Abstract: Systems and methods are provided for centralized validation of potential network calls, such as calls proposing database transactions, on a distributed system. The distributed system may include multiple systems that apply independent criteria for validating proposals, which criteria may not be available external to the individual systems. Moreover, the systems may lack an ability to validate proposals prior to submitting such proposals for commitment. A centralized network call parameter validation system as disclosed herein may validate potential network calls with high confidence by applying probability models of data pattern and hashing digit checksum to potential network call parameter values, which models are generated based on statistical analysis of historical network call values.

Abstract: Methods and devices for causing a communications session between a first device and a second device to end based on lack of speech activity are described herein. In some embodiments, a communications between a first device and a second device may be initiated by the first device, where a first user account associated with the first device is authorized to initiate communications session with the second device by a second user account. After the communications session is started, audio data is received by a speech activity detection system, which determines whether the audio data represents speech or non-speech. If, after the communications session begins, non-speech is detected by the first device for more than a predefined amount of time, then the communications session is caused to end so that the first device is not capable of receiving video and/or audio associated with the second device.

Abstract: A method for processing a cardless payment includes receiving, by a first mobile device, a signal from a second mobile device using a short-range wireless transmission protocol. A value for the received signal strength indication of the signal between the first mobile device and the second mobile device can be determined. The process can include determining that the first mobile device and the second mobile device are in proximity based on the received signal strength indication. Consent to enter into a payment transaction can be established upon a determination that the devices are in proximity to one another.

Abstract: One example method of operation may include identifying a call from a caller and destined for a callee, receiving a data message associated with the call, forwarding the data message to a call processing server, processing the data message to identify one or more call parameters, comparing the one or more call parameters to an active call scam model applied by the call processing server, determining a scam score for the call based on the comparing of the one or more call parameters to the active call scam model applied by the call processing server, and determining whether to notify the callee that the call is a scam based on the scam score.

Abstract: For uninterrupted network communications, a method detects a protected reset at a network device. In response to the protected reset, the method maintains communication functions of a communication module. The communication module communicates with other network devices using the communication functions. In response to the protected reset, the method resets the network device without resetting the communication module.

Abstract: A corpus of documents (and other data objects) stored for an entity can be analyzed to determine one or more topics for each document. Elements of the documents can be analyzed to also assign a risk score. The types of topics and security elements, and the associated risk scores, can be learned and adapted over time using, for example, a topic model and random forest regressor. Activity with respect to the documents is monitored, and expected behavior for a user determined using a trained recurrent neural network. Ongoing user activity is processed to determine whether the activity excessively deviates from the expected user activity. The activity can also be compared against the activity of user peers to determine whether the activity is also anomalous among the user peer group. For anomalous activity, risk scores of the accessed documents can be analyzed to determine whether to generate an alert.

Abstract: A method for implementing adaptive policy based computer security is described. In one embodiment, the method may include monitoring a behavior of a user on a computing device associated with the user, determining whether the user triggers one or more policy triggers associated with a broad policy or at least one sub-policy of the broad policy, or both, and upon determining the user triggers at least one policy trigger during the monitoring period, implementing a customized version of the broad policy on the computing device. In some cases, the method may include implementing the broad policy on the computing device upon determining the user does not trigger any of the one or more policy triggers. In other cases, the method may include triggering at least one of the policy triggers based at least in part on a requested action and determining whether the requested action includes a security threat.

Abstract: Heterogeneous information networks can be used to detect whether a new transaction is fraudulent. Metapaths are determined based on the heterogeneous information. The transactions can be downsized. For each metapath, training transaction data and test transaction data be used to compute a feature vector “z.” A fraud detection system can use the features to generate a fraud detection model. The fraud detection model can be iteratively refined using machine learning. The fraud detection models can then be applied to new transactions to determine a risk score of the new transaction.

Abstract: Systems, methods, and other embodiments associated with automated secondary linking for fraud detection systems. According to one embodiment, a system includes a parsing logic configured to receive an incoming fraud report based on a first fraud detection strategy. The parse logic is also configured to parse the incoming fraud report into fraud data. The system further includes a search logic configured to search a set of fraud reports to identify instances of the fraud data. The system also includes an alert logic configured to generate an alert in response to an instance of the fraud data being identified in the set of fraud reports.

