Method and means for preventing fraudulent use of telephone network

US 5,495,521 A
Filed: 11/12/1993
Issued: 02/27/1996
Est. Priority Date: 11/12/1993
Status: Expired due to Term

First Claim

Patent Images

1. A method of controlling access of a user to a telephone network, comprising the steps of:

storing, in a control data base, a set of attributes concerning an ongoing incoming call from an access demand source by a user;

maintaining a rules data base of a plurality of rules designating one of a plurality of degrees of likelihood that any call having a particular attribute is fraudulent, some of said degrees being high and some being lower;

determining whether an attribute in the data of the control data base matches an attribute in one of the plurality of rules in the rules data base; and

effecting corrective action in response to a match between data in the control data base and predetermined rules in the rules data base on the basis of the degree of likelihood indicated by the matching in the rules data base that the call is fraudulent;

the step of storing in the control data base including storing in a first access data base a first set of attributes concerning the ongoing incoming call;

the step of storing in the control data base including storing in a second access data base a second set of attributes concerning the history of prior accesses made by the access demand source;

the step of determining whether data in the one of the access data bases matches the rules in the rules data base including determining whether to disconnect the incoming call, block future incoming calls, or take other action; and

the step of effecting corrective action including disconnecting the incoming call, blocking future incoming calls, or taking other action;

the step of storing in the second access data base including updating the second access data base with data from incoming calls having matches in the determining step.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Access of a user to a resource, such as a telecommunications network, includes storing, in a first call data base, a first set of attributes concerning an ongoing call from a caller. A second call data base stores a second set of attributes concerning the history of prior calls made by the caller. A rules data base stores rules concerning attributes for determining whether to disconnect the call, block future calls, or take other action. A determination is made whether data in at least one of the call data bases matches the rules in the rules data base. The call is then disconnected, the next call blocked, or other action is taken, in response to a match between data the call data bases and data in the rules data base. Preferably, the second call data base is updated in response to matches with the rules data base.

Citations

14 Claims

1. A method of controlling access of a user to a telephone network, comprising the steps of:
- storing, in a control data base, a set of attributes concerning an ongoing incoming call from an access demand source by a user;
  
  maintaining a rules data base of a plurality of rules designating one of a plurality of degrees of likelihood that any call having a particular attribute is fraudulent, some of said degrees being high and some being lower;
  
  determining whether an attribute in the data of the control data base matches an attribute in one of the plurality of rules in the rules data base; and
  
  effecting corrective action in response to a match between data in the control data base and predetermined rules in the rules data base on the basis of the degree of likelihood indicated by the matching in the rules data base that the call is fraudulent;
  
  the step of storing in the control data base including storing in a first access data base a first set of attributes concerning the ongoing incoming call;
  
  the step of storing in the control data base including storing in a second access data base a second set of attributes concerning the history of prior accesses made by the access demand source;
  
  the step of determining whether data in the one of the access data bases matches the rules in the rules data base including determining whether to disconnect the incoming call, block future incoming calls, or take other action; and
  
  the step of effecting corrective action including disconnecting the incoming call, blocking future incoming calls, or taking other action;
  
  the step of storing in the second access data base including updating the second access data base with data from incoming calls having matches in the determining step.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as in claim 1, wherein the step of effecting corrective action includes ignoring matches of attributes in the control data base and the rules data base when the attribute in the rules data base indicates a lower degree of likelihood that the call may be fraudulent.
  - 3. A method as in claim 2, wherein said step of storing in said first access data base includes storing one or more of the following attributes:
    - requesting user;
      
      request time;
      
      length of use;
      
      destination requested;
      
      user authorization code;
      
      whether use request is cellular.
  - 4. A method as in claim 1, wherein said step of storing data in said second access data base includes storing one of the following:
    - PBX ANIs (Private Branch Exchange Automatic Number Identifications);
      
      University PBX'"'"'s and Centrex'"'"'s;
      
      Suspicious NPAs-NXX (pay phones indicated by ii digits) for originating numbers;
      
      Suspicious Terminating Numbers;
      
