User data deidentification system for ip addresses
US-2024411929-A1 · Dec 12, 2024 · US
Method and apparatus for accessing a foreign network with an obfuscated mobile device user identity
US9825916B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9825916-B2 |
| Application number | US-75298807-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 24, 2007 |
| Priority date | May 24, 2007 |
| Publication date | Nov 21, 2017 |
| Grant date | Nov 21, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A mobile device identifier (such as an MSISDN) that typically accompanies a mobile device request is replaced with an “enriched” identifier that exposes the mobile device user's home operator but obfuscates the mobile device's (and, thus, the device user's) identity. In one embodiment, the identifier comprises a first part, and a second part. The first part comprises a data string that identifies (either directly or through a database lookup) the mobile device user's home operator. The second part, however, is an opaque data string, such as a one-time-use unique identifier (UID) or a value that is otherwise derived as a function of the MSISDN (or the like). The opaque data string encodes the mobile device's identity in a manner that preferably can be recovered only by the user's home operator (or an entity authorized thereby). When the mobile device user roams into a foreign network, that network receives the enriched identifier in lieu of an MSISDN. The foreign network uses the first part to identify the mobile device user's home network, e.g., to determine whether to permit the requested access (or to provide some other value-added service). The foreign network, however, cannot decode the second part; thus, the mobile device's identity (as well as the identity of the mobile device user) remains obscured. This ensures that the user's privacy is maintained, while preventing third parties from building a profile of the device based on the requests that include the MSISDN or similar identifier.
First claim
Opening claim text (preview).
Having described our invention, what we now claim is as follows: 1. A method, using a mobile device, of providing a mobile device user access to a network other than the device user's home network, comprising: together with a request by the mobile device to register to the network in a registration process, receiving an enriched identifier having a first part and a second part, the first part comprising a data string from which an identity of the device user's home network operator can be ascertained, the second part comprising a data string that is generated by encrypting a device identifier identifying the mobile device together with a secret shared between the mobile device and the home network, the second part preventing an operator of the network that receives the given request from determining a starting point of a brute force attack to ascertain the device identifier and an identity of the mobile device user; and as part of the registration process, using the enriched identifier to determine whether to permit the mobile device user access to the network by the following sub-steps: using the first part of the enriched identifier to identify a permitted entity; forwarding the second part of the enriched identifier to the permitted entity identified by the first part; receiving a permission, the permission having been derived as a result of mapping the second part of the enriched identifier to the device identifier; and upon receipt of the permission, providing the mobile device access to the network together with a value-added service. 2. The method as described in claim 1 wherein the second part is appended to the first part. 3. The method as described in claim 1 wherein the second part is prepended to the first part. 4. The method as described in claim 1 wherein the second part is changed periodically to create a modified data string. 5. The method as described in claim 1 wherein the data string in the first part is a unique identifier that is used by the operator of the network to identify the device user's home network operator. 6. The method as described in claim 1 wherein the data string in the second part is reusable during a given time period and wherein, during the given time period, the second part is guaranteed to be unique. 7. The method as described in claim 1 wherein the second part has multiple, different instances, with each different instance associated with one and only one roaming network provider. 8. The method as described in claim 1 wherein the permitted entity is the home network operator. 9. The method as described in claim 1 wherein the permitted entity is an entity authorized by the home network operator. 10. The method as described in claim 1 wherein the enriched identifier is provided with the given request in lieu of the device identifier. 11. The method as described in claim 1 wherein the data string in the second part is generated on the mobile device. 12. The method as described in claim 1 wherein the data string in the second part is pushed to the mobile device. 13. The method as described in claim 12 wherein the data string in the second part is provided to the mobile device from the home network operator. 14. The method as described in claim 13 wherein the data string in the second part is pushed to the mobile device from the home network operator over a secure channel. 15. The method as described in claim 1 wherein the data string of the second part encodes one of a mobile device MSISDN, and any other tag that binds the mobile device to a user. 16. In a wireless network in which mobile devices roam, a method for providing a service, comprising: receiving from a mobile device a request for the service, the request received during an attempt by the mobile device to register to the wireless network in a registration process, the request accompanied by an enriched identifier having a first part and a second part, the first part comprising a data string from which an identity of the device user's home network operator can be ascertained, the second part comprising a data string that is generated by encrypting a device identifier identifying the mobile device together with a secret shared between the mobile device and the home network, the second part preventing an operator of the wireless network that receives the request from determining a starting point of a brute force attack to ascertain the device identifier and an identity of the mobile device user; and as part of the registration process, using the identifier to make a determination whether to provide the service by the following sub-steps: using the first part of the enriched identifier to identify a permitted entity; forwarding the second part of the enriched identifier to the permitted entity identified by the first part; receiving a permission, the permission having been derived as a result of mapping the second part of the enriched identifier to the device identifier; and upon receipt of the permission, providing the mobile device access to the wireless network together with a value-added service. 17. The method as described in claim 16 wherein the second part has multiple, different instances, with each different instance associated with one and only one roaming network provider. 18. The method as described in claim 16 wherein the permitted entity is the device user's home network operator or an entity authorized by the device user's home network operator. 19. The method as described in claim 16 wherein the service is access to the wireless network. 20. Apparatus for use by a provider in a foreign network into which mobile devices roam, wherein a mobile device is subscribed to a home network, comprising: a processor; and a computer program product comprising a computer useable medium having a computer readable program, wherein the computer readable program executed by the processor performs the following operations: receiving from a mobile device a request for a service, the request received during an attempt by the mobile device to register to the foreign network in a registration process, the request accompanied by an enriched identifier having a first part and a second part, the first part comprising a data string from which an identity of the mobile device user's home network provider can be ascertained, the second part comprising a data string that is generated by encrypting a device identifier identifying the mobile device together with a secret shared between the mobile device and the home network, the second part preventing the foreign network operator that receives the request from determining a starting point of a brute force attack to ascertain the device identifier and an identity of the mobile device user; as part of the registration process, forwarding the second part to the mobile device user's home network provider as identified by the first part; as part of the registration process, receiving a permission from the mobile device user's home network provider, the permission having been derived as a result of mapping the second part of the enriched identifier to the device identifier; and upon receipt of the permission, providing the mobile device access to the foreign network together with a value-added service. 21. The apparatus as described in claim 20 wherein the device identifier associated with the mobile device is one of a mobile device MSISDN, and any other tag that binds a user to the mobile device.
Assignees
Inventors
Classifications
Terminal devices · CPC title
Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII] · CPC title
Public Land Mobile systems, e.g. cellular systems · CPC title
- H04L63/0414Primary
during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication · CPC title
Gateway arrangements · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9825916B2 cover?
- A mobile device identifier (such as an MSISDN) that typically accompanies a mobile device request is replaced with an “enriched” identifier that exposes the mobile device user's home operator but obfuscates the mobile device's (and, thus, the device user's) identity. In one embodiment, the identifier comprises a first part, and a second part. The first part comprises a data string that identifi…
- Who is the assignee on this patent?
- Hinton Heather Maria, Angwin Alastair John, Pozefsky Mark, and 1 more
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0414. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 21 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).