Abstract: The disclosed computer-implemented method for detecting network security deficiencies on endpoint devices may include (i) detecting, at a network device, a request from an endpoint device to automatically connect to a wireless network, (ii) establishing, via the network device, a network connection between the endpoint device and a wireless network that appears to be the wireless network requested by the endpoint device but is not actually the requested wireless network, (iii) determining, based on establishing the network connection between the endpoint device and the wireless network that appears to be the requested wireless network, that the endpoint device is vulnerable to network attacks, and then (iv) facilitating, via the network connection, a security action on the endpoint device to protect the endpoint device against the network attacks. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A corpus of documents (and other data objects) stored for an entity can be analyzed to determine one or more topics for each document. Elements of the documents can be analyzed to also assign a risk score. The types of topics and security elements, and the associated risk scores, can be learned and adapted over time using, for example, a topic model and random forest regressor. Activity with respect to the documents is monitored, and expected behavior for a user determined using a trained recurrent neural network. Ongoing user activity is processed to determine whether the activity excessively deviates from the expected user activity. The activity can also be compared against the activity of user peers to determine whether the activity is also anomalous among the user peer group. For anomalous activity, risk scores of the accessed documents can be analyzed to determine whether to generate an alert.

Abstract: A telephony communications system for detecting abuse in a public telephone network to which a telephone network subscriber is connected includes: a telephone system server, configured to: emulate an extension subscriber in order to simulate the existence of the emulated extension subscriber of the telephone system vis-à-vis an attacking entity, receive a control command from the attacking entity to establish a telephone connection between the emulated extension subscriber and the telephone network subscriber, and send a connection request to the telephone network subscriber in response to receiving the control command in order to initiate the establishment of the telephone connection between the emulated extension subscriber and the telephone network subscriber; and a telephone network abuse detection device configured to detect an abuse attempt in the public telephone network on the basis of the telephone network address of the telephone network subscriber.

Abstract: A method, program and server are provided for certifying an identity of a second user using an identification server. The method includes: receiving, by the identification server, from a first device belonging to a first user, identification data regarding the second user; comparing, by the identification server, the identification data with certified identities contained in an identity database of the identification server; processing in which, when the identification data received is determined by the identification server to match a certified identity of the identity database, the identification server retrieves information regarding a third device belonging to a person corresponding to said certified identity, said information regarding the third device being stored in the identity database; and generating, by identification server, an identification code and sending said identification code to both the first device and the third device.

Abstract: The present disclosure relates to a call processing method and device. The method includes: obtaining usage information of a terminal device when receiving a call request from a strange call; determining whether the usage information comprises usage information associated with the strange call; and not intercepting the strange call if the usage information comprises the usage information associated with the strange call.

Abstract: Systems for providing scanning within distributed services are provided herein. In some embodiments, a system includes a plurality of segmented environments that each includes an enforcement point that has an active probe device, and a plurality of workloads that each implements at least one service. The system also has a data center server coupled with the plurality of segmented environments over a network. The data center server has a security controller configured to provide a security policy to each of the plurality of segmented environments and an active probe controller configured to cause the active probe device of the plurality of segmented environments to execute a scan.

Abstract: Technologies for client-level web application runtime control and multi-factor security analysis by a computing device include receiving application code associated with a browser-based application from a web server. The computing device collects real-time data generated by at least one sensor of the computing device and performs a multi-factor security assessment of the browser-based application as a function of the collected real-time data and the application code. Further, the computing device establishes a client-level web application runtime security policy associated with the browser-based application in response to performing the multi-factor security assessment and enforces the client-level web application runtime security policy.

Abstract: A method and apparatus are provided for presenting content to a caller and/or a called party in association with a telephone call or other communication connection. Content may be presented pre-ring (before the called party's telephone rings), in-call, and/or post-call, and may be related to a party participating in the call or may be related to a third party. Presentation of specified content may include assisted sharing, wherein both parties view the same content and one guides or assists the other. A received call may be split into signal and voice channels, with the signal channel used to notify a call controller of the call and the voice channel being directed to an agent selected by the call controller to handle the call.

Abstract: A system and method for detecting and preventing PSTN fraud and abuse in real time includes a detection engine and a call management engine. The system includes at least one user record, at least one call data record, at least one fraud score record, and at least one remediation record. A call management engine enables users to establish VoIP calls connections to destination phone numbers. A fraud detection engine screens VoIP call connections to detect potential fraud and generates fraud records and remediation records when potential fraud is detected. The fraud detection engine may additionally direct the call management to terminate a VoIP call connection.

