A TELEPHONE FRAUD PREVENTION SYSTEM
BACKGROUND OF THE INVENTION
This invention relates to a telephone fraud prevention system.
So-called clip-on fraud is a common form of a fraud on a telecommunications network. A fraudster connects a telecommunications device onto a line between a customer premises equipment and a central exchange. The fraudster is then able to make telephone calls which are charged to the unsuspecting customer.
In addition, the fraudster often sets up foreign conference calls to allow parties in different countries to speak to one another and all of these calls are charged to the unsuspecting customer.
The present invention seeks to address this type of clip-on fraud.
SUMMARY OF THE INVENTION
According to the present invention there is provided a telephone fraud prevention system comprising:
a maintenance termination unit adapted to detect when customer premises equipment goes off hook and to transmit a signal in response to the off hook detection; and
a fraud detection controller adapted to wait for an off hook signal indicating that the maintenance termination unit has detected that the customer premises equipment is off hook, and if the off hook signal is not received within a predetermined amount of time to block communication on a line between the customer premises equipment and a switch on a telecommunications network.
Preferably, the maintenance termination unit includes an encryption means which encrypts the signal transmitted, and wherein the fraud detection controller includes a decryption means for decrypting the signal received.
The maintenance termination unit may be directly or indirectly connected to the fraud detection controller so that the signal transmitted from the maintenance termination unit is the off hook signal received by the fraud detection controller.
Preferably, the fraud detection controller is adapted so that in the event it does not receive an off hook signal within the predetermined amount of time, it detects if the number being dialled is an emergency or service number before blocking the line.
The present invention further extends to a fraud detection controller including:
a receiver for receiving a signal from a maintenance termination unit, the signal indicating that customer premises equipment is off hook;
decryption means for decrypting the signal received; and
blocking means for blocking a call on the line from the customer premises equipment to a switch on a telecommunications network if an off hook signal is not received from the maintenance termination unit within a predetermined amount of time.
The controller may be located on a digital line between a line interface and a core processing plant.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a block diagram overview of the system of the present invention;
Figure 2 is a schematic block diagram of the maintenance termination unit of Figure 1 ;
Figure 3 is a schematic block diagram of the fraud detection node of Figure 1 ;
Figure 4 is a schematic block diagram of the fraud detection card of Figure 1 ;
Figure 5 is a schematic block diagram of the remote management card of Figure 1 ;
Figures 6 to 12 show a call sequence of a normal call according to the present invention; and
Figures 7 to 21 show a call sequence of a clip on fraud attempt according to the present invention.
DESCRIPTION OF EMBODIMENTS
Referring to the accompanying drawings, a maintenance termination unit (MTU) 10 is placed at the customer premises terminating the copper telephone line 12 from the exchange. Customer premises equipment (CPE) 14 in the form of a telephone (Fax, modem etc) is removably connected to the maintenance termination unit 10.
A fraud detection controller (FDC) card 16 is placed in a switching room between a line interface unit (LIU) 18 and a core processing plant (CPP) 20. The fraud detection controller 16 intercepts the receive path between the line interface unit 18 and the core processing plant 20.
A remote manager card (RMC) 22 is co-located and connected to the fraud detection controllerlδ via a sub rack system back-plane. The remote manager card 22 connects to a management network via an Ethernet port (not shown) and a remote workstation 24 logs into the remote manager card 22 via a management network 26.
A method of detecting and preventing clip-on fraud is implemented by the system which intercepts and monitors the concentrated digital transmission between the line interface unit 18 and core processing plant 20 for encrypted authorization codes.
When the telephone 14, or any other customer premises equipment such as a fax or modem, for example, which is located behind the maintenance termination unit goes off-hook, a unique encrypted message is transmitted by the maintenance termination unit 10 to the switch. The line interface unit 18 digitizes the analogue information and transmits the data through the fraud detection controller 16 to the core processing plant 20. The fraud detection controller 16 decrypts, decodes and validates the message. If the message is correctly validated, the fraud detection controller 16 patches the timeslot through to the core processing plant 20 and the call progresses in the normal way. Should the message not be received or be invalid, the fraud detection controller 16 will block the sent information and the call will not be setup. Should a clip-on attack take place before the maintenance termination unit 10, the required message will not be transmitted to the switch and the call will be blocked.
