Detection of fraudulently registered mobile phones

US 5,953,652 A
Filed: 01/24/1997
Issued: 09/14/1999
Est. Priority Date: 01/24/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method of detecting fraudulent use of a mobile station in a wireless telecommunications network, the mobile station having, a unique identifier associated therewith, the method comprising the steps of:

determining at least two actual elapsed time periods between successive registrations associated with the unique identifier of the mobile station; and

detecting a suspected fraudulent event when the actual elapsed time periods between successive registrations are substantially non-periodic.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is provided for detecting fraudulent use of a unique identifier associated with an authorized mobile station in a wireless telecommunications network. A monitoring system passively collects data associated with the registration of one or more mobile stations utilizing the unique identifier. A fraud detection processor analyzes the collected data using a first pattern recognition device. The pattern recognition device determines the periodicity of successive registration messages associated with the unique identifier of the authorized mobile station and a suspected fraudulent event is identified when the time between successive registration messages is non-periodic. A second pattern recognition device may be utilized alone or in combination with the first pattern recognition device to identify suspected fraudulent activity when an apparent velocity of the mobile station utilizing the unique identifier between successive registration messages exceeds a predetermined maximum velocity. The apparent velocity is based upon the approximated geographical distance and time between successive registration messages. Upon the detection of a suspected fraudulent event by the first and/or second pattern recognition devices, an authentication system may be utilized to identify a suspected mobile station as an unauthorized mobile station when a response to an authentication challenge received from the suspected mobile station is not substantially the same as a predicted response calculated by the authentication system based upon at least the unique identifier of the authorized mobile station.

Citations

29 Claims

1. A method of detecting fraudulent use of a mobile station in a wireless telecommunications network, the mobile station having, a unique identifier associated therewith, the method comprising the steps of:
- determining at least two actual elapsed time periods between successive registrations associated with the unique identifier of the mobile station; and
  
  detecting a suspected fraudulent event when the actual elapsed time periods between successive registrations are substantially non-periodic.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method according to claim 1, further comprising the steps of:
    - identifying a switch in the wireless network where the mobile station is registered;
      
      determining the constant registration period associated with the switch, the constant registration period defining the expected time period between successive registrations by the mobile station to the switch; and
      
      comparing the actual elapsed time period between successive registrations associated with the unique identifier of the mobile station to the constant registration period associated with the switch to determine whether the actual elapsed time period is substantially non-periodic.
  - 3. The method according to claim 2, wherein the actual elapsed time period between successive registrations is substantially non-periodic when the actual elapsed time period corresponds to at least two different constant registration periods.
  - 4. The method according to claim 1, further comprising the step of monitoring registration messages associated with the unique identifier to determine the actual elapsed time period between successive registrations.
  - 5. The method according to claim 4, wherein the registration messages are passively monitored at the Home Location Register associated with the unique identifier of an authorized mobile station.
  - 6. The method according to claim 1, further comprising the steps of:
    - receiving a response to an authentication challenge from the mobile station;
      
      determining a predicted response based upon at least the unique identifier of the mobile station;
      
      comparing the received response to the predicted response; and
      
      identifying the mobile station as an unauthorized mobile station when the received response is not substantially the same as the predicted response.
  - 7. The method according to claim 6, further comprising the step of providing an indication of a fraudulent event when the mobile station is identified as being unauthorized.
  - 8. The method according to claim 6, further comprising the step of instructing the wireless telecommunications network to take a predefined action in response to identification of the mobile station as being unauthorized.
  - 9. The method according to claim 1, further comprising the steps of:
    - determining the location of the mobile station within the wireless network at each registration associated with unique identifier;
      
      determining the approximate distance between the determined locations for successive registrations associated with the unique identifier;
      
      calculating an apparent velocity of the mobile station between successive registrations based upon the approximated distance and the actual elapsed time period between successive registrations;
      
      comparing the apparent velocity with a predetermined maximum velocity; and
      
      detecting a suspected fraudulent event when the apparent velocity exceeds the predetermined maximum velocity for successive registrations associated with the unique identifier of the mobile station.
  - 10. The method according to claim 9, further comprising the steps of:
    - receiving a response to an authentication challenge from the mobile station;
      
      determining a predicted response based upon at least the unique identifier of the mobile station;
      
      comparing the received response to the predicted response; and
      
      identifying the mobile station as an unauthorized mobile station when the received response is not substantially the same as the predicted response.
  - 11. The method according to claim 10, further comprising the step of providing an indication of a fraudulent event when the mobile station is identified as being unauthorized.
  - 12. The method according to claim 8, further comprising the step of instructing the wireless telecommunications network to take a predefined action in response to identification of the mobile station as being unauthorized.

