NETWORK ASSISTED FRAUD DETECTION APPARATUS AND METHODS

US 20130205390A1
Filed: 02/07/2013
Published: 08/08/2013
Est. Priority Date: 02/07/2012
Status: Active Grant

First Claim

Patent Images

1. A method for executing a fraud protocol, comprising:

responsive to receiving a request for activation, extracting one or more data from the request, wherein the extracted one or more data corresponds to a first activation state;

verifying the one of more data, based at least in part on the first activation state; and

executing a fraud protocol in response to unsuccessful verification of the one or more data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for detecting fraudulent device operation. In one exemplary embodiment of the present disclosure, a device is issued a user access control client that is uniquely associated with a shared secret that is securely stored within the network and the access control client. Subsequent efforts to activate or deactivate the access control client require verification of the shared secret. Each change in state includes a change to the shared secret. Consequently, requests for a change to state which do not have the proper shared secret will be disregarded, and/or flagged as fraudulent.

Citations

20 Claims

1. A method for executing a fraud protocol, comprising:
- responsive to receiving a request for activation, extracting one or more data from the request, wherein the extracted one or more data corresponds to a first activation state;
  
  verifying the one of more data, based at least in part on the first activation state; and
  
  executing a fraud protocol in response to unsuccessful verification of the one or more data.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the request for activation comprises at least a request to activate an electronic subscriber identity module (eSIM) associated with a network service provider.
  - 3. The method of claim 2, wherein:
    - the verifying the one or more data comprises at least comparing the first activation state against an expected activation state; and
      
      the unsuccessful verification comprises at least when the comparison of the first activation state and the expected activation state does not meet a prescribed criterion.
  - 4. The method of claim 2, wherein:
    - the extracted one or more data comprises at least a shared secret between a mobile device responsible for the request for activation and an activation service entity; and
      
      unsuccessful verification comprises at least when the shared secret of the extracted one or more data does not match the shared secret at an activation service entity.

5. An appliance apparatus useful in the execution of a fraud detection protocol, the appliance apparatus comprising:
- a processor;
  
  a state database configured to store activation state information for each respective access control client of a plurality of access control clients; and
  
  a computer readable apparatus having a non-transitory storage medium with at least one computer program stored thereon, the at least one computer program configured to, when executed on the processor, cause the appliance apparatus to;
  
  receive an access control client request from a mobile device, the access control client request comprising at least activation state information;
  
  cause retrieval, from the state database, of current state information corresponding to the requested access control client;
  
  verify the validity of the request by at least a comparison of the activation state information against the retrieved current state information; and
  
  when the request is determined to be invalid, effectuate a fraud protocol.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The appliance apparatus of claim 5, wherein the at least one computer program is further configured to, when executed, cause the appliance apparatus to verify the validity of the request by a verification check of secret information provided with the request, the secret information shared between the mobile device and the appliance apparatus.
  - 7. The appliance apparatus of claim 6, wherein the at least one computer program is further configured to, when executed, cause the appliance apparatus to:
    - update the secret information when the validity of the request is determined to be valid; and
      
      provide the updated secret information to the mobile device.
  - 8. The appliance apparatus of claim 5, wherein the at least one computer program is further configured to, when executed, cause the appliance apparatus to, upon a verification of the request, update the current state information stored in the state database in accordance with the request.
  - 9. The appliance apparatus of claim 5, wherein the fraud protocol comprises a disablement of an access control client associated with the access control client request.

10. A non-transitory computer readable medium comprising a plurality of instructions for detecting fraudulent device activation, the plurality of instructions configured to, when executed, cause a network entity to:
- receive a access control client request from a mobile device, the request comprising at least state information of the access control client and a secret key of the mobile device;
  
  determine if the at least state information corresponds to an expected state for the access control client, and if the secret key is valid; and
  
  when (i) the state information does not correspond to the expected state, and/or (ii) when the secret key is invalid, implement a fraud protocol for the access control client.

11. A method for detecting fraudulent device activation, the method comprising:
- transmitting a request for an access control client;
  
  receiving information associated with an access control client of the access control client request;
  
  validating the received information; and
  
  upon a validation of the received information, performing an action associated with the request for the access control client.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, wherein the information associated with an access control client comprises at least activation status information of the access control client.
  - 13. The method of claim 12, wherein the validation is determined based at least in part by the activation status information matching with an expected activation status of the access control client.
  - 14. The method of claim 13, further comprising updating the expected activation status upon performing the action, where the updated expected activation status is related at least in part to the performed action.

15. A mobile device configured for execution of a fraud detection protocol, the mobile device comprising:
- a processor;
  
  a secure element configured to store one or more access control clients;
  
  at least one wireless interface in data communication with the processor; and
  
  a computer readable apparatus having a non-transitory storage medium with at least one computer program stored thereon, the at least one computer program configured to, when executed on the processor, cause the mobile device to;
  
  transmit a request relating to an access control client, where the request comprises at least information related to an activation status of the access control client;
  
  receive a response indicative of a determined validity of the request; and
  
  execute a fraud protocol when the response is indicative of an invalid request.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The mobile device of claim 15, wherein the fraud protocol comprises disablement the access control client in the mobile device.
  - 17. The mobile device of claim 15, wherein:
    - the request further comprises a secret shared between the mobile device and an activation service associated with the access control client; and
      
      the received response comprises at least an updated secret when the response is indicative of a valid request.
  - 18. The mobile device of claim 16, wherein the at least one computer program is further configured to, when executed, cause the mobile device to store the received updated secret in the secure element.
  - 19. The mobile device of claim 15, wherein the at least one computer program is further configured to update a status of the access control client when the response is indicative of a valid request, the updated status based at least in part on an action associated with the request.

20. A non-transitory computer readable medium comprising a plurality of instructions for detecting fraudulent device activation, the plurality of instructions configured to, when executed, cause a mobile device to:
- transmit an access control client request to an activation service, the request comprising at least a current activation status of the access control client;
  
  receive a message from the activation service, where the message is configured to indicate a validity of the request; and
  
  when the message indicated that the request is invalid, implement a fraud procedure on at least the access control client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Hauck, Jerrold Von, Li, Li, Schell, Stephan V.

Granted Patent

US 10,440,034 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 63/1408   by monitoring network traff...

H04W 12/0433   Key management protocols

H04W 12/126   Anti-theft arrangements, e....

H04W 12/35   Protecting application or s...

H04W 8/205   Transfer to or from user eq...

NETWORK ASSISTED FRAUD DETECTION APPARATUS AND METHODS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK ASSISTED FRAUD DETECTION APPARATUS AND METHODS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links