Access management for wireless communication devices failing authentication for a communication network

US 8,554,912 B1
Filed: 03/14/2011
Issued: 10/08/2013
Est. Priority Date: 03/14/2011
Status: Active Grant

First Claim

Patent Images

1. A method of operating a network access control system to manage access to a communication network, the method comprising:

receiving a failure notification transmitted from a service node indicating a failure of a wireless communication device to pass an authentication when attempting to register with the communication network, wherein the notification includes a device identifier that identifies the wireless communication device;

retrieving device information, network data, and a user profile associated with the wireless communication device based on the device identifier;

processing the device information, the network data, and the user profile to generate a network access score for the wireless communication device;

if the network access score exceeds a priority threshold, transferring a priority notification for delivery to the service node that instructs the service node to bypass the authentication for the wireless communication device;

if the network access score exceeds a legitimate user threshold but does not exceed the priority threshold, transferring an access notification for delivery to the service node that instructs the service node to bypass the authentication for the wireless communication device and monitoring subsequent usage of the wireless communication device for fraudulent activity; and

if the network access score does not exceed the legitimate user threshold, transferring a suspect notification for delivery to the service node that instructs the service node to maintain the authentication for the wireless communication device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When a failure notification is received that was transmitted from a service node indicating a failure of a wireless communication device to pass an authentication when attempting to register with a communication network, device information, network data, and a user profile associated with the wireless communication device is retrieved and processed to generate a network access score for the wireless communication device. If the network access score exceeds a priority threshold, a priority notification is transferred instructing the service node to bypass the authentication for the wireless communication device. If the network access score exceeds a legitimate user threshold but does not exceed the priority threshold, an access notification is transferred instructing the service node to bypass the authentication for the wireless communication device, and subsequent usage of the wireless communication device is monitored for fraudulent activity. If the network access score does not exceed the legitimate user threshold, a suspect notification is transferred instructing the service node to maintain the authentication for the wireless communication device.

85 Citations

View as Search Results

20 Claims

1. A method of operating a network access control system to manage access to a communication network, the method comprising:
- receiving a failure notification transmitted from a service node indicating a failure of a wireless communication device to pass an authentication when attempting to register with the communication network, wherein the notification includes a device identifier that identifies the wireless communication device;
  
  retrieving device information, network data, and a user profile associated with the wireless communication device based on the device identifier;
  
  processing the device information, the network data, and the user profile to generate a network access score for the wireless communication device;
  
  if the network access score exceeds a priority threshold, transferring a priority notification for delivery to the service node that instructs the service node to bypass the authentication for the wireless communication device;
  
  if the network access score exceeds a legitimate user threshold but does not exceed the priority threshold, transferring an access notification for delivery to the service node that instructs the service node to bypass the authentication for the wireless communication device and monitoring subsequent usage of the wireless communication device for fraudulent activity; and
  
  if the network access score does not exceed the legitimate user threshold, transferring a suspect notification for delivery to the service node that instructs the service node to maintain the authentication for the wireless communication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein processing the device information, the network data, and the user profile to generate the network access score for the wireless communication device comprises determining that the wireless communication device is associated with an emergency service provider to generate the network access score that exceeds the priority threshold.
  - 3. The method of claim 1 wherein processing the device information, the network data, and the user profile to generate the network access score for the wireless communication device comprises processing a device type of the wireless communication device to generate the network access score.
  - 4. The method of claim 1 wherein monitoring the subsequent usage of the wireless communication device for the fraudulent activity comprises comparing a service usage history of the wireless communication device to the subsequent usage of the wireless communication device to detect the fraudulent activity.
  - 5. The method of claim 1 wherein, if the network access score exceeds the legitimate user threshold but does not exceed the priority threshold, imposing restrictions on the subsequent usage of the wireless communication device.
  - 6. The method of claim 1 wherein processing the device information, the network data, and the user profile to generate the network access score for the wireless communication device comprises determining that the wireless communication device is associated with an exploitability to generate the network access score that does not exceed the legitimate user threshold.
  - 7. The method of claim 1 wherein processing the device information, the network data, and the user profile to generate the network access score for the wireless communication device comprises determining that the wireless communication device is associated with a fraudulent service usage history to generate the network access score that does not exceed the legitimate user threshold.
  - 8. The method of claim 1 wherein the network data comprises a failure type associated with the failure of the wireless communication device to register with the communication network, an identifier of the service node, a geographic location of the service node, and a time of the failure.
  - 9. The method of claim 1 wherein the user profile comprises a service activation date, a service expiration date, a service type, a service plan, authorized devices, and a fraudulent service usage history associated with the user of the wireless communication device.
  - 10. The method of claim 1 wherein the device information comprises a model and a firmware version of the wireless communication device.

