WO2022208425A1 - Système et procédé de détection et de blocage de clonage en temps réel de dispositifs mobiles clonés et volés dans un réseau mobile d'un pays - Google Patents

Système et procédé de détection et de blocage de clonage en temps réel de dispositifs mobiles clonés et volés dans un réseau mobile d'un pays Download PDF

Info

Publication number
WO2022208425A1
WO2022208425A1 PCT/IB2022/053005 IB2022053005W WO2022208425A1 WO 2022208425 A1 WO2022208425 A1 WO 2022208425A1 IB 2022053005 W IB2022053005 W IB 2022053005W WO 2022208425 A1 WO2022208425 A1 WO 2022208425A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile device
tsp
imei
ceir
imsi
Prior art date
Application number
PCT/IB2022/053005
Other languages
English (en)
Inventor
Biren KARMAKAR
Sushma BANODHIYA
Kiran KAPOOR
Amit Chauhan
Original Assignee
Centre For Development Of Telematics
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Centre For Development Of Telematics filed Critical Centre For Development Of Telematics
Publication of WO2022208425A1 publication Critical patent/WO2022208425A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning

Definitions

  • the present disclosure relates generally to the field of mobile communication.
  • the present disclosure relates to a system and method for detection and blocking of cloned and stolen mobile devices throughout the networkof multiple telecom service providers in real-time.
  • Each TSP has its Equipment Identity Register (EIR) to register the International Mobile Equipment Identity (IMEI) number of mobile devices used to identify the IMEI status whether the mobile services are allowed for that IMEI or not.
  • EIR Equipment Identity Register
  • IMEI International Mobile Equipment Identity
  • the telecom service provider marks the IMEI status as blacklisted in its EIR and blocks the IMEI of that mobile device in its network to make the mobile device useless so that the thief cannot misuse the mobile device. This blocking through blacklisting can be used in the case of the cloned device also.
  • EIR Equipment Identity Register
  • IMEI International Mobile Equipment Identity
  • TSP local EIR validates the IMEI of the mobile device.
  • EIR maintains blacklist, greylist, and whitelist.
  • the blacklisted mobile device is a device that has been reported stolen for example and has no permission to access a network (barred).
  • the grey list contains IMEI of mobile devices under monitoring and logging is enabled for those mobile devices.
  • the whitelist contains all the mobile devices that are permitted access to a network and services.
  • the EIR doesn’t allow black-listed mobile devices and allows the rest of the mobile devices to register in the network.
  • FIG. 1 illustrates the IMEI status query message flow between TSP and EIR.
  • EIR Mobile Switching Centre/Visitor Location Register
  • MSC/VLR Mobile Switching Centre/Visitor Location Register
  • SGSN Serving GPRS Support Node
  • FIG. 2 illustrates a flow diagram of the existing method employed by EIR for detecting blacklisted mobile devices in the TSP.
  • the EIR can detect and restrict black-listed mobile devices in the same network, and allows the rest of the mobile devices to register in the network.However, the blocked mobile device can be easily used with the SIM card of another telecom service provider. In that case, the mobile device is latched to another network where the mobile device is not blocked, and the mobile device is given authorized access to the network.
  • As existing EIR handles with the IMEI numbers in the EIR database of that particular network to which the subscriber’s mobile device belongs. Therefore, it is not possible to detect the cloned IMEI among other TSPs.
  • the same issue for blacklisting also, as the cloned mobile device could be blacklisted only in the same network, butcannotbe blacklisted in the network of other TSPs.
  • CEIR Central Equipment Identity Register
  • IMEIs IMEIs of all mobile devices in use in the country.
  • CEIR organizes the IMEIs into black, white, or grey list depending upon whether IMEIs have been found to belong as stolen/counterfeited or legitimate devices.
  • CEIR generates a common blacklist and shares that blacklist with all the Telecom Service Providers to block mobile device usage across all telecom networks.
  • CEIR collects the IMEI data from Telecom Service provider offline. When CEIR finds multiple mobile numbers using the same IMEI, it marks that IMEI as cloned and adds all such devices to the blacklist. CEIR generates and shares that blacklist to the Telecom Service provider periodically, after which the Telecom Service provider blocks the usage of the mobile device.
  • the present disclosure relates generally to the field of mobile communication.
  • the present disclosure relates to a system and method for detection and blocking of cloned and stolen mobile devices throughout the network of multiple telecom service providers in real-time.
  • An aspect of the present disclosure pertains to a system and method that may involveone or more telecom service providers (TSP), each comprising a first computing unit operatively coupled a local equipment identity register (EIR) comprising a first database.
  • TSP telecom service providers
  • EIR local equipment identity register
  • the local EIR of a TSP may be configured to store the first set of data packets comprising International Mobile Station Equipment Identity (IMEI), and International Mobile Subscriber Identity (IMSI) of a plurality of mobile devices and corresponding Subscriber Identification Module (SIM), being whitelisted, greylisted, and blacklisted by the corresponding TSP.
  • IMEI International Mobile Station Equipment Identity
  • IMSI International Mobile Subscriber Identity
  • SIM Subscriber Identification Module
  • the first computing unit of each TSP may be configured to retrievean IMEI- IMSI pair of a mobile device(s) upon communicative coupling or connection of the mobile device with the network of the corresponding TSP, and check the availability of the retrieved IMEI-IMSI pair in the first database of the local EIR, and correspondingly generate a set of status signals if the retrieved IMEI-IMSI pair is not available in the local EIR of the corresponding TSP.
  • the system and method may further involve a central equipment identity register (CEIR) comprising a second processing unit operatively coupled to a second database.
  • CEIR central equipment identity register
