Utilizing sip messages to determine the status of a remote terminal in VoIP communication systems

US 9,614,974 B1
Filed: 11/23/2016
Issued: 04/04/2017
Est. Priority Date: 11/23/2016
Status: Active Grant

First Claim

Patent Images

1. A method for detecting fraudulent activity in a communication system in a correctional facility, comprising:

receiving a packet stream associated with a voice call between an inmate calling party and a called party, the packet stream served through Voice over Internet Protocol (VoIP) within the correctional facility;

determining a call phase of the voice call, wherein the call phase is one of a call setup phase and a call established phase, the call established phase occurring after a successful end of the call setup phase;

flagging, during the determined call setup phase, a first session initiation protocol (SIP) message within the packet stream as suspicious based at least in part on a first message type of the first SIP message, the first message type indicating a first new party distinct from the called party and the inmate calling party, wherein the first message type is one of a 181 Response or a 3xx Response, wherein 3xx in the 3xx Response represents an integer between 300 and 399;

flagging, during the determined call established phase, a second SIP message within the packet stream as suspicious based at least in part on a second message type of the second SIP message, the second message type indicating a second new party distinct from the called party and the inmate calling party, wherein the second message type is one of an INVITE or a REFER;

confirming that a fraudulent activity has occurred based at least in part on at least one of a first content of the first SIP message, a second content of the second SIP message, or a third content of a third SIP message received after the first SIP message or the second SIP message, wherein the first content, the second content, or the third content confirm that the first new party or the second new party is not allowable for the inmate calling party;

sending a confirmed infraction log to an administrative workstation based on the confirming, wherein the confirmed infraction log comprises a confirmed infraction type; and

triggering a corrective operation in response to the confirming.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is a growing problem in correctional facility telecommunications systems in which parties on a voice call may connect inmate callers with restricted parties. Prison communication systems monitor calls to prevent such activity, but in Voice over Internet Protocol (VoIP) environments such systems may fail to detect this activity. The present disclosure provides details of a system and method for using SIP messages common in VoIP environments to detect illicit activity initiated by a party on a voice call within a controlled environment. Scenarios are detected in which a called party connects an inmate caller to a restricted party via three-way call conferencing, call forwarding, or other call features. Corrective actions are then taken when such activity is detected, such as call blocking or alerting officials illicit activity is occurring.

Citations

30 Claims

1. A method for detecting fraudulent activity in a communication system in a correctional facility, comprising:
- receiving a packet stream associated with a voice call between an inmate calling party and a called party, the packet stream served through Voice over Internet Protocol (VoIP) within the correctional facility;
  
  determining a call phase of the voice call, wherein the call phase is one of a call setup phase and a call established phase, the call established phase occurring after a successful end of the call setup phase;
  
  flagging, during the determined call setup phase, a first session initiation protocol (SIP) message within the packet stream as suspicious based at least in part on a first message type of the first SIP message, the first message type indicating a first new party distinct from the called party and the inmate calling party, wherein the first message type is one of a 181 Response or a 3xx Response, wherein 3xx in the 3xx Response represents an integer between 300 and 399;
  
  flagging, during the determined call established phase, a second SIP message within the packet stream as suspicious based at least in part on a second message type of the second SIP message, the second message type indicating a second new party distinct from the called party and the inmate calling party, wherein the second message type is one of an INVITE or a REFER;
  
  confirming that a fraudulent activity has occurred based at least in part on at least one of a first content of the first SIP message, a second content of the second SIP message, or a third content of a third SIP message received after the first SIP message or the second SIP message, wherein the first content, the second content, or the third content confirm that the first new party or the second new party is not allowable for the inmate calling party;
  
  sending a confirmed infraction log to an administrative workstation based on the confirming, wherein the confirmed infraction log comprises a confirmed infraction type; and
  
  triggering a corrective operation in response to the confirming.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising detecting a real time protocol (RTP) packet stream between the inmate calling party and the called party, wherein the detecting indicates the successful end of the call setup phase.
  - 3. The method of claim 1, wherein the first message type is the 181 Response, and the method further comprises sending a suspected infraction log to the administrative workstation.
  - 4. The method of claim 3, wherein the third content comprises a contact header information field comprising a SIP universal resource identifier (SIP-URI) that is on a block list for the inmate calling party, and the confirmed infraction type is “
    - call forwarding”
      
      .
  - 5. The method of claim 3, wherein the third content comprises a contact header information field comprising a telephone universal resource identifier (tel-URI) that is on a block list for the inmate calling party, and the confirmed infraction type is “
    - call forwarding”
      