      Known bad ANIs;
      
      Suspicious Country codes;
      
      Forbidden country codes;
      
      Compromised Authorization Codes;
      
      ANI'"'"'s from detected fraud events;
      
      Originating numbers from detected fraud events;
      
      Terminating numbers from detected fraud events;
      
      Authorization codes from detected fraud events;
      
      Other files as required by CSAM (Telephone Corporation Security Administration Monitor).
  - 5. A method as in claim 4, wherein said step of storing in said first access data base includes storing one or more of the following attributes:
    - requesting user;
      
      request time;
      
      length of use;
      
      destination requested;
      
      user authorization code;
      
      whether use request is cellular.
  - 6. A method as in claim 1, wherein the data in said rules data base includes incoming calls made:
    - During business hours;
      
      During non-business hours;
      
      Excessively long;
      
      Domestic accesses;
      
      To a limited dialed NPA=800;
      
      To a termination number=CPE;
      
      To a country code;
      
      ANI=CPE (Automatic Number Identification with Customer Premises Equipment);
      
      Accesses using SDN-NRA (Software Defined Network--Network Remote Access);
      
      To a suspected country code;
      
      Using a bad ANI;
      
      Of short duration;
      
      Using repeated ANI;
      
      From non-frequent caller;
      
      To successive different dialed numbers;
      
      Using suspected patterned dialing;
      
      With a connect time difference using a less than PDD (Post Dialing Delay)+e, i.e. going from one to another number quickly;
      
      Using an invalid authorization code;
      
      With a number of accesses in repeat set greater than threshold;
      
      Using a SDN Software defined network (virtual private network);
      
      Using different ANI to same termination No.;
      
      Using the same authorization code from another location greater than at least one incoming call continuing;
      
      Having greater than access duration overlap;
      
      With simultaneous use of mobile number;
      
      Cellular;
      
      Of the same MIN;
      
      Using distance between access locations/elapsed time greater than a given value τ
      
      ;
      
      Multiple from same ANI (Automatic Number Identification) greater than x;
      
      Repeated dialed numbers;
      
      Terminating at a number which is a known DISA/RMATS (Direct Inward Switched Access/Remote Maintained Access Test System Maintained Port);
      
      Originating in suspect MPA-NXX or pay phone;
      
      Multiple incoming calls from same ANI;
      
      CPE (Customer Premise Equipment) to a Known high fraud country;
      
      CPE (Customer Premise Equipment) to known medium fraud country;
      
      Non CPE type of service;
      
      Suspicious terminating number;
      
      Multiple incoming calls billed to same number;
      
      Multiple 800 incoming calls exceeding preset number.
  - 7. A method as in claim 1, wherein the data in said rules data base includes access demands made:
    - During business hours;
      
      During non-business hours;
      
      Excessively long;
      
      Domestic incoming calls;
      
      To a limited dialed MPA=800;
      
      To a termination number=CPE;
      
      To a country code;
      
      ANI=CPE (Automatic Number Identification with Customer Premises Equipment);
      
      Accesses using SDN-NRA (Software Defined Network--Network Remote Access);
      
      To a suspected country code;
      
      Using a bad ANI;
      
      Of short duration;
      
      Using repeated ANI;
      
      From non-frequent accesser;
      
      To successive different dialed numbers;
      
      Using suspected patterned dialing;
      
      With a connect time difference using a less than PDD (Post Dialing Delay)+e, i.e. going from one to another number quickly;
      
      Using an invalid authorization code;
      
      With a number of accesses in repeat set greater than threshold;
      
      Using a SDN Software defined network(virtual private network);
      
      Using different ANI to same termination No.;
      
      Using the same authorization code from another location greater than at least one access continuing;
      
      Having greater than access duration overlap;
      
      With simultaneous use of mobile number;
      
      Cellular;
      
      Of the same MIN;
      
      Using distance between access locations/elapsed time greater than a given value τ
      
      ;
      
      Multiple accesses from same ANI (Automatic Number Identification) greater than x;
      
      Repeated dialed numbers;
      
      Terminating at a number which is a known DISA/RMATS (Direct Inward Switched Access/Remote Maintained Access Test System Maintained Port);
      
      Originating in suspect MPA-NXX or pay phone;
      
      Multiple accesses from same ANI;
      
      CPE (Customer Premise Equipment) to a Known high fraud country;
      
      CPE (Customer Premise Equipment) to known medium fraud country;
      
      Non CPE type of service;
      
      Suspicious terminating number;
      
      Multiple accesses billed to same number;
      
      Multiple 800 accesses exceeding preset number.