  • the CEIR may be in communication with the first processing unit of all the TSPs, and configured tostore the first set of data packets received from each of the TSPs in the second database.
  • the CEIR may be further configured to receive the set of status signals, from the first computing unit, pertaining to a look up request for the IMEI-IMSI pair of the mobile device in the second database, and transmit a set of response signals to the corresponding TSP in response to the matching of the IMEI-IMSI pair of the mobile device with the pre-stored IMEI and IMSI associated with the plurality of mobile devices and corresponding SIM being whitelisted, greylisted, and blacklisted by each of the one or more TSP.
  • all the TSPs, and the CEIR may identify and mark the mobile device as any of a genuine mobile device, a cloned mobile device, and a stolen mobile device, based on the set of response signals.
  • all the TSPs and the CEIR may identify, mark and block the mobile device as a stolen mobile device and may add it in the blacklist.
  • all the TSPs and the CEIR may identify and mark the mobile device as the cloned mobile device and may addit in the blacklist.
  • the system and method may detect and block cloned and stolen mobile devices throughout the network of TSPs in real-time, and may also enable tracking miscreants or frauds using the stolen or cloned mobile devices and/or track miscreants by tracking their genuine mobile devices.
  • all the TSPs and the CEIR may identify and mark the mobile device as a genuine mobile device and may add it in the white list, if the retrieved IMEI- IMS I pair of the mobile device is available in the local EIR of the corresponding TSP, or if the retrieved IMEI-IMSI pair of the mobile device matches with the IMEI-IMSI pair of the whitelisted mobile devices, being stored in the CEIR.
  • the TSPs may be configured to block the mobile device from accessing a network of the TSPs, and in case of offline handling system can generate an alert signal when the mobile device is identified as any or a combination of the cloned mobile device, and the stolen mobile device, thereby enabling tracking of miscreants or frauds using the cloned mobile devices. Further, the system and method may also enable tracking of miscreants through their mobile devices.
  • the CEIR maybe configured to transmit a second set of data Packets comprising a list of the latest blacklisted mobile devices and corresponding IMEI, to each of the TSPs. Further, each of the TSP is configured to transmit an acknowledgment signal, to the CEIR, upon updating the corresponding local EIR with the second set of data Packets.
  • This may allow secure exchange of the list IMEI and IMSI of blacklisted, whitelisted, and greylisted mobile devices, between a CEIR and multiple telecom service providers in the network in real-time, to keep them updated about the current list for enabling efficient and quick detection and blocking of cloned and stolen mobile devices throughout the network.
  • FIG. 1 illustrates the IMEI status message flow between TSP and EIR.
  • FIG. 2 illustrates a flow diagram of the existing method employed by EIR for detecting blacklisted mobile devices in the TSP.
  • FIG. 3A illustrates an exemplarynetwork architecture of the proposed system for detection and blocking of cloned and stolen mobile devices throughout the network in real-time, in accordance with an embodiment of the present disclosure.
  • FIG. 3B illustrates an exemplary interface between TSP and CEIR of the proposed system, in accordance with an embodiment of the present disclosure.
  • FIG. 3C illustrates an exemplary IMEI status message flow between TSP and CEIR of the proposed system, in accordance with an embodiment of the present disclosure
  • FIG. 4 illustrates an exemplary flow diagram of the proposed method for detection and blocking of cloned and stolen mobile devices throughout the network in real time, in accordance with an embodiment of the present disclosure.
  • FIG. 5 illustrates an exemplary TSP-EIR flow diagram of the proposed method, in accordance with an embodiment of the present disclosure.
  • FIG. 6 illustrates an exemplary CEIR flow diagram of the proposed method, in accordance with an embodiment of the present disclosure.
  • FIG. 7 illustrates an exemplary blacklist broadcast message flow between TSP and CEIR in the proposed method, in accordance with an embodiment of the present disclosure.
  • FIG. 8 illustrates an exemplary computer system in which or with which the first computing unit and second computing of the TSP and CEIR, respectively of the present invention can be utilized in accordance with embodiments of the present disclosure.
  • Embodiments of the present invention include various steps, which will be described below.
  • the steps may be performed by hardware components or may be embodied in machine-executable instructions, which may be used to cause a general-purpose or special- purpose processor programmed with the instructions to perform the steps.
  • steps may be performed by a combination of hardware, software, and firmware and/or by human operators.
  • the present disclosure relates generally to a system and method for detection and blocking of cloned and stolen mobile devices in a network in real-time.
  • the present disclosure elaborates upon a system that can include one or more telecom service providers (TSP), each comprising a first computing unit operatively coupled to a local equipment identity register (EIR) including a first database.
  • TSP telecom service providers
  • Each of the one or more TSP can be configured tostore, in the first database, a first set of data packets comprising International Mobile Station Equipment Identity (IMEI), and International Mobile Subscriber Identity (IMSI) of a plurality of mobile devices and corresponding Subscriber Identification Module (SIM), being whitelisted, greylisted, and blacklisted by the corresponding TSP; retrieve, by the first computing unit, an IMEI-IMSI pair of a mobile device upon communicative coupling of the mobile device with the corresponding TSP; and check, by the first computing unit, availability of the retrieved IMEI- IMSI pair in the first database of the local EIR, and correspondingly generates a set of status signals if the retrieved IMEI-IMSI pair is not available in the local EIR of the corresponding T
  • the system can further include a central equipment identity register (CEIR) including a second processing unit operatively coupled to a second database.
