The present invention relates in general to the field of telecommunications and in particular to the field of wireless telecommunications systems administration, fraud detection, customer service, engineering support, and technical support.
The market for telecommunications services has grown at an extraordinary pace, and perhaps the greatest growth has occurred in the market for wireless communications, including cellular networks and personal communication systems.
Conventional wireless telecommunication systems employ numerous independent cellsites (xe2x80x9ccellsxe2x80x9d). Each cell covers a designated geographic area and is connected via a dedicated network (usually leased lines or microwave) to a Mobile Switching Center (xe2x80x9cMSCxe2x80x9d) that is in turn connected to the Public Switched Telephone Network (xe2x80x9cPSTNxe2x80x9d). The MSC handles all call processing intelligence, switching functionality, fault detection and diagnostics. MSCs are also integral to the operation of recently developed Personal Communication Systems (xe2x80x9cPCSsxe2x80x9d), another type of wireless system. A PCS utilizes numerous xe2x80x9cmicrocellsxe2x80x9d that blanket a high use area, or an area where terrain features limit transmission capabilities (e.g., a downtown office district with tall buildings.) Because of the greater number of cells, the PCS can handle a significantly greater volume of traffic. Located within each PCS microcell is a low power transmitter. After receiving the subscriber""s signal, the low power transmitter communicates (normally via microwave, PSTN, or data lines) with a controller. The controller, in turn, communicates with the MSC. Each PCS or cellular network covers only a specified xe2x80x9chomexe2x80x9d geographic area. Consequently, as the mobile user moves out of the home area and into a xe2x80x9cforeignxe2x80x9d area, telecommunications service is provided by a xe2x80x9cforeignxe2x80x9d wireless service provider typically not associated with the user""s home wireless service provider. Operation in a foreign area is known as xe2x80x9croaming.xe2x80x9d
The deployment of Signaling System Number 7 (xe2x80x9cSS7xe2x80x9d) networks for wireless systems like PCS or cellular networks has permitted carriers to supply a number of new applications to wireless systems"" customers. SS7 is a highly flexible common channel signaling standard specifically designed for providing circuit and database related message flow control in networks. The feature enhancements to services made possible SS7 have accelerated its deployment. But most cellular systems continue to use services furnished by outside network providers. The high price of those services has tended to lead wireless services providers to deploy their own SS7 networks.
The fees associated with the use of network services provided by third parties, which may be charged on a per transaction basis, lead to higher consumer prices for wireless communications services. The cost of paying network providers to operate a SS7 or other network, and the consumer prices they result in, may represent a serious constraint on wireless growth. An additional impediment to growth in the market for wireless services is the absence of a seamless roaming environment. In a seamless roaming environment, enhanced communications services are provided to mobile subscribers as they move about the nation (or, more optimistically, through various parts of the world), without diminution in service as one crosses boundaries between service providers.
Fraudulent uses of wireless systems pose an even greater threat to growth of wireless communications. For example, industry fraud losses exceeded an estimated four hundred million dollars in 1994.
Geographic expansion of services permitted by the creation of a nationwide network has accelerated the already significant cellular fraud. The incidence of fraud has significantly worsened as carriers allow users to make calls from anywhere in the country. Losses for 1995 are estimated at over one and a half million dollars per day. Growth in fraud losses for the first time exceeds industry growth.
Indeed, some wireless service providers have been forced by the overwhelming costs of fraud to suspend roaming service in foreign areas where its incidence is high. Preventing or minimizing the fraudulent use of wireless systems is therefore a necessary precondition to putting the industry back on a solid growth track and developing a nationwide network providing seamless roaming.
Two types of fraud are prevalent. One is xe2x80x9ccloning fraud,xe2x80x9d in which a valid customer""s mobile identification number (xe2x80x9cMINxe2x80x9d) and/or electronic serial number (xe2x80x9cESNxe2x80x9d) are xe2x80x9cclonedxe2x80x9d or copied into another cellular set. Most typically, cloning fraud is perpetrated in a foreign service provider""s network. Even when the fraud occurs outside of the home service provider""s network, the home service provider remains liable for the fraud, the costs of which directly diminish the service provider""s revenue.
