Method and system for preventing illicit use of a telephony platform

- Twilio, Inc.

A system and method for preventing illicit use of a telephony platform that includes enrolling a plurality of accounts on a telecommunications platform, wherein an account includes account configuration; at a fraud detection system of the telecommunications platform, receiving account usage data, wherein the usage data includes at least communication configuration data and billing configuration data of account configuration and further includes communication history of the plurality of accounts; calculating fraud scores of a set of fraud rules from the usage data, wherein at least a sub-set of the fraud rules include conditions of usage data patterns between at least two accounts; detecting when the fraud scores of an account satisfy a fraud threshold; and initiating an action response when a fraud score satisfies the fraud threshold.

Skip to: Description  ·  Claims  ·  References Cited  · Patent History  ·  Patent History
Description
CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a divisional of U.S. patent application Ser. No. 13/949,984, filed 24 Jul. 2013, which claims the benefit of U.S. Provisional Application number 61/675,156, filed on 24 Jul. 2012, both of which are incorporated in their entirety by this reference.

TECHNICAL FIELD

This invention relates generally to the telephony field, and more specifically to a new and useful method and system for preventing illicit use of a telephony platform in the telephony field.

BACKGROUND

Telephone fraud has long been a problem for telephony systems. With the introduction of VoIP networks and Session Initiation Protocol (SIP) trunks, the opportunities for telephony fraud is even greater. The recent development of new telephony platforms that enable a wider range of developers to create useful products also enables nefarious parties to create programs that commit telephony fraud. As one example, toll fraud has become a common problem on telephony platforms due in part to easier access to disposable telephone numbers. Other forms of telephony fraud can result in chargebacks for telephony platform providers when the telephony fraud involves stolen credit cards. Yet other forms of telephony fraud use valuable resources for improper uses that would otherwise be used for legitimate applications. Telephony fraud can be damaging to users that fall victim to the telephony frauds, to the profitability of telephony platforms, and to the performance of legitimate telephony applications. Furthermore, as developers are more frequently building on top of other infrastructure, those developers may not have access to the raw information to prevent such illicit use of their applications. Thus, there is a need in the telephony field to create a new and useful method and system for preventing illicit use of a telephony platform. This invention provides such a new and useful method and system.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 is a schematic representation of a system of a preferred embodiment of the invention;

FIG. 2 is a flowchart representation of a preferred embodiment of the invention;

FIG. 3 is a schematic representation of a preferred embodiment of the invention;

FIG. 4 is a schematic representation of a preferred embodiment of the invention for integrating a fraud scoring system with a data stream;

FIG. 5 is a flowchart depicting a variation of a preferred embodiment of the invention for updating received usage data upon receiving a trigger signal,

FIG. 6 is a flowchart depicting a variation of a preferred embodiment of the invention for calculating a fraud score from usage data associated with call history data;

FIG. 7 is a flowchart depicting a variation of a preferred embodiment of the invention for calculating a fraud score from usage data associated with message history data;

FIG. 8 is a flowchart depicting a variation of a preferred embodiment of the invention for calculating a fraud score from usage data associated with platform account data;

FIG. 9 is a table depicting a fraud rule set of an exemplary implementation of a preferred embodiment of the invention; and

FIG. 10 is a flowchart depicting a variation of a preferred embodiment of the invention for generating a fraud rule.

 DESCRIPTION OF THE PREFERRED EMBODIMENTS

The following description of the preferred embodiments of the invention is not intended to limit the invention to these preferred embodiments, but rather to enable any person skilled in the art to make and use this invention.

1. System for Preventing Illicit Use of a Communication Platform

As shown in FIG. 1, a system for preventing illicit use of a communication platform of a preferred embodiment can include a communication platform 100 that includes a multitenant account system 110 and a fraud scoring system 120 communicatively coupled to operational components 130 of the communication platform. The system functions to apply various fraud-based heuristics across the accounts and/or subaccounts of the platform 100, monitor and measure the scores based on the heuristics, and alter operation of the account within the communication platform. Such a system is preferably capable of mitigating fraudulent behavior made on top of a self sign-up communication platform. In one scenario, the system can be applied to preventing illicit use within a single account. The system can additionally be extended to detect illicit use through cooperative use of multiple accounts. Another aspect is that the multitenant account system may include functionally for an account to create sub-accounts. Sub-accounts can be used so that a developer can develop a service on top of the communication platform and provide that service to end customers. The system can enable fraudulent behavior within the subaccount of an account to also be monitored for fraudulent behavior.

The communication platform 100 functions as the main infrastructure on which fraud is sought to be prevented or reduced. The communication platform is more preferably a telecommunication platform that facilitates synchronous voice communication sessions, synchronous video communication sessions, screen-sharing session, asynchronous text or media communication. In particular traditional telecommunication protocols such as telephone based networks (e.g., PSTN) or carrier based messaging (e.g., SMS or MMS) are of particular attention in the prevention of fraud. The ecosystem of traditional telecommunication protocols includes user contracts and network/carrier contracts to facilitate interoperability and functioning of the communication network as a whole. The communication platform 100 in some variations may provide a way for account holders to avoid the various contract related restrictions usually involved in using the network. For example, an account may be created and used through self sign-up, avoiding a contract lock-in or enrollment process. As described below accounts can additionally acquire and drop communication endpoints on-demand. The fraud scoring system preferably functions to ensure that such beneficial features are not leveraged in implementing toll fraud, spamming techniques, scams, or other illicit uses of the communication platform 100.

The communication platform 100 can provide any suitable service. In one variation, the communication platform 100 provides routing functionality. In another variation, the communication platform 100 may provide communication bridging between at least two protocols such as a PSTN device talking to a SIP based device. In a preferred embodiment, the communication platform 100 provides communication application functionality and/or API based integration to communication sessions, events, and resources. The communication platform preferably enables accounts to configure applications to be responsive to incoming communications. The communication platform 100 can additionally facilitate initiating outbound communications to be controlled by an application or connected to an agent. The applications are preferably internet hosted telephony instruction documents hosted externally by the developers (e.g., the account holder). The applications are preferably configured as URI mappings within an account that relate an endpoint with an application URI. The URI based applications preferably enable web developers to easily apply web-based application skills to building dynamic telephony applications. The communication application platform is preferably substantially similar to the one described in U.S. Pat. No. 8,306,021, issued 6 Nov. 2012, which is hereby incorporated in its entirety by this reference. The communication platform 100 may alternatively be focused on providing some features directed at a targeted use case. For example, the communication platform 100 may be a customer service platform used by customers to build call centers. The communication platform 100 may be a conference call service, a personal voicemail system, a notification service, a two-factor authentication facilitating service, and/or any suitable type of communication platform.

The multitenant account system 110 functions to manage and facilitate the accounts within the communication platform 100. As described above, the communication platform 100 is preferably a multitenant infrastructure in that multiple users can independently operate on shared resources of the communication platform. Preferably, any given account is prevented from impacting the resources of others within a multitenant system. The account system no preferably includes a user interfaced and/or programming interface (API) to create and manage an account. The communication platform will often involve paid use of communication infrastructure. The account system may include a billing engine that stores payment information of the account. Within an individual account, at least one endpoint is preferably assigned as a communication address. The communication endpoint is preferably a phone number, but may alternatively be a SIP address, a user name, or any communication address. The account system 110 or an endpoint service may additionally facilitate an account from acquiring new endpoints, porting outside endpoints for use within the platform, and/or canceling endpoints. The account system 110 can additionally manage operational configuration such as storing resources, references to resources, parameter settings, or other aspects used in account usage of the communication platform 100. Preferably, the configuration can store the application URIs mapped to endpoints of the account.

Additionally, the multitenant account system no can include a sub-account system such that a hierarchy of accounts can be created. A first account (i.e., a parent account) can preferably create or contain multiple sub-accounts (i.e., children accounts). Sub-accounts may be created through an interface by the sub-account holder or alternatively through an API by the parent account holder. For example, an application developer may create a customer service application, and then allow end users to signup as customers within his account. The sub-accounts will preferably operate within the scope of the parent account. The sub-accounts can be customized by the parent account and/or customized by sub-account holder. In one implementation, the sub-account system may functions similarly to the system and method described in U.S. patent application Ser. No. 13/167,569, filed 23 Jun. 2011, which is hereby incorporated in its entirety by this reference.

