Method and apparatus for providing fraud detection using connection frequency thresholds

US 20050268113A1
Filed: 05/31/2005
Published: 12/01/2005
Est. Priority Date: 05/15/2003
Status: Active Grant

First Claim

Patent Images

1. A method for detecting unauthorized use of data services, the method comprising:

determining whether connections supporting remote access to a data network are completed;

tracking number of completed connections associated with a selected attribute over a time period;

determining whether the number of completed connections satisfies a connection frequency threshold; and

generating a fraud alert if the connection frequency threshold is satisfied.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach provides detection of unauthorized use of data services. A determination is made as to whether connections supporting remote access to a data network are completed. The number of completed connections associated with a selected attribute is tracked over a time period. It is then determined whether the number of completed connections satisfies a connection frequency threshold. A fraud alert is generated if the connection frequency threshold is satisfied.

78 Citations

View as Search Results

20 Claims

1. A method for detecting unauthorized use of data services, the method comprising:
- determining whether connections supporting remote access to a data network are completed;
  
  tracking number of completed connections associated with a selected attribute over a time period;
  
  determining whether the number of completed connections satisfies a connection frequency threshold; and
  
  generating a fraud alert if the connection frequency threshold is satisfied.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1, wherein the selected attribute specifies a reason for connection termination, an origination attribute, or a service type.
  - 3. A method according to claim 2, wherein the reason for connection termination is based on an accounting stop, the method further comprising:
    - detecting a message indicating the accounting stop with respect to one of the connections; and
      
      designating the one connection as completed based on the detected message.
  - 4. A method according to claim 2, wherein the reason for connection termination is based on a heartbeat message, the method further comprising:
    - detecting absence of the heartbeat message associated with one of the connections for a specified duration; and
      
      designating the one connection as completed based upon the detected absence.
  - 5. A method according to claim 1, wherein the time period is determined according to a sliding window.
  - 6. A method according to claim 1, wherein the number of completed connections is tracked based on an additional selected attribute that includes a log-in identifier, a host identifier, a host user identifier, a partner network, or a geographic region.
  - 7. A method according to claim 1, wherein the connections are dial-up sessions.

8. An apparatus for detecting unauthorized use of data services, the apparatus comprising:
- a communication interface configured to receive information on number of completed connections associated with a selected attribute over a time period, wherein the completed connections support remote access to a data network; and
  
  a processor configured to determine whether the number of completed connections satisfies a connection frequency threshold, wherein a fraud alert is generated if the connection frequency threshold is satisfied.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. An apparatus according to claim 8, wherein the selected attribute specifies a reason for connection termination, an origination attribute, or a service type.
  - 10. An apparatus according to claim 9, wherein the reason for connection termination is based on an accounting stop or a heartbeat message.
  - 11. An apparatus according to claim 8, wherein the time period is determined according to a sliding window.
  - 12. An apparatus according to claim 8, wherein the number of completed connections is tracked based on an additional selected attribute that includes a log-in identifier, a host identifier, a host user identifier, a partner network, or a geographic region.
  - 13. An apparatus according to claim 8, wherein the connections are dial-up sessions.

14. An apparatus for detecting unauthorized use of data services, the apparatus comprising:
- means for determining whether connections supporting remote access to a data network are completed;
  
  means for tracking number of completed connections associated with a selected attribute over a time period;
  
  means for determining whether the number of completed connections satisfies a connection frequency threshold; and
  
  means for generating a fraud alert if the connection frequency threshold is satisfied.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. An apparatus according to claim 14, wherein the selected attribute specifies a reason for connection termination, an origination attribute, or a service type.
  - 16. An apparatus according to claim 15, wherein the reason for connection termination is based on an accounting stop, the apparatus further comprising:
    - means for detecting a message indicating the accounting stop with respect to one of the connections; and
      
      means for designating the one connection as completed based on the detected message.
  - 17. An apparatus according to claim 15, wherein the reason for connection termination is based on a heartbeat message, the apparatus further comprising:
    - means for detecting absence of the heartbeat message associated with one of the connections for a specified duration; and
      
      means for designating the one connection as completed based upon the detected absence.
  - 18. An apparatus according to claim 14, wherein the time period is determined according to a sliding window.
  - 19. An apparatus according to claim 14, wherein the number of completed connections is tracked based on an additional selected attribute that includes a log-in identifier, a host identifier, a host user identifier, a partner network, or a geographic region.
  - 20. An apparatus according to claim 14, wherein the connections are dial-up sessions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Business Global LLC (Verizon Communications Inc.)
Inventors
Gilbert, Matthew J., Springer, Arthur L., Stepp, Thomas E., Van Arkel, John Hans, Mahone, Saralyn M.

Granted Patent

US 8,015,414 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 12/2856   Access arrangements, e.g. I...

H04L 43/00   Arrangements for monitoring...

H04L 63/1408   by monitoring network traff...

H04L 67/535   Tracking the activity of th...

Method and apparatus for providing fraud detection using connection frequency thresholds

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for providing fraud detection using connection frequency thresholds

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others