A second typical fraud problem involves subscribers who are not entitled to service (e.g., because they have failed to pay their bills or obtained service under false identities, etc.), but who nevertheless attempt to obtain roaming service in a foreign service provider""s wireless system. Roaming involves a validation process to determine if the roamer is legitimate in its home system. The switches of systems located geographically close to one another are often coupled because those systems"" customers will frequently roam into the adjacent area. These systems can directly communicate with one another to exchange validation requests and fraud control data. In any event, even if some switches of different systems were coupled, those switches may nevertheless be unable to communicate with one another to exchange validation requests and fraud control data for the simple reason that the switches may be incompatible with one another. As a result, a national clearinghouse system for handling fraud and roamer management has arisen.
A national clearinghouse typically has a database containing so called xe2x80x9cnegative filesxe2x80x9d including lists of stolen phones and cloned MINs. The typical clearinghouse also couples to the MSCs of subscribing systems in order to access subscriber data, usually called the HLR or Home Location Register, to validate subscribers for whom services are being requested in a foreign market whose service provider is also a member of the clearinghouse network. A national clearinghouse is capable of providing on-line support as well as a data feed. The clearinghouse validates customers prior to allowing a request for telecommunications service to proceed. But by the time the clearinghouse checks its own database and then, if necessary, the database of the subscriber""s carrier, the foreign carrier may already have permitted a fraudulent roaming communication to occur.
In order to detect xe2x80x9ccloning fraud,xe2x80x9d a service provider may use, among other methods, a fraud management system that develops usage profiles. These profiles are based on the communications traffic information for particular customers and are obtained from billing records and other sources. If a call does not match the customer""s profile, an analyst may contact the customer. A fraud detection system (like CloneDetector available from GTE TSI (Telecommunications Services Inc.)) analyzes calling patterns to identify calls made close in time using identical MINs in widely-separated geographical areas. This type of condition generally indicates that one of the MINs is a clone. The customer corresponding to the MIN is contacted for confirmation and appropriate steps are taken to lock the clone out of the system.
Some clearinghouses are presently attempting to offer both fraud detection systems and customer on-line support systems intended to react in real time. Clearinghouses charge each subscribing service provider a per-transaction fee for providing fraud management services and also charge for certain on-line support data. In addition to charging transaction fees, clearinghouses incorporate each subscribing service provider""s valuable and commercially sensitive customer information into a central pool within its exclusive control. Clearinghouses provide needed roamer visibility. But subscribing service providers lose the ability to obtain data on their own network transactions if they choose not to utilize the clearinghouses for validation for particular transactions. Data of this sort is critical, not only for network operation, but also for purposes of planning and marketing. Understandably, subscribing service providers also prefer to maintain control over their own customer profile and system traffic information. They thus prefer to eliminate the clearinghouse service and directly manage user validation for their own networks in order to eliminate the transaction fees charged by the clearinghouses and obtain their own on-line support data.
Subscribing service providers can circumvent the clearinghouse services by networking their switches with switches in foreign service providers"" systems. This process is facilitated by deployment of SS7 networks, coupled with the advent of IS-41. IS-41 is an interim standard created by the Electronic Industry Association/Telecommunications Industry Association (xe2x80x9cEIA/TIAxe2x80x9d) that permits switches produced by different manufacturers to communicate with one another. IS-41 enables the switch of a home system of a roaming subscriber to communicate with a foreign system providing services to the roaming subscriber in order to transmit validation and customer profile information. IS-41 messages may be transported over SS7 networks that many service providers are already connected with or soon will be deploying. Other standards may be developed and will likely also be capable of transmission over SS7 networks. Using such standard message formats and protocols, switches belonging to differing service providers become capable of requesting validation data and exchanging customer profile information. This information sharing not only eliminates the high transaction charges associated with a national clearinghouse, but it also returns control of valuable, proprietary customer profile information to the service providers.
Since many such fraud detection systems (such as GTE""s) obtain fraud control and customer support data feeds from links between an individual MSC and clearinghouse, as wireless service providers connect their switches directly using SS7 or another network, the data traffic occurring between such interconnected switches is no longer xe2x80x9cvisiblexe2x80x9d to the clearinghouse system. In other words, clearinghouse systems often cannot obtain information on transactions involving wireless service providers whose switches are coupled directly to each other via the SS7 network.
