WO2005119993A1

WO2005119993A1 - Filtering messages comprising spam and/or viruses in a wireless communication

Info

Publication number: WO2005119993A1
Application number: PCT/IB2005/000990
Authority: WO
Inventors: Daniel M. Bauer; Antonius Engbersen; John G. Rooney; Paolo Scotton
Original assignee: International Business Machines Corporation
Priority date: 2004-05-25
Filing date: 2005-04-12
Publication date: 2005-12-15
Also published as: EP1749382A1; CN1961545A; JP2008501269A; KR20070032943A

Abstract

The invention is directed to a method and system for identifying unwanted short message service (SMS) messages in a mobile wireless communication system. The problem of unwanted-junk or spam electronic messages (emails) is well known in the context of the Internet. However, the problem of spam SMS messages in wireless communication networks is growing. The present invention comprises a scalable solution to the issue of filtering packet data messages in wireless communication systems by delegating the function of filtering such messages to devices located in a layer of the communication network below the short message centres (SMCs). The filtering devices are employed in association with base station controllers. An advantage offered by this arrangement is that the system is scalable such that each device filters only a small proportion of the packet data messages handled by the communication network as a whole. The method includes intercepting unwanted messages and performing an action on them to indicate that they are unwanted.

Description

Filtering Messages Comprising Spam and/or Viruses in a Wireless Communication System

Field of the Invention

The present invention concerns a method and system for filtering messages that may comprise spam and/or contain viruses in a wireless communication system. The invention is particularly, but not exclusively, directed to a method and system for identifying short message service (SMS) messages and/or multi-media message service (MMS) messages that comprise spam and/or contain viruses in a mobile wireless communication system.

Background to the Invention

The short message service (SMS) system that is common to most mobile wireless communication networks presently in operation today traditionally enables wireless communication network subscribers to exchange simple text messages via their mobile wireless terminals or other suitably enabled wireless devices. The SMS system functions as a store and forward platform for guaranteed delivery of short messages by means of a Short Message Centre (SMC) that connects to one or more Mobile Switching Centres (MSCs) of the wireless communication network.

The problem of unwanted-junk or spam electronic messages (emails) and the methods of combating it are well known in the context of the Internet. However, the problem of spam SMS messages in wireless communication networks is growing. As such, it is becoming of increasing importance to wireless communication network operators to combat this growing menace which may not only flood a recipient (communication network subscriber) with unsolicited messages but may expose them to malicious messages. One common example of an unsolicited SMS message that is designed to financially benefit the SMS message originator to the detriment of the recipient is to send an SMS message advising the recipient that he/she has won a prize in the hope of enticing the recipient to call a very high-toll phone number to claim the prize. A further example is the sending of an unsolicited SMS message advising a recipient that they have missed a call and identifying the telephone number of the missed call. Once again, the recipient is enticed into calling a high-toll number.

As wireless terminals and other suitably enabled wireless devices become more technically sophisticated, SMS has evolved to the point where SMS messages can comprise something more than a simple text message.

Nowadays, a growing proportion of mobile terminals are enabled with sophisticated functions allowing the terminals to interpret macros embedded in SMS messages and to automatically perform functions in accordance with the embedded macros once the SMS messages are read. This may comprise causing the mobile terminal to download a suitably formatted webpage or some other unsolicited electronic message. However, it may be more sinister than that. For example, it is possible for such macros to cause the recipient's mobile terminal to automatically make a "return" call to a very high-toll number whereby the SMS message recipient unsuspectingly incurs a heavy call charge which financially benefits the SMS message originator. Often, when the recipient later becomes aware of the high level of charge they have unsuspectingly incurred, they look to the wireless communication network operator/service provider rather than the message originator for recompense because the message originator is difficult to identify or situated in a different country, for example.

Many mobile wireless communication network operators and service providers are presently introducing multi-media message services (MMSs). Moreover, as mobile terminals are programmable devices, it is becoming increasingly likely that both SMS messages and MMS messages will be used as the vehicles for spam and/or to convey viruses or the like that will infect mobile terminals and make communication network system level devices more vulnerable to infection than they are at present. It is estimated that 60% of all electronic messages (emails) transmitted over the Internet comprise unsolicited (spam) messages and that about 10% carry viruses, worms or the like. Consequently, users of the Internet expend considerable efforts in filtering emails in an effort to reduce the amount of unwanted-emails they receive. Apart from the nuisance caused by the receipt of large numbers of unwanted-emails and the risk of the recipient's computing device becoming infected with a virus, for example, one other reason for attempting to prevent such emails being received is that a large proportion of these messages comprise content considered distasteful to many and unsuitable for children. Wireless communication network operators and service providers realise that they must now combat similar issues within their communication networks.

