Network assisted fraud detection apparatus and methods
First Claim
Patent Images
1. A method comprising:
- by an activation service network apparatus;
receiving an access control client (ACC) request that originated at a mobile device, wherein the ACC request includes a request to change an ACC activation state associated with an ACC, and wherein the ACC request comprises a first shared secret and a first state value;
performing a verification, wherein a successful verification requires both i) matching the first state value to an ACC activation state value and ii) matching the first shared secret to an ACC shared secret, wherein the ACC activation state value and the ACC shared secret are pre-stored by the activation service network apparatus at a trusted network entity prior to reception of the ACC request;
when the verification is unsuccessful, executing a fraud detection protocol to detect possible unauthorized use of the ACC; and
when the verification is successful;
generating a new shared secret that corresponds to a changed ACC activation state associated with the ACC;
sending the new shared secret to the mobile device; and
storing, at the trusted network entity, the changed ACC activation state associated with the ACC and the new shared secret for verification of a subsequent ACC request from the mobile device.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus for detecting fraudulent device operation. In one exemplary embodiment of the present disclosure, a device is issued a user access control client that is uniquely associated with a shared secret that is securely stored within the network and the access control client. Subsequent efforts to activate or deactivate the access control client require verification of the shared secret. Each change in state includes a change to the shared secret. Consequently, requests for a change to state which do not have the proper shared secret will be disregarded, and/or flagged as fraudulent.
-
Citations
18 Claims
-
1. A method comprising:
-
by an activation service network apparatus; receiving an access control client (ACC) request that originated at a mobile device, wherein the ACC request includes a request to change an ACC activation state associated with an ACC, and wherein the ACC request comprises a first shared secret and a first state value; performing a verification, wherein a successful verification requires both i) matching the first state value to an ACC activation state value and ii) matching the first shared secret to an ACC shared secret, wherein the ACC activation state value and the ACC shared secret are pre-stored by the activation service network apparatus at a trusted network entity prior to reception of the ACC request; when the verification is unsuccessful, executing a fraud detection protocol to detect possible unauthorized use of the ACC; and when the verification is successful; generating a new shared secret that corresponds to a changed ACC activation state associated with the ACC; sending the new shared secret to the mobile device; and storing, at the trusted network entity, the changed ACC activation state associated with the ACC and the new shared secret for verification of a subsequent ACC request from the mobile device. - View Dependent Claims (2, 3, 4, 14, 15, 16, 17, 18)
-
-
5. An activation service network apparatus comprising:
-
one or more processors; an activation state database configured to store activation state information for a plurality of access control clients (ACC); and a computer readable apparatus having a non-transitory storage medium with executable instructions stored thereon, that when executed by the one or more processors, cause the activation service network apparatus to; receive, from a mobile device via an electronic Universal Integrated Circuit Card (eUICC) appliance network apparatus, an ACC request including a request to change an ACC activation state associated with an ACC, wherein the ACC request comprises a first state value and a first shared secret, cause retrieval of an ACC activation state value for the ACC from the activation state database, perform a verification, wherein a successful verification requires both i) matching the first state value to the ACC activation state value and ii) matching the first shared secret to an ACC shared secret, wherein the ACC activation state value and the ACC shared secret are pre-stored by the activation service network apparatus in the activation state database prior to reception of the ACC request, when the verification is unsuccessful;
employ a fraud detection protocol that is configured to detect a possible unauthorized use of the ACC, andwhen the verification is successful; generate a new shared secret that corresponds to a changed ACC activation state associated with the ACC; send the new shared secret to the mobile device; and store the changed ACC activation state associated with the ACC and the new shared secret in the activation state database for verification of a subsequent ACC request from the mobile device. - View Dependent Claims (6, 7)
-
-
8. A non-transitory computer readable medium comprising executable instructions for detecting fraudulent device activation, that when executed by one or more processors, cause an activation service network apparatus to:
-
receive, from a mobile device via an electronic Universal Integrated Circuit Card (eUICC) appliance network apparatus, an access control client (ACC) request including a request to change an ACC activation state associated with an ACC, wherein the ACC request comprises a first shared secret and a first state value; perform a verification, wherein a successful verification requires both i) matching the first state value to an activation state value for the ACC and ii) matching the first shared secret to an ACC shared secret, wherein the ACC activation state value and the ACC shared secret are pre-stored by the activation service network apparatus at a trusted network entity prior to reception of the ACC request; implement a fraud detection protocol to detect possible cloned ACC data, when the verification is unsuccessful; and when the verification is successful; generate a new shared secret that corresponds to a changed ACC activation state associated with the ACC; send the new shared secret to the mobile device; and store the changed ACC activation state associated with the ACC and the new shared secret at the trusted network entity for verification of a subsequent ACC request from the mobile device.