Abstract: An embodiment of the invention describes a wireless device comprising a Subscriber Identity Module (SIM) further comprising a memory for storing program code for performing a plurality of operations, and a processor for processing the program code to execute the plurality of operations, the operations including receiving over-the-air instructions via a wireless network from a control center to create a rules set in the SIM, wherein the rules set defines an acceptable behavior of the wireless device, monitoring requests from a wireless modem of the wireless device for access files stored in the SIM, detecting an aggressive behavior of the wireless device based on the rules set, and blocking the wireless modem from generating traffic in the wireless network.

Abstract: A method and corresponding apparatus for automatically detecting and preventing fraudulent calls on a communication network. At least one example embodiment may include collecting CDRs on the communication network for a given time period, aggregating the plurality of call features for each of the collected call detail records by destination number, and utilizing machine learning to generate a decision model for determining if a destination number and/or a call to that destination number may be fraudulent. According to another aspect of the example embodiment, the decision model may be implemented on the communication network to detect and prevent fraudulent calls.

Abstract: A system and method are disclosed herein for providing mitigation of VoIP PBX fraud while having minimal impact on authorized VoIP PBX users. The method includes a system for detecting potential fraud based on multiple and configurable fraud indicators as well as historical data, which can be customized for individual users or groups, which in turn can trigger the other parts of the system to mitigate fraud. The system can terminate in-process calls that are potentially fraudulent and reset the network access credentials for the user accounts or device(s) that have been potentially compromised. The system can use historical data to block further calls from the compromised user accounts or devices to specific locations where the presumed fraudulent calls were directed. In a further aspect, the system and method can automatically reset the network access credentials for authorized users with minimal down time.

Abstract: A method and apparatus for managing communications in a communication network. A telephony device determines that a software application is attempting to contact an E.164 number. It then determines that the E.164 number matches at least one predetermined criterion, such as the E.164 number being a premium rate number or having a different country code to that of the device. The device then sends a query to a reputation server. The query includes information identifying the software application. The device receives a response from the reputation server, the response including a reputation relating to the software application. On the basis of the received reputation relating to the software application, the device can take further action such as preventing contact from being established.

Abstract: Technologies for client-level web application runtime control and multi-factor security analysis by a computing device include receiving application code associated with a browser-based application from a web server. The computing device collects real-time data generated by at least one sensor of the computing device and performs a multi-factor security assessment of the browser-based application as a function of the collected real-time data and the application code. Further, the computing device establishes a client-level web application runtime security policy associated with the browser-based application in response to performing the multi-factor security assessment and enforces the client-level web application runtime security policy.

Abstract: A system and method include receiving a headphone worn signal at a system representative of a detection of headphones being worn and controlling selection of a playback device via the system for audible sounds as a function of the headphone worn signal.

Abstract: A system for enabling identity verification of an individual in a transaction between the individual and an entity that utilizes a data processing system, an entity device, and an individual device. The individual registers with the data processing system biometric data taken from the individual and data pertaining to an individual device. The entity registers with the data processing system entity identifying information. Once the individual and entity agree on a transaction, the entity notifies the data processing system of the pending transaction and requests verification of the individual's identity. The individual communicates to the data processing system individual biometric data. The data processing system compares the biometric data from the individual with registered biometric data. The data processing system forwards a result of the comparison to the entity and upon a successful comparison, may forward any requested information regarding the individual to the entity.

Abstract: An arrangement 100, 150, and corresponding method, which arrangement is configured to recognize a conference participant 101-103, 151-153 who is currently talking during a conference session The arrangement comprises an identifying unit 120, 170 including a biometric detector 121, 171 adapted to capture at least one biometric characteristic of the participant 101-103, 151-153, and a comparison unit 122, 172 adapted to compare the biometric characteristic to stored biometric characteristics in a database 110, 160, each stored characteristic being associated with an owner identity. The arrangement also comprises a display enabler 123, 173 adapted to, when a match is found between the captured biometric characteristic of the participant 101-103, 151-153 and a stored biometric characteristic in the—database 110, 160, enable display of the identity associated with the matching participant to other participants 101-103, 151-153, 140 in the conference session.