In a mobile wireless communication system where communication network resources are finite, the presence of spam SMS messages is detrimental to communication network subscribers because of the nuisance of receiving such messages and the possible heavy charges resulting from responding to them. For the communication network operator/wireless service provider there is not only the dissatisfaction of subscribers to receiving such unsolicited messages but an economic cost associated with hosting a high volume of low cost SMS messages that may displace higher revenue generating services. A further problem is the capital cost of expanding the communication network capacity to host an increase in such low revenue generating services. In some wireless communication networks, the proportion of SMS messages that constitute spam has grown to about 20% of such messages and is already becoming difficult to manage with existing communication network infrastructure. At 60%, this level of spam SMS may cause communication network connection problems for normal call connections.

United States Patent Application Number US2003/0083078 discloses a system and method for identifying unsolicited SMS messages in a mobile wireless communication network by performing a look-up in an SMS message discrimination database using at least one of sending or receiving party identification information to determine whether an SMS message is wanted by an intended message recipient. The system for performing the method as taught in US2003/0083078 comprises a signalling gateway node including a message discrimination module. The signalling gateway node is located in a layer of the communication network above the communication network SMCs, i.e. if the message discrimination module in the signalling gateway determines that an unwanted (spam) SMS message is being sent to a mobile terminal, it discards the SMS message thereby preventing said message from being forwarded to a forwarding SMC associated with said mobile terminal and consequently to the terminal itself.

Referring to figure 1 , there is illustrated in block schematic form a simplified structure of a conventional global system for mobile communication (GSM) wireless communication network generally designated as 10. The communication network comprises a number of mobile switching centres (MSCs) 12. Each MSC 12 controls a plurality of base station controllers (BSCs) 14 which in turn each control a plurality of base stations (BSs) 16. Each BS 16 manages the communication network to air interface 15 for any mobile terminals 18 that are currently within its wireless coverage area (cell).

A normal call connection between a first mobile terminal 18a and a second mobile terminal 18b comprises a communication link through the first terminal's BS 16a, its BSC 14a, its MSC 12a to the second terminal's BS controller 14b, its BS 16b and on to the second terminal 18b. Where the BSC 14b associated with the second terminal 18b is served by a different MSC 12b to that of the first terminal 18a then the second MSC 12b also forms part of the communication link of the call connection. The MSCs 12 may be interconnected by a GSM backhaul communication network 20 which may comprise any of a wire-line communication network, a wireless communication network, a satellite communication network or any combination thereof. Equally, the MSCs 12 may be interconnected through a public switched telephone communication network (PSTN) 22 or any combination of a PSTN 22 with the aforesaid communication networks. The GSM communication network 10 includes at least one short message centre (SMC) 24 which is responsible for relaying, storing and forwarding SMS messages between sending and receiving SMS enabled mobile terminals 18. An SMS message comprises a packet data based message having low bandwidth requirements. Where an SMS message cannot be immediately delivered to a recipient mobile terminal 18, the SMC 24 stores the message until the recipient terminal 18 becomes available such as through the switching on by a subscriber of his/her mobile terminal 18, for example. The SMC 24 may be connected through a suitable gateway (not shown) to the Internet and/or other data communication networks 26 in order to allow the delivery of electronic messages originating in such communication networks 26 to addressed mobile terminals 18. In such a case, the SMC 24 is enabled to transform an electronic message received from such a communication network 26 to a format compatible with the SMS system.

Such communication networks 26 represent the most likely future source of unsolicited SMS messages to mobile terminals given the cost penalty associated with the generation of such messages from within the wireless communication network 10. In addition, if an unsolicited message originator (attacker) within the wireless communication network attempted to flood the wireless communication network 10 with spam SMS messages (in a similar fashion to spam emails on the Internet), this could be prevented at the SMCs 12 through an analysis of routing information as all SMS messages are routed through the SMCs 12.