The remote manager card 22 is the link between the fraud detection controller 16 and the management network 26 and is used to set up the message databases remotely. The activation and deactivation of the blocking functions by the fraud detection controller 16 are controlled by secure workstations 24 connected to the network 26, which in turn is connected to the remote manager card 22. All activities can be remotely monitored.
Figure 2 is a block diagram of the maintenance termination unit 10 of Figure 1.
The maintenance termination unit 10 includes an off hook detection means 28 for detecting when the customer premises equipment is off hook. The off hook detection means 28 is implemented as a line loop detection device, which devices are well known. The fact that the telephone 14 is off hook, indicates that a call is in progress. Thus, the line loop detection circuit 28 enables the maintenance termination unit 10 to know when an encrypted message must be transmitted.
An encryption means 30 encrypts a unique code for transmission in response to the off hook detection.
Any one of a number of known encryption methods can be used, obviously as long as the encryption and decryption devices are synchronized.
Transmitting means in the form of a tone transmitter 32 transmits the encrypted message towards the exchange.
Referring to Figure 3, the fraud detection controller 16 has a receiver path 34 from the line interface unit 18 and a path 36 to the core processing plant 36.
It will be appreciated from the drawing that a number of terminals 24 can be connected simultaneously to one or more remote manager cards 22.
Figure 4 illustrates the fraud detection card 16 in more detail.
The card includes a receiver 38 for receiving encrypted signals which were transmitted from the maintenance termination unit 10, via the line interface unit 18 to the fraud detection card 16.
A tone detection and signal extraction unit 40 extracts the unique code which was encrypted and transmitted by the maintenance termination unit 10. This encrypted code is sent to decryption means in the form of decryption and validation unit 42.
In addition, the receiver path stream is routed to a timeslot switch 44 by the tone detection and signal extraction unit 40. This timeslot switch routes the receive path stream through the fraud detection card to a transmitter unit 46, once instructed to do so by the validation unit 42.
The decryption and validation unit 42 decrypts and analyses the received code. If the code is present and valid then the validation unit 42 instructs the time-slot switch 44 to switch the receive path stream from the signal extraction unit through to the transmitter 46. If the code is not present or is invalid or a non emergency number then the validation unit will instruct the time-slot switch to block the receive path stream, thus preventing the call from being set up. The validation unit will transmit via the back-plane interface any invalid code instances, errors or other relevant data to the remote manager card 22.
A back-plane interface 48 forms a communication link with the remote manager card 22. The back-plane interface 48 receives and processes instructions sent to the fraud detection controller 16 by the remote manager card 22, which can include configuration settings for the other units mentioned above. The back-plane interface will also transmit pertinent data from the fraud detection controller 16 to the remote manager card 22.
In general, the fraud detection controller16 monitors the receive path for outgoing calls from the customer. The fraud detection controller 16 expects to see a unique encrypted message transmitted within a predetermined amount of time from the maintenance termination unit 10 once an off-hook condition has been detected. This message is decrypted and the call is validated. The fraud detection controller 16 will then patch the time slot from the line interface unit 18 through to the core processing plant 20. If the call fails to validate or an encrypted message is not received then the fraud detection controller 16 will block the call if it is a non emergency number.
The fraud detection controller 16 obtains all the information it requires from the remote manager card 22. The remote manager card 22 can manage multiple fraud detection controllers 16. The fraud detection controller16 communicates all pertinent information, such as blocked calls, to the remote manager card 22.
The remote manager card 22 allows users with the required access rights to logon from a remote server 50 (Figure 3). The server 50 holds all user accounts and is a central repository for all critical information required by the remote manager cards 22. A user is able to log onto the server from a terminal and the server will establish a logon connection to the desired remote manager card22 if the user has access permission. The server 50 also collates all information passed to it from the remote manager cards enabling users to view the information and determine where fraudulent calls are being attempted.
