Utilizing sip messages to determine the status of a remote terminal in VoIP communication systems
First Claim
1. A method for detecting fraudulent activity in a communication system in a correctional facility, comprising:
- receiving a packet stream associated with a voice call between an inmate calling party and a called party, the packet stream served through Voice over Internet Protocol (VoIP) within the correctional facility;
determining a call phase of the voice call, wherein the call phase is one of a call setup phase and a call established phase, the call established phase occurring after a successful end of the call setup phase;
flagging, during the determined call setup phase, a first session initiation protocol (SIP) message within the packet stream as suspicious based at least in part on a first message type of the first SIP message, the first message type indicating a first new party distinct from the called party and the inmate calling party, wherein the first message type is one of a 181 Response or a 3xx Response, wherein 3xx in the 3xx Response represents an integer between 300 and 399;
flagging, during the determined call established phase, a second SIP message within the packet stream as suspicious based at least in part on a second message type of the second SIP message, the second message type indicating a second new party distinct from the called party and the inmate calling party, wherein the second message type is one of an INVITE or a REFER;
confirming that a fraudulent activity has occurred based at least in part on at least one of a first content of the first SIP message, a second content of the second SIP message, or a third content of a third SIP message received after the first SIP message or the second SIP message, wherein the first content, the second content, or the third content confirm that the first new party or the second new party is not allowable for the inmate calling party;
sending a confirmed infraction log to an administrative workstation based on the confirming, wherein the confirmed infraction log comprises a confirmed infraction type; and
triggering a corrective operation in response to the confirming.
7 Assignments
0 Petitions
Accused Products
Abstract
There is a growing problem in correctional facility telecommunications systems in which parties on a voice call may connect inmate callers with restricted parties. Prison communication systems monitor calls to prevent such activity, but in Voice over Internet Protocol (VoIP) environments such systems may fail to detect this activity. The present disclosure provides details of a system and method for using SIP messages common in VoIP environments to detect illicit activity initiated by a party on a voice call within a controlled environment. Scenarios are detected in which a called party connects an inmate caller to a restricted party via three-way call conferencing, call forwarding, or other call features. Corrective actions are then taken when such activity is detected, such as call blocking or alerting officials illicit activity is occurring.
-
Citations
30 Claims
-
1. A method for detecting fraudulent activity in a communication system in a correctional facility, comprising:
-
receiving a packet stream associated with a voice call between an inmate calling party and a called party, the packet stream served through Voice over Internet Protocol (VoIP) within the correctional facility; determining a call phase of the voice call, wherein the call phase is one of a call setup phase and a call established phase, the call established phase occurring after a successful end of the call setup phase; flagging, during the determined call setup phase, a first session initiation protocol (SIP) message within the packet stream as suspicious based at least in part on a first message type of the first SIP message, the first message type indicating a first new party distinct from the called party and the inmate calling party, wherein the first message type is one of a 181 Response or a 3xx Response, wherein 3xx in the 3xx Response represents an integer between 300 and 399; flagging, during the determined call established phase, a second SIP message within the packet stream as suspicious based at least in part on a second message type of the second SIP message, the second message type indicating a second new party distinct from the called party and the inmate calling party, wherein the second message type is one of an INVITE or a REFER; confirming that a fraudulent activity has occurred based at least in part on at least one of a first content of the first SIP message, a second content of the second SIP message, or a third content of a third SIP message received after the first SIP message or the second SIP message, wherein the first content, the second content, or the third content confirm that the first new party or the second new party is not allowable for the inmate calling party; sending a confirmed infraction log to an administrative workstation based on the confirming, wherein the confirmed infraction log comprises a confirmed infraction type; and triggering a corrective operation in response to the confirming. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A fraud detection system in a communication system,
the fraud detection system comprising: -
a network interface device configured to receive a packet stream associated with a voice call between an inmate calling party and a called party served through Voice over Internet Protocol (VoIP) within a correctional facility; and a processing system configured to; determine a call phase of the voice call, wherein the call phase is one of a call setup phase and a call established phase, the call established phase occurring after a successful end of the call setup phase; flag, during the determined call setup phase, a first session initiation protocol (SIP) message within the packet stream as suspicious based at least in part on a first message type of the first SIP message, the first message type indicating a first new party distinct from the called party and the inmate calling party, wherein the first message type is one of a 181 Response or a 3xx Response, wherein 3xx in the 3xx Response represents an integer between 300 and 399; flag, during the determined call established phase, a second SIP message within the packet stream as suspicious based at least in part on a second message type of the second SIP message, the second message type indicating a second new party distinct from the called party and the inmate calling party, wherein the second message type is one of an INVITE or a REFER; confirm that a fraudulent activity has occurred based at least in part on at least one of a first content of the first SIP message, a second content of the second SIP message, or a third content of a third SIP message received after the first SIP message or the second SIP message, wherein the first content, the second content, or the third content confirm that the first new party or the second new party is not allowable for the inmate calling party; send a confirmed infraction log to an administrative workstation based on the confirming, wherein the confirmed infraction log comprises a confirmed infraction type; and trigger a corrective operation in response to the confirming. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A non-transitory computer program storage device tangibly embodying a program of instructions executable by at least one machine to perform a method for detecting fraudulent activity in a communication system in a correctional facility, the method comprising:
-
receiving a packet stream associated with a voice call between an inmate calling party and a called party, the packet stream served through Voice over Internet Protocol (VoIP) within the correctional facility; determining a call phase of the voice call, wherein the call phase is one of a call setup phase and a call established phase, the call established phase occurring after a successful end of the call setup phase; flagging, during the determined call setup phase, a first session initiation protocol (SIP) message within the packet stream as suspicious based at least in part on a first message type of the first SIP message, the first message type indicating a first new party distinct from the called party and the inmate calling party, wherein the first message type is one of a 181 Response or a 3xx Response, wherein 3xx in the 3xx Response represents an integer between 300 and 399; flagging, during the determined call established phase, a second SIP message within the packet stream as suspicious based at least in part on a second message type of the second SIP message, the second message type indicating a second new party distinct from the called party and the inmate calling party, wherein the second message type is one of an INVITE or a REFER; confirming that a fraudulent activity has occurred based at least in part on at least one of a first content of the first SIP message, a second content of the second SIP message, or a third content of a third SIP message received after the first SIP message or the second SIP message, wherein the first content, the second content, or the third content confirm that the first new party or the second new party is not allowable for the inmate calling party; sending a confirmed infraction log to an administrative workstation based on the confirming, wherein the confirmed infraction log comprises a confirmed infraction type; and triggering a corrective operation in response to the confirming. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification