Patent Application
20250097708
A wireless network, such as a cellular network, can include an access node (e.g., wireless access node) serving multiple wireless user devices or user equipment (wireless user device) in a geographical area covered by a radio frequency transmission provided by the access node. Access nodes may deploy different carriers within the cellular network utilizing different types of radio access technologies (RATs). RATs can include, for example, 3G RATs (e.g., GSM, CDMA etc.), 4G RATs (e.g., WiMax, LTE, etc.), and 5G RATs (new radio (NR)).
Cellular fraud is the unauthorized use, tampering or manipulation of a wireless user device or service. Types of cellular fraud may include subscriber identification module (SIM) swapping, porting a phone number to a different mobile device (cloning) and subscriber fraud.
SIM swapping involves physically stealing a SIM card from a mobile phone for use on a different mobile phone. Theft of a SIM device also makes a mobile device user susceptible to personal data theft. Cloning occurs when with enough personal information, a bad actor is able to port a mobile phone number over to different mobile device controlled by the bad actor. Subscriber fraud occurs when a scammer signs up for cellular service with fraudulently obtained customer information or false identification.
The present disclosure can be understood from the following detailed description, either alone or together with the accompanying drawings. The drawings are included to provide a further understanding of the present disclosure and are incorporated in and constitute a part of this specification. The drawings illustrate one or more examples of the present teachings and together with the description explain certain principles and operations. In the drawings:
Various aspects of the present disclosure relate to systems, methods, and computer readable media for co-existence of 5G signals and radar altimeters. In an example,
In examples, systems, methods, and computer-readable media are provided for approving or denying a request for user account authentication for a mobile network operator (MNO). The method includes receiving a location of a wireless user device associated with a request for user account authentication for a mobile network operator (MNO). The location of the wireless user device for the request for user account authentication is compared with known locations of the wireless user device over time to determine whether to approve or deny the authentication request.
In one example, a system, method, and computer readable medium are provided for generating a response to a request for user account authentication for an MNO. A location of a wireless user device associated with a request for user account authentication for a mobile network operator (MNO) is received. The location of the wireless user device associated with the request for user account authentication is compared with a location profile of locations of the wireless user device over time to determine if the location of the wireless user device associated with the request for user account authentication satisfies a threshold associated with the location profile.
Responsive to satisfying the threshold associated with the location profile for the wireless user device, a response to the request for user account authentication is generated. The response to the request for user account authentication may approve, deny, or request additional authentication.
In examples, the locations are accessed from radio access network (RAN) data. The radio access network data may comprise a Cell ID and location area code (LAC) for each location of the wireless user device.
In examples, the location profile of the wireless user device is maintained by a core network of the MNO. In examples, the request for user account authentication originates at the wireless user device and is for one of subscriber identification module (SIM) swap, user account password reset or a user account wireless billing account transaction.
In yet another example, a method, system, and computer readable media are provided collecting radio access network data from a wireless user device and parsing the radio access network data into a Cell ID and a location area code (LAC). A location profile is populated for the wireless user device with a Cell ID and LAC for each location for the wireless user device over time.
In the following description, numerous details are set forth, such as flowcharts, schematics, and system configurations. It will be readily apparent to one skilled in the art that these specific details are merely exemplary and not intended to limit the scope of this application.
In addition to the particular systems and methods described herein, the operations described herein may be implemented as computer-readable instructions or methods, and a processor on the network for executing the instructions or methods. The processor may include an electronic processor.
Cellular fraud continues to rise. Bad actors and scammers use different methods to gain access to profiles and data of users and their phone numbers. Types of cellular fraud may include subscriber identification module (SIM) swapping, porting a phone number to a different mobile device (cloning) and subscriber fraud.
Criminals can obtain personal information and use it to set up a cell phone account in someone else's name. Mobile phone numbers can legally be ported from one provider to another provider when switching mobile network operators (MNO). Mobile numbers can also be ported from one mobile phone to another when upgrading or changing devices. But with enough of your personal information, scammers can port someone else's number to a device they possess.
When scammers initiate a porting request, they con the victim's carrier (MNO) into believing the request is from the authorized account holder. If the scam is successful, the phone number will be ported to a different mobile device controlled by the scammer.
Fraud detection is the process of using tools and procedures to prevent cellular fraud. Fraud detection is a security barrier to protect against various forms of fraud, such as SIM swapping, cloning and subscriber fraud. There are a variety of tools to help decide if a given request for a wireless user device is risky or should have elevated authentication applied when a given request has been determined to be risky.
In examples, an authentication engine uses of location of a wireless user device over time as a factor in deciding risk in a user account authentication request. After every successful attachment of a wireless user device to an access node, an authentication engine adds the location to a location profile for the wireless user device. Locations of wireless user device are monitored and tracked by the authentication engine.