The fraud scoring system 120 functions to monitor, measure, and detect instances of illicit use that occur within or through the communication platform. The fraud scoring system 120 may predominantly focus on preventing continued illicit use of the communication platform 100 that is initiated by an account and/or a parent account of the communication platform 100. The fraud scoring system 120 can additionally identify and prevent illicit actions initiated by parties outside of the platform but occurring through the communication platform 100.

The fraud score preferably includes a set of fraud rules. The fraud rules are preferably conditions that either act as a metric upon which a score is based. The scores of the various fraud rules are preferably collectively analyzed to determine if fraud is occurring. A fraud rule in one variation is used in calculating a scalar measurement of one dimension or indicator of fraud. A fraud rule may alternatively be set of discrete conditions with an assigned score based on the determined condition. Preferably, this will be binary decision of assigning a fraud score or not. The fraud rules can target various aspects of communication and account usage and configuration. The fraud rules may simply evaluate indicators of fraud within an account or sub-account. Additionally, the fraud rules may include analysis across accounts/sub-accounts to detect patterns of illicit use implemented using multiple accounts. The fraud rules may be preconfigured or automatically generated based on algorithmically learned patterns in fraud or anomaly detection. The fraud scoring system no may additionally include an analyst-facilitated user interface wherein new rules can be created and issues can be manually ignored or acted upon, which functions to supplement automatic operation with human insight.

The set of fraud scores can include a wide variety of rules that use a variety of data sources. The data sources may include communication history such as involved endpoints, duration of the communication, content of the communication, frequency of the communications, geographic information of the communication, and other logged information. Some of the conditions may be based on static configuration parameters (i.e., how the account is setup). If an entity is implementing illicit behavior across multiple accounts similar resources are preferably used, and thus similarities of account settings across multiple accounts may be a sign of suspicious abnormal behavior. Other conditions may be based on usage of the account.

Another data source may include billing information such as the number of credit cards on the account, the number of accounts that use a particular credit card, number of names used on credit cards of an account, number or frequency of changes to billing information, country of IP address matched against credit card country, geographic region diversity of billing address, and other billing related information. The billing data source may be from a billing system of the communication platform. Outside data sources may additionally or alternatively be used. For example a data source with stolen or flagged credit card information can be used.

Yet another data source can include endpoints of an account. Patterns in endpoints may relate to the variety of owned or used endpoints by an account, variety of endpoints of incoming communication, variety of endpoints in outgoing communication, number or percentage of communications that are international, types of endpoints (e.g., short codes, mobile numbers, landlines, business numbers, etc.)

In the variation where the communication platform is a communication application platform, the application configuration can be another data source used in fraud rule conditions. Preferably, an application parameter is set within an account to reference the application resource (e.g., a document with the communication instructions). The application parameter is preferably a URI string that points to an application server of the account holder. The number of times the URI is used in different accounts may be the basis of a fraud rule condition. The application parameter may alternatively be a binary data file or executable code, and the raw application resource can be compared to other. For example, a cryptographic hash or fingerprint may be generated and used in comparing applications across accounts or sub-accounts. While static application configuration may be used, applications may be able to redirect application state control to other URIs and thus the fraud rule condition may be based on the URIs that are used throughout the processing of a communication session.

Similar to the fraud rules based on application configuration, media resource usage can additionally be used. If two or more accounts or sub-accounts, are using the same media resources, then those may be assumed to be operated by the same entity.

In addition to the data source, the time period in which the pattern is detected, age of the account, number of accounts, percentage of usage that is not flagged as suspicious and other qualifying conditions may provide additional context to the data source conditions.

The fraud scoring system 120 is communicatively coupled to the operational components 130 of the communication platform 100. The operational components 130 of the communication platform can include any servers, databases, processors or other resources that either define account configuration, account usage, or other aspects of the account within the platform. Preferably, the operational components include a call router that processes communication. In particular, the call router controls and facilitates the execution of a telephony application during a communication session. The various operational components 130 may additionally be used in enforcing some response to detection of illicit behavior by an account or sub-account.

2. Method for Preventing Illicit Use of a Communication Platform

As shown in FIG. 2, a method for preventing illicit use of a communication platform in accordance with a preferred embodiment may include enrolling a plurality of accounts in a telecommunications platform block S110, at a fraud scoring system, receiving usage data of a telephony platform component block S120, calculating a fraud score from the usage data block S130, detecting when fraud scores of an account satisfy a fraud threshold block S140, and taking action when a fraud score satisfies a fraud threshold block S150. The method functions to enable heuristic based identification and prevention of telephony fraud. The method is preferably used to prevent illicit use cases in voice or video calls, short message service (SMS) messages, multimedia messaging service (MMS) messages, Fax, or any suitable form of telephony communication. The method can additionally be applied to IP based communication or proprietary communication channels such as SIP, Video conferencing, screen sharing or other suitable communication mediums. The method is preferably performed by a fraud scoring system which is a preferably a sub-component of telephony application platform such as the telephony platform described in U.S. patent application Ser. No. 12/417,630, filed 2 Apr. 2009 and titled “System and Method for Processing Telephony Sessions”, which is incorporated in its entirety by this reference. Integration into a telephony platform preferably enables the gathering of usage data from a plurality of various telephony platform components. The telephony platform components are preferably those components that facilitate calls or messaging such as call databases or SMS databases, but may alternatively include components facilitating telephony application setup or operation such as account or credit card databases. The telephony platform is preferably a multitenant platform with multiple user accounts and optionally sub-accounts that independently use the platform. The telephony platform can be a self-sign up service, and the programmatic interface into the telephony platform can make it appear more appealing for illicit use. Entities can be freed of the hassle and complexity of arranging long-term contracts or other agreements that normally act as a barrier to telephony based fraud. The method is preferably applicable to preventing toll fraud in a telephony platform but may additionally or alternatively be used to prevent terms of service violations, denial of service attacks on a telephony platform or an outside system, suspicious behavior, credit card fraud, phishing attacks, and/or any suitable type of illicit use of a telephony platform.

The method is preferably capable of addressing internal telephony fraud (i.e., fraud performed by account holders on the telephony platform) and/or external telephony fraud (i.e., fraud attempts originating on outside systems but occurring through the telephony platform). The method is preferably capable of detecting coordinated illicit behavior performed across two or more accounts of the platform. Additionally or alternatively, the illicit behavior of a single account can additionally be addressed. The method preferably uses a heuristic based approach using rules defined in a rule set of the fraud scoring system. Rules used in the method can preferably be crafted and maintained by fraud analysts, which functions to enable analysts to use their unique insight into fraud scenarios to automatically detect future scenarios using the fraud scoring system. The method additionally can automate the detection and actions taken by fraud analysts for a system. The method may additionally include Bayesian learning, neural networks, reinforcement learning, cluster analysis or any suitable machine learning or algorithmic approaches to facilitate identifying illicit use cases. Preferably a combination of automatic fraud rule generation and fraud analyst input is used in during the method of the fraud scoring system. The method is preferably capable of identifying a wide variety of illicit use cases as defined in the rule set. When illicit use of the telephony platform is matches a rule, the fraud scoring system preferably acts to prevent that instance of illicit use from continuing.

Block S110, which includes enrolling a plurality of accounts in a telecommunications platform, functions to setup, configure, and instantiate multiple entities within the platform. An account within the telephony platform preferably has a unique identifier or uniquely identifying characteristics. Fraud detection is preferably detected within individual accounts or through two or more accounts that share usage data patterns (which often indicate a single entity is coordinating both accounts to distribute the signals of illicit behavior across multiple accounts). Enrolling an account may be initiated by a user through a user interface, but an account and/or a sub-account may alternatively be configured programmatically through an API such as a REST API of the platform. The enrollment may additionally include within one account, enrolling at least one sub-account that is managed by the first account. The sub-account (i.e., the child account) will often be an end customer of a service of the primary/parent account holder. For example, a customer care application may create a parent account, and within that account each end-customer is given a sub-account so that usage, data, and configuration can be independently managed. The parent account holder preferably manages these accounts. Sub-accounts are preferably created and managed through an API. The method can be particularly useful for systems that use sub-accounts in that, individual sub-accounts may be performing illicit behavior and the account holder may not have sufficient data when operating on top of the platform to detect the illicit behavior. The fraud detection service can be a beneficial service in promoting app developers to build on top of a platform.