Abstract: A system capable of automated mapping between a connectivity request and an ordered security rule-set and a method of operating thereof. The system includes an interface operable to obtain data characterizing at least one connectivity request; a module for automated recognizing at least one rule within the rule-set, the rule controlling traffic requested in the at least one connectivity request, wherein the recognizing is provided by comparing a set of combinations specified in the connectivity request with a set of combinations specified in the rule and matching connectivity-related actions specified in the connectivity request; a module for automated evaluating relationship between traffic controlled by the recognized at least one rule and traffic requested in the at least one connectivity request; and a module for automated classifying, in accordance with evaluation results, the at least one connectivity request with respect to the at least one rules and/or vice versa.

Abstract: A method is provided for identifying a calling party to a called party utilizing biometric information. Biometric information of first calling party is received. If stored, a calling party profile is retrieved based on first calling party biometric information. A call is placed to a called party. The first calling party profile is provided to called party. A biometric information change from first calling party biometric information to a second calling party biometric information is automatically detected, and it is determined whether the second party biometric information is stored. If stored, a second calling party profile of second calling party is retrieved and is provided to called party. Responsive to determining that the biometric information for second calling party is not stored, the called party is notified that the second calling party is communicating and the second calling party profile is automatically created based on second calling party biometric information.

Abstract: Methods and systems for treating inactive accounts by designating certain accounts for either unclaimed or escheats treatment are presented. In the unclaimed treatment the remaining balance of funds associated with the account is assigned to a prepaid phone card, whereas in the escheats treatment the remaining balance of funds is remitted to an appropriate authority. In each case the account is declared inactive, and processes are made available to reactivate the account.

Abstract: A telephone fraud prevention system is provided. A fraud application server is in communication with a fraud database and a switch that determines which calls are sent to the fraud application server. A policy function may be integrated with existing fraud detection and correlation systems. When a call is originated and authentication fails, whether that's through a PIN, voice recognition, etc., the fraud application server sends a message indicating that this customer has failed to authenticate. After a number of authentication failures, evidence of high-risk calling is determined. Instead of reactively dealing with the fraud, the risk has been captured at the fraud application server and the switch blocks potential damage from that call and from that user.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: A method for direct marketing comprising establishing a first communications link between a prospective customer using a device having a unique identification number and a communications device, automatically transmitting the unique identification number associated with the prospective customer's device to the communications device, establishing a second communications link between the communications device and a computer operably connected to a memory apparatus having a prospective customer database comprising prospective customer information associated with the unique identification number of the prospective customer's device, in which the information in the database determines prospective customer value which can be used to determine subsequent operations and marketing actions with the prospective customer.

Abstract: A method for dynamically updating a model is described. The method includes accessing a model that specifies expected characteristics for a transaction. The model includes variables associated with fraud. The method also includes receiving at least one value for each of the variables while monitoring transactions, and updating a distribution of values for each variable based on the received value. The received value is compared with the updated distribution to determine a deviation from a threshold value associated with a percentile of the updated distribution that is indicative of fraud.

Abstract: A computer-implemented method to block an outgoing request associated with an outgoing telephone number is described. A device is monitored for an outgoing request associated with an outgoing telephone number. The outgoing request is intercepted. The outgoing telephone number associated with the outgoing request is extracted. Upon determining that the extracted outgoing telephone number matches a telephone number stored in a database, the outgoing request is blocked.

Abstract: Methods and systems for treating inactive accounts by designating certain accounts for either unclaimed or escheats treatment are presented. In the unclaimed treatment the remaining balance of funds associated with the account is assigned to a prepaid phone card, whereas in the escheats treatment the remaining balance of funds is remitted to an appropriate authority. In each case the account is declared inactive, and processes are made available to reactivate the account.

Abstract: A method for establishing a communication channel (17) between a predetermined number of selected devices (3;5). Each of the devices has its own identity. The establishing of the communication channel is done by a pairing via a server (1). Said devices have a pairing operational mode and a communication operational mode.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: A method and device for preventing fraud in collect calls from a domestic origin point to an international terminating point through a long-distance telecommunications system is described. In the system and method, a Screening for International Calls database is added to the call processing platform. This Screening of International Calls database contains records keyed by country codes, and each record has a blocked collect call field listing destination numbers that are blocked from receiving collect calls. When a domestic-to-international collect call is made, the record corresponding to the country code of the international terminating point of the collect call is retrieved from the Screening for International Calls database. This record is checked to determine if the destination number of the collect call matches any destination numbers listed in the blocked collect call field of the country code database record. If there is a match, the call is blocked.

