Abstract: A system and method to provide secure access across the untrusted public switched telephone network is described. The system and method can be initiated by a security policy defining actions to be taken based upon at least one attribute of the call.

Abstract: Method, mobile station and radio communications system for controlling security-related functions for call handling. Based on the known method and radio communications system for controlling the security-related functions for call handling with subscriber authentication and secrecy of the information, a ciphering request having an identifier (cimode) is received and evaluated by the mobile station (MS) in order to determine whether the communications network wishes to have connections on the air interface (AIF) with ciphered information or with unciphered information. In this case, the mobile station (MS) can be switched under subscriber control to an operating mode in which the connection (for example v1) is terminated if the received identifier (cimode) allows connections with unciphered information.

Abstract: In order to detect fraudulent or potentially fraudulent usage of a telecommunications network, each call connected by way of one of the digital main switching units of the network (3a to 3c) has an associated billing record transferred to a fraud management system (4). The fraud management system compares the origin and destination of the call with a known usage pattern for the originator and, if other indications are that the call is of a fraudulent nature, and the call deviates from the known usage pattern an alarm can be forwarded to an operator. The user profile used to determine normal calling behaviour is updated over a period of time in respect of calls determined as not fraudulent. An initial user profile may be generated from historic billing records.

Abstract: In a telecommunication network, there is provided a system for monitoring a plurality of telephone calls to a common private branch exchange, PBX) in order to detect fraudulent activity. In particular, fraudulent activity is detected in calls made to and originating from a PBX that uses a common billing number. If fraudulent activity is found, an alert message is provided to a fraud analyst for further review. Call detail records corresponding to each of the calls, are retrieved and stored in a queue. The billing number and a call time associated with each call detail record are analyzed. Each call detail record, billing number and call time is compared with at least one predetermined threshold relating to billing numbers and call times.

Abstract: Disclosure of the invention encompasses the activation, validation and continued verification of an electronic device installed on a common telephone line usually at a residence, to prohibit a three-way call event from being performed by the local telephone after the device has been in communication with and activated by signal from a remote computer system. Furthermore the device and remote system can function in a prepaid calling mode keeping track of the prepaid amounts and debiting the amounts during the call. The invention functionality could also be integrated within a standard telephone inside a telephone housing or functionally into a wireless device or an IP soft phone.

Abstract: To provide a portable telephone system in which use of the portable telephone set is automatically limited in a site where the use of the set is limited and in which causes of non-response and other various information can be transmitted over a low power channel to a control device, for transmission to an originating party who called the use-limited portable telephone set.

Abstract: A system and method of telephony resource management and security for monitoring and/or controlling incoming and outgoing calls between an enterprise's end-user stations and a public circuit-switched network and/or a public packet-switched network. A security policy is made up of one or more rules designating at least one action to be performed based on at least one attribute of the incoming or outgoing call. Calls are detected and sensed on the line, trunk and/or cabling, and analyzed to determine attributes associated with each call. Actions are performed based upon the determined attributes, in accordance with the security policy rules.

Abstract: An advanced three way call detection system which measures delay times associated with multiple echoes of a reference signal transmitted over a two way call. A reference signal is initially transmitted over a two way call when a two way connection is first established between a local telephone and a remote telephone. The echo characteristics of the two way connection are measured and recorded in an initial echo profile. The initial echo profile represents the number of and timing of each detected echo of the reference signal after transmission of the reference signal over the two way call when the two way connection is first established. The reference signal is then continuously transmitted at various timing intervals during the telephone conversation and the incoming line is sampled in order to detect echoed versions of the reference signal in order to create subsequent echo profiles.

Abstract: A system and method of telephony security for controlling and logging access between an enterprise's end-user stations and their respective circuits into the public switched telephone network (PSTN). A security policy, i.e., a set of security rules, are defined for each of the extensions, the rules specifying actions to be taken based upon at least one attribute of the call on the extension. Calls are detected and sensed on the extensions to determine attributes associated with each call. Actions are then performed on selected calls based upon their attributes in accordance with the security rules defined for those extensions.

