GTL 1013
`IPR of U.S. Pat. No. 7,529,357
`
`

`
`U.S. Patent
`
`Mar. 27, 2007
`
`Sheet 1 of 7
`
`US 7,197,560 B2
`
`w:
`
`.___________.________
`
`________._______
`
`9
`
`m:ocqm_w._.
`
`mm-E.EPIIIIIIIIIIII
`
`_________mexflMi|__________
`>m>>9m0uwceflcw
`
`xm:
`
`E
`
`v_._o>>..mZ98
`
`mmo
`
`_,N_.
`
`
`
` >m>>9mO$_a_§_m_rwe
`
`N3
`
`MIml
`
`a2%._\on_
`
`9.25n__mWE
`
`8—
`
`
`
`XHn_oco..Em_m._.
`
`Wmm
`
`2F
`
`mm?
`
`mm—
`
`w:o;am_m._.
`
`xma
`
`
`
` m:o;qw_w._.Hmm:.9_‘
`
`
`
`1.||||.||IIIIIIIIIIIIIIII_
`
`
`
`_IlIlIlIIllil||||IlIlI_
`
`
`
`
`
`
`

`
`U.S. Patent
`
`Mar. 27, 2007
`
`Sheet 2 of 7
`
`US 7,197,560 B2
`
`Eda
`
`mum:
`
`NNN
`
`
`
`mmzommmm0z:.DOm_
`
`Smaomm
`
`_,._.O<._.ZO0
`
`IIIIIUIIIIIIIIIIIIIII
`
`ZO_._.<0O.._
`
`mm>mmm
`
`Sm
`
`255200
`
`.mm>mmm_>xom¢
`
`mw.mV#m
`
`Sm
`
`oz_._._<o
`
`ZO_._.<._.w
`
`
`
`

`
`U.S. Patent
`
`Mar. 27, 2007
`
`Sheet 3 of 7
`
`US 7,197,560 B2
`
`own
`
`m_O_u_
`
`Sm
`
`s_oEmo».205moo
`
`w._\mz><2m:<o
`
`Wmm>.mommmommm>_momm
`
`
`
`m_w>._<z<n5<E
`
`oz:..__.m.wwz:<m
`
`IIIIIII|IIIIlIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIUIII-all
`
`max
`
`
`
` MmmfiommmN5moEm>zooMM9nicemooMHEm"\Wm.z:.zms_w:<inW
`
`mmo
`
`
`
`

`
`U.S. Patent
`
`Mar. 27, 2007
`
`Sheet 4 of 7
`
`US 7,197,560 B2
`
`O OI-b
`
`
`
`OBTAIN CDR(S) FROM
`NETWORK GATEWAY
`
`CONVERT cams) T0 XDR(S)
`
`404
`
`406
`
`408
`
`
`
`DETERMINE CORP_ID, IF ANY.
`ASSOCIATED WITH EACH CDR
`
`AUGMENT XDR WITH CORP_|D
`
`CORRELATE TO XML
`
`RECORDS FROM NS. IF ANY
`
`NORMALIZE AND PREPROCESS
`
`FRAUD-RELEVANT FIELDS
`
`APP3.Y FRAUD ANALYSIS TO SET
`
`OF CORRELATED RECORDS
`
`
`
`
`
`
`
`
`
`
`410 412
`
`414
`
`
`
`
`416
`
`
`
`REPORT FRAUD RESULTS
`
`
`
`418
`
`
`
`

`
`U.S. Patent
`
`M
`
`m
`
`Sheet 5 of 7
`
`US 7,197,560 B2
`
`_,Nm
`
`mGE
`
`no
`
`Nn
`
`o
`
`mo_>m_o«E
`
`._oEzoomSmommno
`
`man
`
`\
`
`mam»:az_
`
`
`
`Mmo_>mn_>mos_ms_
`
`
`
`mo<mo5z_<s_
`
`n.><._n_w_oVE
`
`
`

`
`U.S. Patent
`
`Mar. 27, 2007
`
`Sheet 6 of 7
`
`US 7,197,560 B2
`
`6 0
`
`FIG. 6
`
`608
`‘°“°
`6”
`6“
`‘*6
`“8
`62°
`
`628
`63°
`63-’-
`63‘
`636
`
`638
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`OREGiNAT!NG !NFO
`
`REMOTE ACCESS NO.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`

`
`U.S. Patent
`
`Mar. 27, 2007
`
`Sheet 7 of 7
`
`US 7,197,560 B2
`
`N.0_n_
`
`_.N_.$0.29:mmox
`
`own
`
`n_:<mn_
`
`m_m>._<z<
`
`wbawmm
`
`0:.