Basic configuration of an account preferably occurs during enrollment but can be completed at a later time. Enrolling an account preferably includes an enrolling-account assigning at least one communication endpoint address to the account. Preferably, at least one phone number is associated with an account. Multiple phone numbers can additionally be configured. The communication endpoint may alternatively be a SIP address, email address, username, or any suitable address identifier used in routing communication to a destination. An assigned endpoint may be purchased/selected from the platform, ported from an existing system, or added to the account in any suitable manner.

The enrolling account additionally configures application resources. Preferably, an endpoint will be mapped to an application URI, which will be an external, internet-accessible resource that provides communication instructions for a communication session. Multiple application URI's may additionally be configured for different communication states or events. For example, there may be a primary application URI for incoming calls, an outgoing application URI that takes control of outgoing communication sessions, a fallback application may be used for when errors occur, there may be different application URIs for different mediums (e.g., voice, video, SMS, MMS, fax, eats.), different application URIs for different regions or originating endpoints. Each endpoint assigned to an account can additionally be uniquely configured. The configured application resources may alternatively or additionally include media files used in an application such as an application executable binary, instruction file, playable audio or video, or other suitable media resources.

The enrolling account may additionally configure billing information. The billing information will preferably include at least one credit card, but may alternatively be any suitable payment mechanism such as a bank account, links to an outside account with credit/points. The payment mechanism information will preferably include an account identifier (e.g., a credit card number), billing name, billing address. Multiple payment mechanisms may be setup.

Block S120, which recites at a fraud score system receiving usage data of a telephony platform component, functions to collect data used to calculate a fraud score. The usage data is preferably data collected and maintained independently from the fraud score system. The usage data thus typically reflects operational metrics of a telephony platform. For example, a call history database may store records of when calls where made and what the destination endpoints were for those calls. In this example, the primary purpose of the call history database may be for analytics but the data may additionally be used for calculating a fraud score. Alternatively, usage data may be collected with the explicit intent to measure data pertinent to calculating a fraud score. The fraud scoring system is preferably coupled through a network to a telephony platform component. More preferably the fraud scoring system is coupled through a network to a plurality of telephony platform components as shown in FIG. 3. A telephony platform component is preferably a machine that provides the usage data. The telephony platform components coupled to the fraud scoring system may include call history databases, messaging history databases, account databases, credit card hash databases, account databases, client device information databases, IP address databases, phone number databases, credit card or spending databases, API logs, and/or any suitable machine containing data useful for calculating a fraud score. The fraud scoring system is preferably configured to actively initiate communication with the telephony platform components, and the platform components preferably respond with any requested usage data. Alternatively, the coupled machines may independently send usage data to the fraud scoring system through a subscription or push-based service.

The fraud scoring system preferably refreshes usage data periodically. For example, fraud score system may receive new usage data from at least a subset of machines every half hour. In another variation, telephony platform components may send usage data continuously, when new data is collected, or for any suitable reason. In yet another variation, a fraud scoring system may be integrated into a data stream. In this variation data would preferably not need to be replicated or sent through a separate fraud scoring system. A fraud scoring system can preferably subscribe to designated data streams as shown in FIG. 4 but may alternatively be integrated into a data stream in any suitable manner. The fraud scoring system may additionally poll or actively request update usage data from components. Additionally or alternatively, a variation of a method of a preferred embodiment may include updating received usage data upon receiving a trigger signal Block S122 as shown in FIG. 5, which functions to enable fraud checking programmatically. In response to a trigger signal, the fraud scoring system preferably actively initiates the transmission of usage data from a telephony platform component to the fraud scoring system. The trigger signal is preferably an instruction associated with an application programming interface (API) call. The API call preferably causes usage data to be updated, a fraud score to be calculated, and action to be taken if appropriate. The API call may alternatively trigger a subset of the above steps. A telephony platform is preferably configured to send an API call to update the fraud scoring system when events occur that have a high correlation to fraud. For example, an API call to update the fraud scoring system may be sent before, while, or during updating an account, performing a credit card transaction, detecting high account concurrency, or during any suitable event. A fraud score API may additionally be used to perform other interactions with the fraud scoring system. For example, a fraud score API may trigger any suitable steps of the fraud scoring method; may create, edit, delete, or otherwise augment fraud rules, usage data, usage scores, fraud actions, or other parameters of the fraud scoring system; and/or interact with the fraud scoring system in any suitable way.

Block S130, which recites calculating a fraud score from the usage data, functions to process usage data to generate a metric that reflects the likelihood that illicit use of the telephony platform is occurring. Fraud scores are preferably calculated for a set of fraud rules. The set of fraud rules are used to calculate a set of fraud scores (e.g., measure or indicators of fraud). Additionally, fraud thresholds can define when particular types of actions are taken. A fraud rule preferably includes a usage condition, a usage data time window, and an account age condition. The fraud rules may additionally be conditions within a single account or pattern conditions across multiple accounts. The usage conditions are particular patterns in usage data (e.g., account configuration or communication history). The usage conditions are preferably particular patterns such as some threshold on the number or percentage of events or resources that would trigger activating the fraud rule (e.g., assigning the defined fraud score for that rule). The usage condition can additionally specify conditions found across multiple accounts. For example, a usage condition may be for identical/corresponding billing information configured in more than three accounts. The usage data time window is the window that is used to define what data is analyzed. Some exemplary time windows could include the past 24 hours, the past week, the past month, the past year, or across all data (e.g., no time window). The account age condition may define for how long the rule is monitored for an account. Some illicit use scenarios may only be seen with new accounts. For example, the account age condition may configure a fraud rule to apply to an account for the first week after the account is created. If the conditions of the fraud rule are satisfied a defined score is preferably assigned. These fraud scores are preferably stored per account. If the fraud rule is defined for condition patterns across multiple accounts, the fraud score is preferably assigned to each account. The fraud score is preferably a numeric value but may alternatively be a label or any suitable construct to communicate fraud likelihood. In this document we treat high fraud scores as indicating a greater likelihood of illicit use, but any suitable relationship may be defined. A fraud score is preferably associated with at least one key/identifier. The key may be an account, sub-account, an endpoint (e.g., a phone number), a credit card hash, or any suitable key. A plurality of fraud scores (e.g., one per fraud rule) is preferably calculated to monitor various entities and approaches to performing fraud in a telephony platform. For example, a series of fraud scores may be calculated to monitor accounts for one form of telephone fraud, while another series of fraud scores may be calculated to monitor credit card abuse across accounts. The fraud score is preferably indicative of activity during a specified time window, but may alternatively be an aggregate value (preferably factoring in older fraud scores to reflect multiple time windows). Calculation of fraud scores may additionally involve creating associations between subsets of the received usage data. Associations can be made based on user accounts, credit cards used to pay for accounts, endpoints or endpoint prefixes, source or destination carriers, and/or any suitable parameter that can be used to associate various data points in the usage data.

As described, fraud scores are preferably calculated to generate metrics that reflect the likelihood of fraud. These metrics may be associated with various parameters or combination of parameters of a telephony platform. Block S130 preferably includes calculating a fraud score from usage data associated with call history data Block S132, calculating a fraud score from usage data associated with messaging history data S134, and/or calculating a fraud score from usage data associated with platform account configuration data S136, but any suitable usage data may alternatively be used in calculating fraud score. Correspondingly, the block S130 preferably includes at least one fraud rule of the set of fraud rules including identifying communication-application configuration shared between at least two accounts, identifying shared patterns of media resource usage in two accounts, detecting shared billing information across two or more accounts, detecting communication history patterns across at least two accounts, and other suitable fraud rule conditions that are defined for patterns in usage data between multiple accounts.