Abstract: A system and method of telephony resource management and security for monitoring and/or controlling and logging access between an enterprise's end-user stations and their respective circuits into the public switched telephone network (PSTN). A set of security rules is defined for each of the extensions which specify actions to be taken based upon at least one attribute of the call on the extension. Calls are detected and sensed on the extensions to determine attributes associated with each call. Actions are then performed on selected calls based upon their attributes in accordance with the security rules defined for those extensions.

Abstract: A system and method to provide secure access across the untrusted PSTN is described. The system and method utilizes telephony resources that can be initiated by a security policy defining actions to be taken based upon at least one attribute of the call, providing multi-tiered policy-based enforcement capabilities and visibility into security events.

Abstract: A system and method for discriminating call content types for individual telephone lines at a plurality of user sites outside of a Public Switched Telephone Network (PSTN) is described. The system includes: a database containing security rules for each of a plurality of extensions, the rules specifying actions to be taken based upon a call content type of the call on the extension, wherein the call content type is determined at the user sites outside the PSTN; and a line sensor within the user sites outside the PSTN for determining the call content type of the call. The line sensor continuously checks the call content type to determine if the call content type changes.

Abstract: A system and method to provide secure access across the untrusted public switched telephone network is described. The system and method can be initiated by a security policy defining actions to be taken based upon at least one attribute of the call.

Abstract: Methods to identify inter-carrier telephone calls in a telephone system that are being mis-routed in such a way as to violate existing regulatory tariffs and/or established inter-carrier contracts. The common name for this manipulation is “arbitrage”, and the intent of the perpetrators is to take advantage of lower rates associated with the delivery of telephone traffic via other routes. Through the processes of collecting call detail records and their correlation in representative embodiments, various call “legs” associated with the same call can be identified, and a more accurate “compound” call record can be made that incorporates call routing information obtained from the individual call legs. A statistical analysis can then be performed to more clearly illuminate any arbitrage.

Abstract: A telephony security system and method for controlling and logging access between an enterprise'send-user stations at a plurality of customer sites and their respective circuits into the public switched telephone network (PSTN). The system and method includes a discrete line sensor within the customer sites for determining a call type of the call, and taking actions on the call based on predetermined security rules.

Abstract: An arbitration-type call establishing system comprising a plurality of user systems and a connection control system. The user systems each include means for transmitting the arbitration conditions including the desired other party to connect and the desired other party to permit a connection request, to a connection control system through a data network.

Abstract: A predictive model system is used to detect telecommunications fraud. Call records (CDRs) provided by telephone companies are evaluated against specified rules. If one or more rules are matched, the system generates an alert. Pending alerts for a customer form a case, describing the caller's calling patterns. A predictive model determines a score that is predictive of the likelihood that the call involved fraud. Cases are queued for examination by analysts.

Abstract: This invention allows enterprises to achieve specific objectives in the management and enforcement of policies related to the use of telecommunications services. It was conceived for use in connection with traditional telephone networks that carry voice, facsimile or voice-band-data (VBD) traffic, though it is not necessarily limited to such networks. It involves measurement of the properties of traffic on a communications channel, and the use of such knowledge in combination with various ancillary properties of telecommunications service usage to guide the conditional performance of prescribed actions based on user-defined policies. The measured traffic properties include classification of the type of traffic, where the set of possible classes include zero or more classes selected from a group of general categories comprising Voice, Facsimile, Voice-Band-Data, DTMF, Audible Network Signaling, Facsimile Handshaking, Voice-Band-Data Handshaking, Silence and Unknown.

Abstract: A method and device for preventing fraud in special service calls from an international origin point to a domestic terminating point through a long-distance telecommunications system is described. In the system and method, a Screening for International Calls database is added to the Integrated Services Network (ISN) platform. The records in the Screening for International Calls database are keyed by the country code and contain a field for blocked terminating regions. When an international call is made, the record corresponding to the international origin point is retrieved from the Screening for International Calls database. This record is checked to determine if there are terminating regions indicated in the blocked exchange field. If there are no terminating regions indicated in the blocked exchange field, call processing continues.