`
`N:
`
`
`
`
`
`mz_ozmm_w>._<z<n5<E
`
`
`
`oz_wwm_ooEmEwoz_N_._<s_mozomoomm
`
`raulllllicllfllurIltolllll-ifI-IIIIIIIII‘II-l'II|.IIIlI.l.I-lIII.....l.\4'I.I.lIII.DuII.o..I
`
`
`
`

`
`US 7,197,560 B2
`
`1
`COMMUNICATIONS SYSTEM WITH FRAUD
`MONITORING
`
`CROSS REFERENCE TO RELATED CASES
`
`This application is related to, and claims the benefit of the
`earlier filing date under 35 U.S.C. § ll9(e) of, U.S. Provi-
`sional Patent Application No. 60/276,923, filed Mar. 20,
`2001, entitled “IP Communications,” U.S. Provisional
`Patent Application No. 60/276,953, filed Mar. 20, 2001,
`entitled “IP Communications,” U.S. Provisional Patent
`Application No. 60/276,955, filed Mar. 20, 2001, entitled “IP
`Communications,” and U.S. Provisional Patent Application
`No. 60/276,954, filed Mar. 20, 2001, entitled “IP Commu-
`nications”; the entireties of which are incorporated herein by
`reference.
`
`TECHNICAL FIELD
`
`The present invention relates to controlling fraudulent use
`of communications services and, more particularly, to the
`detection of fraudulent activities in a data transport network.
`
`BACKGROUND
`
`The proliferation of data transport networks, most notably
`the Internet, is causing a revolution in telephony and other
`forms of real-time communication. Businesses that have
`
`been accustomed to having telephony traffic and data traffic
`separately supported over different systems and networks
`are now moving towards so-called “converged networks”
`wherein telephone voice traffic and other forms of real-time
`media are converted into digital form and carried by a packet
`data network along with other forms of data. Now that the
`technologies are feasible to support
`it, voice over data
`transport offers many advantages in terms of reduced capital
`and operating costs, resource efficiency and flexibility.
`For example, at commercial
`installations, customer
`premise equipment investments are substantially reduced as
`most of the enhanced functions, such as PBX and automatic
`call distribution functions, may reside in a service provider’ s
`network. Various types of gateways allow for sessions to be
`established even among diverse systems such as IP phones,
`conventional analog phones and PBXs as well as with
`networked desktop computers.
`A new generation of end user terminal devices are now
`replacing the traditional telephones and even the more recent
`PBX phone sets. These new sets, such as those offered by
`Cisco Systems, Inc. and Pingtel Corporation, may connect
`directly to a common packet data network, via an Ethernet
`connection for example, and feature large visual displays to
`enhance the richness of the user interface.
`
`Even before such devices were developed, computers
`equipped with audio adapters and connected to the Internet
`were able to conduct some rudimentary form of Internet
`telephony, although the quality was unpredictable and often
`very poor. The emphasis now is upon adapting intemet
`protocol (IP) networks and other packet transport networks
`to provide reliable toll-quality connections, easy call set-up
`and enhanced features to supply full-featured telephony as
`well as other forms of media transport. Some other types of
`media sessions enabled by such techniques may include
`video, high quality audio, multi-party conferencing, mes-
`saging and collaborative applications.