Obviously, this is a problem that directly impedes clearinghouses ability to provide accurate and comprehensive fraud control and customer support data. The problem will accelerate as more service providers interconnect via SS7 or other networks. Such interconnections will increase as service providers take advantage of the flexibility of the SS7 network and new standards like IS-41 in order to interconnect directly with other service providers in adjacent geographic regions or in high use metropolitan areas frequented by business or tourist travelers.
Further, with the advent of SS7 networks, future service enhancements are likely. Those enhancements should be provided without disrupting fraud data feeds and other customer service operations; current systems do not eliminate or minimize disruptions, however.
As wireless service providers link their switches and move toward a nationwide network, xe2x80x9cthey will bypass the traditional methods of capturing roamer messages. They will have to assume more responsibility for insuring that the systems they use provide the required level of message visibility to maintain superior customer service and roamer managementxe2x80x94especially as more customers are roaming and using additional enhanced services.xe2x80x9d Rolando Espinosa, xe2x80x9cThe Industry""s Most Important Challenge: Cellular Signaling Network Management,xe2x80x9d Telephony, Vol. 227 at 27 (Aug. 22, 1994.) The ongoing and projected future conversion to SS7 networks therefore requires new methods and systems to extract fraud control and customer support information.
Even for service providers that may not adopt the SS7 or other standard network protocols, fraud control and customer on-line support systems furnished by outside providers suffer from drawbacks, both technical and financial. Among their technical shortcomings, the systems may not provide the full fraud data feeds necessary for minimizing and managing network fraud. Nor do the systems provide complete message xe2x80x9cvisibilityxe2x80x9dxe2x80x94information on transactions with some of the carrier""s closest roaming partners may not be obtained and transmitted to either the fraud control or customer support systems. Financially, reliance on outside network providers for fraud control and customer support systems costs service providers significant ongoing transaction fees.
Service providers face other difficulties which are only aggravated as they interconnect their switches to the switches of other service providers. Customer service, for example, is one aspect of operating a wireless network that becomes more of a challenge when subscribers roam into other service areas. Even when a subscriber has difficulty within the service provider""s home network, isolating the source of the problem may take days or even weeks. The problem, for instance, could be with the subscriber""s phone, with a particular switch within the provider""s network, with the subscriber""s billing system, or with a Home Location Register (HLR). Locating the problem is often accomplished through a process of elimination. When the problem occurs when the subscriber is roaming, the possible sources of the fault are compounded and additional time and expense may be incurred before the problem can be detected and corrected.
The difficulty in providing customer service is endemic of a larger difficulty in maintaining a service provider""s network. Even when the source of the problem is known, such as a particular switch within the network, identifying and correcting the precise problem is often not an easy task. For a switch, the service provider must dispatch personnel to the switch so that they can monitor the operations of the switch. The personnel then try to replicate events that triggered the problem or fault in the hopes that they can detect the source of the fault. In general, the engineering and technical support personnel react to the problems and are often unable to stop problems before they occur. Additionally, the engineering and technical support personnel attempt to isolate and correct problems by monitoring future activity of the network and do not have clear records as to what occurred in the past at the time of the problem.
As discussed above, the advent of IS-41 allows greater communication between switches, especially between switches of two different service providers. The IS-41 messages transmitted and received by a service provider contains information about its network and subscribers and can be extremely valuable to the service provider. The service provider, however, is typically unable to capture the value in these messages since a single service provider have hundreds of thousands of these messages passing through its network each day. With such a large volume of messages, a service provider cannot easily extract useful information from the messages and the potential value in the messages is not captured.