  • CEIR can be in communication with the first processing unit of all the one or more TSP, and configured tostore the first set of data packets received from each of the one or more TSP in the second database; receive the set of status signals from the first computing unit, wherein the first set of signals pertains to a look up request for the IMEI-IMSI pair of the mobile device in the second database; and transmit a set of response signals to the corresponding TSP in response to the matching of the IMEI-IMSI pair of the mobile device with the pre-stored IMEI and IMSI associated with the plurality of mobile devices and corresponding SIM being whitelisted, greylisted, and blacklisted by each of the one or more TSP.
  • one or more TSP, and the CEIR can identify and mark the mobile device as any of a genuine mobile device, a cloned mobile device, and a stolen mobile device, based on the set of
  • the one or more TSP and the CEIR can identify and mark the mobile device as the stolen mobile device if the retrieved IMEI the mobile device matches with the IMEI of the blacklisted mobile devices, being stored in the CEIR.
  • the one or more TSP and the CEIR can identify and mark the mobile device as the cloned mobile device if the retrieved IMEI of the mobile device does not match with the IMEI of the blacklisted mobile devices being stored in the CEIR, but is found to be associated with the IMSI of another mobile device, being stored in the CEIR.
  • the one or more TSP and the CEIR can identify and mark the mobile device as the genuine mobile device if the retrieved IMEI-IMSI pair of the mobile device is available in the local EIR of the corresponding TSP, or if the retrieved IMEI-IMSI pair of the mobile device matches with the IMEI-IMSI pair of the whitelisted mobile devices, being stored in the CEIR.
  • the one or more TSP and the CEIR can be configured to block the mobile device from accessing a network of the one or more TSP, and in case of offline handling system can generate an alert signal when the mobile device is identified as any or a combination of the cloned mobile device, and the stolen mobile device.
  • the CEIR is configured to transmit a second set of data Packets comprising a list of the latest blacklisted mobile devices and corresponding IMEI, to each of the one or more TSP, and wherein each of the one or more TSP is configured to transmit an acknowledgment signal, to the CEIR, upon updating the corresponding local EIR with the second set of data Packets.
  • the present disclosure elaborates upon a method that can include a step of storing, in a first database associated with a local equipment identity register (EIR) of one or more telecom service provider (TSP), a first set of data packets comprising International Mobile Station Equipment Identity (IMEI), and International Mobile Subscriber Identity (IMSI) of a plurality of mobile devices and corresponding Subscriber Identification Module (SIM), being whitelisted, greylisted, and blacklisted by the corresponding TSP.
  • EIR local equipment identity register
  • IMEI International Mobile Station Equipment Identity
  • IMSI International Mobile Subscriber Identity
  • SIM Subscriber Identification Module
  • the method can include steps of retrieving, by a first computing unit associated with the local EIR of the one or more TSP, an IMEI-IMSI pair of a mobile device upon communicative coupling of the mobile device with the corresponding TSP, and checking, by the first computing unit, availability of the retrieved IMEI-IMSI pair in the first database of the local EIR, and correspondingly generating a set of status signals if the retrieved IMEI-IMSI pair is not available in the local EIR of the corresponding TSP.
  • the method can include steps of storing, in a second database associated with a central equipment identity register (CEIR) that is in communication with each of the one or more TSP, the first set of data packets received from each of the one or more TSP; receiving, by a second computing unit associated with the CEIR, the set of status signals from the first computing unit of the one or more TSP, wherein the first set of signals pertains to a look up request for the IMEI-IMSI pair of the mobile device in the second database; and transmitting, by the second computing unit, a set of response signals to the corresponding TSP in response to the matching of the IMEI-IMSI pair of the mobile device with the pre-stored IMEI and IMSI associated with the plurality of mobile devices and corresponding SIM being whitelisted, greylisted, and blacklisted by each of the one or more TSP.
  • the one or more TSP, and the CEIR can identify and mark the mobile device as any of a genuine mobile device, a cloned mobile device, and a
  • the method can include the step of identifying, marking, and blocking, by one or more TSP and the CEIR, the mobile device as the stolen mobile device if the retrieved IMEI the mobile device matches with the IMEI of the blacklisted mobile devices, being stored in the CEIR.
  • the method can include the step of identifying, marking, and blocking, by the one or more TSP and the CEIR, the mobile device as the cloned mobile device if the retrieved IMEI of the mobile device does not match with the IMEI of the blacklisted mobile devices being stored in the CEIR, but is associated with the IMSI of another mobile device, being stored in the CEIR.
  • the method can include the step of identifying, marking, and blocking, by the one or more TSP and the CEIR, the mobile device as the genuine mobile device if the retrieved IMEI-IMSI pair of the mobile device is available in the local EIR of the corresponding TSP, or if the retrieved IMEI-IMSI pair of the mobile device matches with the IMEI-IMSI pair of the whitelisted mobile devices being stored in the CEIR.
  • the proposed system 300 can include one or more telecom service providers 302-A to 302-N (collectively referred to as TSP 302, herein), which are configured to provide telecom services to multiple mobile devices of users.
  • TSP 302 can include a first computing unit 302A-1 to 302N-1 (collectively referred to as first computing unit 302-1, herein) operatively coupled a local equipment identity register (EIR) comprising a first database302A-2 to 302N-2 (collectively referred to as first database 302-2 or local EIR 302-2, herein).
  • EIR local equipment identity register
  • Each TSP 302 can be configured to store, in the first database302-2 or local EIR, a first set of data packets comprising an International Mobile Station Equipment Identity (IMEI), and an International Mobile Subscriber Identity (IMSI) of a plurality of mobile devices and corresponding Subscriber Identification Module (SIM), being whitelisted, greylisted, and blacklisted by the corresponding TSP (302-A to 302-N).