`Of course, as a business or residential communications
`subscriber begins using such voice-over-packet communi-
`cations to replace conventional telephony, there will natu-
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`
`rally be an expectation that the quality of the connections
`and the variety of services will be at least as good as in the
`former telephone network. There is also an expectation that
`the new types of networks will be less susceptible to
`fraudulent use of communications service—or at least no
`
`worse than their predecessors.
`However, employing a packet data transport for telephony
`introduces new vulnerabilities beyond those experienced
`with the traditional circuit-switched telephone network. The
`concern over security of communications in the public
`Internet is well known and has received considerable atten-
`
`tion in light of countless identity thefts, hacking attacks,
`viruses, denial-of-service attacks, security breaches and
`other threats to reliable, confidential communications. These
`threats take on further significance as, in the case of packet
`telephony,
`the traffic streams are metered and revenue-
`bearing.
`In response to these threats, a growing array of security
`countermeasures
`(firewalls, NAT,
`secure
`connections,
`encryption schemes, secure Internet protocol (IPsec), vul-
`nerability probes) have been developed to defend against
`such crippling attacks on data networks.
`Of course, any of these security measures that were
`spawned by data network security may be beneficial to the
`prevention of attacks in telephony data networks. One area
`of particular vulnerability for some packet telephony sys-
`tems stems from the fact that signaling, bearer traffic, and
`network management communications all share the same
`transport network. The call control systems communicate
`among themselves and to the network elements (such as
`gateways) using the same network that carries packets of
`customer data. To put things simply, one may send data to
`any point in a packet network as long as the address of the
`point is known. The fact that the call control servers are
`coupled through the transport network opens the possibility
`that a fraud perpetrator might attempt
`to communicate
`directly with a network server, either to impede the operation
`of the server or to send mock communications requests so as
`to fool the server into providing free communications ser-
`vices. Fortunately, network security measures, such as the
`use of IPsec tunnels between legitimate endpoints, are
`largely effective against these kinds of attacks.
`While data network security measures may be employed
`to help defend against certain types of attacks against a
`telephony data network, there are a variety of fraud schemes
`that are not detected or prevented by such measures.
`Various fraud schemes are known by which fraud perpe-
`trators are able to steal communications services. Perpetra-
`tors have been able to steal calling card numbers, open false
`accounts, or otherwise manipulate equipment or people to
`get services without paying. Many of the possible fraud
`schemes have been well characterized in the PSTN and
`
`various techniques have been developed for detecting and
`preventing such abuses.
`Unfortunately, there is a common misconception among
`those in the industry that the use of sufiicient data network
`security measures should prevent all manner of abuse and
`fraud, even in a packet telephony environment. In truth, the
`role of fraud monitoring can be distinct from, but comple-
`mentary with, network security. Network security provides
`mechanisms (e.g., firewalls, authentication services, user
`IDs/passwords, etc.) to ensure that only authorized users
`gain access to network services. These security mechanisms
`have protection against internal abuse by authorized users
`and social engineering situations. As a complementary capa-
`bility, fraud monitoring provides a view into the services
`used on the network to ensure that none of the security
`
`

`
`US 7,197,560 B2
`
`3
`mechanisms have been compromised or abused. Fraud
`monitoring facilitates identification of vulnerabilities in the
`network, protects a commercial customer by minimizing
`unauthorized use, and protects the service provider against
`revenue loss.
`
`In summary, network security focuses on fraud preven-
`tion, while fraud monitoring focuses on fraud detection.
`These network concerns must be addressed before custom-
`
`ers invest in the adoption of new services and technologies.
`Customers are attracted to a converged solution because of
`the potential for new services and enhance functions, but are
`apprehensive about new security risks and avenues of fraud.
`
`SUMMARY
`
`The present invention meets the need for a fraud mom-
`toring capability to complement other security measures in
`a voice-over-packet communications system.