According to one aspect, the present invention provides apparatus and methods for capturing information relating to communications traffic from one or more wireless telecommunications systems, and for processing the captured information at a message processor to produce roamer visibility and fraud data useful in administering such systems. A monitoring and data capture platform or subsystem monitors each of the telecommunications links coupling a Mobile Switching Center (xe2x80x9cMSCxe2x80x9d) or network elements like Signal Transfer Points or particular types of MSCs directly. This data capture subsystem may be configured to capture selected data pertaining to wireless telecommunications, including any number of desired call control and processing messages, depending on the type of data desired for roamer visibility, fraud control engineering, customer support or other functions of importance to wireless service providers, whether they provide cellular, PCS or other wireless communications network services. The selected data, typically in the form of messages in an operative protocol (e.g., the IS-41 protocol), can then be buffered for analysis or transmission. The selected data can be formatted and transmitted to (1) a message processor subsystem for further processing or (2) directly to a fraud system, customer support system, or other administrative instrumentality for further analysis or use.
Similarly, a method associated with the data capture apparatus furnishes visibility and/or fraud data relating to wireless communications based on related message traffic. Signals pass through various network elements like a Signal Transfer Point (xe2x80x9cSTPxe2x80x9d) pair or switch and are transmitted over at least one telecommunication network link coupled to at least one wireless switching center. A data capture device is coupled to at least one of the links or one of the network elements. Links or network elements are monitored for messages of interest, such as a message belonging to a preselected (and changeable) set of message types.
According to the method, signals containing messages relating to wireless telecommunications traffic are read off of at least one of the telecommunications links. Messages pertaining to wireless traffic are identified, and, of these messages, those belonging to a preselected (but changeable) set of message types are selected. Selected messages are then forwarded to an administrative instrumentality. The administrative instrumentality may be a message processor that further processes messages received from a plurality of data capture devices to collate messages or filter out from the incoming data stream messages redundant to those already provided by an outside source. Alternatively, message processing can be done at the data capture device and messages forwarded directly to other administrative instrumentalities like a fraud detection system, customer on-line support station or any other end-user capable of operating upon the captured messages.
In an illustrative embodiment of a system according to the present invention, the data capture subsystem is configured to transmit the selected data to a message processor for further processing to yield useful visibility and fraud data. (Generally, xe2x80x9cvisibility dataxe2x80x9d is wireless system data that identifies subscriber roaming activity between wireless systems. An example of some of the visibility data generated is the location and system usage of roaming subscribers.) The message processor stores selected incoming messages from the data capture subsystem in a memory location. The message processor then collates received messages with the stored messages to provide roamer visibility, fraud, or other useful administrative data. This data may be made available for query by on-line customer support workstations that may display the forwarded data on a real-time basis. Additionally, the message processor processes incoming captured messages and extracts certain data for transmission to a fraud detection or control system in the form of a data feed, for example.
A data capture portion of an embodiment of the present invention thus generates a set of wireless telecommunications visibility and/or fraud data based on messages transmitted over at least one telecommunications link or through various network elements. The visibility or fraud data is for use by an instrumentality in monitoring, servicing or otherwise administering a wireless telecommunications system.
One embodiment of a data capture apparatus comprises a link capture device that includes at least one telecommunications link interface; each link interface corresponds and couples to a telecommunications link for reading signals off the link. A processor may be coupled to the link interface and may be programmed for any of the following tasks: retrieving signals read by the telecommunications link interface; identifying messages in the retrieved signals; selecting messages belonging to a preselected set of message types of interest; and formatting the selected messages for transmission to the administrative instrumentality.
Alternative embodiments of data capture apparatus exist for capturing messages of interest from message traffic in wireless systems.
For example, rather than read messages off of telecommunications links, message traffic through a Signal Transfer Point (xe2x80x9cSTPxe2x80x9d) can be directly monitored and messages of interest captured. Preprocessors provided for each of a pair of STPs read appropriate message traffic and, after reformatting, forward selected captured messages to a merge processor. The merge processor combines captured messages and forwards them to the message processor.
Alternatively, for MSCs (particularly those manufactured by ATandT) operating with a proprietary protocol (ATandT""s protocol is called EFTN) the proprietary intra-switch messages can be xe2x80x9ctranslatedxe2x80x9d to a standard format (e.g., IS-41). A switch message capture device, implemented in a separate processor or resident on a portion of the message processor, can obtain from the switch xe2x80x9ctranslatedxe2x80x9d proprietary messages corresponding to messages of interest passing through, translated at and buffered at the switch. (To translate EFTN a software package may be obtained from ATandT and deployed at the switch of interest.) Captured messages are then transferred to an appropriate other portion of the message processor. (Absent this alternative embodiment of data capture device, messages in ATandT""s proprietary EFTN format would not be captured since other data capture devices could not recognize the messages of interest given their proprietary format.)