13. A method of detecting fraudulent use of a unique identifier associated with an authorized mobile station in a wireless telecommunications network, comprising the steps of:
- monitoring registration messages associated with the unique identifier;
  
  determining a first elapsed time between successive first and second registration messages associated with the unique identifier;
  
  determining a second elapsed time between the second registration and a successive third registration associated with the unique identifier;
  
  detecting a suspected fraudulent event when the first and second elapsed times are not substantially the same.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. The method according to claim 13, further comprising the steps of:
    - identifying at least one switch in the wireless network where a mobile station utilizing the unique identifier is registered;
      
      determining the constant registration period associated with the switch, the constant registration period defining the expected time period between successive registrations by the mobile station;
      
      comparing the elapsed time between successive registrations to the constant registration period associated with the switch; and
      
      detecting a suspected fraudulent event when the first or second elapsed time is not substantially the same as the constant registration period.
  - 15. The method according to claim 13, wherein the registration messages are passively monitored at the Home Location Register (HLR) associated with the unique identifier of the authorized mobile station.
  - 16. The method according to claim 13, wherein the unique identifier is the unique mobile identification number (MIN) and equipment serial number (ESN) of the authorized mobile station.
  - 17. The method according to claim 13, further comprising the steps of:
    - receiving a response to an authentication challenge from a suspected mobile station utilizing the unique identifier;
      
      determining a predicted response based upon at least the unique identifier of the authorized mobile station;
      
      comparing the received response to the predicted response; and
      
      identifying the suspected mobile station as an unauthorized mobile station when the received response is not substantially the same as the predicted response.
  - 18. The method according to claim 17, further comprising the step of providing an indication of a fraudulent event when the suspected mobile station is identified as being unauthorized.
  - 19. The method according to claim 17, further comprising the step of instructing the wireless telecommunications network to take a predefined action in response to identification of the suspected mobile station as being unauthorized.
  - 20. The method according to claim 13, further comprising the steps of:
    - monitoring the successive first and second registration messages associated with the unique identifier to determine the respective location of the mobile station within the wireless network at the time of each of the registration messages;
      
      determining the approximate geographic distance between the respective locations of the mobile station at the time of the first and second registration messages;
      
      calculating an apparent velocity of the mobile station between the first and second successive registration messages based upon the approximated geographical distance and the first elapsed time between the first and second successive registration messages;
      
      comparing the apparent velocity with a predetermined maximum velocity; and
      
      detecting a suspected fraudulent event when the apparent velocity exceeds the predetermined maximum velocity.
  - 21. The method according to claim 20, further comprising the steps of:
    - receiving a response to an authentication challenge from a suspected mobile station utilizing the unique identifier;
      
      determining a predicted response based upon at least the unique identifier of the authorized mobile station;
      
      comparing the received response to the predicted response; and
      
      identifying the suspected mobile station as an unauthorized mobile station when the received response is not substantially the same as the predicted response.
  - 22. The method according to claim 21, further comprising the step of providing an indication of a fraudulent event when the suspected mobile station is identified as being unauthorized.
  - 23. The method according to claim 21, further comprising the step of instructing the wireless telecommunications network to take a predefined action in response to identification of the suspected mobile station as being unauthorized.

24. A system for detecting fraudulent use of a unique identifier associated with an authorized mobile station in a wireless telecommunications network, comprising:
- a monitoring system for collecting data associated with the registration of one or more mobile stations utilizing the unique identifier; and
  
  a fraud detection processor in communication with the monitoring system for analyzing the data collected by the monitoring system, the processor comprising a first pattern recognition device for determining the periodicity of successive registration messages associated with the unique identifier, wherein a suspected fraudulent event is identified when the time periods between successive registration messages are non-periodic.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. The system according to claim 24, further comprising a passive monitor tap for passively monitoring data at the Home Location Register (HLR) associated with the unique identifier of the authorized mobile station, the passively monitored data being transmitted from the tap to the monitoring system.
  - 26. The system according to claim 25, wherein the tap passively monitors data on at least one data link connected to the HLR.
  - 27. The system according to claim 24, wherein the unique identifier is the unique mobile identification number (MIN) and equipment serial number (ESN) of the authorized mobile station.
  - 28. The system according to claim 24, wherein the fraud detection processor further comprises a second pattern recognition device for identifying suspected fraudulent activity when an apparent velocity of the mobile station utilizing the unique identifier between successive registration messages exceeds a predetermined maximum velocity, the apparent velocity being based upon the approximated geographical distance and time between the successive registration messages.
  - 29. The system according to claim 24, further comprising an authentication system for identifying a suspected mobile station as an unauthorized mobile station when a response to an authentication challenge received from the suspected mobile station is not substantially the same as a predicted response calculated by the authentication system based upon at least the unique identifier of the authorized mobile station.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Mobility II LLC (AT&T, Inc.)
Original Assignee
AT&T Wireless Services Incorporated (AT&T, Inc.)
Inventors
Waughman, Russell John, Rowe, Lorin B., Amin, Umesh J.
Primary Examiner(s)
Chin, Wellington
Assistant Examiner(s)
SOBUTKA, PHILIP

Application Number

US08/788,151
Time in Patent Office

963 Days
Field of Search

455/410, 455/411, 455/435, 455/432, 455/433, 455/441, 455/422
US Class Current

455/410
CPC Class Codes

H04L 63/1408 by monitoring network traff...

H04W 12/126 Anti-theft arrangements, e....

Detection of fraudulently registered mobile phones

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Detection of fraudulently registered mobile phones

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links