Abstract: A device for using rules in the processing of information includes a first interface that allows for secure communications, a first database, a second database, a second interface that allows for secure communications, and a detection component implemented at least partially in hardware, the first interface connecting to the first database, the first database connecting to the detection component, the second database connecting to the detection component, the second interface connecting to the detection component, the second database including a plurality of rule libraries, each rule library, of the plurality of rule libraries, storing a set of related rules, and a plurality of rule engines, each rule engine, of the plurality of rule engines, corresponding to a rule library, of the plurality of libraries, and the detection component including a rule selector, and a rule applicator to apply a selected rule to information.

Abstract: A device may identify information associated with other devices, generate a first value for one or more indicators associated with the information, process, based on providing the information to a rules engine corresponding to a library of rules including the rule and receiving, from the rules engine and based on providing the information to the rules engine, information associated with a second value the information using a rule to generate the second value based on combining the first value with one or more third values, and output information regarding the second value to determine how to process the information.

Abstract: A system for providing secure communications may include a management system to receive first information, the first information being received via a first secure connection, analyze the received information to form analyzed information, and provide the analyzed information, a processor device to receive the analyzed information, the analyzed information being received via a second secure connection between the processor device and the management system, and perform an action based on the analyzed information, and a clearinghouse device to receive second information, the second information being received via a third secure connection between the clearinghouse device and each provider device of a plurality of provider devices, process the second information to form the first information, and provide the first information to the management system via the first secure connection.

Abstract: A system, method and computer program product for processing event records. The present invention includes a detection layer, an analysis layer, an expert systems layer and a presentation layer. The layered system includes a core infrastructure and a configurable, domain-specific implementation. The detection layer employs one or more detection engines, such as, for example, a rules-based thresholding engine and a profiling engine. The detection layer can include an AI-based pattern recognition engine for analyzing data records, for detecting new and interesting patterns and for updating the detection engines to insure that the detection engines can detect the new patterns. In one embodiment, the present invention is implemented as a telecommunications fraud detection system. When fraud is detected, the detection layer generates alarms which are sent to the analysis layer. The analysis layer filters and consolidates the alarms to generate fraud cases.

Abstract: A device may identify information associated with other devices, generate a first value for one or more indicators associated with the information, process, based on providing the information to a rules engine corresponding to a library of rules including the rule and receiving, from the rules engine and based on providing the information to the rules engine, information associated with a second value the information using a rule to generate the second value based on combining the first value with one or more third values, and output information regarding the second value to determine how to process the information.

Abstract: A system, method and computer program product for processing event records. The present invention includes a detection layer, an analysis layer, an expert systems layer and a presentation layer. The layered system includes a core infrastructure and a configurable, domain-specific implementation. The detection layer employs one or more detection engines, such as, for example, a rules-based thresholding engine and a profiling engine. The detection layer can include an AI-based pattern recognition engine for analyzing data records, for detecting new and interesting patterns and for updating the detection engines to insure that the detection engines can detect the new patterns. In one embodiment, the present invention is implemented as a telecommunications fraud detection system. When fraud is detected, the detection layer generates alarms which are sent to the analysis layer. The analysis layer filters and consolidates the alarms to generate fraud cases.

Abstract: A system, method and computer program product for processing event records. The present invention includes a detection layer, an analysis layer, an expert systems layer and a presentation layer. The layered system includes a core infrastructure and a configurable, domain-specific implementation. The detection layer employs one or more detection engines, such as a rules-based thresholding engine and a profiling engine. The detection layer can include an Artificial Intelligence based pattern recognition engine for analyzing data records, for detecting new and interesting patterns and for updating the detection engines to insure that the detection engines can detect the new patterns. In one embodiment, the present invention is implemented as a telecommunications fraud detection system. When fraud is detected, the detection layer generates alarms which are sent to the analysis layer. The analysis layer filters and consolidates the alarms to generate fraud cases.

Abstract: A system, method and computer program product for processing event records. The present invention includes a detection layer, an analysis layer, an expert systems layer and a presentation layer. The layered system includes a core infrastructure and a configurable, domain-specific implementation. The detection layer employs one or more detection engines, such as a rules-based thresholding engine and a profiling engine. The detection layer can include an Artificial Intelligence based pattern recognition engine for analyzing data records, for detecting new and interesting patterns and for updating the detection engines to insure that the detection engines can detect the new patterns. In one embodiment, the present invention is implemented as a telecommunications fraud detection system. When fraud is detected, the detection layer generates alarms which are sent to the analysis layer. The analysis layer filters and consolidates the alarms to generate fraud cases.

Abstract: A system, method and computer program product for processing event records. The present invention includes a detection layer, an analysis layer, an expert systems layer and a presentation layer. The layered system includes a core infrastructure and a configurable, domain-specific implementation. The detection layer employs one or more detection engines, such as, for example, a rules-based thresholding engine and a profiling engine. The detection layer can include an AI-based pattern recognition engine for analyzing data records, for detecting new and interesting patterns and for updating the detection engines to insure that the detection engines can detect the new patterns. In one embodiment, the present invention is implemented as a telecommunications fraud detection system. When fraud is detected, the detection layer generates alarms which are sent to the analysis layer. The analysis layer filters and consolidates the alarms to generate fraud cases.

Abstract: A configurable and scalable rules-based thresholding system, method and computer program product for processing event records includes a core infrastructure and a configurable domain-specific implementation. The core infrastructure is generically employed regardless of the actual type of network being monitored. The domain-specific implementation is provided with user specific data and rules. The core infrastructure includes an event record enhancer which enhances events with additional data and a threshold detector which determines whether an enhanced event record, alone or in light of prior event records, exceeds one or more thresholds. The enhancer can access external databases for additional information related to an event record. In one embodiment, the enhancer generates feature vectors to represent enhanced event records. The threshold detector receives enhanced event records from the event record enhancer.

Abstract: A system, method and computer program product for interactively enhancing and presenting event data includes an enhancing portion and a presentation server. The enhancing portion includes a case enhancer that uses configuration data and an optional rules-based enhancing engine to enhance cases. The case enhancer includes a first informant that retrieves data from external data systems. The presentation server includes a presentation interface which interfaces one or more client workstations with a case data base. The presentation server also includes a second informant which interfaces the presentation interface with external data systems. The presentation server also includes an enforcer which interfaces the presentation interface with external action systems. A multi-level security system controls access to databases, the second informant and to the enforcer. In an exemplary embodiment, the security system includes a core infrastructure and a domain-specific implementation.

Abstract: A fraud detection system is disclosed for telephone PBX calls. The system includes a fraud data server for buffering the call detail records relating to inbound 800 number calls and outbound international calls. A threshold manager is connected at its input to an output of the fraud data server for detecting numerical counts exceeding preselected threshold values, in predetermined fields of the call detail records, and generates an alarm. The output of the threshold manager is connected to an input of the fraud data server for buffering the alarm incident to respective call detail records. A computer workstation is connected to the fraud data server for receiving packets of call detail records relating to alarm data, in a filtered preselected format. The workstation includes a monitor for displaying the alarm data on a graphical interface.

Abstract: Telephone fraud is monitored by effectively interfacing workstations with a fraud data server. Multiple customers may have their respective workstations coupled to the data server with attendant limited access to ensure security. A workstation manager and alarm manager cooperate with a management system database to process login and alarm detail requests from the various workstations. The managers are coupled to a single shared memory. The interface between the workstations and the fraud data server is by means of a message-based interface which standardizes the various functions of the workstation.