing means for performing the handling of the call - forwarding of the call to the callee or blocking the call - depending on the result of said caller interaction analysis.
  • SPAM In the area of electronic mail unsolicited bulk email messages - so-called SPAM - have become very common and have turned into a severe problem. Not only companies that require email communication are impacted by SPAM messages, but also private users are very annoyed by SPAM. Many Internet users nowadays receive more SPAM messages than regular emails. For this reason, almost every server for incoming email uses SPAM filters which check incoming mails according to defined rules. They search, for example, actively for key words in the content of an email, they check specific configurations of the server used for sending the email or they search for senders that are often used for sending bulk emails. In case of a matching classification of an email as SPAM, it is marked and/or sorted out.
  • SPAM Spam over Internet Telephony
  • SPIT Spam over Internet Telephony
  • SPIT Spam over Internet Telephony
  • the aforementioned object is accomplished by a method comprising the features of claim 1. According to this claim, such a method is characterized in that for said analysis a multitude of different caller interaction procedures is provided and that a specific caller interaction procedure to be applied to the call is selected from said multitude of caller interaction procedures.
  • the system for processing of voice messages in a communication network according to claim 20.
  • the system is characterized in that it comprises a provision means for providing a multitude of different caller interaction procedures for said analysis, and that the system further comprises a selection means for performing a selection of a specific caller interaction procedure to be applied to the call from said multitude of caller interaction procedures.
  • the sender of such calls will have the chance of knowing in advance the prevention mechanism which is employed.
  • he is enabled to take the necessary countermeasures in order to get around the prevention system. For example, if a SPIT caller realizes after placing several calls with different parameters that the protection system always applies the same Turing test as caller interaction procedure, he is enabled to program appropriate attacking software in order to get around the Turing test.
  • the invention proposes the provision of a multitude of different caller interaction procedures for performing a call analysis, together with a selection means for a selection of a specific caller interaction procedure from the multitude of caller interaction procedures which is then applied to the call.
  • the invention realises some kind of a "moving target" which avoids giving the sender of unsolicited calls a standard test he could train against and pass after reprogramming the sender software. As a result the effectiveness of the SPIT prevention is enhanced compared to the methods known in prior art.
  • the selection of a specific caller interaction procedure from the multitude of caller interaction procedures is performed in a dynamic and real-time manner.
  • the selection of a specific caller interaction procedure from the multitude of caller interaction procedures is performed in an at least partially randomized manner.
  • an incoming call before being analyzed by means of a selected caller interaction procedure is first analyzed in order to determine whether the call is to be considered in a way suspicious.
  • a first analysis of incoming calls could follow specific rules which, for example, may be completely or at least partially be pre-configurable by the callee.
  • the first analysis may be performed without any caller interaction being involved. Consequently, the first analysis is invisible for the caller.
  • the first analysis may be performed on the SIP signaling.
  • first analysis may include an analysis based on a white/black listing of caller addresses. According to such a test calls from a caller address contained in a white list (containing known addresses from, e.g., friends, family members, colleagues, etc.) may be considered unsuspicious.
  • the first analysis may include an analysis based on points in time the calls are placed.
  • This kind of analysis may include a short term behaviour (according to which calls are placed in fixed time intervals, for instance, each thirty seconds) as well as a long term behaviour (according to which unsolicited calls are always placed at certain points in time, for example, each business day at noon, or each Sunday at 10 a.m.).
  • the output of the first analysis is taken into consideration for the selection of a specific caller interaction procedure.
  • each call is assigned a status in form of a binary value indicating that the call is to be considered suspicious or not. For example, the value "0" could indicate that the call passed the first analysis without any problems and is thus considered unsuspicious, whereas the binary value "1" could indicate that there is strong evidence that the call constitutes an unsolicited SPIT call.
  • each call may be assigned a status in form of a value indicating a grade for the call that it constitutes an unsolicited call.
  • the grade could be, for example, a number between 0 and 9, 0 indicating that the analysis did not provide any hints that the call could be SPIT, and 9, as the highest degree, indicating that the message is very likely SPIT.
  • the grade can be a probability that a call is an unsolicited SPIT call (60 % SPAM call probability, for example).
  • a caller interaction check is only performed when the first analysis results in a suspicion probability that exceeds a pre-configurable threshold.
  • a caller interaction may be only performed for suspicious calls which have been assigned the binary value "1" as described above.
  • the call may be directly forwarded to the callee without any further analysis by means of a caller interaction.
  • the selection means may be configured in such a way as to choose more sophisticated caller interaction procedures the higher the suspicion probability resulting from the first analysis.