Block S132, which recites calculating a fraud score from usage data associated with call history data, functions to create a fraud score based on patterns in calls occurring on the telephony platform. Several different parameters of a call may have been measured and included in the usage data. For example, call duration, account(s) associated with a call, call destination endpoints, caller endpoints, carrier origin of a call, destination carrier, frequency of calls, number of concurrent calls for an account, or any suitable parameter of call data. Such call related usage data can preferably be used to calculate fraud scores based on various heuristics. In one variation, high call concurrency (i.e., multiple calls occurring on the telephony platform simultaneously) for a new account is indicative of illicit use of the telephony platform. A fraud score that reflects this is preferably calculated from such data. In this variation, the fraud score preferably has a direct relationship to concurrency and an inverse relationship to the age of the account. In another variation, numerous call endpoints matching designated prefix patterns may additionally be an indicator of illicit use. A fraud score that reflects this is preferably calculated. Preferably, a fraud rule is defined for each communication history condition or set of conditions. Additionally, audio or video of a call may be used in calculating a fraud score. For example, white noise analysis of a call may be included in or extracted from usage data. White noise analysis may enable the fraud scoring system to detect if a phone call had anyone on either side of a call. In this example, a long silent phone call may be associated with illicit use of the telephony platform, and the white noise detection could be used to calculate a fraud score that reflects this heuristic.

Block S134, which recites calculating a fraud score from usage data associated with messaging history data, functions to create a fraud score based on patterns in messages occurring on the telephony platform. Messaging history data may include any data related to SMS, MMS, or other suitable messages communicated through the telephony platform. Calculation of a fraud score may include the use of usage data analogous to the usage data described above for call data, such as message endpoints, account(s) associated with a message, message frequency, message frequency as a factor of account age, carrier origin of a message, carrier destination of a message, or any suitable parameter of a message or messages sent through the telephony platform. Message content and message conversations conveyed in usage data of the messages may additionally be used to calculate a fraud score. In one variation, messages replying to account messages that instruct the sender to stop sending messages (e.g., a message with the message ‘STOP’) preferably contribute towards a higher fraud score. Accounts that receive a higher percentage of stop-messages are more likely to be practicing behavior that is undesirable to users. In an alternative variation, if a large number of spam-like text messages are delivered to endpoints matching a prefix and no stop-messages are received, this may also be an indicator of illicit behavior (e.g., a nefarious user may be trying to terminate as many text messages to a particular carrier).

Block S136, which recites calculating a fraud score from usage data associated with platform account configuration data, functions to use metrics collected from the telephony platform that do not directly relate to voice, video or messaging. Usage data associated with platform account configuration data may include information pertaining to user accounts, credit cards, endpoints, client devices, telephony application URI's, or any suitable platform account data. The configuration data preferably includes communication-application configuration, which includes variables and resources used in customizing and defining the application(s) of the account. One fraud rule may be defined for a condition of identifying communication-application configuration shared between at least two accounts. If multiple accounts have the same application configuration, then this can be used as a signal that the two accounts are used for the same task. Outside entities may set up multiple accounts to perform the same task to avoid detection, but identical application configuration can be a signal that the accounts are managed by the same entity or two cooperating entities. Preferably, applications are defined by application URIs that are associated with/mapped to communication endpoints. String comparisons of the URIs can be performed to identify matching applications used in multiple accounts. In some situations, some application URI's may be whitelisted so that they can be used in multiple accounts. In a similar, variation the actual application media resources consumed during execution of an application can be used to indicate similar functionality. A communication platform may transfer application state to various application URIs during a communication session. These application URIs can be similarly tracked and compared. Also media such as the instruction documents (telephony instructions in an XML document), audio files, video files, and other resources can be fingerprinted or otherwise processed to create an identifier that can be used to detect similar or identical media resources. Fingerprinting data preferably includes creating an identifier of the content of the media file. The fingerprint identifier can be preferably easily compared to other fingerprint identifiers in other accounts to determine if identical or substantially similar media is used. A fingerprint identifier preferably functions so that media can be matched despite variations in the encoding of the content. For example two images of the same picture but of slightly different dimensions and size ratios can be shown to be matching. Alternatively, the raw file may be compared. Media resource usage during communication sessions can also be used as signals of illicit behavior. For example, an image sent over MMS by one account may be fingerprinted. A second account additionally sends an image of MMS and the image is similarly fingerprinted. The fingerprint identifiers are then compared, and if they indicate the image content matches, this may trigger a fraud rule around two accounts sending identical images over MMS. Media fingerprinting can similarly be applied to audio, video and other suitable media mediums.

In one variation, calculating a fraud score from usage data associated with credit card data preferably involves comparing hashes of credit card numbers. By comparing billing information within and across accounts, the fraud scoring system functions to check diversity of payment mechanism. Payment mechanisms are preferably not shared across numerous accounts. This can be a signal that one entity is setting up multiple accounts for some reason. Within an account the payment mechanisms preferably have little diversity. If several credit cards with multiple names and addresses may be a sign that stolen credit cards are being used. As an example, a plurality of new accounts created and set up using the same credit card may be an indicator of illicit use. Credit card hash records for new accounts are preferably compared to identify credit cards used multiple times. In this variation, a credit card used multiple times for different accounts would preferably contribute to a higher fraud score. Similarly, many telephony applications allow accounts to set up an application to handle calls or messages by specifying a URI. In one variation, if one URI is configured for a plurality of new accounts, then this may indicate illicit use as it indicates one entity is setting up multiple accounts for the same purpose.

Block S140, which recites detecting when fraud scores of an account satisfy a fraud threshold, function to monitor and assess when a scenario of illicit behavior is occurring based on the fraud scores. Block S140 preferably includes storing/recording the fraud score. As described above, the fraud scores are preferably indicative of a fraud score for a particular time window, but may alternatively be an aggregate metric. The fraud scores are preferably stored such that an associated account, endpoint, application, and/or any suitable key may be referenced when retrieving data. In one variation block storing of the fraud scores is optional, and assessment can be performed directly after calculating fraud scores, without persistently storing fraud scores. Preferably, the same set of fraud rules are used in calculating fraud scores across all the accounts/sub-accounts. Fraud thresholds can define when particular types of actions are taken. In one implementation, the fraud scores associated with an account or sub-account are preferably summed, and if the total fraud score is above a define fraud score threshold a response is made in block S150. Additionally, there may be different levels of fraud thresholds. For example a fraud threshold may be defined for fraud scores from 20-50, a second fraud threshold for 51-75, and a third fraud threshold for scores over 76. These three fraud thresholds can define three levels of actions taken in block S150. The fraud reaction can alternatively be based on the fraud scores of a particular fraud rules. For example, specific fraud rules (when satisfied or for certain scores) may define a reaction of flagging an account or throttling an account, while some fraud rules may define more severe illicit behavior and can initiate automatic termination of the account.