A message processor may generate system fraud and roamer visibility data for use by a service provider in administering its wireless systems and detecting fraud. A portion of the message processor is in communication with at least one data capture device (as described herein), or other device, for capturing from a wireless system messages indicative of wireless system traffic, the messages corresponding to a number of classes. As an example, there may be a first class of xe2x80x9cchallengexe2x80x9d messages and a second class of xe2x80x9cresponsexe2x80x9d messages; these may be typical of any system that uses a query/response (or xe2x80x9cACKxe2x80x9d/xe2x80x9cNACKxe2x80x9d) certified delivery method. In wireless systems using IS-41 protocol, the first class of challenge messages would be an xe2x80x9cinvokexe2x80x9d message; the second class of response messages would be a return result messages.
At least one input port on the message processor may receive messages pertaining to wireless traffic from the data capture device or, if the message processor is centrally located, a plurality of data capture devices. The message processor may be coupled to at least one memory location. (The phrase xe2x80x9cmemory locationxe2x80x9d means a memory or data storage device of any sort, or a portion of such a device.) The message processor is programmed to: receive messages indicative of wireless traffic from a data capture device and store in the memory location received messages that belong to the first class. For each received message belonging to the second class, the message processor searches the memory location for a previously stored first class of message related to the received message. If any message located in the search is related to the received message of the second class, the message processor collates the received message with the located message, and provides the collated messages to an end-user or a processor.
A method associated with processing captured messages includes: receiving messages indicative of wireless traffic from the data capture device; storing the received messages belonging to a first class of message (e.g., IS-41 invoke messages) in the memory location; for each received message belonging to a second class (e.g., IS-41 return result messages), searching the memory location for a previously stored message of the first class related to the received message and, if any message located in the search of the memory location is related to the received message of the second class, collating the received message with the located message. Finally, the collated messages are provided to an end-user. Optionally, collated messages may be xe2x80x9cfilteredxe2x80x9d to eliminate those messages already being provided by a third party fraud or customer support system.
Generally, the message processor may be centrally located and in communication with various data capture devices via a LAN, WAN or equivalent communication path. Central location allows for easier changes to the functionality implemented by the message processor. Nevertheless, the message processor may also be deployed with and connected directly to each data capture device. This would free up valuable system bandwidth since raw, unprocessed messages will not be sent, as is the case with a centrally located message processor.
A system for capturing desired messages from a wireless system that uses a preselected signaling system and preselected protocol thus includes data capture devices that (i) monitor wireless system message traffic through various network elements or across at least one network telecommunications link and (ii) select from the monitored messages those corresponding to a preselected set of message types. The system also includes a message processor coupled by a transmission path or directly to the data capture device(s) and programmed to collate selected messages with one another to produce records associated with the wireless telecommunications traffic, as well as means for providing such records to an end-user.
Indeed, if desired, the present invention could be used not only to capture messages of interest but also to monitor for messages of interest. Tallies of messages of interest could then be processed to create various statistics relevant to network traffic and extremely helpful to network engineering or customer support and marketing.
Accordingly, the present invention provides visibility data at a low cost as well as data to maintain or improve the effectiveness of existing fraud detection systems. Adopting the present invention avoids interrupting fraud investigation if the wireless system replaces an X.25 or any other existing network, including a SS7 network operated by an outside network provider, with its own SS7 or other network. Using the present invention, fraud control systems can be deployed in other markets without relying on third-party network operators and without losing roamer visibility when a carrier utilizes a selected protocol, such as SS7, to transport validation transactions. Presently deployed wireless systems will enjoy enhanced productivity benefits flowing from the provision of more detailed, yet real time, customer support, network traffic engineering or other administrative information. By implementing the carefully designed on-line support system, wireless providers will nevertheless receive just the right amount of data of interest, thus optimizing use of valuable system bandwidth.