`To the extent that a packet telephony network operates
`analogously to a traditional network and many of the same
`fraud schemes apply, the present invention advantageously
`adapts an existing fraud detection system for use with a
`packet telephony network. This means that existing tools
`and practices developed for the traditional telephone net-
`work may be immediately applied in the realm of packet
`telephony.
`telephony introduces new
`Additionally, where packet
`aspects or surfaces new sources of information beyond what
`was observed in traditional telephony, the present invention
`provides for the collection of new indicators and the imple-
`mentation of new detection methods.
`
`In another aspect, the present invention also provides for
`a single fraud monitoring platform to serve both conven-
`tional and packet-switched telephony systems. In particular,
`the present invention provides for the collection, correlation
`and collective processing of usage activity information
`derived from both circuit-switched and packet-switched
`domains. This is a novel capability for reviewing all aspects
`of calls, even those that involve gateways and are carried
`over both forms of transport.
`In accordance with an aspect of the present invention,
`network servers performing call processing, or more appro-
`priately “session processing”, in the packet telephony sys-
`tem create transaction detail records reflecting each call or
`session request that was handled by the server. What is
`recorded may include network addresses, call dispositions,
`feature invocations, time of day, etc. These transaction detail
`records are forwarded through an operations support system
`and eventually processed by a fraud monitoring engine that
`looks for various patterns of fraud. In accordance with a
`preferred embodiment, such records are provided in an XML
`(extensible Mark-up Language) format.
`In another aspect of the present invention, network gate-
`ways, which adapt signaling and bearer channels among
`circuit-switched and packet-switched networks, also gener-
`ate call detail records (CDRs) of the more traditional type
`and forward those to a collection process. These CDRs
`convey information about PSTN-types of events. Eventu-
`ally, these CDRs are correlated with the records from the
`network servers and the fraud monitoring system is then able
`to get an overall picture of each call, even when a call
`involves both types of networks.
`To facilitate use of such CDRs, such as for correlation to
`packet network events, the present teachings provide that
`CDRs may be augmented in a novel fashion with additional
`information having particular significance in a mixed
`packet-switched and circuit-switched environment.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`
`While the present invention is shown and described in the
`context of packet-switched telephony, it will be apparent that
`it may be similarly applicable to other forms of communi-
`cation, such as video conferencing or other data streaming,
`where a perpetrator seeks to steal network resources.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The present invention is illustrated by way of example,
`and not by way of limitation, in the figures of the accom-
`panying drawings and in which like reference numerals refer
`to similar elements and in which:
`
`FIG. 1 is a diagram of a data communications system
`capable of supporting telephony services and comprising
`means for monitoring usage activities in accordance with an
`exemplary embodiment of the present invention;
`FIG. 2 is a diagram of functional elements involved in
`establishing a session among parties according to an exem-
`plary embodiment of the present invention;
`FIG. 3 is a diagram of functional elements for monitoring
`usage activity of a communications system in accordance
`with an exemplary embodiment of the present invention;
`FIG. 4 is a flowchart describing a process for processing
`records of usage activity from a communications system in
`accordance with an exemplary embodiment of the present
`invention;
`FIG. 5 is a diagram of a computer system with which an
`embodiment of the present invention may be implemented;
`FIG. 6 is a diagram of a data structure for conveying
`recorded usage of a communications system in accordance
`with an exemplary embodiment of the present invention; and
`FIG. 7 is a diagram of a fraud analyzing apparatus in
`accordance with an exemplary embodiment of the present
`invention.
`
`DETAILED DESCRIPTION OF EXEMPLARY
`EMBODIMENT
`
`In the following description, well-known structures and
`devices may be shown in block diagram form or otherwise
`summarized in order to avoid unnecessarily obscuring the
`present invention. For the purposes of explanation, numer-
`ous specific details are set forth in order to provide a
`thorough understanding of the present invention. It should
`be understood however that the present invention may be
`practiced in a variety of ways beyond these specific details.
`For example, although the present invention is discussed
`in the context of the Session Initiation Protocol (SIP) and an
`Internet Protocol (IP)-based network, one of ordinary skill in
`the art will recognize that the present invention may be
`generally applicable to other equivalent or analogous com-
`munication protocols (ITU H.323) or communications net-
`works (ATM, frame relay, etc.)