  • IMEI International Mobile Station Equipment Identity
  • System 300 can further include a central equipment identity register (CEIR) 304in communication with the TSP 302, through a network308.
  • the CEIR 304 can include a second processing unit 304-1 operatively coupled to a second database 304-2, and is in communication with the first processing unit 302-1 of all the TSP 302.
  • the CEIR 304 can be configured to receive the first set of data packets comprising IMEI and IMSI of the plurality of mobile devices 306 and corresponding SIM, being whitelisted, greylisted, and blackli ted by the corresponding TSP, from all the TSPs (302-A to 302-N), and store all the received first set of data packets in the second database 302-2 in real-time.
  • system 300 can further include the plurality of mobile devices 306-1 to 306-N (collectively referred to as mobile device306, herein) associated with at least one of the TSP 302.
  • the mobile devices 306 can be in communication with their corresponding TSP (302-A to 302-N), through network308.
  • a mobile device suspose mobile device 306-2, but not limited to the like
  • the mobile device 306-2 attempts to communicatively couple with the network of its TSP i.e. attempts a registration procedure with the network of its TSP 302, wherein the TSP 302 validates the mobile device 302-2 and accordingly restricts or allows the mobile device 306-2 to access the services of the corresponding TSP.
  • the first computing unit 302-1 of each TSP 302 can be configured to retrieve an IMEI-IMSI pair of the mobile device(s) 306 upon communicative coupling or connection of the mobile device (say mobile device 306-2, but not limited to the like) with the network 308 of the corresponding TSP 302, and check the availability of the retrieved IMEI-IMSI pair in the first database 302-2 of the local EIR, and correspondingly generate a set of status signals if the retrieved IMEI-IMSI pair is not found in the local EIR 302-2 of the corresponding TSP 302.
  • the CEIR 304 can be configured to receive the set of status signals, from the first computing unit, 302-lpertaining to a look up request for the IMEI-IMSI pair of the mobile device 306-2 in the second database 304-2, and transmit a set of response signals to the corresponding TSP 302 in response to the matching of the IMEI-IMSI pair of the mobile device 306-2 with the pre-stored IMEI and IMSI associated with the plurality of mobile devices and corresponding SIM being whitelisted, greylisted, and blacklisted by each of the one or more TSP 302-A to 302-N.
  • all the TSPs 302, and the CEIR 304 can identify and mark the mobile device 3061 to 306-N as any of a genuine mobile device, a cloned mobile device, and a stolen mobile device, based on the set of response signals.
  • the proposed system300 can detect and block cloned and stolen mobile devices throughout the network of TSPs 3-2 real-time, and can also enable tracking miscreants or frauds using the stolen or cloned mobile devices306-2.
  • all the TSPs and the CEIR canidentify and mark the mobile device 306-2 as a genuine mobile device and can add it in the white list, if the retrieved IMEI-IMSI pair of the mobile device is available in the local EIR 302-2 of the corresponding TSP, or if the retrieved IMEI-IMSI pair of the mobile device 306-2 matches with the IMEI- IMSI pair of the whitelisted mobile devices, being stored in the CEIR 304.
  • the TSPs 302 can be configured to block the mobile device 306-2 from accessing a network of the TSPs, and in case of offline handling system can generate an alert signal, when the mobile device 306-2 is identified as any or a combination of the cloned mobile device, and the stolen mobile device, thereby enabling tracking of miscreants or frauds using the stolen or cloned mobile devices, and also enablingtracking of miscreants through their genuine mobile devices.
  • TSPs 302 can use an HTTPS-based query interface for getting the IMEI status from CEIR 304.
  • the local EIR 302-2 can send LUStatusReq message over HTTPS interface to CEIR 304 if it does not find the IMEI-IMSI in its database 302-2, wherein the LUStatusReq message parameters are IMEI and IMSI.
  • the CEIR 304 can send a LUStatusResp message as a response to TSP/EIR 302.
  • CEIR 304 can send the IMEI status as BLACK/WHITE for the requested IMEI-IMSI.
  • the CEIR 304 can be configured to transmit a second set of data Packets comprising a list of the latest blacklisted mobile devices and corresponding IMEI, to each of the TSPs 302. Further, each of the TSP 302 can be configured to transmit an acknowledgment signal, to the CEIR 304, upon updating the corresponding local EIR 302-2 with the second set of data Packets.
  • This can allow secure exchange of the list IMEI and IMSI of blacklisted, whitelisted, and greylisted mobile devices, between a CEIR 304 and multiple TSPs 302 in the network in real-time, to keep them updated about the current list for enabling efficient and quick detection and blocking of cloned and stolen mobile devices throughout the network.
  • the CEIR 304 can send CeirBroadcast message to TSP 302 whenever there is any change in the Blacklist.
  • CEIR 304 can send the latest blacklisted IMEI to all TSPs 302.
  • TSP 302 can send a CeirBroadcastResp message as a response to CEIR 304.
  • TSP 302 can send details of the successful addition/deletion of the blacklist.
  • the CEIR 304 is unable to send a broadcast to TSP 302 due to link down then after link recovery, it can send the link down data in CeirBroadcast message to that TSP 302.
  • the proposed system 300 is implemented using any or a combination of hardware components and software components such as first computing unit 302-1, first database 302-2, second computing unit 304-1, the second database 304-2, computers, and the like.
  • CEIR 304, TSP 302, and mobile devices 406 can operate and communicate, through an application or software that resides in first computing unit 302-1, second computing unit 304-1, and mobile devices.
  • system 300 is accessed by an application that is configured with any operating system, comprising but not limited to, AndroidTM, iOSTM, Windows, and the like. It will be understood that the system is implemented as any suitable computing system known in the art, such as a desktop, a laptop, a server, web server, and the like.