Block S150, which recites taking action when a fraud score satisfies a fraud threshold, functions to react to fraud scores that indicate illicit behavior. The reaction to a fraud score may include flagging the account, throttling communication of an account, requesting additional billing information, notifying account holder, notifying an analyst of the communication platform, performing additional fraud detection analysis on the account, blocking particular actions on the account, or performing any suitable action. In a sub-account variation, the parent account of a sub-account is preferably notified of the sub-account illicit behavior. The notification can be an email notification, a message within the communication platform web platform, or notification made through the API of the communication platform. Account holders may have multiple sub-accounts using their service provided on top of the communication platform. By performing the fraud regulation by sub-accounts, the communication platform can avoid taking action against the account itself since many sub-accounts may be using the communication platform in a proper manner. This functions to simplify and abstract the fraud prevention aspect away from account holders such that the communication platform can handle illicit use detection. A fraud scoring system preferably includes a set of fraud rules (i.e., a rule set) stored using any suitable schema. The rule set preferably enables various heuristics to be configured and/or updated to keep current with the latest fraud attempts. Fraud score patterns may include thresholds for a particular fraud score or alternatively a group of fraud scores. Some exemplary fraud score patterns may include taking action when there are more than a specified number of international calls lasting longer than a specified amount of time, when an average length of international calls is greater than a specified amount of time, when greater than a specified number of outbound SMS messages to a classification of prefixes (e.g., UK prefixes) are made, when more than a specified number of unique credit cards are added to an account, when the credit cards of an account use more than a specified number of zip codes, when one credit card is used on more than a specified number of accounts, when one IP address is used across more than a specified number of accounts, when the account balance is more than a specified amount for an account and the age of the account is less than a specified number of days, when the answer rate of outbound calls is less than a specified percentage and/or when any suitable pattern is satisfied, As shown in FIG. 9, rule sets may be dependent on measured metrics in combination with a threshold, time period for the metrics, and account age. Alternatively, any suitable parameters may be specified to determine a rule set. Fraud score patterns may alternatively be trending patterns from a time series of related fraud scores. Fraud reactions preferably include suspending an account, blacklisting credit card numbers, blacklisting application URI's or IP's, rate-limiting services provided to an offending account, remove or adjust services provided to an offending account (e.g., remove international services), flag the account for a human fraud analyst to investigate, and/or any suitable course of action. The fraud reaction is preferably signaled to the telephony platform, and the resulting reaction preferably alters behavior of the telephony platform to prevent a suspected case of illicit use of the platform. There may additionally be different level of responses based on the severity of the fraud score, and fraud reactions may be applied in stages if the fraud score does not subside.

Additionally or alternatively, a method of a preferred embodiment may include generating a fraud rule block S160 as shown in FIG. 10, which functions to produce a fraud score based on collected data. In one variation, a fraud score set is preferably predominately generated by fraud analysts. This preferably enables fraud analysts to apply unique insight into fraud attempts to enable automatic detection. In a variation that implements block S150, at least a subset of the fraud rule set is generated through analysis of the data. As mention above Bayesian learning, neural networks, reinforcement learning, cluster analysis or any suitable machine learning techniques may be used to extract rules to identify fraud scenarios. The generating of a fraud rule may be active or reactive. Active generation of a fraud rule will preferably automatically generate a rule based on observed data. Reactive fraud rule generation preferably generates a fraud rule after a fraud scenario has happened. Data from the time of the fraud can preferably be replayed such that a fraud rule may be generated that would have set the fraud score to reflect the occurrence of the fraud scenario.

An alternative embodiment preferably implements the above methods in a computer-readable medium storing computer-readable instructions. The instructions are preferably executed by computer-executable components preferably integrated with a fraud scoring system. The fraud scoring system preferably includes a fraud rule set and a fraud scoring API. The fraud scoring system is preferably integrated into a telephony platform capable of facilitating voice, video, or message communication. The computer-readable medium may be stored on any suitable computer readable media such as RAMs, ROMs, flash memory, EEPROMs, optical devices (CD or DVD), hard drives, floppy drives, or any suitable device. The computer-executable component is preferably a processor but the instructions may alternatively or additionally be executed by any suitable dedicated hardware device.

As a person skilled in the art will recognize from the previous detailed description and from the figures and claims, modifications and changes can be made to the preferred embodiments of the invention without departing from the scope of this invention defined in the following claims.

Claims

1. A method comprising: at a telecommunication platform:

enrolling a plurality of parent accounts in the telecommunication platform;
within a first enrolled account, enrolling at least one sub-account that is managed by the first account;
at a fraud detection system of the telecommunication platform, receiving sub-account usage data of a plurality of sub-accounts of the telecommunication platform, wherein the sub-account usage data of each of the plurality of sub-accounts includes at least configuration data of the sub-account and communication history data;
calculating fraud scores of a set of fraud scores from the sub-account usage data; and
when the set of fraud scores of a sub-account satisfy a fraud threshold, programmatically notifying the corresponding parent account through the telecommunication platform,
wherein receiving sub-account usage data comprises collecting application media configuration; and
wherein for a first fraud rule, detecting a sub-account using application media files identical to media files used by at least a second sub-account.

2. The method of claim 1, wherein detecting a sub-account using application media files identical to media files used by at least a second sub-account comprises: calculating fingerprints of media files encountered during a communication session; and identifying corresponding media file fingerprints in two sub-accounts.

3. A method comprising: at a telecommunication platform:

enrolling a plurality of parent accounts in the telecommunication platform;
within a first enrolled account, enrolling at least one sub-account that is managed by the first account;
at a fraud detection system of the telecommunication platform, receiving sub-account usage data of a plurality of sub-accounts of the telecommunication platform, wherein the sub-account usage data of each of the plurality of sub-accounts includes at least configuration data of the sub-account and communication history data;
calculating fraud scores of a set of fraud scores from the sub-account usage data; and
when the set of fraud scores of a sub-account satisfy a fraud threshold, programmatically notifying the corresponding parent account through the telecommunication platform,
wherein receiving sub-account usage data comprises collecting application uniform resource identifiers (URIs) mapped to communication endpoints of a sub-account; and
wherein for a first fraud rule, detecting corresponding application URIs configured in at least two sub-accounts.

4. A method comprising: at a telecommunication platform:

enrolling a plurality of parent accounts in the telecommunication platform;
within a first enrolled account, enrolling at least one sub-account that is managed by the first account;
at a fraud detection system of the telecommunication platform, receiving sub-account usage data of at least one sub-account of the telecommunication platform, wherein the sub-account usage data of each sub-account includes at least configuration data of the sub-account and communication history data;
calculating fraud scores of a set of fraud scores from the sub-account usage data; and
when the set of fraud scores of a sub-account satisfy a fraud threshold, programmatically notifying the corresponding parent account through the telecommunication platform,
wherein receiving sub-account usage data of a sub-account comprises collecting payment mechanism configuration of the sub-account; and
wherein in response to a first fraud rule, detecting diversity of payment mechanism in a sub-account.

5. A method comprising: at a telecommunication platform:

enrolling a plurality of parent accounts in the telecommunication platform;
within a first enrolled account, enrolling at least one sub-account that is managed by the first account;
at a fraud detection system of the telecommunication platform, receiving sub-account usage data of a plurality of sub-accounts of the telecommunication platform, wherein the sub-account usage data of each of the plurality of sub-accounts includes at least configuration data of the sub-account and communication history data;
calculating fraud scores of a set of fraud scores from the sub-account usage data;
in a case where the set of fraud scores of a sub-account satisfy a fraud threshold, programmatically notifying the corresponding parent account of illicit behavior of the sub-account, the notification being provided via the telecommunication platform,
wherein illicit behavior includes at least one of toll fraud, spamming, terms of service violations, denial of service attacks, credit card fraud, suspicious behavior, and phishing attacks,
wherein the parent account is an account of an external service provider system, and
wherein each sub-account is an account of a system that uses a service of the external service provider system.

6. The method of claim 5, wherein receiving sub-account usage data comprises collecting application media configuration; and wherein for a first fraud rule, detecting a sub-account using application media files identical to media files used by at least a second sub-account.

7. The method of claim 6, wherein detecting a sub-account using application media files identical to media files used by at least a second sub-account comprises:

calculating fingerprints of media files encountered during a communication session;
and identifying corresponding media file fingerprints in two sub-accounts.

8. The method of claim 5, wherein receiving sub-account usage data comprises collecting application uniform resource identifiers (URIs) mapped to communication endpoints of a sub-account; and wherein for a first fraud rule, detecting corresponding application URIs configured in at least two sub-accounts.

9. The method of claim 5, wherein receiving sub-account usage data of a sub-account comprises collecting payment mechanism configuration of the sub-account; and wherein in response to a first fraud rule, detecting diversity of payment mechanism in a sub-account.