Abstract: A system and method of telephony security for controlling and logging access between an enterprise's end-user stations and their respective circuits into the public switched telephone network (PSTN). A security policy, i.e., a set of security rules, are defined for each of the extensions, the rules specifying actions to be taken based upon at least one attribute of the call on the extension. Calls are detected and sensed on the extensions to determine attributes associated with each call. Actions are then performed on selected calls based upon their attributes in accordance with the security rules defined for those extensions.

Abstract: A process, apparatus and system are disclosed for verifying the authenticity of a user before providing the user with a desired service. The process involves first receiving a request from the user. Next, a question set is fetched corresponding to the user. The question set concerns information of a private nature that someone with rightful access to the desired services should know. The question set has at least one question and a possible answer or list of possible answers corresponding to the question. The question is then transmitted to the user along with the possible answer(s). After receiving a response from the user, a record is made whether the response correctly identified the possible answer as being correct or not. Finally, after the number of questions transmitted to the user reaches a predetermined number, a determination is made whether the number of incorrect responses exceeds a certain limit.

Abstract: A fraud detection system receives data relating to telecommunications activity. Event generators generate events from the received data, with each event having a weight corresponding to an increased or decreased likelihood of fraud. The aggregated events for a subject (a subscriber or an account) determine a score for the subject, which is used to prioritize the subject in an investigation queue. Human analysts are assigned to open investigations on the investigation queue according to the priority of subjects. In this manner, investigation resources can be applied more effectively to high-risk subscribers and events.

Abstract: A telecommunications system, service control point and method are described that can pre-screen a telephone call to help prevent telephone toll fraud. More specifically, the telecommunications system includes a service control point capable of receiving information about a telephone call originated by a calling party, and further capable of determining whether the telephone call has a fraudulent attribute. If the telephone call has a fraudulent attribute, then the calling party is informed that there is a possibility of telephone toll fraud occurring if the telephone call is connected to a called party. And, if the telephone call does not have a fraudulent attribute, then the telephone call is automatically connected to the called party.

Abstract: A method for inhibiting the use of dual tones over an established voice channel of a telecommunications network. The method inhibits a call tone by removing at least one frequency selected from a group of frequencies used for in-band signaling. The method may also determine a time for inhibiting the call tone.

Abstract: The losses sustained by telecommunications service providers attributable to unpaid, long-duration calls are reduced if such calls are carefully monitored. Upon the determination that a call might be fraudulent, the circuits carrying the call through a network or switching system comprising the network are automatically identified. The determination that a call might be fraudulent is forwarded to an administrator and, using information on the circuits carrying the call, the administrator can take affirmative steps to either tear down the call or further investigate whether the call is fraudulent.

Abstract: A system and method of telephony security for controlling and logging access between an enterprise's end-user stations and their respective circuits into the public switched telephone network (PSTN). A security policy, i.e., a set of security rules, are defined for each of the extensions, the rules specifying actions to be taken based upon at least one attribute of the call on the extension. Calls are detected and sensed on the extensions to determine attributes associated with each call. Actions are then performed on selected calls based upon their attributes in accordance with the security rules defined for those extensions.

Abstract: A system and method for detecting and preventing a fraudulent telephone call in telecommunication system is provided. First, a terminating number of a first call and a originating number of a second call are received from a telecommunication network. The terminating number of the first call is compared with the originating number of the second calls which are originated within a predetermined time period from a termination of the first call. After comparison, it is determined whether the first and the second calls are fraudulent telephone call.

Abstract: A telephone having call-screening capabilities includes a memory for storing call-screening data. The call-screening data is used by the telephone to screen incoming calls. Incoming calls can be accepted, rejected, or diverted based on the call-screening data stored in memory. The call-screening data is automatically updated when a call is made to a previously screened number provided that certain predetermined conditions are satisfied, so that calls can be received from the previously screened number. Updates may be made, for example, when the call to the previously screened number is unanswered, when it is diverted to a recording device, or when the call is made to a number from which a previously screened call was made. The phone can be programmed so that updates automatically expire after a predetermined time period has elapsed.