  • network 308 is a wireless network, a wired network, or a combination thereof that is implemented as one of the different types of networks, such as Mobile GSM network, Intranet, Local Area Network (LAN), Wide Area Network (WAN), Internet, and the like as the case may be.
  • network 308 is either a dedicated network or a shared network.
  • the shared network represents an association of the different types of networks that uses a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Intemet Protocol (TCP/IP), Wireless Application Protocol (WAP), and the like.
  • HTTP Hypertext Transfer Protocol
  • TCP/IP Transmission Control Protocol/Intemet Protocol
  • WAP Wireless Application Protocol
  • the proposed method 200 for detection and blocking of cloned and stolen mobile devices in a networkcan involve the one or more TSP 302 having the local EIR (first database 302-2) and first computing unit 302-1, the CEIR 304 having the second database 304-1 and second computing unit 304-2, and the mobile devices 306, of the system 300.
  • the TSP 302 can be configured to store, in the first database, the first set of data packets comprising IMEI and IMSI of the plurality of mobile devices and corresponding SIM, being whitelisted, greylisted, and blacklisted by the corresponding TSP .
  • CEIR 304 can be configured to receive the first set of data packets comprising IMEI and IMSI of the plurality of mobile devices and corresponding SIM, being whitelisted, greylisted, and blacklisted by the corresponding TSP, from all the TSPs (302-A to 302-N), and store the received first set of data packets in the second database 304-2 in real-time.
  • the proposed method 400 can include step 402 of storing, in the first database 302-2 associated with the local EIR of TSP 302, a first set of data packets comprising IMEI and IMSI of a plurality of mobile devices and corresponding SIM, being whitelisted, greylisted, and blacklisted by the corresponding TSP.
  • Method 400 can further include step 404 of retrieving, by the first computing unit 302-2 associated with the local EIR of the TSP 302, an IMEI-IMSI pair of a mobile device upon communicative coupling of the mobile device with the corresponding TSP 302.
  • Method 400 can further include step 406 of checking, by the first computing unit 302-1, availability of the retrieved IMEI-IMSI pair in the first database 302-2 of the local EIR 302, and correspondingly generating a set of status signals if the retrieved IMEI-IMSI pair is not available in the local EIR of the corresponding TSP 302.
  • method 400 can further include step 408 of storing, in the second database 304-2 associated with the CEIR 304 that is in communication with each of the TSPs (302-A to 302-N), the first set of data packets generated by all the TSPs (302-A to 302-N) at step 402.
  • method 400 can include step 410 of receiving, by the second computing unit 304-1 associated with the CEIR 304, the set of status signals generated by the TSP 302 at step 404.
  • the first set of signals pertains to a look up request for the IMEI-IMSI pair of the mobile device in the second database 302-2.
  • Method 304 can further include step 412 of transmitting, by the second computing unit 304-2, a set of response signals to the corresponding TSP 302 in response to the matching of the IMEI-IMSI pair of the mobile device with the pre-stored IMEI and IMSI associated with the plurality of mobile devices and corresponding SIM being whitelisted, greylisted, and blacklisted by each of the TSP.
  • all the TSPs 302, and the CEIR 304 can identify and mark the mobile device as any of a genuine mobile device, a cloned mobile device, and a stolen mobile device, based on the set of response signals.
  • method 400 can include the step of identifying, marking, and blocking, by TSP 302 and the CEIR 304, the mobile device as the stolen mobile device if the retrieved IMEI the mobile device matches with the IMEI of the blacklisted mobile devices, being stored in the CEIR 304.
  • method 400 can include the step of identifying, marking, and blocking, by the TSP 302 and the CEIR 304, the mobile device as the cloned mobile device if the retrieved IMEI of the mobile device does not match with the IMEI of the blacklisted mobile devices being stored in the CEIR 304, but is found to be associated with the IMSI of another mobile device, being stored in the CEIR 304.
  • the method 400 can include the step of identifying, marking, and blocking, by the TSP 302 and the CEIR 304, the mobile device as the genuine mobile device if the retrieved IMEI-IMSI pair of the mobile device is available in the local EIR 302-2 of the corresponding TSP 304, or if the retrieved IMEI-IMSI pair of the mobile device matches with the IMEI-IMSI pair of the whitelisted mobile devices being stored in the CEIR 304.
  • Method 500 can include step 502 of receiving an Enhanced check IMEI/ME Identity Check request pertaining to identification and validation of a mobile device when the mobile device connects or registers with the network associated with his/her TSP 302.
  • Method 500 can further include step 504 of checking if the IMEI-IMSI pair of the mobile device is existing in a whitelist that is already stored in the EIR 302-2 of the corresponding TSP 302.
  • the method can include step 506 of sending the IMEI status of the mobile device as white and allowing the network service of the corresponding TSP 302 to the mobile device.
  • Method 500 can further include step 508 of checking if the IMEI-IMSI pair of the mobile device is existing in a greylist that is already stored in the EIR 302-2 of the corresponding TSP 302, when the IMEI-IMSI pair of the mobile device is not found in the whitelist of the EIR 302-2 of the TSP 302 at step 504. Further, if the IMEI-IMSI pair of the mobile device is found to in the greylist of the EIR 302-2 of the TSP 302, method 500 can include a step 510 of sending the IMEI status as grey and allowing the network service of the corresponding TSP 302 to the mobile device.
  • method 500 can include step 512 of checking if the IMEI of the mobile device is existing in a blacklist that is already stored in the EIR 302-2 of the corresponding TSP 302 when the IMEI-IMSI pair of the mobile device is not found in the greylist of the EIR 302-2 of the TSP 302 at step 508. If the IMEI of the mobile device is found to be available in the blacklist of the EIR 302-2 of the TSP 302, the method can include step 514 of sending the IMEI status as black and restricting or blocking the network service of the corresponding TSP 302 to the mobile device.
