The disclosure of this invention will focus on its application in the cellular telephone system. This is done for the sake of clarity and brevity, since describing the application of this invention in each of the other wireless system protocols would be needlessly tedious. It will become clear to a person reasonably skilled in this art that the methods described in this disclosure can be applied similarly to any wireless system.
In order to prevent unauthorized system access, cellular systems use pre-call validation of each call attempt prior to connection of the call. Current validation schemes include verification that the Mobile Identification Number (MIN) and Electronic Serial Number (ESN) of the cellular phone are properly activated in the local switch (a switch resident data base is queried, looking up the entry). If a match is found, then the call is connected. If the MIN/ESN pair is not found in the data base, the call is either blocked or routed to an operator or recorded announcement.
If the subscriber record (including MIN/ESN) exists in the data base of another switch on the same network, (in this case both switches are of the same manufacture) a proprietary protocol is used by the first switch to access the data base of the second switch in order to perform the same look-up.
If the subscriber record is contained in a switch made by a manufacturer other than the switch attempting to serve the call, the Interim Standard 41 (IS41--included herein by reference) protocol is used to communicate the authentication request and reply between the switches. In this case, the same MIN/ESN information is looked up at the non-serving switch for authentication.
In all of the cases described here, the authentication process involves only the verification of the existence of a data base entry containing the same MIN/ESN pair.
Currently there is extensive fraudulent access to the cellular network using stolen MIN/ESN pairs which are programmed into the phones of criminals. Once a stolen MIN/ESN identity has been programmed into another cellular telephone, the cellular switch can not distinguish this phone from the original, since a look-up of its MIN/ESN identity for validation will of course be successful. MIN/ESN pairs are captured by criminals using receivers which are tuned to the reverse control channel of a cell site. When a legitimate cellular telephone subscriber makes a call, the MIN/ESN identity of the phone (along with other pertinent data) is transmitted to the cell site on the reverse control channel of the site. Criminals listening to this reverse control channel can decode the identities that are transmitted, storing them for distribution to other criminals for use in making fraudulent calls. These identities are used locally, as well as being traded for others throughout the country.
Many systems exist, external to the cellular switch, which use various fraud detection methods to identify fraudulent calls attempted on the network. These methods generally acquire call data after the call has completed (post-call), using this data to identify fraudulent calls through geographic or dialing pattern profiles. In this instance, since the calls made by the criminals have already been completed, the damage has already been done before the calls are identified as fraudulent.
Once a MIN/ESN pair has been identified as having been compromised, the cellular carrier typically reprograms the legitimate subscriber's phone and switch records with a new phone number (MIN), invalidating the old (compromised) MIN/ESN pair. Further attempts to use the old identity are automatically blocked in the cellular switch, thereby protecting the legitimate subscriber. This method of protection is both inconvenient for the subscriber and expensive for the cellular carrier.
Even if future calls using the same stolen identities are thereby prevented, the criminals simply switch to other stolen identities in a matter of seconds and continue making illegal calls. This is made easy for the criminals due to the availability of massive numbers of valid identities. In fact, some criminals have equipment built into their phones which allows them to gather groups of valid MIN/ESN identities off the air, automatically programming their phones with lists of those identities to choose from by simple telephone keypad selections. This type of phone, commonly referred to as the Rascal (Read And Store, Call Again Later), eliminates the need for separate ESN reading equipment. Using this type of phone also minimizes the need to make regular contact with other criminals who collect and distribute MIN/ESN pairs, thereby making criminal investigations into these matters more difficult for law enforcement agencies.
If the supply of valid MIN/ESN identities available to the criminals were severely limited, and false (unusable) identities were commonly accidentally collected by the criminals, the criminals would be forced to re-use and share stolen identities. Additionally, each working valid identity would command a higher price from the criminals purchasing or trading them. Each collected identity would need to be tested prior to use or distribution. In fact, some of the false identities could actually work, but be "tagged" for tracking purposes prior to allowing them to be collected by criminals. This would allow the cellular carrier to monitor criminal call attempts data from phones which use these tagged identities. Each of these factors contributes, directly or indirectly, to the overall reduction of fraud in the cellular markets.
When the criminals begin sharing identities, inevitable concurrent call attempts using the same identity will make identification of the fraudulent activity much easier to detect. Methods such as geographical improbability and concurrent call detection will quickly identify these conditions. Also, since more criminals will concurrently use the same identity, usage patterns of the criminals are less likely to be concealed. Systems which spot unusual calling patterns and accelerated billing for individual subscribers will more easily see the additional usage of not only one, but several criminals using the same stolen identity.
The inherent design of the cellular switches will also reduce criminal usage in this case. Once a MIN/ESN identity is in use on the system (a call is in progress), that same identity is automatically blocked from being used concurrently. This means that criminals who share stolen identities cannot use their phones at the same time for making or receiving calls. This, of course, will result in less overall criminal access to the system.
Higher costs for acquisition of stolen identities will in itself discourage some criminals. In the cases where the criminals are only marginally benefiting financially from using the counterfeit technology, the cost of using stolen identities for these criminals may finally outweigh the already marginal gain.
Since tracking tagged identities will be fairly easy to accomplish, the criminals (who will learn of this) will tend to be much more careful about usage. This will further reduce the criminal access to the cellular system. Also, in the efforts to pre-test identities which have been gathered, the criminals will create a very identifiable pattern, showing identities that have been gathered as well as the times and geographic locations involved with the collection and testing activities.
From this explanation it can be seen that a method and article are needed for preventing the gathering of MIN/ESN identities of valid cellular telephones by listening in on call attempts made using a cellular system. It can also be seen that there is a need to provide a method and article which seed the cellular control channels with false and tagged MIN/ESN identities without affecting normal cellular channel usage. Further, it can be seen that there is a need to provide pre-call information to switch-external cellular fraud detection systems for all of the calls made through a cellular switch, allowing such systems to identify fraudulent calls prior to call completion.