The authentication engine uses the historical locations from the location profile for the wireless user device to determine the risk of new authentication requests. In one example, if the location originating an authentication request is not within the location profile for the wireless user device, the authentication engine can require additional authentication or deny the request. Additional authentication may be second factor or multi-factor authentication requiring a user to perform another factor of authentication such as entering an email or SMS pin immediately after entering their password. The authentication requests may be for high-risk transactions like a SIM swap request, and the historical location of the wireless user device is used as a factor for approving new authentication requests.
Turning now to the figures, various devices, systems, and methods in accordance with aspects of the present disclosure will be described.
Access node 120 may be for a wireless network, such as a cellular network, and can include a core network and a radio access network (RAN) serving multiple wireless user devices 110, 210 and 310 in a geographical area covered by a radio frequency transmission provided by the access network. As technology has evolved, different carriers (MNOs) within the cellular network may utilize different types of radio access technologies (RATs) and satellite networks. RATs can include fifth generation (5G) RATs (new radio (NR)) and 6G. Further, different types of access nodes may be implemented within the access network for deployment for the various RATs. A next generation NodeB (gNB) may be utilized for 5G RATs. Deployment of the evolving RATs in a network provides numerous benefits. For example, newer RATs, such as 5G RATs, may provide additional resources to subscribers, faster communications speeds, and other advantages.
In
The wireless user device identifier may be a mobile identification number (MIN) or mobile subscription identification number (MSIN) referring to the 10-digit unique number that an MNO uses to identify the wireless user device.
A Cell ID is the identifier of a cell in the physical layer of the radio network, which is used for separation of different transmitters in a LAC. A Cell ID is a generally unique number used to identify each base transceiver station (BTS) or sector of a BTS within a location area code (LAC).
The LAC is a 16-bit number that forms part of the local area identifier (LAI) which includes the Mobile Country Code (MCC), the Mobile Network Code (MNC) and the Local area code. A cellular network is divided into several areas and each location area consists of 1 to 65534 radio transmission cells. Each location area is uniquely identified by a LAC. The LAC is used as a unique reference to determine the location of a wireless user device. The LAC is the unique number given to each location area within the network on the core and radio access network.
Using the wireless user device identifier, Cell ID and LAC, the MNO verifies wireless user device 110 and grants wireless user device 110 access to the network via access node 120. The Cell ID and LAC for location 140 are used to build a location profile for wireless user device 110.
The location profile for the wireless user device identifier records the Cell ID and LAC in a database table for all the locations where the user has requested to and/or attached to an access node. Each request and/or attachment to an access node can be counted. Database table includes wireless user device identifier, Cell ID, LAC, and incremental counter indicating how many times the wireless user device has attempted to and/or accessed the network (e.g., how many times a Cell ID has been used for the wireless user device) for each location. If the location of the wireless user device is changed, a location update is requested, and the location will then be updated using the Cell ID and LAC of the current location of the wireless user device. In one example, the Cell ID and LAC are configured in the core side of MNO such that location information is stable overtime.
With reference to
With reference to
With reference next to
Below is an exemplary location profile database table 1 for exemplary wireless user devices 110, 210 and 310 of
As illustrated, system 400 comprises a network 425, an access node 420, a core 430, which provides service in a coverage area, and an authentication engine 440. For purposes of illustration and ease of explanation, only one access node 420 and one wireless user device 410 are shown in the system 400; however, as noted above with regard to
In the illustration of
The access node 420 may be any network node configured to provide communications between the connected wireless devices. As examples of a standard access node, the access node 420 may be a gNodeB in 5G networks, an eNodeB in 4G/LTE networks, or the like, including combinations thereof. Access node 420 and core 430 may also provide data to authentication engine 440.
An authentication engine 440 is in communication with the access node 420 and/or the core 430. Authentication engine 440 may be configured to approve, deny, or request additional authentication in response to requests for user account authentication.
The authentication engine 440 can comprise one or more electronic processors and associated circuitry to execute or direct the execution of computer-readable instructions such as those described herein. In so doing, the authentication engine 440 can retrieve and execute software from storage, which can include a disk drive, a flash drive, memory circuitry, or some other memory device, and which may be local or remotely accessible. The software may comprise computer programs, firmware, or some other form of machine-readable instructions, and may include an operating system, utilities, drivers, network interfaces, applications, or some other type of software, including combinations thereof. Moreover, the authentication engine 440 can receive instructions and other input at a user interface.
As illustrated, the authentication engine 440 utilizes a modular controller, a memory, wireless communication circuitry, and a bus through which the various elements of the authentication engine 440 may communicate with access node 420 and core 430. The modular controller is one example of an electronic processor, and may include sub-modules or units, each of which may be implemented via dedicated hardware (e.g., circuitry), software modules which are loaded from the memory and processed by the controller, firmware, and the like, or combinations thereof.