`Fraud vulnerabilities in business communications systems
`largely involve the following: abuse by employees or ex-
`employees, subscription fraud, remote access fraud, miscon-
`figured dialing plans, and social engineering. Customer
`Premise Equipment (CPE)-related fraud occurs when a third
`party gains unauthorized access
`to a Private Branch
`eXchange (PBX) switch and “steals dial-tone” to make
`outgoing calls, or an employee abuses long distance calling
`or other costly PBX-provided features for non-business
`purposes. These outgoing calls are charged back to the
`owner of the CPE regardless of the origination of the call
`(on-network or off-network).
`In the case of subscription fraud, a small business may
`“set up shop” with false credentials with no intention of
`
`

`
`US 7,197,560 B2
`
`5
`paying. The delay in the service provider recognizing this
`situation gives the perpetrator time to accumulate substantial
`charges.
`In the case of remote access fraud, an unauthorized user
`may steal, or determine by “hacking”, authentication infor-
`mation that permits access to the network, such as SIP phone
`user IDs and or passwords.
`Fraud relating to a “leaky PBX” may stem from a cus-
`tomer improperly configuring the PBX such that a certain
`feature of the PBX may be enabled and compromised by a
`former employee. Additionally, incorrectly setting dialing
`plan configurations may result in unintended privileges to
`certain users; for example, a department can place interna-
`tional calls, although its dialing plan should only permit
`them to call domestically.
`Social engineering refers to the practice of obtaining
`information of services through a person who answers a call
`(such as a PBX operator) by pretending to be a legitimate
`caller in need of assistance. For example, a caller from an
`outside line is forwarded to a company operator and con-
`vinces the operator that the user is an employee who needs
`to make an off-network call. It is observed that business
`
`customers are generally subjected to PBX hacking, internal
`abuse, and social engineering.
`Preventive measures have been proposed or implemented
`to reduce the susceptibility of such networks on several
`fronts. Some of these measures address “low-level” vulner-
`
`abilities, such as the exposure of an IP-addressable resource
`to an overwhelming influx of data packets. An example of
`measures taken in a data network to prevent these so-called
`“denial-of-service” attacks is described in the following
`copending patent applications which are hereby incorpo-
`rated by reference in their entireties: U.S. patent application
`Ser. No. 10/023,331, filed on Dec. 17, 2001, entitled “Virtual
`Private Network (VPN)-Aware Customer Premises Equip-
`ment (CPE) Edge Router” by McDysan; U.S. patent appli-
`cation Ser. No. 10/023,043, filed on Dec. 17, 2001, entitled
`“System, Method and Apparatus That Employ Virtual Pri-
`vate Networks to Resist IP QoS Denial of Service Attacks”
`by McDysan et al.; and U.S. patent application Ser. No.
`10/023,332,
`filed on Dec. 17, 2001, entitled “System,
`Method and Apparatus That Isolate Virtual Private Network
`(VPN) and Best Effort Traffic to Resist Denial of Service
`Attacks” by McDysan.
`the aforementioned vulnerability
`On a different front,
`introduced by having call control elements coupled through
`the transport network is addressed by the following co-
`pending application: U.S. patent application Ser. No.
`10/099,316, filed on Mar. 15, 2002, entitled “Method of and
`System for Providing Intelligent Network Control Services
`In IP Telephony” by Gallant et al., the content of which is
`incorporated by reference in its entirety.
`On yet another front, an example of higher level service
`processing to curtail fraud or even inadvertant abuse, in the
`context of advanced features may be termed “feature-asso-
`ciated call screening.” It is possible for call forwarding and
`certain other features to complete calls that would otherwise
`be blocked, such as costly international calls. At least one
`approach for preventing this circumvention of desired
`screening is described in the following co-pending patent
`applications which are hereby incorporated by reference
`herein in their entireties: U.S. patent application Ser. No.