Abstract: A communication network is disclosed that uses voice authentication to provide call control. The communication network includes a call control function, a voice collection system, a voice authentication system, and a permission system. The voice collection system collects voice samples of a first party during the call to a second party, and transmits the collected voice samples to the voice authentication system. The voice authentication system compares the collected voice samples to stored voice samples to determine the identity of the first party. The permission system determines whether the first party is authorized for the call based on the identity of the first party. The permission system generates results based on the determination and transmits the results to the call control function. The call control function then processes the results, and interrupts the call if the first party is not authorized.

Abstract: A computer implemented method and system is provided for managing false answer supervision (FAS) in a telephony network. A call record recording multiple call events occurring at a terminal gateway is accessed. FAS events originating at the terminal gateway are detected. Suspect illegitimate call events are analyzed based on a combination of conditions. The suspect illegitimate call events are filtered for detecting events suspected of FAS. The FAS events are confirmed after discounting the suspected FAS events based on whether a proportion of the suspected FAS events is within a FAS threshold. A statistical inference of current behavior and past behavior of the terminal gateway is inferred. Threshold values are established for acceptable number of FAS events. A non-compliant behavior of the terminal gateway is inferred when the FAS events exceed the established threshold values. A service provider associated with the terminal gateway is notified for remedying the non-compliant behavior.

Abstract: A method is provided for identifying a calling party to a called party utilizing biometric information. Biometric information of first calling party is received. If stored, a calling party profile is retrieved based on first calling party biometric information. A call is placed to a called party. The first calling party profile is provided to called party. A biometric information change from first calling party biometric information to a second calling party biometric information is automatically detected, and it is determined whether the second party biometric information is stored. If stored, a second calling party profile of second calling party is retrieved and is provided to called party. Responsive to determining that the biometric information for second calling party is not stored, the called party is notified that the second calling party is communicating and the second calling party profile is automatically created based on second calling party biometric information.

Abstract: A system and method that may include placing a first telephone call from a data network to a target phone number using a trusted carrier; recording the first telephone call in a reference audio data file; placing a second telephone call from the data network to the target phone number using a suspect carrier; recording the second telephone call in a test audio data file; and comparing the test audio data file to the reference audio data file.

Abstract: An approach provides fraud detection in support of data communication services. A list of single-event attributes (e.g., hot or cold attributes) is generated and includes a network address of an end user host originating a data call or a calling party identification (e.g., Automatic Number Identification (ANI) or an originating Calling Line Identification (CLI)) for network access, wherein entries of the list specify values of the hot attributes. An attribute value associated with the data call is compared with the entries. A fraud alert is generated if the attribute value matches one of the entries.

Abstract: An interrupt payment system (100) comprising means (100) for detecting an interrupt signal generated by a party to a call; means (102) for obtaining details of a payment to be made on detection of an interrupt signal; a payment processor (104) operable to process the payment in accordance with the obtained details (104); and means (100) for resuming the call between all parties concerned on processing of a payment by the payment processor (104).

Abstract: A system, method, and computer readable medium for event driven call generation, comprises, monitoring a database transaction, detecting a suspect pattern in the monitored database transactions, and generating a telephone call based upon the detected suspect pattern.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: A method, apparatus and computer program product for identifying a geographic location for a source of a call is presented. A central office receives a call from a calling party, the call including a telephone number of the calling party. A geographic location of the calling party is determined from information associated with the calling party. The geographic location is then provided to the called party.

Abstract: Inmate communications systems provide a feature-rich platform with a high degree of flexibility and security employing call control facilities located off institutional premises. Authentication processes for calling and called party verification include biometric techniques in some embodiments. Distributed processing of call control and billing provide flexible interactive call payment processes. Preferred embodiments feature voice over IP transmission and control featuring controlled access to avoid addition of unauthorized third-party call participants. Monitoring, recording and selective forwarding of calls is provided under control of system administrators.

Abstract: A method for dynamically updating a model is described. The method includes accessing a model that specifies expected characteristics for a transaction. The model includes variables associated with fraud. The method also includes receiving at least one value for each of the variables while monitoring transactions, and updating a distribution of values for each variable based on the received value. The received value is compared with the updated distribution to determine a deviation from a threshold value associated with a percentile of the updated distribution that is indicative of fraud.