  • Method 500 can further include step 516 of forwarding an Enhanced check IMEI/ME Identity Check request pertaining to identification and validation of a mobile device to the CEIR 304 when the IMEI of the mobile device is not found in the blacklist of the EIR 302-2 of the TSP 302 at step 512. Further, the method can include step 518 of waiting, by the TSP, for a response from the CEIR till a threshold.
  • Method 500 can further include step 520 of checking if a response is received from the CEIR or not. If no response is received from the CEIR 304 at step 520, method 500 can include step 522 of sending the IMEI status of the mobile device as white and allowing the network service of the corresponding TSP 302 to the mobile device, followed by not storing the corresponding IMEI-IMSI pair in the EIR 302-2 of the TSP 302.
  • method 500 can include step 524 of checking if a whitelist response is received from the CEIR or not, when a response is received from the CEIR 304 at step 520. If a whitelist response is received from the CEIR 304 at step 524, method 500 can include step 526 of sending the IMEI status of the mobile device as white and allowing the network service of the corresponding TSP 302 to the mobile device, followed by storing the corresponding IMEI-IMSI pair in the EIR 302-2 of the TSP 302 as whitelisted.
  • method 500 can further include step 528 of checking if a blacklist response is received from the CEIR or not, when a whitelist response is not received from the CEIR at step 524. If a blacklist response is received from the CEIR 304 at step 528, method 500 can include step 530 of sending the IMEI status of the mobile device as black and blocking the network service of the corresponding TSP 302 to the mobile device, followed by storing the corresponding IMEI in the EIR 302-2 of the TSP 302 as blacklisted.
  • Method 600 can include step 602 of receiving by the CEIR an Enhanced check 1ME1/ME Identity Check request pertaining to identification and validation of a mobile device from the TSP 302 when the IMEI-IMSI pair is not found in the EIR 302-2 of the TSP 302.
  • Method 600 can further include step 604 of checking if the IMEI of the mobile device is blacklisted in the CEIR 304. If the IMEI of the mobile device is found to be blackli ted by the CEIR 304, method 600 can include step 606 of sending the IMEI status of the mobile device as blackin response to the EIR of the TSP 302.
  • Method 600 can further include step 608 of checking if the IMEI of the mobile device exists in the CEIR 304 when the IMEI of the mobile device is found to be blacklisted by the CEIR 304 at step 604. Further, if the IMEI of the mobile device is found to be available in the CEIR 304, method 600 can include step 610 of checking if the IMEI of the mobile device existswith other IMSI in the CEIR 304, else, method 600 can include step 618 of considering the IMEI-IMSI pair of the mobile device as a new pair if the IMEI of the mobile device is found to exist in the CEIR 304 at step 608.
  • the method can include step 612 of checking if the IMEI-IMSI pair of the mobile device is registered with the CEIR 304 when the IMEI of the mobile device is found to exist with other IMSI in the CEIR 304 at step 610. Further, if the IMEI-IMSI pair of the mobile device is found to be registered with the CEIR 304 at step 612, or if the IMEI of the mobile device is not found to be existing with other IMSI at step 610, method 600 can include step 614 of marking the mobile device as genuine device, followed by sending IMEI status of the mobile device as whitelisted to the EIR 302-2 of the TSP 302.
  • method 600 can include step 616 of marking the mobile device as cloned or duplicate, followed by sending the IMEI status of the mobile device as blacklisted to the EIR 302-2 of the TSP 302.
  • the method can include step 620 of checking if the IMEI of the mobile device is existing in the device registry in the CEIR 304 when the IMEI of the mobile device is not found to exist in the CEIR 304 at step 608. Further, if the IMEI of the mobile device is found to be existing in the device registry in the CEIR 304at step 620, method 600 can include step 622 of marking the IMEI of the mobile device as whitelisted, followed by sending the IMEI status of the mobile device as whitelisted to the EIR 302-2 of the TSP 302.
  • method 600 can include step 624 of marking the IMEI of the mobile device as blacklisted, followed by sending IMEI status of the mobile device as blacklisted to the EIR 302-2 of the TSP 302
  • a computer system 800 in which or with which the first computing unit 302-1 and second computing 304-1 of the TSP 302- A to 302-N, and CEIR304, respectively of the proposed system 300 and method 400 can be utilizedor implemented is disclosed.
  • the computer system 800 includes an external storage device 810, a bus 820, a main memory 830, a read only memory 840, a mass storage device 860, a communication port 860, and a processor(s) 870.
  • the processor870 is implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, logic circuitries, and/or any devices that manipulate data based on operational instructions.
  • processor(s) 870 are configured to fetch and execute computer-readable instructions stored in a memory of the sink device.
  • the memory 840 stores one or more computer-readable instmctions or routines, which are fetched and executed to create or share the data units over a network service.
  • Memory 830, 840 comprises any non-transitory storage device comprising, for example, volatile memory such as RAM, or non-volatile memory such as EPROM, flash memory, and the like.
  • the computer system 800 also comprises an interface(s).
  • the interface(s) comprises a variety of interfaces, for example, interfaces for data input and output devices referred to as 110 devices, storage devices, and the like.
  • the interface(s) facilitates communication of thefirst computing unit 302-1 and second computing 304-1 of the TSP 302-A to 302 -N, and CEIR304, respectively with various devices or servers coupled to the sink device.
  • the interface(s) also provides a communication pathway for one or more components of the TSP 302 and CEIR 304. Examples of such components comprise, but are not limited to, processing engine(s) and database.
  • the interface comprises a platform for communication with the devices/servers to read real-time data /write data in the first database 302-2 and the second database 304-2 of the TSP 302-A to 302-N, and CEIR 304, and to communicate with the other devices, and the mobile devices 306.
