A wireless communication device engages in a communication session with a communication network via a serving wireless access node. However, in order to establish the communication session, the wireless communication device must first successfully register with the network and pass authentication requirements prior to receiving authorization to access the communication network. To successfully register and authenticate, the wireless communication device typically provides security credentials to a network service node which validates this information prior to granting access to the network. For example, in a code division multiple access (CDMA) wireless network, service access security primarily relies on a physical device identifier associated with the wireless communication device, such as an electronic serial number (ESN), matching a logical identifier assigned to the device, such as a mobile station identifier (MSID).
Despite these security precautions, malicious individuals often modify and manipulate wireless communication devices to mimic the physical and logical identifiers of legitimate users to pass authentication and access the communication network for fraudulent purposes. Network operators therefore desire strong authentication techniques to prevent such illegitimate devices from accessing the network and engaging in fraudulent activity. However, legacy communication devices owned by legitimate users might fail to have all of the correct credentials and/or algorithms required to successfully pass modern authentication techniques, effectively barring these legitimate devices from accessing the network and impacting the users' experience.
Overview
A method of operating a network access control system to manage access to a communication network is disclosed. The method comprises receiving a failure notification transmitted from a service node indicating a failure of a wireless communication device to pass an authentication when attempting to register with the communication network, wherein the notification includes a device identifier that identifies the wireless communication device. The method further comprises retrieving device information, network data, and a user profile associated with the wireless communication device based on the device identifier. The method further comprises processing the device information, the network data, and the user profile to generate a network access score for the wireless communication device. The method further comprises, if the network access score exceeds a priority threshold, transferring a priority notification for delivery to the service node that instructs the service node to bypass the authentication for the wireless communication device. The method further comprises, if the network access score exceeds a legitimate user threshold but does not exceed the priority threshold, transferring an access notification for delivery to the service node that instructs the service node to bypass the authentication for the wireless communication device, and monitoring subsequent usage of the wireless communication device for fraudulent activity. The method further comprises, if the network access score does not exceed the legitimate user threshold, transferring a suspect notification for delivery to the service node that instructs the service node to maintain the authentication for the wireless communication device.
A network access control system to manage access to a communication network comprises a communication transceiver and a processing system. The communication transceiver is configured to receive a failure notification transmitted from a service node indicating a failure of a wireless communication device to pass an authentication when attempting to register with the communication network, wherein the notification includes a device identifier that identifies the wireless communication device. The processing system is configured to retrieve device information, network data, and a user profile associated with the wireless communication device based on the device identifier, process the device information, the network data, and the user profile to generate a network access score for the wireless communication device, and if the network access score exceeds a priority threshold, direct the communication transceiver to transfer a priority notification for delivery to the service node that instructs the service node to bypass the authentication for the wireless communication device. The processing system is configured to, if the network access score exceeds a legitimate user threshold but does not exceed the priority threshold, direct the communication transceiver to transfer an access notification for delivery to the service node that instructs the service node to bypass the authentication for the wireless communication device, and the processing system is further configured to monitor subsequent usage of the wireless communication device for fraudulent activity. The processing system is configured to, if the network access score does not exceed the legitimate user threshold, direct the communication transceiver to transfer a suspect notification for delivery to the service node that instructs the service node to maintain the authentication for the wireless communication device.