Utilizing SIP messages to determine the status of a remote terminal in VOIP communication systems
First Claim
1. A method for detecting fraudulent activity in a communication system serving a correctional facility, comprising:
- receiving a packet stream associated with a voice call utilizing voice over internet protocol (VoIP) between an inmate call party and an outside call party, the packet stream including a session initiation protocol (SIP) message stream;
determining a call phase of the voice call based on the packet stream, wherein the call phase is one of a call setup phase and a call established phase, the call established phase occurring after a successful end of the call setup phase;
flagging a first SIP message from within the SIP message stream as requiring further investigation, wherein the determining that the first SIP message requires further investigation includes;
determining, during the call setup phase, that a message type associated with the first SIP message is one of a 181 Response or a 3xx Response, wherein 3xx in the 3xx Response represents an integer between 300 and 399;
ordetermining, during the call established phase, that the message type is one of an INVITE or a REFER; and
in response to the flagging that the first SIP message requires further investigation, confirming that a disallowed third party has joined the voice call based at least in part on a first content of the first SIP message or a second content of a second SIP message, the second SIP message appearing after the first SIP message within the SIP message stream.
8 Assignments
0 Petitions
Accused Products
Abstract
There is a growing problem in correctional facility telecommunications systems in which parties on a voice call may connect inmate callers with restricted parties. Prison communication systems monitor calls to prevent such activity, but in Voice over Internet Protocol (VoIP) environments such systems may fail to detect this activity. The present disclosure provides details of a system and method for using SIP messages common in VoIP environments to detect illicit activity initiated by a party on a voice call within a controlled environment. Scenarios are detected in which a called party connects an inmate caller to a restricted party via three-way call conferencing, call forwarding, or other call features. Corrective actions are then taken when such activity is detected, such as call blocking or alerting officials illicit activity is occurring.
-
Citations
30 Claims
-
1. A method for detecting fraudulent activity in a communication system serving a correctional facility, comprising:
-
receiving a packet stream associated with a voice call utilizing voice over internet protocol (VoIP) between an inmate call party and an outside call party, the packet stream including a session initiation protocol (SIP) message stream; determining a call phase of the voice call based on the packet stream, wherein the call phase is one of a call setup phase and a call established phase, the call established phase occurring after a successful end of the call setup phase; flagging a first SIP message from within the SIP message stream as requiring further investigation, wherein the determining that the first SIP message requires further investigation includes; determining, during the call setup phase, that a message type associated with the first SIP message is one of a 181 Response or a 3xx Response, wherein 3xx in the 3xx Response represents an integer between 300 and 399;
ordetermining, during the call established phase, that the message type is one of an INVITE or a REFER; and in response to the flagging that the first SIP message requires further investigation, confirming that a disallowed third party has joined the voice call based at least in part on a first content of the first SIP message or a second content of a second SIP message, the second SIP message appearing after the first SIP message within the SIP message stream. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for detecting fraudulent activity in a communication system in a correctional facility, comprising:
-
receiving a packet stream associated with a voice call utilizing voice over internet protocol (VoIP) between an inmate call party and an outside call party, the packet stream including a session initiation protocol (SIP) message stream; determining a call phase of the voice call, wherein the call phase is one of a call setup phase and a call established phase, the call established phase occurring after a successful end of the call setup phase; detecting that a message type associated with a first SIP message from the SIP message stream is one of a 181 Response or a 3xx Response during the call setup phase, or that the message type is one of an INVITE or a REFER during the call established phase, wherein 3xx in the 3xx Response represents an integer between 300 and 399; flagging that the first SIP message requires further investigation based on the detecting; and in response to the flagging that the first SIP message requires further investigation, confirming that a disallowed third party has joined the voice call based at least on a first content associated with the first SIP message or a second content associated with a second SIP message from the SIP message stream, the second SIP message appearing after the first SIP message within the SIP message stream. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A monitoring and detection system, comprising:
-
a memory that stores a block list for an inmate call party; a network interface configured to receive a packet stream associated with a voice call utilizing voice over internet protocol (VoIP) between the inmate call party and an outside call party, the packet stream including a session initiation protocol (SIP) message stream; and a processor, configured to; determine a call phase of the voice call based on the SIP message stream, wherein the call phase is one of a call setup phase and a call established phase, the call established phase occurring after a successful end of the call setup phase; flag a first SIP message from within the SIP message stream as requiring further investigation, wherein the flagging that the first SIP message requires further investigation includes; determining, during the call setup phase, that a message type associated with the first SIP message is one of a 181 Response or a 3xx Response, wherein 3xx in the 3xx Response represents an integer between 300 and 399;
ordetermining, during the call established phase, that the message type is one of an INVITE or a REFER; and in response to the flagging that the first SIP message requires further investigation, confirm that a disallowed third party has joined the voice call based at least in part on a first content of the first SIP message or a second content of a second SIP message, the second SIP message appearing after the first SIP message within the SIP message stream. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
-
26. A monitoring and detection system, comprising:
-
a memory that stores a block list for an inmate call party; a network interface configured to receive a packet stream associated with a voice call utilizing voice over internet protocol (VoIP) between the inmate call party and an outside call party, the packet stream including a session initiation protocol (SIP) message stream; and a processor, coupled to the network interface, configured to; determine a call phase of the voice call, wherein the call phase is one of a call setup phase and a call established phase, the call established phase occurring after a successful end of the call setup phase; detect that a message type associated with a first SIP message from the SIP message stream is one of a 181 Response or a 3xx Response during the call setup phase or that the message type is one of an INVITE or a REFER during the call established phase, wherein 3xx in the 3xx Response represents an integer between 300 and 399; flag the first SIP message as requiring further investigation based on the detecting; and in response to the flagging that the first SIP message requires further investigation, confirm that a disallowed third party has joined the voice call based at least on a first content associated with the first SIP message or a second content associated with a second SIP message from the SIP message stream, the second SIP message appearing after the first SIP message within the SIP message stream. - View Dependent Claims (27, 28, 29, 30)
-
Specification