`10/097,592,
`filed on Mar. 15, 2002, entitled “Selective
`Feature Blocking in a Communications Networ ” by Gal-
`lant; and U.S. patent application Ser. No. 60/364,670, filed
`on Mar. 15, 2002, entitled “Featuring Blocking in Commu-
`nication Systems” by Gallant et al.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`Of course, it is desirable that security measures may not
`be so extreme as to impede legitimate use of the commu-
`nications system. Special approaches may be appropriate to
`draw a compromise between usefulness of the system and
`absolute security. For example, in some environments, such
`as a very publicly accessible service business,
`it may be
`appropriate to liberally allow calls from parties who are not
`authenticated through the network. In other environments,
`such as a defense contractor, it may be more important to
`restrict
`the reach of inbound calls. Such scenarios are
`
`described further in U.S. patent application Ser. No. 10/097,
`748, filed on Mar. 15, 2002, entitled “Caller Treatment in a
`SIP Network” by Gallant et al., the content of which is
`incorporated by reference in its entirety (non-trusted user).
`FIG. 1 shows a diagram of a data communications system
`generally capable of supporting telephony services, in accor-
`dance with an exemplary embodiment of the present inven-
`tion. The communication system 100 includes a packet data
`transport network 101, which in an exemplary embodiment
`is an Internet Protocol (IP) based network. System 100
`provides the ability to establish communications among
`various terminal equipment coupled thereto, such as tele-
`phone 125, PBX phone 118 and SIP phone 109. In practice,
`there may be thousands or millions of such terminal devices
`served by one or more systems 100.
`As used herein, the term “SIP phone” refers to any client
`(e.g., a personal computer, a web-appliance, etc.) that is
`configured to provide SIP phone functions. The SIP phones
`109 may take the form of standalone devices—e.g., a SIP
`phone may be designed and configured to function and
`appear like a Plain Old Telephone Service (POTS) telephone
`station. A SIP client 111, however, is a software client and
`may that run, for example, on a conventional personal
`computer (PC) or laptop computer. From a signaling per-
`spective, these devices 109, 111 may operate quite similarly,
`with the main differences relating to the user interface.
`Unless otherwise stated, it is recognized that the function-
`alities of both the SIP phones 109 and the SIP client 111 are
`comparable and that the network operates similarly with
`either type of device.
`System 100 is able to support large enterprise customers
`who maintain multiple locations having telephony and data
`transport requirements. For example,
`in FIG. 1, a first
`customer site 150 and a second customer site 152 are
`
`depicted, each comprising telephones 118 and PBXs 117.
`These may be customer sites of the type that were tradition-
`ally coupled through a Class 3 network, such as switch
`network 137, via the PBXs 117.
`In accordance with more recent technologies, customer
`sites 150 and 152 further comprise data communications
`equipment, namely local area networks (LANs) 140 and
`142, SIP phones 109, and PC clients 111. At each customer
`site, an enterprise gateway 103 is provided to allow users at
`telephones 118 through PBXs 117 to readily make calls to
`and receive calls from users of SIP phones 109 and PC
`clients 111.
`
`A gateway is a device that allows divergent transport
`networks to cooperatively carry traffic. A gateway often
`provides for interoperation at two levels—between different
`signaling schemes and between different media forms. For
`example, network gateway 107 may adapt between the SS7
`signaling of the telephone network and SIP or H.323 pro-
`tocols used by the data network. At the same time, network
`gateway adapts analog or PCM-encoded voice signals in a
`telephone bearer charmel to a packetized data streams suit-
`able for transport over data network 101.