  • Interfaces comprise a Graphical interface that allows user to feed inputs, to type/write/ upload the data and certificates, and other software and hardware interfaces, for example, interfaces for peripheral device(s), such as a keyboard, a mouse, an external memory, and a printer.
  • the computer system 800 can include a communication unit operatively coupled to the processor 870.
  • the communication unit can be configured to communicatively couple the TSP 302 with the CEIR 304 as well as the mobile devices 306.
  • Computer system800 may include more than one processor and communication ports.
  • Examples of processor 870 include, but are not limited to, an Intel® Itanium® or Itanium 2 processor(s), or AMD® Opteron® or Athlon MP® processor(s), Motorola® lines of processors, FortiSOCTM system on a chip processors or other future processors.
  • Processor 870 may include various modules associated with embodiments of the present invention.
  • Communication port 860 can be any of an RS- 232 port for use with a modem-based dialup connection, a 10/100 Ethernet port, a Gigabit or 10 Gigabit port using copper or fiber, a serial port, a parallel port, or other existing or future ports.
  • Communication port 860 may be chosen depending on a network, such a Local Area Network (LAN), Wide Area Network (WAN), or any network to which the computer system connects.
  • LAN Local Area Network
  • WAN Wide Area Network
  • the memory 830 can be Random Access Memory (RAM), or any other dynamic storage device commonly known in the art.
  • Read only memory 840 can be any static storage device(s) e.g., but not limited to, a Programmable Read Only Memory (PROM) chips for storing static information e.g., start-up or BIOS instructions for processor 870.
  • Mass storage 860 may be any current or future mass storage solution, which can be used to store information and/or instructions. Exemplary mass storage solutions include, but are not limited to, Parallel Advanced Technology Attachment (PATA) or Serial Advanced Technology Attachment (SATA) hard disk drives or solid-state drives (internal or external, e.g., having Universal Serial Bus (USB) and/or Firewire interfaces), e.g.
  • PATA Parallel Advanced Technology Attachment
  • SATA Serial Advanced Technology Attachment
  • USB Universal Serial Bus
  • Seagate e.g., the Seagate Barracuda 7102 family
  • Hitachi e.g., the Hitachi Deskstar 7K1000
  • one or more optical discs e.g., Redundant Array of Independent Disks (RAID) storage, e.g. an array of disks (e.g., SATA arrays), available from various vendors including Dot Hill Systems Corp., LaCie, Nexsan Technologies, Inc. and Enhance Technology, Inc.
  • RAID Redundant Array of Independent Disks
  • bus 820 communicatively couples the processor(s) 870 with the other memory, storage, and communication blocks.
  • Bus 820 can be, e.g. a Peripheral Component Interconnect (PCI) / PCI Extended (PCI-X) bus, Small Computer System Interface (SCSI), USB or the like, for connecting expansion cards, drives, and other subsystems as well as other buses, such a front side bus (FSB), which connects processor 870 to a software system.
  • PCI Peripheral Component Interconnect
  • PCI-X PCI Extended
  • SCSI Small Computer System Interface
  • FFB front side bus
  • operator and administrative interfaces e.g. a display, keyboard, and a cursor control device
  • bus 820 may also be coupled to bus 820 to support direct operator interaction with computer system 800.
  • Other operator and administrative interfaces can be provided through network connections connected through communication port 660.
  • External storage device 810 can be any kind of external hard-drives, floppy drives, IOMEGA® Zip Drives, Compact Disc - Read Only Memory (CD-ROM), Compact Disc - Re-Writable (CD-RW), Digital Video Disk - Read Only Memory (DVD-ROM).
  • CD-ROM Compact Disc - Read Only Memory
  • CD-RW Compact Disc - Re-Writable
  • DVD-ROM Digital Video Disk - Read Only Memory
  • the proposed invention detects cloned mobile devices throughout the network of telecom service providers (TSP) and block cloned and stolenmobile devices in real time.
  • TSP telecom service providers
  • the proposed invention restricts or blocks stolen and cloned mobile devices from accessing the network.
  • the proposed invention collects IMEI-IMSI from TSPs in real-time at the time- of-service registration from all TSPs
  • the proposed invention tracks miscreants through their genuine mobile devices, and also tracks miscreants or frauds that are using the stolen or cloned mobile devices.
  • the proposed invention provides a system and method that allows secure exchange of a list IMEI and IMSI of blacklisted, whitelisted, and greylisted mobile devices, between a CEIR and multiple telecom service providers in a network in real-time, to keep them updated about the current list for enabling efficient and quick detection and blocking of cloned and stolen mobile devices throughout the network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention se rapporte à un système et à un procédé de détection et de blocage de dispositifs mobiles clonés et volés dans un réseau. La présente invention implique de multiples fournisseurs de services de télécommunication (TSP), ayant chacun un enregistreur d'identité d'équipement (EIR) local, et en communication avec un enregistreur d'identité d'équipement central (CEIR). Chaque TSP stocke un ensemble de données comprenant l'IMEI et l'IMSI de multiples dispositifs qui figurent sur les listes blanche, grise et noire du TSP correspondant. Chaque TSP récupère l'IMEI-IMSI d'un dispositif mobile lorsque ce dernier se trouve dans le réseau du TSP, et vérifie la disponibilité de l'IMEI-IMSI récupéré dans l'EIR local. Le CEIR reçoit et stocke le premier ensemble de données de tous les TSP, et reçoit une demande de recherche par un TSP de la paire IMEI-IMSI du dispositif mobile dans le CEIR si l'IMEI-IMSI récupéré ne figure pas dans l'EIR local. Le CEIR fait ensuite correspondre l'IMEI-IMSI récupéré avec toutes les données du premier ensemble stockées dans le CEIR, et identifie, marque et bloque de manière correspondante le dispositif mobile comme un dispositif mobile authentique, ou un dispositif mobile cloné, ou un dispositif mobile volé.
PCT/IB2022/053005 2021-03-31 2022-03-31 Système et procédé de détection et de blocage de clonage en temps réel de dispositifs mobiles clonés et volés dans un réseau mobile d'un pays WO2022208425A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202111015046 2021-03-31
IN202111015046 2021-03-31