8. A system controlling access of a user to a telephone network, comprising:
- a control data base with a set of attributes concerning an ongoing incoming call from an access demand source;
  
  a rules data base with a plurality of rules designating one of a plurality of degrees of likelihood that any call having a particular attribute is fraudulent, some of said degrees being high and some being lower;
  
  means for determining whether an attribute in the data in the control data base matches an attribute in the plurality of rules in the rules data base; and
  
  means for effecting corrective action in response to a match between data in the control data base and predetermined rules in the rules data base on the basis of the degree of likelihood indicated in the rules database that the call is fraudulent;
  
  the control data base including a first access data base with a first set of attributes concerning the ongoing incoming call;
  
  the control data base including a second access data base with a second set of attributes concerning the history of prior accesses made by the access demand source;
  
  the means for determining whether data in the one of the access data bases matches the rules in the rules data base including means for determining whether to disconnect the incoming call, block future incoming calls, or take other action; and
  
  the means for effecting corrective action including means for disconnecting the incoming call, blocking future incoming calls, or taking other action;
  
  the control data base including means for updating the second access data base with data from accesses having matches in the means for determining.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A system as in claim 8, wherein the means for effecting corrective action includes ignoring matches of attributes in the control data base and the rules data base when the attribute in the rules data base indicates a lower degree of likelihood that the call may be fraudulent.
  - 10. A system as in claim 9, wherein said first access data base includes data on one or more of the following attributes:
    - requesting user;
      
      request time;
      
      length of use;
      
      destination requested;
      
      user authorization code;
      
      whether use request is cellular.
  - 11. A system as in claim 8, wherein said second access data base includes data on one of the following:
    - PBX ANIs (Private Branch Exchange Automatic Number Identifications);
      
      University PBX'"'"'s and Centrex'"'"'s;
      
      Suspicious NPAs-NXX (pay phones indicated by ii digits) for originating numbers;
      
      Suspicious Terminating Numbers;
      
      Known bad ANIs;
      
      Suspicious Country codes;
      
      Forbidden country codes;
      
      Compromised Authorization Codes;
      
      ANI'"'"'s from detected fraud events;
      
      Originating numbers from detected fraud events;
      
      Terminating numbers from detected fraud events;
      
      Authorization codes from detected fraud events;
      
      Other files as required by CSAM (Telephone Corporation Security Administration Monitor).
  - 12. A system as in claim 11, wherein said storage in said first access data base includes storage for one or more of the following attributes:
    - requesting user;
      
      request time;
      
      length of use;
      
      destination requested;
      
      user authorization code;
      
      whether use request is cellular.
  - 13. A system as in claim 12, wherein the data in said rules data base includes data concerning one of the following types of accesses:
    - During business hours;
      
      During non-business hours;
      
      Excessively long;
      
      Domestic accesses;
      
      To a limited dialed MPA=800;
      
      To a termination number=CPE;
      
      To a country code;
      
      ANI=CPE (Automatic Number Identification with Customer Premises Equipment);
      
      Accesses using SDN-NRA (Software Defined Network--Network Remote Access);
      
      To a suspected country code;
      
      Using a bad ANI;
      
      Of short duration;
      
      Using repeated ANI;
      
      From non-frequent accesser;
      
      To successive different dialed numbers;
      
      Using suspected patterned dialing;
      
      With a connect time difference using a less than PDD (Post Dialing Delay)+e, i.e. going from one to another number quickly;
      
      Using an invalid authorization code;
      