`
`

`
`US 7,197,560 B2
`
`7
`Enterprise gateways 103 adapt between PBX signals and
`data signals for transport over a data network such as LAN
`140 or the service provider’s network 101. As a signaling
`interface to PBX 117, enterprise gateway 103 may use
`Integrated Digital Services Network (ISDN), Circuit Asso-
`ciated Signaling (CAS), or other PBX interfaces (e.g.,
`European Telecommunications Standards Institute (ETSI)
`PRI, R2). As shown, enterprise gateway 103 provides con-
`nectivity from a PBX 117, which contains trunks or lines
`often for a single business customer or location (e.g., PBX
`phones 118). Signaling for calls from PBX 117 into the IP
`network comprises information which uniquely identifies
`the customer, trunk group, or carrier. This allows private
`numbers to be interpreted in their correct context.
`By virtue of the service provider’s data network 101, any
`of the users at customer site 150 may readily communicate
`with those at site 152.
`It
`is also conceivable that data
`
`network 101 may be coupled to the public Internet 127,
`opening the possibility that communications might be estab-
`lished with PC clients 112, or the like, that are not within
`either customer site 150 or 152.
`
`is shown to
`introduced earlier,
`Network gateway 107,
`adapt data network 101 to a telephone network 137 which
`may comprise a network of Class 3 telephone switches, for
`example. PBX 117' and telephones 118' may be coupled to
`network 137 in the more traditional manner of a VPN
`dedicated access line. Furthermore, network 137 is shown
`coupled by a trunk to the PSTN 123, representing the typical
`Class 5 local telephone exchanges. Aplain analog phone 125
`or other telephone (pay phone) may be connected to PSTN
`123 through a subscriber loop.
`As shown in FIG. 1, network gateway 107 enables calls
`from telephones 118' and 125 to any of PBX-connected
`phones 118, SIP phones 109 or PC clients 111, assuming
`system 100 gives such privileges. Any combination of calls
`from one type of phone to another may readily be envi-
`sioned, many of which involve the traversal of network
`gateway 107 and other elements.
`Both SIP phones 109 and SIP clients 111 preferably
`support user log-in. By default, a given user may be asso-
`ciated with a particular communications terminal
`(tele-
`phone, mobile phone, pager, etc.) in the traditional sense. In
`addition, the user may approach one of the newer types of
`IP phone appliances and register his presence to receive calls
`at the given phone. Any inbound calls will then go to the
`most recently registered address.
`Coupled with this mobility is the added aspect that a user
`may be known to others by multiple alternative names or
`“aliases.” Multiple Aliases for a given user may resolve to
`a single user profile system 100 as described in U.S. patent
`application Ser. No. 10/101,389, filed on Mar. 16, 2002,
`entitled “User Aliases in a Communication System” by
`Gallant, the content of which is incorporated by reference in
`its entirety. Aliases may be of a variety of types including
`public and private telephone numbers, URLs, and SIP
`addresses.
`
`From a fraud prevention standpoint, it may be considered
`advantageous that a unified user profile is maintained by the
`service provider or an authorized customer administrator,
`even though the user may be known by many such aliases.
`To implement
`this mobility and to support new call
`control paradigms, control elements are provided in system
`100 to coordinate the actions of network 101 in correctly
`routing traffic and executing features. In particular, system
`100 comprises the important elements of a proxy server 113
`(also known as a network server (NS)) and a location server
`(LS) 115. A typical
`functioning of these elements is
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`8
`described in IETF document RFC 2543. Location server 115
`
`serves as a repository for end user information to enable
`address validation, feature status, and real-time subscriber
`feature configuration. Additionally, LS 115 may store system
`configuration information.
`An example of a typical interaction among proxy 113 and
`location server 115 in providing service is now explained in
`conjunction with FIG. 2.
`In FIG. 2, UserA 210 desires to establish communications
`with User B 220. User B 220 may be reachable at any one
`of several addresses. These addresses or contacts may cor-
`respond to conventional telephones, SIP phones, wireless
`phones, pagers, etc. The list of addresses may even be
`changing as User B moves about and registers as being
`present at various terminal devices 222. The current infor-
`mation about User B’s contact
`information is typically
`maintained in location server 240, or in some form of a
`“presence registry” coupled thereto.