11. A network access control system to manage access to a communication network, the system comprising:
- a communication transceiver configured to receive a failure notification transmitted from a service node indicating a failure of a wireless communication device to pass an authentication when attempting to register with the communication network, wherein the notification includes a device identifier that identifies the wireless communication device; and
  
  a processing system configured to retrieve device information, network data, and a user profile associated with the wireless communication device based on the device identifier, process the device information, the network data, and the user profile to generate a network access score for the wireless communication device, and if the network access score exceeds a priority threshold, direct the communication transceiver to transfer a priority notification for delivery to the service node that instructs the service node to bypass the authentication for the wireless communication device;
  
  the processing system configured to, if the network access score exceeds a legitimate user threshold but does not exceed the priority threshold, direct the communication transceiver to transfer an access notification for delivery to the service node that instructs the service node to bypass the authentication for the wireless communication device, and the processing system further configured to monitor subsequent usage of the wireless communication device for fraudulent activity; and
  
  the processing system configured to, if the network access score does not exceed the legitimate user threshold, direct the communication transceiver to transfer a suspect notification for delivery to the service node that instructs the service node to maintain the authentication for the wireless communication device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11 wherein the processing system configured to process the device information, the network data, and the user profile to generate the network access score for the wireless communication device comprises the processing system configured to determine that the wireless communication device is associated with an emergency service provider to generate the network access score that exceeds the priority threshold.
  - 13. The system of claim 11 wherein the processing system configured to process the device information, the network data, and the user profile to generate the network access score for the wireless communication device comprises the processing system configured to process a device type of the wireless communication device to generate the network access score.
  - 14. The system of claim 11 wherein the processing system configured to monitor the subsequent usage of the wireless communication device for the fraudulent activity comprises the processing system configured to compare a service usage history of the wireless communication device to the subsequent usage of the wireless communication device to detect the fraudulent activity.
  - 15. The system of claim 11 wherein the processing system is configured to, if the network access score exceeds the legitimate user threshold but does not exceed the priority threshold, impose restrictions on the subsequent usage of the wireless communication device.
  - 16. The system of claim 11 wherein the processing system configured to process the device information, the network data, and the user profile to generate the network access score for the wireless communication device comprises the processing system configured to determine that the wireless communication device is associated with an exploitability to generate the network access score that does not exceed the legitimate user threshold.
  - 17. The system of claim 11 wherein the processing system configured to process the device information, the network data, and the user profile to generate the network access score for the wireless communication device comprises the processing system configured to determine that the wireless communication device is associated with a fraudulent service usage history to generate the network access score that does not exceed the legitimate user threshold.
  - 18. The system of claim 11 wherein the network data comprises a failure type associated with the failure of the wireless communication device to register with the communication network, an identifier of the service node, a geographic location of the service node, and a time of the failure.
  - 19. The system of claim 11 wherein the user profile comprises a service activation date, a service expiration date, a service type, a service plan, authorized devices, and a fraudulent service usage history associated with the user of the wireless communication device.

20. A method of operating a network access control system to manage access to a communication network, the method comprising:
- receiving a failure notification transmitted from a service node indicating a failure of a wireless communication device to pass an authentication when attempting to register with the communication network, wherein the notification includes a device identifier that identifies the wireless communication device;
  
  retrieving device information, network data, and a user profile associated with the wireless communication device based on the device identifier;
  
  processing the device information, the network data, and the user profile to generate a network access score for the wireless communication device;
  
  if the network access score exceeds a priority threshold, transferring a priority notification for delivery to the service node that instructs the service node to bypass the authentication for the wireless communication device;
  
  if the network access score exceeds a legitimate user threshold but does not exceed the priority threshold, transferring an access notification for delivery to the service node that instructs the service node to bypass the authentication for the wireless communication device, imposing restrictions on subsequent usage of the wireless communication device, and monitoring the subsequent usage of the wireless communication device for fraudulent activity by comparing a service usage history of the wireless communication device to the subsequent usage of the wireless communication device to detect the fraudulent activity; and
  
  if the network access score does not exceed the legitimate user threshold, transferring a suspect notification for delivery to the service node that instructs the service node to maintain the authentication for the wireless communication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Reeves, Raymond Emilio, Youngs, Simon, Peden, Mark Douglas, Koller, Gary Duane, Jethwa, Piyush
Primary Examiner(s)
LIN, WEN TAI

Application Number

US13/047,047
Time in Patent Office

939 Days
Field of Search

None
US Class Current

709/225
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/1416   Event detection, e.g. attac...

H04W 12/08   Access security

H04W 12/126   Anti-theft arrangements, e....

Access management for wireless communication devices failing authentication for a communication network

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Access management for wireless communication devices failing authentication for a communication network

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links