Referenced Cited
U.S. Patent Documents
5274700 December 28, 1993 Gechter et al.
5526416 June 11, 1996 Dezonno et al.
5581608 December 3, 1996 Jreij et al.
5598457 January 28, 1997 Foladare et al.
6026440 February 15, 2000 Shrader et al.
6094681 July 25, 2000 Shaffer et al.
6138143 October 24, 2000 Gigliotti et al.
6185565 February 6, 2001 Meubus et al.
6192123 February 20, 2001 Grunsted et al.
6223287 April 24, 2001 Douglas et al.
6269336 July 31, 2001 Ladd et al.
6373836 April 16, 2002 Deryugin et al.
6425012 July 23, 2002 Trovato et al.
6426995 July 30, 2002 Kim et al.
6430175 August 6, 2002 Echols et al.
6434528 August 13, 2002 Sanders
6445694 September 3, 2002 Swartz
6445776 September 3, 2002 Shank et al.
6459913 October 1, 2002 Cloutier
6493558 December 10, 2002 Bernhart et al.
6496500 December 17, 2002 Nance et al.
6501832 December 31, 2002 Saylor et al.
6507875 January 14, 2003 Mellen-Garnett et al.
6577721 June 10, 2003 Vainio et al.
6600736 July 29, 2003 Ball et al.
6606596 August 12, 2003 Zirngibl et al.
6614783 September 2, 2003 Sonesh et al.
6625258 September 23, 2003 Ram et al.
6625576 September 23, 2003 Kochanski et al.
6636504 October 21, 2003 Albers et al.
6662231 December 9, 2003 Drosset et al.
6704785 March 9, 2004 Koo et al.
6707889 March 16, 2004 Saylor et al.
6711249 March 23, 2004 Weissman et al.
6738738 May 18, 2004 Henton
6757365 June 29, 2004 Bogard
6765997 July 20, 2004 Zirngibl et al.
6768788 July 27, 2004 Langseth et al.
6778653 August 17, 2004 Kallas et al.
6785266 August 31, 2004 Swartz
6788768 September 7, 2004 Saylor et al.
6792086 September 14, 2004 Saylor et al.
6792093 September 14, 2004 Barak et al.
6798867 September 28, 2004 Zirngibl et al.
6807529 October 19, 2004 Johnson et al.
6807574 October 19, 2004 Partovi et al.
6819667 November 16, 2004 Brusilovsky et al.
6820260 November 16, 2004 Flockhart et al.
6829334 December 7, 2004 Zirngibl et al.
6834265 December 21, 2004 Balasuriya
6836537 December 28, 2004 Zirngibl et al.
6842767 January 11, 2005 Partovi et al.
6850603 February 1, 2005 Eberle et al.
6870830 March 22, 2005 Schuster et al.
6873952 March 29, 2005 Bailey et al.
6874084 March 29, 2005 Dobner et al.
6885737 April 26, 2005 Gao et al.
6888929 May 3, 2005 Saylor et al.
6895084 May 17, 2005 Saylor et al.
6898567 May 24, 2005 Balasuriya
6912581 June 28, 2005 Johnson et al.
6922411 July 26, 2005 Taylor
6931405 August 16, 2005 El-Shimi et al.
6937699 August 30, 2005 Schuster et al.
6940953 September 6, 2005 Eberle et al.
6941268 September 6, 2005 Porter et al.
6947417 September 20, 2005 Laursen et al.
6947988 September 20, 2005 Saleh
6961330 November 1, 2005 Cattan et al.
6964012 November 8, 2005 Zirngibl et al.
6970915 November 29, 2005 Partovi et al.
6977992 December 20, 2005 Zirngibl et al.
6985862 January 10, 2006 Stroem et al.
6999576 February 14, 2006 Sacra
7003464 February 21, 2006 Ferrans et al.
7006606 February 28, 2006 Cohen et al.
7010586 March 7, 2006 Allavarpu et al.
7020685 March 28, 2006 Chen et al.
7039165 May 2, 2006 Saylor et al.
7062709 June 13, 2006 Cheung
7076037 July 11, 2006 Gonen et al.
7076428 July 11, 2006 Anastasakos et al.
7089310 August 8, 2006 Ellerman et al.
7103003 September 5, 2006 Brueckheimer et al.
7103171 September 5, 2006 Annadata et al.
7106844 September 12, 2006 Holland
7111163 September 19, 2006 Haney
7140004 November 21, 2006 Kunins et al.
7143039 November 28, 2006 Stifelman et al.
7197331 March 27, 2007 Anastasakos et al.
7197461 March 27, 2007 Eberle et al.
7197462 March 27, 2007 Takagi et al.
7197544 March 27, 2007 Wang et al.
7225232 May 29, 2007 Elberse
7227849 June 5, 2007 Raesaenen
7260208 August 21, 2007 Cavalcanti
7266181 September 4, 2007 Zirngibl et al.
7269557 September 11, 2007 Bailey et al.
7272212 September 18, 2007 Eberle et al.
7272564 September 18, 2007 Phillips et al.
7277851 October 2, 2007 Henton
7283515 October 16, 2007 Fowler
7286521 October 23, 2007 Jackson et al.
7287248 October 23, 2007 Adeeb
7289453 October 30, 2007 Riedel et al.
7296739 November 20, 2007 Mo et al.
7298732 November 20, 2007 Cho
7308085 December 11, 2007 Weissman
7308408 December 11, 2007 Stifelman et al.
7324633 January 29, 2008 Gao et al.
7324942 January 29, 2008 Mahowald et al.
7328263 February 5, 2008 Sadjadi
7330463 February 12, 2008 Bradd et al.
7330890 February 12, 2008 Partovi et al.
7340040 March 4, 2008 Saylor et al.
7349714 March 25, 2008 Lee et al.
7369865 May 6, 2008 Gabriel et al.
7373660 May 13, 2008 Guichard et al.
7376223 May 20, 2008 Taylor et al.
7376586 May 20, 2008 Partovi et al.
7376733 May 20, 2008 Connelly et al.
7376740 May 20, 2008 Porter et al.
7412525 August 12, 2008 Cafarella et al.
7428302 September 23, 2008 Zirngibl et al.
7440898 October 21, 2008 Eberle et al.
7447299 November 4, 2008 Partovi et al.
7454459 November 18, 2008 Kapoor et al.
7457397 November 25, 2008 Saylor et al.
7486780 February 3, 2009 Zirngibl et al.
7496054 February 24, 2009 Taylor
7500249 March 3, 2009 Kampe et al.
7505951 March 17, 2009 Thompson et al.
7519359 April 14, 2009 Chiarulli et al.
7522711 April 21, 2009 Stein et al.
7536454 May 19, 2009 Balasuriya
7552054 June 23, 2009 Stifelman et al.
7571226 August 4, 2009 Partovi et al.
7613287 November 3, 2009 Stifelman et al.
7623648 November 24, 2009 Oppenheim et al.
7630900 December 8, 2009 Strom
7631310 December 8, 2009 Henzinger
7644000 January 5, 2010 Strom
7657433 February 2, 2010 Chang
7657434 February 2, 2010 Thompson et al.
7668157 February 23, 2010 Weintraub et al.
7672295 March 2, 2010 Andhare et al.
7675857 March 9, 2010 Chesson
7676221 March 9, 2010 Roundtree et al.
7715547 May 11, 2010 Ibbotson et al.
7779065 August 17, 2010 Gupta et al.
7882253 February 1, 2011 Pardo-Castellote et al.
7920866 April 5, 2011 Bosch et al.
7926099 April 12, 2011 Chakravarty et al.
7936867 May 3, 2011 Hill et al.
7962644 June 14, 2011 Ezerzer et al.
7979555 July 12, 2011 Rothstein et al.
8023425 September 20, 2011 Raleigh
8069096 November 29, 2011 Ballaro et al.
8081958 December 20, 2011 Soederstroem et al.
8103725 January 24, 2012 Gupta et al.
8126128 February 28, 2012 Hicks, III et al.
8149716 April 3, 2012 Ramanathan et al.
8150918 April 3, 2012 Edelman et al.
8156213 April 10, 2012 Deng et al.
8196133 June 5, 2012 Kakumani et al.
8233611 July 31, 2012 Zettner
8243889 August 14, 2012 Taylor et al.
8266327 September 11, 2012 Kumar et al.
8295272 October 23, 2012 Boni et al.
8306021 November 6, 2012 Lawson et al.