`To initiate contact, UserA 210 accesses a terminal, calling
`station 212, and specifies User B as the destination to be
`reached. This expression of the specific desired destination
`may take the form of dialing of digits or of selecting a user
`name or URL-style address from a list. In some cases, User
`Amay also be able to express what type of session is desired
`(video, high quality, messaging,etc.) or specify a desired
`quality level for the session. Once the request is specified at
`station 212, a SIP “INVITE” message describing the request
`is composed and sent to proxy server 230.
`In some cases, where calling station 212 is in a different
`network than the transport network directly controlled by
`NS 113 and LS 115, the call may enter through a gateway
`250. The role of gateway 250 in performing both signaling
`and media adaptation was described earlier.
`Proxy server 230 typically forwards a request to location
`server 240 to retrieve one or more contacts at which User B
`
`might be reached. As described earlier, proxy server 230
`consults location server 240 for a variety of purposes, such
`as invoking profile-controlled feature behavior and obtain-
`ing the latest known location information pertaining to User
`B.
`
`Location server 240 analyzes the request and responds to
`proxy server 230 in one of several possible ways. Location
`server 240 may disallow the session if User A is not
`permitted to contact User B, if User B’s address carmot be
`recognized, or if User B has a feature activated that renders
`User B unreachable by User A.
`Location server 240 may determine that UserA is allowed
`to contact User B and may even find multiple addresses at
`which User B may be reachable. If this is the case, location
`server 240 returns a SIP “300 Multiple Choices” message
`containing a list of the contacts to be tried.
`Upon receiving such a response, proxy server 230 then
`commences trying the contacts to see if User B can suc-
`cessfully be reached at any of the corresponding terminals
`222. This “Find-Me” functionality is usually carried out in
`sequence starting with the most recent registered location or
`following a specific order as provisioned for User B (phone
`then pager). In some configurations, it is conceivable that
`proxy server 230 may attempt all contacts in parallel. An
`attempt to establish contact with a terminal 222 involves
`sending a SIP “INVITE” to the terminal and waiting for a
`reply indicative of success or failure. Once a terminal 222
`responds with a SIP “200 OK” message or the like, stations
`212 and 222 have shared addresses and possibly negotiated
`session parameters and are ready to communicate, possibly
`through an RTP data stream. A manner in which transport
`network resources are coordinated to establish this “connec-
`
`

`
`US 7,197,560 B2
`
`9
`tion” of sorts through the packet network, while assuring
`timely packet delivery, is described in copending applica-
`tions U.S. patent application Ser. No. 10/095,956, filed on
`Mar. 12, 2002, entitled “Edge-Based Per-Flow QoS Admis-
`sion Control in a Data Networ ” by McDysan et al.; U.S.
`patent application Ser. No. 10/095,910, filed on Mar. 12,
`2002, entitled “Pool-Based Resource Management in a Data
`Networ ” by McDysan et al.; and U.S. patent application
`Ser. No. 10/095,909,
`filed on Mar. 12, 2002, entitled
`“Policy-Based Synchronization of Per-Class Resources
`Between Routes in a Data Networ ” by McDysan et al.; the
`content of each which is incorporated by reference in its
`entirety.
`The “Find-Me” feature is just one possible feature that
`may be supported and is of only moderate complexity
`compared to other possibilities. Further understanding of
`typical call flows in performing services may be obtained
`from the IETF document RFC 2543. Other examples are
`provided in U.S. patent application Ser. No. 60/365,738,
`filed on Mar. 18, 2002, entitled “System for Providing
`Communication Services Over a Data Network” by Gallant
`et al., the content of which is incorporated by reference in its
`entirety.
`An example of a somewhat more involved feature relates
`to “call forwarding on screening” as is described in co-
`pending application U.S. patent application Ser. No. 10/ 101,
`199, filed on Mar. 18, 2002, entitled “Call Forwarding on
`Screening” by Gallant, the content of which is incorporated
`by reference in its entirety. Basically call forwarding on
`screening refers to handling disallowed inbound calls other
`than by merely providing a busy signal to the caller.
`In the course of perfor