Network assisted fraud detection apparatus and methods

US 10,440,034 B2
Filed: 02/07/2013
Issued: 10/08/2019
Est. Priority Date: 02/07/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

by an activation service network apparatus;

receiving an access control client (ACC) request that originated at a mobile device, wherein the ACC request includes a request to change an ACC activation state associated with an ACC, and wherein the ACC request comprises a first shared secret and a first state value;

performing a verification, wherein a successful verification requires both i) matching the first state value to an ACC activation state value and ii) matching the first shared secret to an ACC shared secret, wherein the ACC activation state value and the ACC shared secret are pre-stored by the activation service network apparatus at a trusted network entity prior to reception of the ACC request;

when the verification is unsuccessful, executing a fraud detection protocol to detect possible unauthorized use of the ACC; and

when the verification is successful;

generating a new shared secret that corresponds to a changed ACC activation state associated with the ACC;

sending the new shared secret to the mobile device; and

storing, at the trusted network entity, the changed ACC activation state associated with the ACC and the new shared secret for verification of a subsequent ACC request from the mobile device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for detecting fraudulent device operation. In one exemplary embodiment of the present disclosure, a device is issued a user access control client that is uniquely associated with a shared secret that is securely stored within the network and the access control client. Subsequent efforts to activate or deactivate the access control client require verification of the shared secret. Each change in state includes a change to the shared secret. Consequently, requests for a change to state which do not have the proper shared secret will be disregarded, and/or flagged as fraudulent.

Citations

18 Claims

1. A method comprising:
- by an activation service network apparatus;
  
  receiving an access control client (ACC) request that originated at a mobile device, wherein the ACC request includes a request to change an ACC activation state associated with an ACC, and wherein the ACC request comprises a first shared secret and a first state value;
  
  performing a verification, wherein a successful verification requires both i) matching the first state value to an ACC activation state value and ii) matching the first shared secret to an ACC shared secret, wherein the ACC activation state value and the ACC shared secret are pre-stored by the activation service network apparatus at a trusted network entity prior to reception of the ACC request;
  
  when the verification is unsuccessful, executing a fraud detection protocol to detect possible unauthorized use of the ACC; and
  
  when the verification is successful;
  
  generating a new shared secret that corresponds to a changed ACC activation state associated with the ACC;
  
  sending the new shared secret to the mobile device; and
  
  storing, at the trusted network entity, the changed ACC activation state associated with the ACC and the new shared secret for verification of a subsequent ACC request from the mobile device.
- View Dependent Claims (2, 3, 4, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the ACC request comprises at least a request to activate an electronic subscriber identity module (eSIM) associated with a network service provider.
  - 3. The method of claim 1, wherein:
    - the first state value is either active or inactive.
  - 4. The method of claim 1, wherein:
    - the unsuccessful verification results when the first shared secret does not match the ACC shared secret.
  - 14. The method of claim 1, wherein executing the fraud detection protocol comprises sending an alert to the mobile device indicating potential fraud via at least one of an e-mail, a short message service (SMS) text message, or a phone call.
  - 15. The method of claim 1, wherein performing the verification comprises determining whether the ACC request from the mobile device is received within a temporal window associated with the ACC.
  - 16. The method of claim 15, wherein the temporal window is based on:
    - i) a date of an initial shipment of the mobile device, orii) a date of distribution of the mobile device.
  - 17. The method of claim 1, wherein the fraud detection protocol comprises:
    - flagging an identity associated with the mobile device.
  - 18. The method of claim 15, wherein the temporal window is based on a recurring temporal event.

5. An activation service network apparatus comprising:
- one or more processors;
  
  an activation state database configured to store activation state information for a plurality of access control clients (ACC); and
  
  a computer readable apparatus having a non-transitory storage medium with executable instructions stored thereon, that when executed by the one or more processors, cause the activation service network apparatus to;
  
  receive, from a mobile device via an electronic Universal Integrated Circuit Card (eUICC) appliance network apparatus, an ACC request including a request to change an ACC activation state associated with an ACC, wherein the ACC request comprises a first state value and a first shared secret,cause retrieval of an ACC activation state value for the ACC from the activation state database,perform a verification, wherein a successful verification requires both i) matching the first state value to the ACC activation state value and ii) matching the first shared secret to an ACC shared secret, wherein the ACC activation state value and the ACC shared secret are pre-stored by the activation service network apparatus in the activation state database prior to reception of the ACC request, when the verification is unsuccessful;
  
  employ a fraud detection protocol that is configured to detect a possible unauthorized use of the ACC, andwhen the verification is successful;
  
  generate a new shared secret that corresponds to a changed ACC activation state associated with the ACC;
  
  send the new shared secret to the mobile device; and
  
  store the changed ACC activation state associated with the ACC and the new shared secret in the activation state database for verification of a subsequent ACC request from the mobile device.
- View Dependent Claims (6, 7)
- - 6. The activation service network apparatus of claim 5, wherein execution of the executable instructions by the one or more processors further causes the activation service network apparatus to update the activation state database when the verification is unsuccessful.
  - 7. The activation service network apparatus of claim 5, wherein the fraud detection protocol is further configured to notify a network operator when the verification is unsuccessful.