  • an additional randomization is also possible. For instance, if the first analysis results in a high suspicion probability a specific caller interaction procedure may be randomly selected from a group of high challenging caller interaction procedures. On the other hand, if the first analysis results in a low suspicion probability, the caller interaction procedure may be selected from a group of less complex and sophisticated caller interaction procedures (which, in general, are applicable with less computational effort).
  • a further parameter the caller interaction selection may be based on is the identity of the caller and/or the callee.
  • the selection means may be configured in such a way as to act based on preferences specified by the callee.
  • the selections means may be designed as the place where the users (callees) insert their preferences on the blocking of certain calls/communications allowing the system to perform such blocking on their behalf.
  • Such a configuration may be important to make the system legally compliant with country-specific laws on the suppression of communications. For example, in Germany the opportunity of a configuration on the part of the users is a prerequisite to have a blocking system legally compliant following the law and suppression of communication in Germany.
  • the selection of a specific caller interaction procedure is based on the point in time a call is coming in.
  • more difficult caller interaction procedures are applied during time of the day or days of the week where callees are in general not supposed to receive communications from unknown users (e. g. during night at home or in the office, during Sundays or public holidays in the office).
  • an unknown user willing to initiate a communication with a callee would require to pass more advanced checks that would constitute a big annoyance for callers during a normal period of time.
  • Such advanced checks may e.g. include solving computational puzzles and typing the result on the dial pad.
  • the selection of a specific call interaction procedure may be based on local/or domain specific policies (including legal ones). Moreover, system load considerations may be taken into account.
  • each call not necessarily only one specific caller interaction procedure is selected. Depending on the situation, in particular on the outcome of the first analysis, two or even more caller interaction procedures may be selected and applied to a call one after the other or concurrently.
  • a dynamic routing of the call is performed, for instance by means of a signaling entity, based on the result of the caller interaction procedure selection.
  • Such dynamic routing serves both for sending the call to the appropriate device/application which performs the selected caller interaction check and for distributing the load of the computation over different servers.
  • the only Figure illustrates - schematically - an embodiment of a system according to the invention for preventing unsolicited calls in a communication network.
  • the communication between a caller 1 and callee 2 is a SIP (Session Initiation Protocol) communication.
  • SIP Session Initiation Protocol
  • a caller 1 which is an unknown user from the point of view of the callee 2, directs a Session Initiation Message (arrow A) to the address of the callee 2.
  • the Session Initiation Message is forwarded to the callee 2 to establish a communication, the call has to pass an unsolicited call prevention system 3.
  • the unsolicited call prevention system 3 and the signaling entity 4 for the SIP communication are implemented in the same entity.
  • the unsolicited call prevention system 3 may be a separate application or device.
  • the signaling entity 4 is a SIP Proxy Server.
  • the signaling entity may be a session border controller or a P/S-CSCF, etc. depending on the kind of communication to be established.
  • the unsolicited call prevention system 3 comprises a first analyser to perform a first check on the Session Initiation Message without any caller interaction being involved. For example, the first analysis checks the caller address on the basis of a white/black listing of addresses. After having passed the first analysis, the communication request is further analysed by means of at least one specific caller interaction procedure. Such a further analysis may be envisioned for each incoming communication request or only for those communication requests which as a result of the first analysis have proven to be in some way suspicious.
  • the signaling entity 4 forwards the call to a selection means 6 (arrow B) which performs the specific caller interaction selection.
  • the selection means 6 is designed as a policy decision engine which may randomly select one ore more caller interaction procedures from the multitude of caller interaction procedures 5, 5 N . Further or alternative to a randomised selection, the following selection parameters may be considered: the result of the first analysis, preferences specified by the callee, caller, callee, time of day, day of week, local and domain specific policies, system load considerations. It is to be understood that this enumeration is not final and that further selection parameters may be envisioned as the case may be. A combined application of one ore more selection parameters may prove to be especially advantageous as it presents an intelligent way of increasing the difficulties for an attacker sending unsolicited communications to get around the identification and prevention checks.
  • the selection means 6 forwards its response to the selection query to the signaling entity 4 (arrow B), the response indicating one ore more selected caller interaction procedures.
  • the signaling entity 4 dynamically forwards the communication request to the selected caller interaction procedure(s) 5 X (arrow D x ).
  • the signaling entity 4 gets back a check answer in form of an instruction to either accept or block the communication request (arrow D x ). If the check was successful and the signaling to that effect receives an instruction to accept the call, the call is forwarded to callee 2 (arrow C). Otherwise the call is blocked.