      .
  - 6. The method of claim 1, wherein the first message type is the 3xx Response, and the method further comprises sending a suspected infraction log to the administrative workstation.
  - 7. The method of claim 6, wherein the first content comprises contact header information comprising a SIP-URI that is on a block list for the inmate calling party, and the confirmed infraction type is “
    - call redirect”
      
      .
  - 8. The method of claim 6, wherein the first content comprises contact header information comprising a tel-URI that is on a block list for the inmate calling party, and the confirmed infraction type is “
    - call redirect”
      
      .
  - 9. The method of claim 1, wherein the second message type is the INVITE, and the method further comprises sending a suspected infraction log to the administrative workstation.
  - 10. The method of claim 9, wherein the second content comprises a contact header information field with an “
    - isfocus”
      
      indication, and the confirmed infraction type is “
      
      call conferencing”
      
      .
  - 11. The method of claim 9, wherein the second content comprises a session description protocol (SDP) information section with a “
    - a=sendonly”
      
      indication, and the confirmed infraction type is “
      
      call hold”
      
      .

12. A fraud detection system in a communication system,the fraud detection system comprising:
- a network interface device configured to receive a packet stream associated with a voice call between an inmate calling party and a called party served through Voice over Internet Protocol (VoIP) within a correctional facility; and
  
  a processing system configured to;
  
  determine a call phase of the voice call, wherein the call phase is one of a call setup phase and a call established phase, the call established phase occurring after a successful end of the call setup phase;
  
  flag, during the determined call setup phase, a first session initiation protocol (SIP) message within the packet stream as suspicious based at least in part on a first message type of the first SIP message, the first message type indicating a first new party distinct from the called party and the inmate calling party, wherein the first message type is one of a 181 Response or a 3xx Response, wherein 3xx in the 3xx Response represents an integer between 300 and 399;
  
  flag, during the determined call established phase, a second SIP message within the packet stream as suspicious based at least in part on a second message type of the second SIP message, the second message type indicating a second new party distinct from the called party and the inmate calling party, wherein the second message type is one of an INVITE or a REFER;
  
  confirm that a fraudulent activity has occurred based at least in part on at least one of a first content of the first SIP message, a second content of the second SIP message, or a third content of a third SIP message received after the first SIP message or the second SIP message, wherein the first content, the second content, or the third content confirm that the first new party or the second new party is not allowable for the inmate calling party;
  
  send a confirmed infraction log to an administrative workstation based on the confirming, wherein the confirmed infraction log comprises a confirmed infraction type; and
  
  trigger a corrective operation in response to the confirming.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 13. The fraud detection system of claim 12, the processing system further configured to detect a real time protocol (RTP) packet stream between the inmate calling party and the called party, wherein the detecting indicates the successful end of the call setup phase.
  - 14. The fraud detection system of claim 13, the processing system further configured to flag the voice call as suspicious based on not detecting the RTP packet stream during the call established phase for a period of time exceeding a pre-determined threshold.
  - 15. The fraud detection system of claim 12, wherein the first message type is the 181 Response, and the processing system is further configured to send a suspected infraction log to the administrative workstation.
  - 16. The fraud detection system of claim 15, wherein the third content is contact header field information comprising a SIP universal resource identifier (SIP-URI) or a telephone universal resource identifier (tel-URI) that is on a block list for the inmate calling party, and the confirmed infraction type is “
    - call forwarding”
      
      .
  - 17. The fraud detection system of claim 12, wherein the first message type is the 3xx Response, and the processing system is further configured to send a suspected infraction log to the administrative workstation.
  - 18. The fraud detection system of claim 17, wherein the first content comprises contact header information comprising a SIP-URI or a tel-URI that is on a block list for the inmate calling party, and the confirmed infraction type is “
    - call redirect”
      
      .
  - 19. The fraud detection system of claim 12, wherein the second message type is the INVITE, and the processing system is further configured to send a suspected infraction log to the administrative workstation.
  - 20. The fraud detection system of claim 19, wherein the second content comprises a contact header information field with an “
    - isfocus”
      
      indication, and the confirmed infraction type is “
      
      call conference”
      
      .
  - 21. The fraud detection system of claim 19, wherein the second content comprises a session description protocol (SDP) information section with a “
    - a=sendonly”
      
      indication, and the confirmed infraction type is “
      
      call hold”
      
      .
  - 22. The fraud detection system of claim 12, wherein the second message type of the second SIP message is the REFER, and the processor is further configured to send a suspected infraction log to the administrative workstation.
  - 23. The fraud detection system of claim 22, wherein the first content is a “
    - refer-to”
      
      header information field comprising a SIP-URI or a tel-URI that is on a block list for the inmate calling party, and the confirmed infraction type is “
      
      call transfer”
      
      .