Referring to Figure 5, the remote management card 22 includes a local area network (LAN) interface 52 which connects the card to the server 50 via a communications network 26. All configuration instructions as well as all requests are received and transmitted via this interface.
The CPU 54 forms the heart of the card and all commands are processed by the CPU 54. The local operating data used to configure the fraud detection controller 16 is kept in the CPU 54. If any invalid or missing code events are received by the remote manager card 22, the CPU call will log them and send notification to the server 50 via the network 26.
Referring to Figures 6 to 21 , the Figures illustrate a call sequence for a normal call and in the event of a clip on fraud attempt.
In the sequence of Figures, like reference numerals have been used to reference like parts.
Referring to Figure 6, the Figure illustrates the call sequence for a normal call. In the Figure, a telephone 14 has gone off hook typically by a user of the telephone lifting the handset to begin making the call.
Referring to Figure 7, the digital line unit (DLU) which is essentially an analogue to digital converter detects that the telephone 14 is off hook on port 0 and transmits a message to the fraud detection controller (FDC) 16. The messages are transmitted in time-slot 16 as illustrated in the Figure. Signalling always takes place in time-slot 16 which is a fixed time-slot dedicated for signalling
The message is transferred through the FDC 16 to the Line Trunk Group (LTG) 20. The message is that port 0 is off hook.
Referring to Figures 8 and 9, the LTG 20 transmits a message back in time slot 16 to the DLU 18 via the FDC 16 to allocate time slot 2(Keep in mind that Timeslots are dynamically allocated and not always TS 2 as in this example) to port 0.
It should be noted that the line status throughout this procedure is unbarred or this procedure will fail. Once the timeslot is allocated, the exchange does a cross-check to verify that the channel is open.
The abovementioned procedure takes approximately 50 milliseconds. From 50 milliseconds the Subscriber Line Interface Circuit (SLIC) stabilises and the MTU 10 detects a line loop current from the telephone 14, as has been described above.
In Figure 11 , the MTU transmits its authorisation code from the MTU to the DLU 18 and on to the FDC 16. It is important to note that the line must be unbarred otherwise the FDC 16 will not be able to receive the message transmitted from the MTU 10.
Referring to Figure 12, if the FDC 16 receive a valid authorisation code, the call is authenticated and no action is taken allowing the call to proceed.
Figure 13 illustrates a scenario whereby there is an attempted clip on fraud with the fraudster using a clip on fraud device 56.
In Figure 14, the clip on telephone 56 goes off hook on the port zero. A message is transmitted in Figure 15 from the DLU 18, via the FDC 16 to the LTG 20.
In Figure 16, the LTG 20 allocates time-slot 2 to Port 0, in exactly the same way as was described above for a normal call.
Referring to Figures 17 and 18, the FDC waits one second to receive an authentication message from the MTU 10. If the FDC 16 does not receive an authentication message within a second, the call is not validated. In any event, dial tone is applied and the digits dialled are detected as illustrated in Figure 19.
In Figure 20, if the detected digits dialled are a valid emergency or service call then the call is completed.
However, if the dialled number is not an emergency or service call number, the time-slot is blocked in both directions and the line is barred thus preventing the clip on fraudsters from making a telephone call. The FDC 16 is connected in series between the LTG 20 and the DLU 18. Under normal conditions, data is simply transferred from one side of the FDC 16 straight through to the other side i.e. transparently. When a timeslot is blocked, that particular timeslot is simply not passed through the FDC 16, thereby blocking the speech path and thus preventing conversation or data.
Thus it will be appreciated that the line is not normally barred and is only barred if the FDC does not receive a valid authorisation code within one second and the number dialled is not a valid emergency or service call.
The present invention has numerous advantages over similar technologies such as the system described in SA Patent No 2002/4083.
Signal detection and decryption takes place on the digital side after concentration. This means that many MTU's can work to a single FDC in any timeslot.
The is no additional processing requirements from the switch. The FDC is transparent to the switch
If the FDC fails, the system will fail-safe to be un-barred.
The system cannot be bypassed by staff of the telecommunications company which do not have access to decryption keys etc. When using pin code barring there is always a risk that the staff can simply access the switch and obtain the pin code, even if the system regularly changes the codes.