Abstract

A method and a system for preventing unsolicited calls SPIT or SPAM over Internet telephony in a communication network, wherein an incoming call from a caller (1 ) is analysed by means of a caller interaction procedure, and wherein the handling of the call - forwarding of the call to the callee (2) or blocking the call - is performed depending on the result of said caller interaction analysis, whereby the analysis includes - black/white list filtering, - voice pattern detection, - computational puzzle test, - time of day filter, and takes system load considerations into account.

Description

METHOD AND SYSTEM FOR PREVENTING UNSOLICITED CALLS IN
A COMMUNICATION NETWORK
The present invention relates to a method for preventing unsolicited calls in a communication network, wherein an incoming call from a caller is analysed by means of a caller interaction procedure, and wherein the handling of the call - forwarding of the call to the callee or blocking the call - is performed depending on the result of said caller interaction analysis.
Furthermore, the invention concerns a system for preventing unsolicited calls in a communication network, the system comprising an analysing engine for performing a caller interaction procedure, and a processing means for performing the handling of the call - forwarding of the call to the callee or blocking the call - depending on the result of said caller interaction analysis.
In the area of electronic mail unsolicited bulk email messages - so-called SPAM - have become very common and have turned into a severe problem. Not only companies that require email communication are impacted by SPAM messages, but also private users are very annoyed by SPAM. Many Internet users nowadays receive more SPAM messages than regular emails. For this reason, almost every server for incoming email uses SPAM filters which check incoming mails according to defined rules. They search, for example, actively for key words in the content of an email, they check specific configurations of the server used for sending the email or they search for senders that are often used for sending bulk emails. In case of a matching classification of an email as SPAM, it is marked and/or sorted out.
In the area of - analog or digital - telephony, SPAM (in this context referred to as SPIT, Spam over Internet Telephony) also occurs more and more often, as it can be seen, for example, in case of unsolicited commercial calls. These calls are mostly made by automated calling machines. Due to the currently and mainly employed switched telephone networks, such SPAM calls are very complicated and expensive which is the reason for a rather restricted number of SPAM calls. When Internet telephony will be used more commonly though, such SPAM calls will become much easier and cheaper, so a tremendous increase of SPAM calls will have to be assumed.
Prevention of unsolicited SPAM calls needs to take into account the real-time nature of communications and therefore it is already known in prior art that prevention systems use intrusive methods interacting with the caller in order to perform advanced checks to filter out the unsolicited calls. It is foreseen that other checks not interacting with the caller (e.g. checks on the signaling) will not be effective enough to protect users from SPIT calls. Examples of these advanced caller interaction checks or procedures are the applicant's Audio Completely Automated Public Turing Test to Tell Human and Computer Apart (CAPTHCA) which interacts with the caller in order to understand if the caller is a human or a computer. Another example is the WIPRO Voice Printing (biometric) check that is performed on users not having the correct reachability code in order to correctly identify them and legitimate them to initiate the call.
Although the caller interaction checks mentioned above are more sophisticated than the formerly known checks not interacting with the caller and can thus prevent users from unsolicited calls more accurately, there are still various possibilities for SPIT callers to get around these caller interaction prevention mechanisms. In particular the above mentioned automated calling machines dispose of sufficient resources and capacities to place SPIT calls in various ways, i.e. by using changing parameters. By applying such kind of trial and error approach the SPIT caller will at some point find a combination of parameters by which it is possible to successfully circumvent the specific caller interaction procedure applied by the prevention system.
It is therefore an object of the present invention to improve and further develop a method and a system of the initially described type for preventing unsolicited calls in a communication network in such a way that by employing mechanisms that are readily to implement the difficulties for an attacker to get around the SPAM call prevention checks are increased thereby enhancing the effectiveness of the unsolicited call prevention. In accordance with the invention, the aforementioned object is accomplished by a method comprising the features of claim 1. According to this claim, such a method is characterized in that for said analysis a multitude of different caller interaction procedures is provided and that a specific caller interaction procedure to be applied to the call is selected from said multitude of caller interaction procedures.