The modules include a collection module 445, location profile module 455, an authentication request module 460, comparing module 465, and response module 475. Some or all of the sub-modules or units may physically reside within the controller or may instead reside within the memory and/or may be provided as separate units, in any combination. The various sub-modules or units may include or implement logic circuits, thereby performing operations such as setting parameters, monitoring parameters, comparing parameters, and generating instructions.
While
The collection module 445 may be configured to collect location data from a wireless user device over time. A wireless user device requests to attach to an access node from various locations. A wireless user device identifier, LAC, and Cell ID are sent from an access node to the core to verify a wireless user device with the MNO. The LAC and Cell ID are associated with the location of the wireless user device. In one example, a Cell ID method is used to provide location services for wireless user devices in second-generation mobile communication networks. Mobile networks identify the approximate position of a wireless user device (mobile device) by knowing which cell site the device is using at a given time. Using the wireless user device identifier, Cell ID and LAC, the MNO verifies wireless user device and grants wireless user device access to the network via access node. In one example, authentication engine 440 makes an API request to back-end core 430 to retrieve the Cell ID and LAC for the wireless user device location(s) and record the Cell ID and LAC in the authentication profile for the wireless user device thus adding it to the location database table.
The location profile module 455 may be configured to record the location data from a wireless user device over time. The Cell ID and LAC for locations are used to build a location profile for a wireless user device. The location profile for the wireless user device identifier records the Cell ID and LAC in a database table for all the locations where the user has requested to and/or attached to an access node. Each request and/or attachment to an access node can be counted. A database table includes wireless user device identifier, Cell ID, LAC, and incremental counter per location. If the location of the wireless user device is changed, a location update is requested, and the location will then be updated using the Cell ID and LAC of the current location of the wireless user device.
Authentication request module 460 may be configured to receive a request for user account authentication. The authentication request may originate from the wireless user device or other device. The authentication request has an associated location. In one example, the location of the authentication request has an associated Cell ID/LAC to identify the location of where the request originated. In an example, user account authentication requests may be for critical account services such as SIM swapping, user account password reset, authentication to mobile account services such as purchasing goods or services or paying an invoice. The user account authentication request may originate from the wireless user device being authenticated or may originate from a different device and/or application.
User account authentication may be made by the wireless user device or other device for transactions prone to cellular fraud. For example, authentication may be required for sensitive transactions such as SIM swapping, porting a phone number to a different mobile device (cloning) and subscriber fraud such as password changes and purchasing fraud. Secure authentication by authentication engine can be used for sensitive services like SIM swapping, password reset or authentication to their wireless billing accounts.
For example, if a SIM card is being activated on a different mobile phone, an authentication request is sent to authentication engine 440. In some instances, the owner of a SIM card in one wireless user device wants to use the SIM card in a different wireless user device. For example, the owner may have purchased a new and/or upgraded mobile device but wants to continue using the same SIM card. However, in some examples, a SIM card has been physically stolen from a wireless user device and is trying to be used with an unauthorized mobile device. The authentication request assists an MNO from differentiating between a legitimate SIM swap and an unauthorized SIM swap.
In another example, the owner of a wireless user device may have purchased a new and/or upgraded mobile device but wants to continue using the same phone number for the new device. However, in cloning fraud, a wireless user device may have been physically stolen and using personal data from the wireless user device, the phone number is trying to be ported an unauthorized mobile device. The authentication request helps an MNO differentiate between a legitimate request to move a phone number to a new device and an unauthorized move.
In another example, the owner of a wireless user device may want to change the subscriber password and/or make purchases or upgrades to the subscriber account. For example, an owner may wish to purchase accessories or additional services for the wireless user device and/or subscriber account. However, in subscriber fraud, an unauthorized password change or purchases may be attempted for a subscriber account. Often, subscriber fraud occurs when a scammer signs up for cellular service with fraudulently obtained customer information or false identification. The authentication request an MNO differentiate between a legitimate request to change a password or make a purchases and unauthorized password changes and purchases on the subscriber account.
Comparing module 465 may be configured with various logic circuits or elements in order to various logic operations, including but not limited to, operations of comparing the location of the wireless user device associated with the request for user account authentication with the location profile for the wireless user device to determine if the location associated with the authentication request satisfies a threshold. The threshold for a wireless user device based on location profile medium may be high, medium, and low. For example, for
For example, in
For example, in
The response module 475 may cause a response to an authentication request to be generated. If the location associated with the authentication request satisfies a threshold, response module 475 may generate an approval of the request for user account authentication.
