In present cellular service-based communications systems, verification of the legitimacy of a user's mobile phone has become a serious problem. Substantial revenues are lost by cellular service providers due to "cellular pirates" making calls by emulating legitimate users' phones. The problem primarily stems from the insufficient mechanisms to establish authentication of the mobile phones when a call is placed. Currently, the two basic requirements that a cellular system uses to establish verification of a mobile phone are the mobile phone number (also known as the Mobile Identification Number, or MIN) and the electronic serial number (ESN). Upon initiating a call, the mobile phone sends to the base station its own MIN and its ESN as well as other required information. The base station checks its internal memory to verify that the ESN is correct for the given MIN. However, when these numbers are transmitted over the air, "cellular pirates" can easily intercept these transmissions, decode the messages, and thus obtain the necessary numbers. Afterwards, the pirates can easily program an EPROM with the required numbers and install it in their cellular phone. Consequently, their cellular phone is capable of placing calls at the expense of the legitimate user without the system ever knowing of the deceit.
It is therefore an object of the present invention to provide in a cellular service-based communications system a method and means by which the legitimacy of a mobile phone user can be verified prior to connecting the cellular call without enabling the subsequent unauthorized use of the mobile phone access data by an eavesdropper.
It is a further object of the present invention to provide such a system which will allow a telephone call to be placed by a mobile phone after such verification passes and will prevent such a call to be placed when such verification fails.
It is a further object of the present invention to provide such a system which will allow the user a limited number of attempts to reaccess after failed verification before the system will alert the service provider and/or the legitimate user of multiple failed call attempts.