      With a number of accesses in repeat set greater than threshold;
      
      Using a SDN Software defined network(virtual private network);
      
      Using different ANI to same termination No.;
      
      Using the same authorization code from another location greater than atleast one access continuing;
      
      Having greater than access duration overlap;
      
      With simultaneous use of mobile number;
      
      Cellular;
      
      Of the same MIN;
      
      Using distance between access locations/elapsed time greater than a given value τ
      
      ;
      
      Multiple accesses from same ANI (Automatic Number Identification) greater than x;
      
      Repeated dialed numbers;
      
      Terminating at a number which is a known DISA/RMATS (Direct Inward Switched Access/Remote Maintained Access Test System Maintained Port);
      
      Originating in suspect MPA-NXX or pay phone;
      
      Multiple accesses from same ANI;
      
      CPE (Customer Premise Equipment) to a known high fraud country;
      
      CPE (Customer Premise Equipment) to known medium fraud country;
      
      Non CPE type of service;
      
      Suspicious terminating number;
      
      Multiple accesses billed to same number;
      
      Multiple 800 accesses exceeding preset number.
  - 14. A system as in claim 8, wherein rules data base includes storage of access demands made:
    - During business hours;
      
      During non-business hours;
      
      Excessively long;
      
      Domestic accesses;
      
      To a limited dialed MPA=800;
      
      To a termination number=CPE;
      
      To a country code;
      
      ANI=CPE (Automatic Number Identification with Customer Premises Equipment);
      
      Accesses using SDN-NRA (Software Defined Network--Network Remote Access);
      
      To a suspected country code;
      
      Using a bad ANI;
      
      Of short duration;
      
      Using repeated ANI;
      
      From non-frequent accesser;
      
      To successive different dialed numbers;
      
      Using suspected patterned dialing;
      
      With a connect time difference using a less than PDD (Post Dialing Delay)+e, i.e. going from one to another number quickly;
      
      Using an invalid authorization code;
      
      With a number of accesses in repeat set greater than threshold;
      
      Using a SDN Software defined network (virtual private network);
      
      Using different ANI to same termination No;
      
      Using the same authorization code from another location greater than at least one access continuing;
      
      Having greater than access duration overlap;
      
      With simultaneous use of mobile number;
      
      Cellular;
      
      Of the same MIN;
      
      Using distance between access locations/elapsed time greater than a given value τ
      
      ;
      
      Multiple accesses from same ANI (Automatic Number Identification) greater than x;
      
      Repeated dialed numbers;
      
      Terminating at a number which is a known DISA/RMATS (Direct Inward Switched Access/Remote Maintained Access Test System Maintained Port);
      
      Originating in suspect MPA-NXX or pay phone;
      
      Multiple accesses from same ANI;
      
      CPE (Customer Premise Equipment) to a Known high fraud country;
      
      CPE (Customer Premise Equipment) to known medium fraud country;
      
      Non CPE type of service;
      
      Suspicious terminating number;
      
      Multiple accesses billed to same number;
      
      Multiple 800 accesses exceeding preset number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
American Telephone & Telegraph Company (AT&T, Inc.)
Original Assignee
AT&T Corporation (AT&T, Inc.)
Inventors
Rangachar, Hemmige V.
Primary Examiner(s)
Black, Thomas G.
Assistant Examiner(s)
HOMERE, JEAN RAYMOND

Application Number

US08/152,993
Time in Patent Office

837 Days
Field of Search

364/DIG. 1, 364/DIG. 2, 395/600, 395/425, 379/95, 379/145, 379/189, 379/198
US Class Current

379/93.04
CPC Class Codes

H04M 15/47   Fraud detection or preventi...

H04M 2203/6027   Fraud preventions

H04M 2215/0148   Fraud detection or preventi...

H04M 3/36   Statistical metering, e.g. ...

H04M 3/38   Graded-service arrangements...

H04M 3/4228   in networks

H04Q 3/0016   Arrangements providing conn...

Method and means for preventing fraudulent use of telephone network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and means for preventing fraudulent use of telephone network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links