8326805 December 4, 2012 Arous et al.
8346630 January 1, 2013 McKeown
8355394 January 15, 2013 Taylor et al.
8417817 April 9, 2013 Jacobs
8438315 May 7, 2013 Tao et al.
8462670 June 11, 2013 Chien et al.
8509068 August 13, 2013 Begall et al.
8532686 September 10, 2013 Schmidt et al.
8542805 September 24, 2013 Agranovsky et al.
8594626 November 26, 2013 Woodson et al.
8611338 December 17, 2013 Lawson et al.
8649268 February 11, 2014 Lawson et al.
8667056 March 4, 2014 Proulx et al.
8675493 March 18, 2014 Buddhikot et al.
8755376 June 17, 2014 Lawson et al.
8806024 August 12, 2014 Francis et al.
8837465 September 16, 2014 Lawson et al.
8838707 September 16, 2014 Lawson et al.
9014664 April 21, 2015 Kim et al.
9015702 April 21, 2015 Bhat
20010038624 November 8, 2001 Greenberg et al.
20010043684 November 22, 2001 Guedalia et al.
20020006124 January 17, 2002 Jimenez et al.
20020006125 January 17, 2002 Josse et al.
20020006193 January 17, 2002 Rodenbusch et al.
20020067823 June 6, 2002 Walker et al.
20020077833 June 20, 2002 Arons et al.
20020126813 September 12, 2002 Partovi et al.
20020136391 September 26, 2002 Armstrong
20020165957 November 7, 2002 Devoe et al.
20020176378 November 28, 2002 Hamilton et al.
20020198941 December 26, 2002 Gavrilescu et al.
20030006137 January 9, 2003 Wei et al.
20030014665 January 16, 2003 Anderson et al.
20030018830 January 23, 2003 Chen et al.
20030026426 February 6, 2003 Wright et al.
20030046366 March 6, 2003 Pardikar et al.
20030051037 March 13, 2003 Sundaram et al.
20030058884 March 27, 2003 Kallner et al.
20030059020 March 27, 2003 Meyerson et al.
20030060188 March 27, 2003 Gidron et al.
20030061317 March 27, 2003 Brown et al.
20030061404 March 27, 2003 Atwal et al.
20030088421 May 8, 2003 Maes et al.
20030103620 June 5, 2003 Brown et al.
20030123640 July 3, 2003 Roelle et al.
20030195990 October 16, 2003 Greenblat
20030196076 October 16, 2003 Zabarski et al.
20030211842 November 13, 2003 Kempf et al.
20030231647 December 18, 2003 Petrovykh
20040044953 March 4, 2004 Watkins et al.
20040052349 March 18, 2004 Creamer et al.
20040071275 April 15, 2004 Bowater et al.
20040101122 May 27, 2004 Da Palma et al.
20040102182 May 27, 2004 Reith et al.
20040165569 August 26, 2004 Sweatman et al.
20040172482 September 2, 2004 Weissman et al.
20040205689 October 14, 2004 Ellens et al.
20040213400 October 28, 2004 Golitsin et al.
20040218748 November 4, 2004 Fisher
20040228469 November 18, 2004 Andrews et al.
20040240649 December 2, 2004 Goel
20050005200 January 6, 2005 Matena et al.
20050010483 January 13, 2005 Ling
20050021626 January 27, 2005 Prajapat et al.
20050025303 February 3, 2005 Hostetler
20050038772 February 17, 2005 Colrain
20050043952 February 24, 2005 Sharma et al.
20050047579 March 3, 2005 Salame
20050091572 April 28, 2005 Gavrilescu et al.
20050125251 June 9, 2005 Berger et al.
20050128961 June 16, 2005 Miloslavsky et al.
20050135578 June 23, 2005 Ress et al.
20050141500 June 30, 2005 Bhandari et al.
20050147088 July 7, 2005 Bao et al.
20050177635 August 11, 2005 Schmidt et al.
20050181835 August 18, 2005 Lau et al.
20050228680 October 13, 2005 Malik
20050238153 October 27, 2005 Chevalier
20050240659 October 27, 2005 Taylor
20050243977 November 3, 2005 Creamer et al.
20050246176 November 3, 2005 Creamer et al.
20050289222 December 29, 2005 Sahim
20060008073 January 12, 2006 Yoshizawa et al.
20060015467 January 19, 2006 Morken et al.
20060047666 March 2, 2006 Bedi et al.
20060067506 March 30, 2006 Flockhart et al.
20060129638 June 15, 2006 Deakin
20060143007 June 29, 2006 Koh et al.
20060168334 July 27, 2006 Potti et al.
20060203979 September 14, 2006 Jennings
20060209695 September 21, 2006 Archer et al.
20060212865 September 21, 2006 Vincent et al.
20060215824 September 28, 2006 Mitby et al.
20060217823 September 28, 2006 Hussey
20060217978 September 28, 2006 Mitby et al.
20060222166 October 5, 2006 Ramakrishna et al.
20060256816 November 16, 2006 Yarlagadda et al.
20060262915 November 23, 2006 Marascio et al.
20060270386 November 30, 2006 Yu et al.
20060285489 December 21, 2006 Francisco et al.
20070002744 January 4, 2007 Mewhinney et al.
20070036143 February 15, 2007 Alt et al.
20070050306 March 1, 2007 Mcqueen
20070070906 March 29, 2007 Thakur
20070070980 March 29, 2007 Phelps et al.
20070071223 March 29, 2007 Lee et al.
20070074174 March 29, 2007 Thornton
20070121651 May 31, 2007 Casey et al.
20070127691 June 7, 2007 Lert
20070127703 June 7, 2007 Siminoff
20070130260 June 7, 2007 Weintraub et al.
20070133771 June 14, 2007 Stifelman et al.
20070149166 June 28, 2007 Turcotte et al.
20070153711 July 5, 2007 Dykas et al.
20070167170 July 19, 2007 Fitchett et al.
20070192629 August 16, 2007 Saito
20070208862 September 6, 2007 Fox et al.
20070232284 October 4, 2007 Mason et al.
20070242626 October 18, 2007 Altberg et al.
20070265073 November 15, 2007 Novi et al.
20070286180 December 13, 2007 Marquette et al.
20070291905 December 20, 2007 Halliday et al.
20070293200 December 20, 2007 Roundtree et al.
20070295803 December 27, 2007 Levine et al.
20080005275 January 3, 2008 Overton et al.
20080025320 January 31, 2008 Bangalore et al.
20080037715 February 14, 2008 Prozeniuk et al.
20080037746 February 14, 2008 Dufrene et al.
20080040484 February 14, 2008 Yardley
20080052395 February 28, 2008 Wright et al.
20080091843 April 17, 2008 Kulkarni
20080101571 May 1, 2008 Harlow et al.
20080104348 May 1, 2008 Kabzinski et al.
20080134049 June 5, 2008 Gupta et al.
20080139166 June 12, 2008 Agarwal et al.
20080146268 June 19, 2008 Gandhi et al.
20080152101 June 26, 2008 Griggs
20080154601 June 26, 2008 Stifelman et al.
20080155029 June 26, 2008 Helbling et al.
20080162482 July 3, 2008 Ahern et al.
20080165708 July 10, 2008 Moore et al.
20080177883 July 24, 2008 Hanai et al.
20080209050 August 28, 2008 Li
20080222656 September 11, 2008 Lyman
20080232574 September 25, 2008 Baluja et al.
20080235230 September 25, 2008 Maes
20080256224 October 16, 2008 Kaji et al.
20080275741 November 6, 2008 Loeffen
20080310599 December 18, 2008 Purnadi et al.
20080313318 December 18, 2008 Vermeulen et al.
20080316931 December 25, 2008 Qiu et al.
20080317222 December 25, 2008 Griggs et al.
20080317232 December 25, 2008 Couse et al.
20080317233 December 25, 2008 Rey et al.
20090046838 February 19, 2009 Andreasson
20090052437 February 26, 2009 Taylor et al.
20090052641 February 26, 2009 Taylor et al.
20090074159 March 19, 2009 Goldfarb et al.