If the location associated with the authentication request does not satisfy a threshold, response module 475 may generate one or more additional authentication requests and/or a denial of the request for user account authentication.
Additional authentication may be second factor authentication requiring a user to perform another factor of authentication such as entering an email or SMS pin immediately after entering their password. In another example, additional authentication may be multifactor authentication. Multifactor authentication to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user's identity for login such as password, passphrase, or personal identification number (PIN) and a physical authenticator such as a token, smart card or biometric like a fingerprint.
The process flow begins at operation 510, radio access network data is collected from a wireless user device. Radio access network data may be collected by a core network of a RAN serving multiple wireless user devices. Different carriers (MNOs) within the cellular network utilize different types of radio access technologies (RATs). The RAN data may include location data from a wireless user device over time. A wireless user device requests to attach to an access node from various locations. The location data may include a device identifier, LAC, and Cell ID.
At operation 520, parse radio access network data into Cell ID and LAC from radio network data. A Cell ID is a generally unique number used to identify each base transceiver station (BTS) or sector of a BTS within a location area code (LAC). The LAC is a 16-bit number that forms part of the local area identifier (LAI) which includes the Mobile Country Code (MCC), the Mobile Network Code (MNC) and the Local area code.
At operation 530, generate location profile for wireless user device. The location profile for the wireless user device identifier records the Cell ID and LAC in a database table for all the locations where the user has requested to and/or attached to an access node.
At operation 540, maintain location profile for wireless user device as additional data is collected for wireless user device. Each request and/or attachment of a wireless user device to an access node can be counted. Database table includes wireless user device identifier, Cell ID, LAC, and incremental counter indicating how many times the wireless user device has attempted and/accessed the network (e.g., how many times a Cell ID/LAC has been used for the wireless user device) for each location.
At operation 610, collect location data from a wireless user device over time.
At operation 620, maintain a location profile of the Cell ID/LAC locations for the wireless user device of the collected location data.
At operation 630, receive a location of the wireless user device associated with a request for user account authentication. The authentication request may originate from the wireless user device or other device. The authentication request has a location associated with it. In one example, the location of the authentication request has an associated Cell ID/LAC to identify the location of where the request originated.
At operation 640, compare the location of the wireless user device associated with the request for user account authentication with the location profile for the wireless user device. The location of the wireless user device associated with the request for user account authentication with the location profile for the wireless user device to determine if the location associated with the authentication request satisfies a threshold. The threshold for a wireless user device based on location profile may be high, medium, or low.
At operation 650, responsive to satisfying the threshold associated with the location profile for the wireless user device, generate a response to the request for user authentication. Depending on the threshold, the response may be to approve the authentication request, deny the authentication request or request additional measures of authentication.
The operations of
The exemplary systems and methods described herein may be performed under the control of a processing system executing computer-readable codes embodied on a computer-readable recording medium or communication signals transmitted through a transitory medium. The computer-readable recording medium may be any data storage device that can store data readable by a processing system, and may include both volatile and nonvolatile media, removable and non-removable media, and media readable by a database, a computer, and various other network devices.
Examples of the computer-readable recording medium include, but are not limited to, read-only memory (ROM), random-access memory (RAM), erasable electrically programmable ROM (EEPROM), flash memory or other memory technology, holographic media or other optical disc storage, magnetic storage including magnetic tape and magnetic disk, and solid-state storage devices. The computer-readable recording medium may also be distributed over network-coupled computer systems so that the computer-readable code is stored and executed in a distributed fashion. The communication signals transmitted through a transitory medium may include, for example, modulated signals transmitted through wired or wireless transmission paths.
The above description and associated figures teach the best mode of the invention and are intended to be illustrative and not restrictive. Many examples and applications other than the examples provided would be apparent to those skilled in the art upon reading the above description. The scope should be determined, not with reference to the above description, but instead with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled. It is anticipated and intended that future developments will occur in the technologies discussed herein, and that the disclosed systems and methods will be incorporated into future examples. In sum, it should be understood that the application is capable of modification and variation.
All terms used in the claims are intended to be given their broadest reasonable constructions and their ordinary meanings as understood by those knowledgeable in the technologies described herein unless an explicit indication to the contrary is made herein. In particular, the use of the singular articles such as “a,” “the,” “said,” etc. should be read to recite one or more of the indicated elements unless a claim recites an explicit limitation to the contrary.
The Abstract is provided to allow the reader to quickly ascertain the nature of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. In addition, in the foregoing Detailed Description, it can be seen that various features are grouped together in various examples for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed examples require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive subject matter lies in less than all features of a single disclosed example. Thus, the following claims are hereby incorporated into the Detailed Description, with each claim standing on its own as a separately claimed subject matter.