-
-
9. A method comprising:
-
by a mobile device; transmitting a request associated with an access control client (ACC) to an activation service network apparatus via an electronic Universal Integrated Circuit Card (eUICC) appliance network apparatus, wherein the request comprises a request to change an ACC activation state associated with the ACC, an activation state of the ACC, and a shared secret associated with the ACC, wherein values for the ACC activation state and the shared secret associated with the ACC are pre-stored by the mobile device in a secure element of the mobile device and the activation service network apparatus at a trusted network entity prior to transmission of the request; receiving, from the activation service network apparatus, activation status information associated with a validity of the request that is determined based at least in part on the shared secret; when the activation status information indicates the request is invalid, executing a fraud protocol to disable the ACC; and when the activation status information indicates the request is valid; receiving, from the activation service network apparatus, a new shared secret associated with the ACC; and storing the new shared secret in the secure element of the mobile device to use for validation of a subsequent request associated with the ACC. - View Dependent Claims (10)
-
-
11. A mobile device configured to execute a fraud protocol, the mobile device comprising:
one or more processors; a secure element storing one or more access control clients (ACC); at least one wireless interface coupled with the one or more processors; and a computer readable apparatus having a non-transitory storage medium with executable instructions stored thereon, that when executed by the one or more processors, cause the mobile device to; transmit a request to an activation service network apparatus via an electronic Universal Integrated Circuit Card (eUICC) appliance network apparatus, wherein; the request is associated with at least one ACC of the one or more ACCs stored in the secure element, and the request comprises information related to an activation state of the at least one ACC and secret information for which values of the secret information and activation states of the at least one ACC are pre-stored in the secure element by the mobile device and at a trusted network entity by the activation service network apparatus prior to transmission of the request, receive, from the activation service network apparatus, a response comprising activation status information indicative of a validity of the request that is determined based at least in part on the secret information, when the response comprising the activation status information is indicative of an invalid request, disable the at least one ACC; and when the activation response is indicative of a valid request; receiving, from the activation service network apparatus, new secret information associated with the at least one ACC; and storing the new secret information in the secure element for validation of a subsequent request associated with the at least one ACC. - View Dependent Claims (12)
-
13. A non-transitory computer-readable medium comprising executable instructions for implementing a fraud protocol, that when executed by one or more processors, cause a mobile device to:
-
transmit an access control client (ACC) request to an activation service network apparatus via an electronic Universal Integrated Circuit Card (eUICC) appliance network apparatus, wherein the ACC request comprises a current activation state of an ACC and secret information for which values of the secret information and activation state of the ACC are pre stored by the mobile device in a secure element of the mobile device and by the activation service network apparatus at a trusted network entity prior to transmission of the request; receive, from the activation service network apparatus, a response message indicating a validity of the ACC request that is determined based at least in part on the current activation state of the ACC; when the response message indicates that the ACC request is invalid, disable the ACC; and when the response message indicates that the ACC request is valid; receive, from the activation service network apparatus, new secret information associated with the ACC; and store the new secret information in the secure element of the mobile device for validation of a subsequent request associated with the ACC.
-
Specification