8. A non-transitory computer readable medium comprising executable instructions for detecting fraudulent device activation, that when executed by one or more processors, cause an activation service network apparatus to:
- receive, from a mobile device via an electronic Universal Integrated Circuit Card (eUICC) appliance network apparatus, an access control client (ACC) request including a request to change an ACC activation state associated with an ACC, wherein the ACC request comprises a first shared secret and a first state value;
  
  perform a verification, wherein a successful verification requires both i) matching the first state value to an activation state value for the ACC and ii) matching the first shared secret to an ACC shared secret, wherein the ACC activation state value and the ACC shared secret are pre-stored by the activation service network apparatus at a trusted network entity prior to reception of the ACC request;
  
  implement a fraud detection protocol to detect possible cloned ACC data, when the verification is unsuccessful; and
  
  when the verification is successful;
  
  generate a new shared secret that corresponds to a changed ACC activation state associated with the ACC;
  
  send the new shared secret to the mobile device; and
  
  store the changed ACC activation state associated with the ACC and the new shared secret at the trusted network entity for verification of a subsequent ACC request from the mobile device.

9. A method comprising:
- by a mobile device;
  
  transmitting a request associated with an access control client (ACC) to an activation service network apparatus via an electronic Universal Integrated Circuit Card (eUICC) appliance network apparatus, wherein the request comprises a request to change an ACC activation state associated with the ACC, an activation state of the ACC, and a shared secret associated with the ACC, wherein values for the ACC activation state and the shared secret associated with the ACC are pre-stored by the mobile device in a secure element of the mobile device and the activation service network apparatus at a trusted network entity prior to transmission of the request;
  
  receiving, from the activation service network apparatus, activation status information associated with a validity of the request that is determined based at least in part on the shared secret;
  
  when the activation status information indicates the request is invalid, executing a fraud protocol to disable the ACC; and
  
  when the activation status information indicates the request is valid;
  
  receiving, from the activation service network apparatus, a new shared secret associated with the ACC; and
  
  storing the new shared secret in the secure element of the mobile device to use for validation of a subsequent request associated with the ACC.
- View Dependent Claims (10)
- - 10. The method of claim 9, wherein validity of the request is determined based at least in part on the ACC activation state associated with the ACC matching an activation state value associated with the ACC and maintained by the activation service network apparatus.

11. A mobile device configured to execute a fraud protocol, the mobile device comprising:
- one or more processors;
  
  a secure element storing one or more access control clients (ACC);
  
  at least one wireless interface coupled with the one or more processors; and
  
  a computer readable apparatus having a non-transitory storage medium with executable instructions stored thereon, that when executed by the one or more processors, cause the mobile device to;
  
  transmit a request to an activation service network apparatus via an electronic Universal Integrated Circuit Card (eUICC) appliance network apparatus, wherein;
  
  the request is associated with at least one ACC of the one or more ACCs stored in the secure element, andthe request comprises information related to an activation state of the at least one ACC and secret information for which values of the secret information and activation states of the at least one ACC are pre-stored in the secure element by the mobile device and at a trusted network entity by the activation service network apparatus prior to transmission of the request,receive, from the activation service network apparatus, a response comprising activation status information indicative of a validity of the request that is determined based at least in part on the secret information,when the response comprising the activation status information is indicative of an invalid request, disable the at least one ACC; and
  
  when the activation response is indicative of a valid request;
  
  receiving, from the activation service network apparatus, new secret information associated with the at least one ACC; and
  
  storing the new secret information in the secure element for validation of a subsequent request associated with the at least one ACC.
- View Dependent Claims (12)
- - 12. The mobile device of claim 11, wherein:
    - execution of the executable instructions by the one or more processors further causes the mobile device to update the activation state of the at least one ACC when the response is indicative of an invalid request.

13. A non-transitory computer-readable medium comprising executable instructions for implementing a fraud protocol, that when executed by one or more processors, cause a mobile device to:
- transmit an access control client (ACC) request to an activation service network apparatus via an electronic Universal Integrated Circuit Card (eUICC) appliance network apparatus, wherein the ACC request comprises a current activation state of an ACC and secret information for which values of the secret information and activation state of the ACC are pre stored by the mobile device in a secure element of the mobile device and by the activation service network apparatus at a trusted network entity prior to transmission of the request;
  
  receive, from the activation service network apparatus, a response message indicating a validity of the ACC request that is determined based at least in part on the current activation state of the ACC;
  
  when the response message indicates that the ACC request is invalid, disable the ACC; and
  
  when the response message indicates that the ACC request is valid;
  
  receive, from the activation service network apparatus, new secret information associated with the ACC; and
  
  store the new secret information in the secure element of the mobile device for validation of a subsequent request associated with the ACC.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Hauck, Jerrold Von, Li, Li, Schell, Stephan V.
Primary Examiner(s)
Gracia, Gary S

Application Number

US13/762,074
Publication Number

US 20130205390A1
Time in Patent Office

2,434 Days
Field of Search

726 22, 455411, 455406, 455417, 455419, 455433, 455445, 370328, 370329, 370338, 370352, 713168, 713169
US Class Current
CPC Class Codes

H04L 63/1408   by monitoring network traff...

H04W 12/0433   Key management protocols

H04W 12/126   Anti-theft arrangements, e....

H04W 12/35   Protecting application or s...

H04W 8/205   Transfer to or from user eq...

Network assisted fraud detection apparatus and methods

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Network assisted fraud detection apparatus and methods

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links