24. A non-transitory computer program storage device tangibly embodying a program of instructions executable by at least one machine to perform a method for detecting fraudulent activity in a communication system in a correctional facility, the method comprising:
- receiving a packet stream associated with a voice call between an inmate calling party and a called party, the packet stream served through Voice over Internet Protocol (VoIP) within the correctional facility;
  
  determining a call phase of the voice call, wherein the call phase is one of a call setup phase and a call established phase, the call established phase occurring after a successful end of the call setup phase;
  
  flagging, during the determined call setup phase, a first session initiation protocol (SIP) message within the packet stream as suspicious based at least in part on a first message type of the first SIP message, the first message type indicating a first new party distinct from the called party and the inmate calling party, wherein the first message type is one of a 181 Response or a 3xx Response, wherein 3xx in the 3xx Response represents an integer between 300 and 399;
  
  flagging, during the determined call established phase, a second SIP message within the packet stream as suspicious based at least in part on a second message type of the second SIP message, the second message type indicating a second new party distinct from the called party and the inmate calling party, wherein the second message type is one of an INVITE or a REFER;
  
  confirming that a fraudulent activity has occurred based at least in part on at least one of a first content of the first SIP message, a second content of the second SIP message, or a third content of a third SIP message received after the first SIP message or the second SIP message, wherein the first content, the second content, or the third content confirm that the first new party or the second new party is not allowable for the inmate calling party;
  
  sending a confirmed infraction log to an administrative workstation based on the confirming, wherein the confirmed infraction log comprises a confirmed infraction type; and
  
  triggering a corrective operation in response to the confirming.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The non-transitory computer program storage device of claim 24, wherein the first message type is the 181 Response, and the method further comprises sending a suspected infraction log to the administrative workstation.
  - 26. The non-transitory computer program storage device of claim 25, wherein the third content is contact header field information comprising a SIP universal resource identifier (SIP-URI) or a telephone universal resource identifier (tel-URI) that is on a block list for the inmate calling party, and the confirmed infraction type is “
    - call forwarding”
      
      .
  - 27. The non-transitory computer program storage device of claim 24, wherein the first message type is the 3xx Response, and the method further comprises sending a suspected infraction log to the administrative workstation.
  - 28. The non-transitory computer program storage device of claim 27, wherein the first content comprises contact header information comprising a SIP-URI or a tel-URI that is on a block list for the inmate calling party, and the confirmed infraction type is “
    - call redirect”
      
      .
  - 29. The non-transitory computer program storage device of claim 24, wherein the second message type is the INVITE, and the method further comprises sending a suspected infraction log to the administrative workstation.
  - 30. The non-transitory computer program storage device of claim 29, wherein the first content comprises a contact header information field with an “
    - isfocus”
      
      indication, and the confirmed infraction type is “
      
      call conference,”
      
      or the first content comprises a session description protocol (SDP) information section with an “
      
      a=sendonly”
      
      indication or an “
      
      a=inactive”
      
      indication, and the confirmed infraction type is “
      
      call hold”
      
      .

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Global Tel-Link Corporation
Original Assignee
Global Tel-Link Corporation
Inventors
Hodge, Stephen, Gonzalez, Eric
Primary Examiner(s)
NGUYEN, QUYNH H

Application Number

US15/360,847
Time in Patent Office

132 Days
Field of Search

379188, 379200, 379249, 370259, 370352
US Class Current
CPC Class Codes

H04L 2101/38   Telephone uniform resource ...

H04L 2101/385   Uniform resource identifier...

H04L 63/0236   Filtering by address, proto...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/306   intercepting packet switche...

H04L 65/1045   Proxies, e.g. for session i...

H04L 65/1046   Call controllers; Call servers

H04L 65/1069   Session establishment or de...

H04L 65/1104   Session initiation protocol...

H04L 65/403   Arrangements for multi-part...

H04L 65/65   Network streaming protocols...

H04M 2203/6027   Fraud preventions

H04M 3/2281   Call monitoring, e.g. for l...

H04M 3/42102   Making use of the called pa...

H04M 3/428   Arrangements for placing in...

H04M 3/54   Arrangements for diverting ...

H04M 3/56   Arrangements for connecting...

H04M 7/0078   Security; Fraud detection; ...

Utilizing sip messages to determine the status of a remote terminal in VoIP communication systems

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Utilizing sip messages to determine the status of a remote terminal in VoIP communication systems

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links