The problem mentioned above is furthermore solved by the system for processing of voice messages in a communication network according to claim 20. According to this claim, the system is characterized in that it comprises a provision means for providing a multitude of different caller interaction procedures for said analysis, and that the system further comprises a selection means for performing a selection of a specific caller interaction procedure to be applied to the call from said multitude of caller interaction procedures.
According to the invention, it has first been recognized that if the caller interaction procedure aiming to prevent the users from unsolicited calls for a certain system is static (i.e. always the same caller interaction procedure is applied), the sender of such calls will have the chance of knowing in advance the prevention mechanism which is employed. Thus, he is enabled to take the necessary countermeasures in order to get around the prevention system. For example, if a SPIT caller realizes after placing several calls with different parameters that the protection system always applies the same Turing test as caller interaction procedure, he is enabled to program appropriate attacking software in order to get around the Turing test.
In contrast to always relying upon a fixed single caller interaction procedure, the invention proposes the provision of a multitude of different caller interaction procedures for performing a call analysis, together with a selection means for a selection of a specific caller interaction procedure from the multitude of caller interaction procedures which is then applied to the call. By using caller interaction procedures that are varied over time an attacker is given less chances of knowing in advance which challenge has to be solved in the case of a specific call in order to place the call. It has been recognized that continuously changing the applied caller interaction procedure implies varying challenges on the side of an attacker so that the difficulties for an attacker to circumvent the SPIT prevention system are significantly increased. The invention realises some kind of a "moving target" which avoids giving the sender of unsolicited calls a standard test he could train against and pass after reprogramming the sender software. As a result the effectiveness of the SPIT prevention is enhanced compared to the methods known in prior art.
It is to be understood that the term "different caller interaction procedure" is to be understood in a broad sense. This means that not only, for example, a Turing Test (as described in detail in DE 10 2005029 287 A1), a Voice Printing Test (as described in "Voice Printing and Reachability Code (VPARC) Mechanism for SPIT', WIPRO, white paper) or a test based on computational puzzles (as described for example in the Internet Draft of the Network Working Group: Computational Puzzles for SPAM Reduction in SIP, http://tools.ietf.org/html/draft-jennings-sip-hashcash-05) are considered to be different caller interaction procedures, but that, for example, Turing tests with different parameter settings are considered to be different caller interaction methods as well.
In a preferred embodiment the selection of a specific caller interaction procedure from the multitude of caller interaction procedures is performed in a dynamic and real-time manner. By this means it becomes possible to handle each call individually and to take into account certain characteristics of the call in the selection decision.
Advantageously, the selection of a specific caller interaction procedure from the multitude of caller interaction procedures is performed in an at least partially randomized manner. By introducing a randomization in the caller interaction selection process a sender of unsolicited calls is given very few reference points which renders a circumvention of the prevention system extremely difficult.
According to a preferred embodiment an incoming call, before being analyzed by means of a selected caller interaction procedure is first analyzed in order to determine whether the call is to be considered in a way suspicious. Such a first analysis of incoming calls could follow specific rules which, for example, may be completely or at least partially be pre-configurable by the callee. The first analysis may be performed without any caller interaction being involved. Consequently, the first analysis is invisible for the caller. In case of a SIP (Session Initiation Protocol) communication the first analysis may be performed on the SIP signaling. Specifically, first analysis may include an analysis based on a white/black listing of caller addresses. According to such a test calls from a caller address contained in a white list (containing known addresses from, e.g., friends, family members, colleagues, etc.) may be considered unsuspicious.