Publications (1)

Publication Number Publication Date
WO2022208425A1 true WO2022208425A1 (fr) 2022-10-06

Family

ID=83458182

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2022/053005 WO2022208425A1 (fr) 2021-03-31 2022-03-31 Système et procédé de détection et de blocage de clonage en temps réel de dispositifs mobiles clonés et volés dans un réseau mobile d'un pays

Country Status (1)

Country Link
WO (1) WO2022208425A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070077912A1 (en) * 2005-09-02 2007-04-05 Flextronics Software Systems Method enabling detection of stolen mobile communication devices and systems thereof
US9622082B2 (en) * 2011-09-06 2017-04-11 Alcatel Lucent Mobile terminal theft detection system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070077912A1 (en) * 2005-09-02 2007-04-05 Flextronics Software Systems Method enabling detection of stolen mobile communication devices and systems thereof
US9622082B2 (en) * 2011-09-06 2017-04-11 Alcatel Lucent Mobile terminal theft detection system

Similar Documents

Publication Publication Date Title
JP7038148B2 (ja) ユーザ機器(ue)位置を認証するための方法、システム、およびコンピュータ可読媒体
US11665592B2 (en) Security, fraud detection, and fraud mitigation in device-assisted services systems
US10064055B2 (en) Security, fraud detection, and fraud mitigation in device-assisted services systems
US9491199B2 (en) Security, fraud detection, and fraud mitigation in device-assisted services systems
US8116214B2 (en) Provisioning of e-mail settings for a mobile terminal
CN101582887B (zh) 安全防护方法、网关设备及安全防护系统
US6715083B1 (en) Method and system of alerting internet service providers that a hacker may be using their system to gain access to a target system
CN101355556B (zh) 认证信息处理装置和认证信息处理方法
CN103581363A (zh) 对恶意域名和非法访问的控制方法及装置
CN114145004B (zh) 用于使用dns消息以选择性地收集计算机取证数据的系统及方法
CN108306893A (zh) 一种自组网络的分布式入侵检测方法和系统
EP1300984A2 (fr) Gestion d'une application de sécurité de réseau
US20080059216A1 (en) Protection and Monitoring of Content Diffusion in a Telecommunications Network
GB2382755A (en) node and mobile device for a mobile telecommunications network providing intrusion detection/prevention
US10992686B2 (en) System, method and computer readable medium for determining users of an internet service
CN101341729A (zh) 用户信息的提供
CN114598525A (zh) 一种针对网络攻击的ip自动封禁的方法和装置
WO2011161589A1 (fr) Système et procédé pour la gestion d'informations d'identification personnelles
US7974602B2 (en) Fraud detection techniques for wireless network operators
CN101959183A (zh) 一种基于假名的移动用户标识码imsi保护方法
US8706089B2 (en) Change detection of target identification data in lawful interception systems
CN114553540B (zh) 基于零信任的物联网系统、数据访问方法、装置及介质
US9635017B2 (en) Computer network security management system and method
CN111314381A (zh) 安全隔离网关
US20090234857A1 (en) Controllable Content Distributing System

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22779292

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22779292

Country of ref document: EP

Kind code of ref document: A1