The caller identification (Caller ID) function in a telecommunications network is a service that provides information to the called party or to the called service about an identity of the calling party. The Caller ID function is also referred to as “Calling Line Identification” (CLI) or “Calling Party Id”. CLI enables the called party or called service to identify and authorize the calling party. Caller ID is a simple string of data that can easily be generated by a small software program. Telemarketers and others have been using a feature to interfere with the CLI function so as to change their identity or hide their identity from the called party. “Caller ID” spoofing and “CLI spoofing” are expressions given to this practice of causing the telecommunications network to provide to the called party identity information that is different from the identity information from the actual originating party. CLI spoofing is not only abused to trick a called party into answering the telephone, but also to access someone else's voice mail in a voice mail system that uses CLI for identification.
CLI spoofing is not a risk if the initiating call originates within the operator's network, as the integrity of the CLI is guaranteed. There is a risk, however, if the initiating call is generated in another network than the home network of the operator, as the CLI can have been manipulated. For example, the CLI can be manipulated in external voice-over-IP (VoIP) networks. As a consequence, there is a risk that any call entering the home network has a CLI that has been manipulated.
Mobile telephone networks have been adopting an infrastructure, referred to as “CAMEL”, for controlling calls. The acronym “CAMEL” stands for Customized Applications for Mobile networks Enhanced Logic, which is an ETSI/3GPP standard. CAMEL refers to a set of standards designed to work on a GSM or UMTS network. The standards allow an operator to define services on top of the conventional GSM or UMTS services. The CAMEL architecture itself is based on Intelligent Network (IN) standards. The IN architecture is intended for fixed telecommunications networks, as well as mobile telecommunications networks. The IN standards use the Signaling System #7 (SS7) protocol between telephone network switching centers and other network nodes owned by network operators. SS7 is a high-speed and high-performance packet-based communications protocol for controlling the call. In SS7, the signaling is out-of band and is carried in a separate signaling channel to which the end user has no access. The signaling path of SS7 is logically separated and distinct from the channels that carry the voice conversation. The control over the call, as provided by the network switches, is separated from the control over the service. Service control is assigned to computer nodes in the network. Accordingly, a CAMEL-based network provides a high level of security and CLI spoofing within a CAMEL-based network is considered a very low risk, if any at all. Furthermore, CAMEL allows mobile telephone network operators to offer the same IN services to their subscribers while they are roaming other CAMEL-based networks as they receive in their home CAMEL-based network, i.e., the network of the operator to whom they have subscribed.
A commonly applied defense mechanism to counter CLI spoofing when used to access voice mail from outside the operator's network is to request the accessing party to enter a secret password shared between the owner of the voice mail account and the voice mail system. The password is, e.g., a numeric password such as a personal identification number (PIN), or a combination of the PIN and the telephone number of the communications device associated with the account. Similarly, the password can be used for protection of other network services that are based on CLI such as customer service of the network operator, a help-desk service, a self-care voice portal, etc.
Another approach is disclosed in WO2008082489 that relates to Caller ID validation methods and system to protect against Caller ID spoofing. When a call is placed over a communication network, a validation system receives the call signaling, and processes the call signaling to identify originating node information in the call signaling. The originating node information is inserted by the communication network when handling the call and pertains to a network node that originates the call into the network. The validation system also processes the call signaling to identify caller ID information for the call. The validation system then processes the originating node information and the caller ID information to determine whether the call originated from the originating node. If the call did originate from the originating node, then the validation system determines that the caller ID information is valid.
For background information about spoofing, please see, e.g., US 20080089501; US 20070081648; US 20020098829; and U.S. Pat. No. 7,342,926.
For background information on IN please see, e.g., US 20080155021.
For background information on CAMEL networks, please see, e.g., WO2008/17951; WO2007/126995; and WO2003036994.
For background information on transit networks, please see, e.g., US 20080101568; and WO 2003/036994.
For background information on aspects of roaming, please see, e.g., WO 2006133720; WO2007002524; WO2003055249; EP1106025; EP1933572; and U.S. Pat. No. 6,804,505.