Method and system for identifying a user
Abstract
A data server derives information regarding the identities of users placing calls in a circuit-switched communication network. It per forms this task by initially establishing at least one known and trusted identity “seed”. The data server uses the trusted identity seed, in conjunction with information regarding calls placed in the circuit-switched communication network, to derive additional user identities. Further, a user device may encrypt its secret identification number before transmitting it to the data server to maintain the secrecy of this information. The data server is additionally configured to modify previously derived identities when the server determines that they have become inaccurate.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method for deriving the identity of a user, characterized in that the method comprises the steps of:
establishing a first known identity associated with a first user; storing the first known identity in a database; receiving information regarding a communication between the first user and a second user; deriving a second known identity associated with the second user based on the first known identity and the received information regarding the communication with the second user; and updating the database to store the second known identity in the database.
2 . The method according to claim 1 , characterized in that the step of establishing a known identity comprises establishing a mapping between a secret identification number (SI 1 ) and public identification number (PI 1 ) for the first user.
3 . The method according to claim 2 , characterized in that the secret identification number (SI 1 ) comprises an IMSI number and the public identification number (PI 1 ) comprises a MSISDN number.
4 . The method according to claim 2 or 3 , characterized in that the information regarding the communication includes: a) in the case where the first user initiates a call, the secret identification number (SI 1 ) corresponding to the first user and a public identification number (PI 2 ) corresponding to the second user; or b) in the case where the second user initiates a call, the secret identification number (SI 2 ) corresponding to the second user and a public identification number (PI 1 ) corresponding to the first user.
5 . The method according to any one of claims 2 to 4 , characterized in that the secret identification number (SI 1 or SI 2 ) is encrypted prior to transmission to form an encrypted secret identification number (FI 1 or FI 2 ).
6 . The method according to any one of claims 2 to 5 , characterized in that the step of deriving includes:
accessing the database to determine the identification numbers (SI1, PI1) of the first user based on the received information;
in the case where the first user initiates the call, receiving a message from the second user, the message including an indication of the secret identification number (SI 2 ) of the second user and the public identification number (PI 1 ) of the first user, or, in the case where the second user initiates the call, receiving a message from the first user, the message including an indication of the secret identification number (SI 1 ) of the first user and the public identification number (PI 2 ) of the second user; and
using the information obtained in the accessing and receiving substeps to derive a known mapping between the secret identification number of the second user (SI 2 ) and the public identification number of the second user (PI 2 ).
7 . The method according to any one of claims 1 to 6 , characterized in that the method further comprises the steps of:
determining the identity of the second user using another known identity to form an updated identity;
determining whether the updated identity has a higher confidence level than a previously stored identity for the second user; and
storing the updated identity in the database if it has a higher confidence level than the previously stored identity.
8 . The method according to claim 7 , characterized in that the confidence level is at least one of:
a distance measure which indicates the number of derivations from a trusted identity to a final derived identity; or an age measure which indicates the lapse of time since an identity was uncovered.
9 . The method according to any one of claims 1 to 8 , characterized in that the establishing, storing, receiving, deriving and updating steps are performed in a data server in a first communication network, and wherein the identities pertain to users of a second communication network.
10 . The method according to claim 9 , characterized in that the first data network is a packet-switched communication network, and the second network is a circuit-switched communication network.
11 . A system for deriving the identity of a user, comprising:
at least first and second user devices operated by first and second users, respectively; a data server for providing at least one service to the first and/or second users; a first data network connected to the data server; and a second communications network providing communication services to the first and second users, characterized in that the data server includes a database and a processing unit, wherein said processing unit includes: establishing logic for establishing a first known identity associated with the first user; storing logic for storing the first known identity in the database; receiving logic for receiving information regarding a communication between the first user and the second user; deriving logic for deriving a second known identity associated with the second user based on the first known identity and the received information regarding the communication with the second user; and updating logic for updating the database to store the second known identity in the database.
12 . The system according to claim 11 , characterized in that the processing logic for establishing a known identity comprises logic for establishing a mapping between a secret identification number (SI 1 ) and public identification number (PI 1 ) for the first user.
13 . The system according to claim 12 , characterized in that the secret identification number (SI 1 ) comprises an IMSI number and the public identification number (PI 1 ) comprises a MSISDN number.
14 . The system according to claim 12 or 13 , characterized in that the information regarding the communication includes: a) in the case where the first user initiates a call, the secret identification number (SI 1 ) corresponding to the first user and a public identification number (PI 2 ) corresponding to the second user; or b) in the case where the second user initiates a call, the secret identification number (SI 2 ) corresponding to the second user and a public identification number (PI 1 ) corresponding to the first user.
15 . The system according to any one of claims 12 to 14 , characterized in that the secret identification number (SI 1, or SI 2 ) is encrypted prior to transmission to form an encrypted secret identification number (FI 1 or FI 2 ).
16 . The system according to any one of claims 12 to 15 , characterized in that the logic for deriving includes:
accessing logic for accessing the database to determine the identification numbers (SI 1 , PI 1 ) of the first user based on the received information;
receiving logic for receiving, in the case where the first user initiates a call, a message from the second user, the message including an indication of the secret identification number (SI 2 ) of the second user and the public identification number (PI 1 ) of the first user or, in the case where the second user initiates the call, receiving a message from the first user, the message including an indication of the secret identification number (SI 1 ) of the first user and the public identification number (PI 2 ) of the second user; and
mapping logic for using the information obtained by the accessing and message receiving logic to derive a known mapping between the secret identification number of the second user (SI 2 ) and the public identification number of the second user (PI 2 ).
17 . The system according to any one of claims 11 to 16 , characterized in that the processing unit further includes:
determining logic for determining the identity of the second user using another known identity to form an updated identity;
determining logic for determining whether the updated identity has a higher confidence level than a previously stored identity; and
storing logic for storing the updated identity in the database if it has a higher confidence level than the previously stored identity.
18 . The system according to claim 17 , characterized in that the confidence level is at least one of:
a distance measure which indicates the number of derivations from a trusted identity and a final derived identity; or an age measure which indicates the lapse of time since an identity was uncovered.
19 . The system according to any one of claims 11 to 15 , characterized in that the identities pertain to users of the second communication network.
20 . The system according to any one of claims 11 to 19 , characterized in that the first data network is a packet-switched communication network, and the second network is a circuit-switched communication network.
21 . A data server for deriving the identity of a user, comprising a database and a processing unit, characterized in that said processing unit includes:
establishing logic for establishing a first known identity associated with a first user; storing logic for storing the first known identity in the database; receiving logic for receiving information regarding a communication between the first user and a second user; deriving logic for deriving a second known identity associated with the second user based on the first known identity and the received information regarding the communication with the second user; and updating logic for updating the database to store the second known identity in the database.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.