Additionally or alternatively the first analysis may include an analysis based on points in time the calls are placed. This kind of analysis may include a short term behaviour (according to which calls are placed in fixed time intervals, for instance, each thirty seconds) as well as a long term behaviour (according to which unsolicited calls are always placed at certain points in time, for example, each business day at noon, or each Sunday at 10 a.m.).
In an advantageous embodiment, the output of the first analysis is taken into consideration for the selection of a specific caller interaction procedure. To this end, it may be provided that based on the result of the first analysis each call is assigned a status in form of a binary value indicating that the call is to be considered suspicious or not. For example, the value "0" could indicate that the call passed the first analysis without any problems and is thus considered unsuspicious, whereas the binary value "1" could indicate that there is strong evidence that the call constitutes an unsolicited SPIT call.
Regarding a more precise assessment, according to the result of the first analysis each call may be assigned a status in form of a value indicating a grade for the call that it constitutes an unsolicited call. Specifically, the grade could be, for example, a number between 0 and 9, 0 indicating that the analysis did not provide any hints that the call could be SPIT, and 9, as the highest degree, indicating that the message is very likely SPIT. Alternatively, the grade can be a probability that a call is an unsolicited SPIT call (60 % SPAM call probability, for example).
In order to disburden the selection means, which performs the specific caller interaction procedure selection for incoming calls, it may be provided that in addition to the first analysis a caller interaction check is only performed when the first analysis results in a suspicion probability that exceeds a pre-configurable threshold. In the case of the assignment of a binary value, a caller interaction may be only performed for suspicious calls which have been assigned the binary value "1" as described above. In all other cases - binary value "0" or suspicion probability below the specified threshold - the call may be directly forwarded to the callee without any further analysis by means of a caller interaction.
Regarding a high efficiency of SPIT prevention, not only the decision whether a call is further analysed by means of a caller interaction or not may be based on the result of the first analysis, but also the selection process itself could take into consideration the outcome of the first analysis. For example, the selection means may be configured in such a way as to choose more sophisticated caller interaction procedures the higher the suspicion probability resulting from the first analysis. In this context an additional randomization is also possible. For instance, if the first analysis results in a high suspicion probability a specific caller interaction procedure may be randomly selected from a group of high challenging caller interaction procedures. On the other hand, if the first analysis results in a low suspicion probability, the caller interaction procedure may be selected from a group of less complex and sophisticated caller interaction procedures (which, in general, are applicable with less computational effort).
A further parameter the caller interaction selection may be based on is the identity of the caller and/or the callee. In particular, the selection means may be configured in such a way as to act based on preferences specified by the callee. The selections means may be designed as the place where the users (callees) insert their preferences on the blocking of certain calls/communications allowing the system to perform such blocking on their behalf. Such a configuration may be important to make the system legally compliant with country-specific laws on the suppression of communications. For example, in Germany the opportunity of a configuration on the part of the users is a prerequisite to have a blocking system legally compliant following the law and suppression of communication in Germany. In a further advantageous embodiment, the selection of a specific caller interaction procedure is based on the point in time a call is coming in. In this context it may be provided, for instance, that more difficult caller interaction procedures are applied during time of the day or days of the week where callees are in general not supposed to receive communications from unknown users (e. g. during night at home or in the office, during Sundays or public holidays in the office). In this case an unknown user willing to initiate a communication with a callee would require to pass more advanced checks that would constitute a big annoyance for callers during a normal period of time. Such advanced checks may e.g. include solving computational puzzles and typing the result on the dial pad.
In still further advantageous embodiment the selection of a specific call interaction procedure may be based on local/or domain specific policies (including legal ones). Moreover, system load considerations may be taken into account.
It is to be understood that for each call not necessarily only one specific caller interaction procedure is selected. Depending on the situation, in particular on the outcome of the first analysis, two or even more caller interaction procedures may be selected and applied to a call one after the other or concurrently.