Abstract: Terminating number screening to block portable billing products from terminating to a designated high fraud domestic or international terminating numbers. When a call is placed and it is billed to a portable billing product, the dialed digits of the terminating number is verified against the terminating number screening database. If the sequence of dialed digits is found in the terminating number screening database, the call is denied. The caller is then informed that they cannot place a call to this destination and asked if there is another terminating number they wish to call. If the sequence of dialed digits is not found in the terminating number screening database, the call is allowed to process without interruption. The purpose of this functionality is to protect the Operator Service network from repeated fraudulent calling to individual telephone line numbers either international or domestic.

Abstract: Fraud prevention in a telecommunications network using call initiation equipment including intelligence capable of authentication is described. In order to initiate a call via a telecommunications network, the call initiation equipment sends authentication data to an adjunct platform. The adjunct platform uses the authentication data to determine if the call initiation equipment is authorized to use the customer wireline that interconnects the call initiation equipment to the telecommunications network.

Abstract: A method of and system for detecting the possible fraudulent use of a telecommunications network involves applying rule-based criteria to generate a plurality of fraud alarms, each corresponding to an individual rule. Each alarm is associated with a particular customer, and for each individual customer a note is made of the total alarms generated by that customer and the grouping of individual alarm types generated. The customer's call is then determined to be fraudulent or otherwise based upon prior experience of past customers who have generated that particular profile of alarm grouping and total number of alarms. The system automatically outputs a list of potentially fraudulent customers, the accounts of which may either be further investigated or may automatically be inhibited.

Abstract: An improved workstation for use in a telecommunications fraud detection system is disclosed. The workstation provides a fraud analyst with streamlined access to case records defining one or more subcases or fraud analyses associated with specified calling card numbers. Additionally, the workstation is preferably interconnected to a customer information database and may display a variety of detailed customer information on monitor together with associated case or subcase information. Through the use of assorted tools provided by the workstation, a fraud analyst may efficiently study instances of possible telecommunications fraud on a case-by-case basis.

Abstract: An apparatus and method for secured redialing in a telephone is disclosed. The redial feature is made secure by establishing a prescribed time for storing in memory a last number dialed. Once the prescribed time has elapsed, the number is erased from the telephone memory. The apparatus and method can also prevent storing in memory the last dialed number.

Abstract: A system and method of telephony resource management and security for monitoring and/or controlling and logging access between an enterprise's end-user stations and their respective circuits into the public switched telephone network (PSTN). A security policy, i.e., a set of security rules, are defined for each of the extensions, the rules specifying actions to be taken based upon at least one attribute of the call on the extension. Calls are detected and sensed on the extensions to determine attributes associated with each call. Actions are then performed on selected calls based upon their attributes in accordance with the security rules defined for those extensions.

Abstract: A call intercept process (CIP) for calling card calls originating from an international country and terminating at an international high fraud country. When a call is placed via a calling card and terminates to a high fraud terminating location, the call is first screened against a database to determine if the termination is in fact, a high fraud country. Regardless of whether this screening is implemented, the call is routed to a first level operator in order to verify the billing account information of the caller as an authorized user. This verification is based on customer and business name, address, zip code, and phone number. If the caller passes verification, a CIP process automatically overrides the calling card from any future Intercepts. If caller fails account verification, the a CIP process automatically places the card in a ‘LOCKED STATUS MODE’ which mode indicates that any additional calls based on that card be intercepted regardless of termination.

Abstract: Real time detection of the fraudulent use of a telecommunications network is accomplished by analyzing data for each call that is occurring within the network. A signal protocol receiver is used to collect signaling protocol for each call that is occurring within the network. The Signaling protocol data is collected, decoded and formatted into call information records (CIRs). The CIRs contain various operator specified parameters for each call that is occurring within the network. The CIRs are compared to operator defined thresholds. If any of the CIRs exceeds the thresholds, an alert is generated. The alerts are stored in a database where the operator can analyze them and take the appropriate corresponding action to resolve the alert. The alerts and the CIRs are archived in a database so that trends of fraudulent use can be detected and prevented. This method of fraud detection provides for the effective analyzation of every call that is occurring within the network.

Abstract: A system and method of telephony security for controlling and logging access between an enterprise's end-user stations and their respective circuits into the public switched telephone network (PSTN). A security policy, i.e., a set of security rules, are defined for each of the extensions, the rules specifying actions to be taken based upon at least one attribute of the call on the extension. Calls are detected and sensed on the extensions to determine attributes associated with each call. Actions are then performed on selected calls based upon their attributes in accordance with the security rules defined for those extensions.

Abstract: An improved system for detecting and preventing telecommunications fraud prior to call connection, in which attempted calls are screened for fraud at the point of calling card validation in the SCP. The SCP accesses a database holding a variety of fraud decision nodes that may be interrelated and grouped together to cooperatively define fraud screening trees against which attempted calls may be tested. A fraud screening tree ultimately produces a fraud prediction based on a variety of information concerning the attempted call. The present invention therefore facilitates fraud screening with greater granularity and customization.

Abstract: A system and method for implementing a fully integrated and cooperative telecommunications firewall/scanner that can be deployed either as a standalone device, or over a large-scale distributed client-server architecture is described. In addition to providing enhanced telecommunications firewall and scanner security capabilities, the integrated telecommunications firewall/scanner provides the capability to ensure implementation of a corporate-dictated security structure, and event visibility and report consolidation requirements, across a globally-distributed enterprise, using policy-based enforcement of a Security Policy. In the most basic configuration, the integrated firewall/scanner performs continuous security access monitoring and control functions, keyword and content monitoring and control functions, and remote access authentication, initiating coordinated vulnerability assessments, as well as automatic synchronous adjustments to the Security Policy in response to the vulnerability assessment results.

Abstract: A system and method of telephony security for controlling and logging access between an enterprise's end-user stations and their respective circuits into the public switched telephone network (PSTN). A security policy, i.e., a set of security rules, are defined for each of the extensions, the rules specifying actions to be taken based upon at least one attribute of the call on the extension. Calls are detected and sensed on the extensions to determine attributes associated with each call. Actions are then performed on selected calls based upon their attributes in accordance with the security rules defined for those extensions.

Abstract: Apparatus for preventing unauthorized use of a voice dialing system and, particularly, a call forwarding feature associated with the system whereby system users may forward a telephone number respectively associated therewith to a remote location in order to receive phone calls at the remote location, comprises: a database for pre-storing telephone numbers of system users and for pre-storing acoustic models respectively representative of speech associated with each system user, the acoustic models respectively corresponding to the telephone numbers; and a speaker identification module operatively coupled to the database for obtaining and decoding a speech sample from a potential system user during the potential users' attempt to make a telephone call, the speaker identification module comparing the decoded speech sample obtained with the pre-stored acoustic model associated with the telephone number dialed by the potential user; whereby if the decoded speech sample substantially matches the pre-stored ac

Abstract: A system and method for implementing a fully integrated and cooperative telecommunications firewall/scanner that can be deployed either as a standalone device, or over a large-scale distributed client-server architecture is described. In addition to providing enhanced telecommunications firewall and scanner security capabilities, the integrated telecommunications firewall/scanner provides the capability to ensure implementation of a corporate-dictated security structure, and event visibility and report consolidation requirements, across a globally-distributed enterprise, using policy-based enforcement of a Security Policy. In the most basic configuration, the integrated firewall/scanner performs continuous security access monitoring and control functions, keyword and content monitoring and control functions, and remote access authentication, initiating coordinated vulnerability assessments, as well as automatic synchronous adjustments to the Security Policy in response to the vulnerability assessment results.

Abstract: A method and system for detecting fraud in a telecommunications network matches information on individual calls to a series of rules (18). For each rule r, a threshold Tr is defined, and if the fit of an individual call to that rule is exceeds Tr, an alarm is generated. All call records resulting in alarms are stored within a positive matching file. Likewise, calls which just fail to meet the criteria, within a given tolerance level &THgr;, are stored in a separate negative matching file. The entries in the positive and negative matching files are then checked by skilled operators to determine which in fact represent true fraud. On the basis of those validations, a decision module within the system automatically calculates and implements the necessary changes to the thresholds Tr by means of a feedback loop.

