Wireless communication is one of the fastest growing segments of the telecommunication industry. With the mobility of the wireless devices, such as cellular phones and pagers, a subscriber to a wireless service can make or receive a call, or receive a message without being restricted to any particular locations. The convenience provided by wireless devices has led to their widespread use by average consumers.
Airtime fraud is a costly problem for wireless communications providers (also called "operators"). Callers (also called "subscribers") can gain unauthorized access to cellular networks by "cloning" legitimate cellular phones (also called "handsets," "Mobile Stations," or "MSs"). The cloning process duplicates the memory contents of a legitimate cellular phone so that the clone cellular phone appears to be legitimate to the rest of the system. In certain highcrime areas, large numbers of cellular phone calls are estimated to be placed from cloned handsets. The challenge to cellular telephone companies lies in determining whether a handset communicating with the system is a legitimate handset or a clone.
In the past, operators could only detect fraudulent access after the fact. The detection process involved labor-intensive post-call analysis and did not stop cloned handsets from fraudulently obtaining service. Currently, many conventional cellular systems include one or more Authentication Center (AC) portions. When a calling person activates a handset, the AC checks the profile of the person who is registered for the handset. The AC then initiates a challenge to the handset. If the handset's response matches the AC's challenge, network access is granted. Otherwise, access is denied. The authentication process greatly reduces airtime losses and serves as a deterrent to the crime of cloning.
In many cellular phone systems, the AC performs authentication in connection with the following events: registration (when a phone roams into a new area); origination of a call; flashing (which involves, e.g., three way calling, call waiting, or paging); and call termination. In general, the MSC (Mobile Switching Center) associated with the area of the handset being authenticated sends an authentication request (AUTHRQST) message to the AC for each of these events.
To further authenticate handsets, conventional ACs periodically send "SSD update" messages and "unique challenge" messages to MSC/VLR in the system. These messages (also called "authentication messages") are defined in the ANSI IS-41 standard for cellular telephones, which is herein incorporated by reference.
Most systems include MSC/VLRs from various vendors and not all the MSC/VLRs in a system operate in the same way or are treated the same way by the AC. For example, some VLRs are allowed to access secret "SSDs" sent to them by the AC, while others are not. Some VLRs may use proprietary features and the proprietary features of various VLRs may differ from one another.
In conventional systems, an AC logs messages that it processes in a central message log database. No effort is made to classify the messages or to organize them in a way that will aid in their retrieval. Thus, retrieval of data from the database may require the analysis of many event records (days, weeks, or even months worth) to obtain the most recent transactions for a particular subscriber's Mobile Identification Unit (MIN). This process is so slow that it is not appropriate for real-time response systems, such as customer care sites or online query systems. In addition, many systems keep the logged data for only a predetermined period of time, so that the logged data needed to find several transactions for a particular MIN/ESN may not be available at some later time when it is needed.
In conventional systems, human operators are sometimes called upon to review the status of a subscriber. For example, a subscriber who is locked out of his account by a cloned phone may call a customer care site to request that he be reinstated. Conventional subscriber systems store only certain very limited information about the most recent transaction for each MIN in a subscriber database. The customer care site expects to receive queries from clones attempting to access the system. Thus, the limited information in the subscriber database can lead a human system to believe that the legitimate subscriber is actually a clone, since the clone was the last to cause an entry in the subscriber database. If more data was easily available, the human operator would be able to discern that a clone had last accessed the system.