In a preferred embodiment, a dynamic routing of the call is performed, for instance by means of a signaling entity, based on the result of the caller interaction procedure selection. Such dynamic routing serves both for sending the call to the appropriate device/application which performs the selected caller interaction check and for distributing the load of the computation over different servers.
There are several ways how to design and further develop the teaching of the present invention in an advantageous way. To this end, it is to be referred to the patent claims subordinate to patent claims 1 and 20 on the one hand, and to the following explanation of preferred examples of embodiments of the invention illustrated by the drawings on the other hand. In connection with the explanation of the preferred example of an embodiment of the invention by the aid of the drawings, generally preferred embodiments and further developments of the teaching will be explained. In the drawings the only Fig. illustrates an embodiment of a system according to the present invention for preventing unsolicited calls in a communication network.
The only Figure illustrates - schematically - an embodiment of a system according to the invention for preventing unsolicited calls in a communication network. In the specific embodiment shown in the Figure the communication between a caller 1 and callee 2 is a SIP (Session Initiation Protocol) communication. In a first step a caller 1 , which is an unknown user from the point of view of the callee 2, directs a Session Initiation Message (arrow A) to the address of the callee 2. However, before the Session Initiation Message is forwarded to the callee 2 to establish a communication, the call has to pass an unsolicited call prevention system 3. In the embodiment shown the unsolicited call prevention system 3 and the signaling entity 4 for the SIP communication are implemented in the same entity. However, the unsolicited call prevention system 3 may be a separate application or device. In the specific case the signaling entity 4 is a SIP Proxy Server. In other embodiments the signaling entity may be a session border controller or a P/S-CSCF, etc. depending on the kind of communication to be established.
The unsolicited call prevention system 3 comprises a first analyser to perform a first check on the Session Initiation Message without any caller interaction being involved. For example, the first analysis checks the caller address on the basis of a white/black listing of addresses. After having passed the first analysis, the communication request is further analysed by means of at least one specific caller interaction procedure. Such a further analysis may be envisioned for each incoming communication request or only for those communication requests which as a result of the first analysis have proven to be in some way suspicious.
According to the invention a multitude of different caller interaction procedures S1, 52, 53, ..., 5N is provided. The signaling entity 4 forwards the call to a selection means 6 (arrow B) which performs the specific caller interaction selection. The selection means 6 is designed as a policy decision engine which may randomly select one ore more caller interaction procedures from the multitude of caller interaction procedures 5, 5N. Further or alternative to a randomised selection, the following selection parameters may be considered: the result of the first analysis, preferences specified by the callee, caller, callee, time of day, day of week, local and domain specific policies, system load considerations. It is to be understood that this enumeration is not final and that further selection parameters may be envisioned as the case may be. A combined application of one ore more selection parameters may prove to be especially advantageous as it presents an intelligent way of increasing the difficulties for an attacker sending unsolicited communications to get around the identification and prevention checks.
The selection means 6 forwards its response to the selection query to the signaling entity 4 (arrow B), the response indicating one ore more selected caller interaction procedures. The signaling entity 4 dynamically forwards the communication request to the selected caller interaction procedure(s) 5X (arrow Dx). The signaling entity 4 gets back a check answer in form of an instruction to either accept or block the communication request (arrow Dx). If the check was successful and the signaling to that effect receives an instruction to accept the call, the call is forwarded to callee 2 (arrow C). Otherwise the call is blocked.
Many modifications and other embodiments of the invention set forth herein will come to mind the one skilled in the art to which the invention pertains having the benefit of the teachings presented in the foregoing description and the associated drawings. Therefore, it is to be understood that the invention is not to be limited to the specific embodiments disclosed and that modifications and other embodiments are intended to be included within the scope of the appended claims. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims

C l a i m s
1. Method for preventing unsolicited calls in a communication network, wherein an incoming call from a caller (1) is analysed by means of a caller interaction procedure, and wherein the handling of the call - forwarding of the call to the callee (2) or blocking the call - is performed depending on the result of said caller interaction analysis, c h a r a c t e r i z e d i n that for said analysis a multitude of different caller interaction procedures (5) is provided and that a specific caller interaction procedure (5) to be applied to the call is selected from said multitude of caller interaction procedures (5).
2. Method according to claim 1 , wherein the selection of a specific caller interaction procedure (5) is performed as a dynamic and real-time selection.
3. Method according to claim 1 or 2, wherein the multitude of different caller interaction procedures (5) includes a Turing Test, a Voice Printing Test and/or a test based on computational puzzles
4. Method according to any of claim 1 to 3, wherein the selection of a specific caller interaction procedure (5) from said multitude of caller interaction procedures (5) is performed in an at least partially randomized manner.
5. Method according to any of claims 1 to 4, wherein an incoming call, before being analysed by means of a caller interaction procedure (5), is first analyzed according to pre-configurable rules, in order to determine whether the call is to be considered in a way suspicious.
6. Method according to claim 5, wherein the first analysis is performed without any caller interaction being involved.
7. Method according to claim 5 or 6, wherein the first analysis includes an analysis based on a white/black listing of caller addresses.
8. Method according to any of claims 5 to 7, wherein the first analysis includes an analysis based on the points in time the calls are placed.
9. Method according to any of claims 5 to 8, wherein according to the result of the first analysis each call is assigned a status in form of a binary value indicating that the call is to be considered suspicious.
10. Method according to any of claims 5 to 8, wherein according to the result of the first analysis each call is assigned a value indicating a probability that the call is to be considered suspicious.
11. Method according to any of claims 5 to 10, wherein a further analysis of the call by means of a caller interaction (5) is only performed in case the first analysis results in a suspicion probability that exceeds a pre-configurable threshold.
12. Method according to any of claims 5 to 11 , wherein the selection of said specific caller interaction procedure (5) is based on the results of the first analysis.
13. Method according to any of claims 1 to 12, wherein the selection of said specific caller interaction procedure (5) is based on the identity of the caller (1) and/or the callee (2).
14. Method according to any of claims 1 to 13, wherein the selection of said specific caller interaction procedure (5) is based on preferences specified on the part of the callee (2).
15. Method according to any of claims 1 to 14, wherein the selection of said specific caller interaction procedure (5) is based on the point in time the call is coming in.
16. Method according to any of claims 1 to 15, wherein the selection of said specific caller interaction procedure (5) is based on local and/or domain specific policies.
17. Method according to any of claims 1 to 16, wherein the selection of said specific caller interaction procedure (5) is based on system load considerations.
18. Method according to any of claims 1 to 17, wherein more than one specific caller interaction procedure (5) is selected and applied to the call.
19. Method according to any of claims 1 to 18, wherein a dynamic routing of the call is performed based on the result of the caller interaction procedure selection.
20. System for preventing unsolicited calls in a communication network, in particular for carrying out a method according to any of claims 1 to 19, the system comprising an analysing engine for performing a caller interaction procedure, and a processing means for performing the handling of the call - forwarding of the call to the callee (2) or blocking the call - depending on the result of said caller interaction analysis, c h a r a c t e r i z e d i n that the system comprises a provision means for providing a multitude of different caller interaction procedures (5) for said analysis, and that the system further comprises a selection means (6) for performing a selection of a specific caller interaction procedure (5) to be applied to the call from said multitude of caller interaction procedures(5).
21. System according to claim 20, wherein the selection means (6) is configured in such a way as to perform a dynamic and real-time selection of a specific caller interaction procedure (5).
22. System according to claim 20 or 21 , wherein the selection means (6) is configured in such a way as to perform the selection of a specific caller interaction procedure (5) from said multitude of caller interaction procedures (5) in an at least partially randomized manner.
23. System according to any of claims 20 to 22, comprising a further analyser for performing a first analysis of an incoming call according to pre-configurable rules, in order to determine whether the call is to be considered in a way suspicious.
24. System according to claim 23, wherein the selection means (6) is configured in such a way as to choose caller interaction procedures (5) in increasing levels of difficulty depending on the result of the first analysis.
25. System according to any of claims 20 to 24, wherein the selection means (6) is configured in such a way as to choose more sophisticated caller interaction procedures (5) during time periods in which the callee (2) is not supposed to receive suspicious calls.
26. System according to any of claims 20 to 25, wherein the selection means (6) is configured in such a way as to act based on preferences specified by the callee (2).
27. System according to any of claims 20 to 26, wherein a signaling entity (4) is provided to dynamically forward the call to the caller interaction procedure (5) selected by the selection means (6).
PCT/EP2007/006967 2007-08-07 2007-08-07 Method and system for preventing unsolicited calls in a communication network WO2009018840A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2007/006967 WO2009018840A1 (en) 2007-08-07 2007-08-07 Method and system for preventing unsolicited calls in a communication network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2007/006967 WO2009018840A1 (en) 2007-08-07 2007-08-07 Method and system for preventing unsolicited calls in a communication network