Abstract: A method and apparatus for fraud control in cellular telephone systems. Call records from a switch are scanned to identify a fraudulent cellular phone based on its behavior. An identifier, e.g., a radio frequency (RF) signature, representative of the fraudulent phone is stored in a control channel editor at a cell site. A database of identifiers may comprise a positive validation database storing the identifiers for all valid phones used in the cellular telephone system, or it may be a negative validation database storing the identifiers for known fraudulent phones. A control channel editor intercepts a call origination request transmitted by a phone, and a control processor compares one or more characteristics of the phone transmitting the call origination request to the database of identifiers. The control processor then prevents the call origination request from completing when the comparison indicates that the phone is fraudulent.

Abstract: Access is granted to a portion of a computing system, such as to a configuration menu of a telephone system. In order to grant access, a password is received from a user. A variable password is also calculated. The variable password varies with time. For example, the variable password varies with a current date and with a time of day stored by the computing system. The password received from the user is compared with the calculated variable password. When the password received from the user is equal to the calculated variable password, access is granted.

Abstract: An automobile radio telephone apparatus capable of detecting a drop of power source voltage to prevent a telephone channel from being occupied wastefully and to thereby enhance efficient use of channels with regard to the operation of an automobile radio telephone system. When the power source voltage is lower than a predetermined voltage, the apparatus informs the user of such an occurrence. On the lapse of a predetermined period of time and if a conversation is under way, the apparatus warns the user that it will execute a forcible conversation ending procedure and then executes it.

Abstract: Fraud losses in a communication network are substantially reduced by automatically generating fraud management recommendations in response to suspected fraud and by deriving the recommendations as a function of selected attributes of the fraudulent activity. More specifically, a programmable rules engine automatically generates recommendations based on call-by-call fraud scoring so that the recommendations correspond directly to the type and amount of suspected fraudulent activity. Using telecommunications fraud as an example, an automated fraud management system receives call detail records that have been previously scored to identify potentially fraudulent calls. Fraud scoring estimates the probability of fraud for each call based on the learned behavior of an individual subscriber as well as that of fraud perpetrators. Scoring also provides an indication of the contribution of various elements of the call detail record to the fraud score for that call.

Abstract: Fraud losses in a communication network are substantially reduced by automatically and selectively invoking one or more authentication measures based on a fraud score that indicates the likelihood of fraud for that particular call or previously scored calls. By selectively invoking authentication on only those calls that are suspected or confirmed to be fraudulent, fraud prevention can be achieved in a way that both reduces fraud losses and minimizes disruptions to legitimate subscribers. Using telecommunication fraud as an example, a subscriber is registered in a system by collecting data on that subscriber based on the particular authentication method being used, such as shared knowledge (e.g., passwords), biometric validation (e.g., voice verification), and the like. Once registered, the authentication function for the subscriber's account is activated and subsequent calls are then scored for the likelihood of fraud during the call setup request phase.

Abstract: A transmitter identification system to determine if cellular phones in a cellular phone system are authorized as distinguished from cloned phones, operated by fraudulent users, that are unauthorized. Components used in the manufacture of cellular phones vary slightly from one phone to anther so that, when the phones are used, the transmitter signals from each phone have different external signal traits. For each cellular phone call, the transmitter signal is received and characterized using a received set of features resulting from the external signal traits. The received set of features is compared with previously stored sets of Features in a database to determine if the call is authorized or unauthorized and, if unauthorized, the call is stopped and access to the fraudulent user is denied.

Abstract: Methods and apparatus for activating telephone services in response to speech are described. A directory including names is maintained for each customer. A speaker dependent speech template and a telephone number for each name, is maintained as part of each customer's directory. Speaker independent speech templates are used for recognizing commands. The present invention has the advantage of permitting a customer to place a call by speaking a person's name which serves as a destination identifier without having to speak an additional command or steering word to place the call. This is achieved by treating the receipt of a spoken name in the absence of a command as an implicit command to place a call. Explicit speaker independent commands are used to invoke features or services other than call placement. Speaker independent and speaker dependent speech recognition are performed on a customer's speech in parallel.