According to another embodiment of the invention, a system includes a catcher for receiving data from data capture devices. A parser reads the daily files and interprets the messages into tables and fields. If the received message is a registration message or a reject message, then these messages are preferably written into a registration daily file and a reject daily file, respectively. The messages are preferably paired together so that all invoke messages are stored with the corresponding response message.
In the preferred embodiment, the system and method according to the method preferably maintain a separate table for each message type and a master daily file containing general information on all messages received that day. The database is structured so that it holds a week""s worth of data, with the last day""s data being deleted with each new day. The database also preferably contains a table holding the most current registration information on each MIN. By storing message data into a plurality of tables, responses to queries can be generated more quickly. For instance, rather than reading all of the data in a daily file to determine the location of a particular MIN, the system and method can perform a quick look-up in the MIN table, which contains a significantly less amount of data than the daily files. The system and method furthermore conserve space on the database by coding entries in the tables and fields. For instance, rather than storing xe2x80x9cregistration notificationxe2x80x9d when this type of message is received, the system and method instead store a specific number for that message, such as xe2x80x9c38.xe2x80x9d
The system and method support a number of different types of queries. One such query is a MIN/ESN query. With this query, the roaming activity of a specific customer can be ascertained. This search may be performed on a single day or over a range of days. A second type of query that may be performed with the invention is an active roamer query. An active roamer query shows a list of roamers that are active in a serving market. This query may be limited to a certain SID, switch, home SID, or NPA-NXX. A third query supported with the invention is a switch-to-switch query. The switch-to-switch query provides information on all ANSI-41 messaging on one switch or between two switches. The search may be performed on a single day or a range of dates. A fourth query performed with the invention is a transaction statistics query. The transaction statistics query provides information on registration messages between two cellular service providers. With this query, information may be obtained on all subscribers roaming in a foreign market or information may be obtained on everyone served by a home network. This query can be limited to a home region, to specific dates, to a specific roaming partner, and to a particular company, SID, switch, NPA-NXX, or MIN.
From the results of any query, a user can obtain record details on any message. If a user double-clicks on a message in the results section, the information on that message is pulled from the message table and the information is displayed in a tabular format. Each tab of information contains data on a group of parameters. If no data exists for all parameters within a group, then that tab preferably is not displayed to the user.
The system and method provide extremely useful data to a service provider. For customer support, the service provider can more quickly determine the source of a customer""s problem. The service provider need not place any type of xe2x80x9csnifferxe2x80x9d on a switch but instead can quickly recall the messaging that occurred at the time of the customer""s problem. Customer support, for instance, can determine whether the customer is able to register, whether the customer is authorized for a particular service. The engineering and technical support of a service provider can determine the cause of a past problem and, by monitoring the messaging within the network, can even prevent future problems from occurring.
It is accordingly an object of the present invention to provide a data capture device for monitoring and capturing a variety of information on telecommunications traffic within a wireless system.
It is an object of the present invention to provide a plurality of data capture devices, some of which capture data from a telecommunications link, others of which are coupled to particular network elements from which data of interest is captured.
It is a further object of the present invention to provide captured data to an administrative facility, such as a central message processor, where the results are collated or otherwise processed to yield roamer visibility, fraud, or other data useful in the administration of a wireless system.
It is an additional object of the present invention to provide a message processor for (1) receiving messages captured by data capture devices coupled to telecommunications links or network elements in a wireless system and (2) processing the received messages to yield paired IS-41 or other messages that provide roamer visibility and data useful in the detection of fraud.
It is another object of the present invention to provide a central message processor including a database containing roamer visibility data available for query by one or more on-line customer support systems.
It is a further object of the present invention to provide methods and apparatus for providing a central message processor for processing captured messages as well as fraud data received from outside or third party providers to generate a fraud data feed from which redundant fraud-related information has been removed.
It is still a further object of the present invention to provide methods and systems for enabling useful queries to be performed based on captured data.
It is yet another object of the present invention to provide methods and systems for allowing the capture of real-time roaming statistics.
It is another object of the present invention to provide methods and systems for allowing the capture of real-time data for use by engineering or technical support.
It is still another object of the present invention to provide methods and systems for enabling results of a query of a database to be returned in a relatively short period of time.
Other objects, features and advantages of the present invention will become apparent upon reading the remainder of this document.