20090075684 March 19, 2009 Cheng et al.
20090083155 March 26, 2009 Tudor et al.
20090089165 April 2, 2009 Sweeney
20090089699 April 2, 2009 Saha et al.
20090093250 April 9, 2009 Jackson et al.
20090125608 May 14, 2009 Werth et al.
20090129573 May 21, 2009 Gavan et al.
20090136011 May 28, 2009 Goel
20090170496 July 2, 2009 Bourque
20090171659 July 2, 2009 Pearce et al.
20090171669 July 2, 2009 Engelsma et al.
20090171752 July 2, 2009 Galvin et al.
20090182896 July 16, 2009 Patterson et al.
20090217293 August 27, 2009 Wolber et al.
20090220057 September 3, 2009 Waters
20090221310 September 3, 2009 Chen et al.
20090222341 September 3, 2009 Belwadi et al.
20090225748 September 10, 2009 Taylor
20090225763 September 10, 2009 Forsberg et al.
20090232289 September 17, 2009 Drucker et al.
20090235349 September 17, 2009 Lai et al.
20090252159 October 8, 2009 Lawson et al.
20090276771 November 5, 2009 Nickolov et al.
20090288165 November 19, 2009 Qiu et al.
20090300194 December 3, 2009 Ogasawara
20090316687 December 24, 2009 Kruppa
20090318112 December 24, 2009 Vasten
20100037204 February 11, 2010 Lin et al.
20100070424 March 18, 2010 Monk
20100082513 April 1, 2010 Liu
20100087215 April 8, 2010 Gu et al.
20100088187 April 8, 2010 Courtney et al.
20100088698 April 8, 2010 Krishnamurthy
20100115041 May 6, 2010 Hawkins et al.
20100142516 June 10, 2010 Lawson et al.
20100150139 June 17, 2010 Lawson et al.
20100167689 July 1, 2010 Sepehri-Nik et al.
20100188979 July 29, 2010 Thubert et al.
20100191915 July 29, 2010 Spencer
20100208881 August 19, 2010 Kawamura
20100217837 August 26, 2010 Ansari et al.
20100217982 August 26, 2010 Brown et al.
20100232594 September 16, 2010 Lawson et al.
20100235539 September 16, 2010 Carter et al.
20100251329 September 30, 2010 Wei
20100251340 September 30, 2010 Martin et al.
20100281108 November 4, 2010 Cohen
20100291910 November 18, 2010 Sanding et al.
20110029882 February 3, 2011 Jaisinghani
20110053555 March 3, 2011 Cai et al.
20110078278 March 31, 2011 Cui et al.
20110081008 April 7, 2011 Lawson et al.
20110083179 April 7, 2011 Lawson et al.
20110093516 April 21, 2011 Geng et al.
20110096673 April 28, 2011 Stevenson et al.
20110110366 May 12, 2011 Moore et al.
20110131293 June 2, 2011 Mori
20110167172 July 7, 2011 Roach et al.
20110170505 July 14, 2011 Rajasekar et al.
20110176537 July 21, 2011 Lawson et al.
20110211679 September 1, 2011 Mezhibovsky et al.
20110251921 October 13, 2011 Kassaei et al.
20110255675 October 20, 2011 Jasper et al.
20110265172 October 27, 2011 Sharma et al.
20110267985 November 3, 2011 Wilkinson et al.
20110274111 November 10, 2011 Narasappa et al.
20110276892 November 10, 2011 Jensen-Horne et al.
20110276951 November 10, 2011 Jain
20110280390 November 17, 2011 Lawson et al.
20110283259 November 17, 2011 Lawson et al.
20110289126 November 24, 2011 Aikas et al.
20110299672 December 8, 2011 Chiu et al.
20110310902 December 22, 2011 Xu
20110320449 December 29, 2011 Gudlavenkatasiva
20110320550 December 29, 2011 Lawson et al.
20120011274 January 12, 2012 Moreman
20120017222 January 19, 2012 May
20120028602 February 2, 2012 Lisi et al.
20120036574 February 9, 2012 Heithcock et al.
20120039202 February 16, 2012 Song
20120079066 March 29, 2012 Li et al.
20120083266 April 5, 2012 VanSwol et al.
20120110564 May 3, 2012 Ran et al.
20120114112 May 10, 2012 Rauschenberger et al.
20120149404 June 14, 2012 Beattie et al.
20120173610 July 5, 2012 Bleau et al.
20120174095 July 5, 2012 Natchadalingam et al.
20120198004 August 2, 2012 Watte
20120201238 August 9, 2012 Lawson et al.
20120208495 August 16, 2012 Lawson et al.
20120226579 September 6, 2012 Ha et al.
20120239757 September 20, 2012 Firstenberg et al.
20120254828 October 4, 2012 Aiylam et al.
20120281536 November 8, 2012 Gell et al.
20120288082 November 15, 2012 Segall
20120290706 November 15, 2012 Lin et al.
20120304245 November 29, 2012 Lawson et al.
20120304275 November 29, 2012 Ji et al.
20120316809 December 13, 2012 Egolf et al.
20120321070 December 20, 2012 Smith et al.
20130029629 January 31, 2013 Lindholm et al.
20130031158 January 31, 2013 Salsburg
20130054684 February 28, 2013 Brazier et al.
20130058262 March 7, 2013 Parreira
20130067448 March 14, 2013 Sannidhanam et al.
20130156024 June 20, 2013 Burg
20130201909 August 8, 2013 Bosch et al.
20130204786 August 8, 2013 Mattes et al.
20130212603 August 15, 2013 Cooke et al.
20130244632 September 19, 2013 Spence et al.
20140064467 March 6, 2014 Lawson et al.
20140105372 April 17, 2014 Nowack et al.
20140106704 April 17, 2014 Cooke et al.
20140123187 May 1, 2014 Reisman
20140129363 May 8, 2014 Lorah et al.
20140153565 June 5, 2014 Lawson et al.
20140185490 July 3, 2014 Holm et al.
20140254600 September 11, 2014 Shibata et al.
20140274086 September 18, 2014 Boerjesson et al.
20140282473 September 18, 2014 Saraf et al.
20140355600 December 4, 2014 Lawson et al.
20150004932 January 1, 2015 Kim et al.
20150004933 January 1, 2015 Kim et al.
20150023251 January 22, 2015 Giakoumelis et al.
20150181631 June 25, 2015 Lee et al.
Foreign Patent Documents
1684587 March 1971 DE
0282126 September 1988 EP
1464418 October 2004 EP
1522922 April 2005 EP
1770586 April 2007 EP
2134107 September 1999 ES
10294788 April 1998 JP
2004166000 June 2004 JP
2004220118 August 2004 JP
2006319914 November 2006 JP
9732448 September 1997 WO
02087804 November 2002 WO
2006037492 April 2006 WO
2009018489 February 2009 WO
2009124223 October 2009 WO
2010037064 April 2010 WO
2010040010 April 2010 WO
2010101935 September 2010 WO
2011091085 July 2011 WO
Other references
  • Complaint for Patent Infringement, Telinit Technologies, LLC v. Twilio Inc., dated Oct. 12, 2012.
  • RFC 3986: Uniform Resource Identifier (URI): Generic Syntax; T. Berners-Lee, R. Fielding, L. Masinter; Jan. 2005; The Internet Society.
Patent History
Patent number: 9270833
Type: Grant
Filed: Apr 15, 2014
Date of Patent: Feb 23, 2016
Patent Publication Number: 20140226803
Assignee: Twilio, Inc. (San Francisco, CA)
Inventors: Adam Ballai (San Francisco, CA), Robert C. Hagemann, III (San Francisco, CA), Daniel Zarick (San Francisco, CA)
Primary Examiner: Wayne Cai
Application Number: 14/253,316
Classifications
Current U.S. Class: Fraud Or Improper Use Mitigating Or Indication (e.g., "blue Box", "black Box") (379/189)
International Classification: H04M 1/66 (20060101); H04M 15/00 (20060101); H04W 12/12 (20090101); H04L 29/06 (20060101); H04L 29/08 (20060101);