Publications (1)

Publication Number Publication Date
WO2009018840A1 true WO2009018840A1 (en) 2009-02-12

Family

ID=39371007

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2007/006967 WO2009018840A1 (en) 2007-08-07 2007-08-07 Method and system for preventing unsolicited calls in a communication network

Country Status (1)

Country Link
WO (1) WO2009018840A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100162379A1 (en) * 2008-12-23 2010-06-24 Interdigital Patent Holdings, Inc. Unsolicited communication mitigation
WO2016168217A1 (en) * 2015-04-17 2016-10-20 Microsoft Technology Licensing, Llc Managing communication events
WO2018046944A1 (en) * 2016-09-09 2018-03-15 Truecall Group Limited Call filter

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102005029287A1 (en) * 2005-06-22 2006-12-28 Nec Europe Ltd. Unwanted telephone call switching preventing method for use in e.g. switching based telephone network, involves performing test for detection of telephone mannerism of calling telephone subscriber before switching of telephone call
EP1742452A1 (en) * 2005-07-05 2007-01-10 Markport Limited Spam protection system for voice calls

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102005029287A1 (en) * 2005-06-22 2006-12-28 Nec Europe Ltd. Unwanted telephone call switching preventing method for use in e.g. switching based telephone network, involves performing test for detection of telephone mannerism of calling telephone subscriber before switching of telephone call
EP1742452A1 (en) * 2005-07-05 2007-01-10 Markport Limited Spam protection system for voice calls

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100162379A1 (en) * 2008-12-23 2010-06-24 Interdigital Patent Holdings, Inc. Unsolicited communication mitigation
WO2016168217A1 (en) * 2015-04-17 2016-10-20 Microsoft Technology Licensing, Llc Managing communication events
US9716796B2 (en) 2015-04-17 2017-07-25 Microsoft Technology Licensing, Llc Managing communication events
WO2018046944A1 (en) * 2016-09-09 2018-03-15 Truecall Group Limited Call filter

Similar Documents

Publication Publication Date Title
KR100874322B1 (en) Communication service protection method, communication system and communication resource protection device
US7912192B2 (en) Arrangement for managing voice over IP (VoIP) telephone calls, especially unsolicited or unwanted calls
KR101287737B1 (en) Method and system to prevent spam over internet telephony
Gritzalis et al. The Sphinx enigma in critical VoIP infrastructures: Human or botnet?
US8464329B2 (en) System and method for providing security for SIP-based communications
Schlegel et al. Ise03-2: Spam over internet telephony (spit) prevention framework
EP1742452A1 (en) Spam protection system for voice calls
US20070071200A1 (en) Communication protection system
WO2006000466A1 (en) Detection and mitigation of unwanted bulk calls (spam) in voip networks
Quittek et al. On spam over internet telephony (SPIT) prevention
Hansen et al. Developing a legally compliant reachability management system as a countermeasure against spit
US7577239B1 (en) Tracking and controlling the impact of unwanted messages
Gritzalis et al. A sip-oriented spit management framework
KR101443472B1 (en) Method for detecting the hijacking of computer resources
Mathieu et al. SDRS: a voice-over-IP spam detection and reaction system
WO2009018840A1 (en) Method and system for preventing unsolicited calls in a communication network
Dritsas et al. Spit identification criteria implementation: Effectiveness and lessons learned
WO2007095726A1 (en) System and method for providing security for sip-based communications
d'Heureuse et al. Protecting sip-based networks and services from unwanted communications
d'Heureuse et al. A policy framework for personalized and role-based spit prevention
JP4800272B2 (en) Number scanning detection device and number scanning detection program
Marias et al. SIP Vulnerabilities for SPIT, SPIT Identification Criteria, Anti-SPIT Mechanisms Evaluation Framework and Legal Issues
Rebahi et al. A conceptual architecture for SPIT mitigation
Khan et al. A review of methods for preventing spam in IP telephony
Waiting et al. The threat of unsolicited sessions in the 3gpp ip multimedia subsystem

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07801534

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07801534

Country of ref document: EP

Kind code of ref document: A1