In the GSM wireless communication network 10 of figure 1 and similarly in the system taught by US2003/0083078, it will be noted that the system includes a small number of SMCs 24 compared to the number of BSCs 14 and/or BSs 16 comprising the communication network 10. In a real mobile wireless communication network, the number of BSs 16 may number in the tens of thousands, the number of BSCs 14 may number in the thousands whereas the number of SMCs 24 will be comparable to the number of MSCs 12 which may be tens in number. In such a real communication network, the number of SMS messages carried by the communication network on a monthly basis will typically number in the billions which presents an overwhelming processing challenge for the SMCs 24 if the filtering of SMS messages to detect unwanted messages is conducted at these devices. In the case of US2003/0080378, the processing challenge at the signalling gateway node is essentially of the same order. Consequently, the processing apparatus that is required at each SMC 24 of the communication network illustrated by figure 1 or at each signalling gateway node of the communication network taught by US2003/0083078 must be very large in scale and prohibitively expensive to install. It would also lead to undesirable delays in forwarding SMS messages to recipients.

The foregoing problem will be exacerbated if, as anticipated, the scale of SMS message exchange within wireless communication networks and from sources external to such communication networks continues to grow at current rates and further exacerbated by the introduction and anticipated growth in MMS message exchanges.

Also, the system of preventing unwanted-SMS messages reaching recipients as taught in US2003/0083078 by examining at least one of sending or receiving party identification (routing) information is not effective against smaller scale more targeted SMS message delivery strategies and is not designed to analyse the content of such messages to automatically highlight the probability of its content comprising spam or the presence of viruses, worms or the like.

Object of the Invention

It is an object of the invention to mitigate and/or obviate problems associated with known SMS spam filtering systems in wireless communication networks.

It is another object of the invention to provide a method and system for identifying SMS messages and/or MMS messages that comprise spam and/or contain viruses in a mobile wireless communication system. It is yet another object of the invention to provide a scalable system for identifying SMS messages and/or MMS messages that comprise spam and/or contain viruses in a mobile wireless communication system.

Summary of the Invention

The present invention comprises a scalable solution to the issue of filtering packet data messages in wireless communication systems by delegating the function of filtering such messages to an element of the communication network other than an element architecturally arranged for processing such packet data messages. Here, the element architecturally arranged for processing such packet data messages would be for example the data message forwarder or the MSC. For removal of doubt, the expression "architecturally arranged for processing packet data messages" can be understood as the criterion that an element is positioned in the network architecture of the communication network in order to perform data packet processing. Processing here includes functions like forwarding, compressing, transcoding, encrypting, decrypting etc. The element of the communication network other than an element architecturally arranged for processing such packet data messages would be for example the BSC. The BSC is located in a layer of the communication network below the SMCs or MSC. Preferably, the filtering devices are employed in association with base station controllers. Advantages offered by this arrangement include that the provision of a system for filtering packet data messages in the wireless communication network can be implemented progressively thus controlling capital expenditure associated with such implementation and that the system is scalable such that each filtering device filters only a smaller proportion of the packet data messages that are handled by the communication network as a whole.

In a first aspect of the present invention, there is provided a method of identifying unwanted-packet data messages in a wireless communication network, comprising the steps of: intercepting a packet data message with an element of the communication network other than an element architecturally arranged for processing such packet data messages; determining whether an intercepted packet data message is an unwanted message; and, if it is determined that an intercepted packet data message is an unwanted message, then performing an action on said message to indicate that it is unwanted. Such action can also comprise a series of single actions.

The element of the communication network other than an element architecturally arranged for processing such packet data messages is in the following for easier reference also referred to as packet data message interceptor. The element architecturally arranged for processing such packet data messages is in the following for easier reference also referred to as packet data message forwarder. The architecture of the communication network typically exhibits a layered structure which here is referred to for better clarity. Above the wireless communication network terminals 118, a base station layer follows, above which a base station controller layer is arranged. Above that layer, the mobile switching center (MSC) layer follows which is here the layer comprising the elements architecturally arranged for processing packet data messages. Since this is the topmost layer, the packet data message interceptor will typically be arranged in a layer below the MSC layer.

Preferably, the packet data message forwarder comprises a short message centre (SMC) and/or a multi-media message centre (MMC) connected to a mobile switching centre (MSC) of the wireless communication network and the wireless communication network is a mobile wireless communication network.

Preferably also, the packet data message interceptor is provided in the wireless communication network such that it intercepts packet data messages sent by or being delivered to wireless communication network terminals served by a predetermined base station controller and/or a base station. The packet data message interceptor may be co-located with a base station controller.

Consequently, the packet data message interceptor which includes a filter to determine whether an intercepted message is wanted or not is such that it handles only those packet data messages such as SMS and MMS messages being transmitted by or addressed to a small sub-set of the wireless communication network's subscribers served by a predetermined base station or set of base stations. In this manner, the method and system of the invention are implemented as a scalable solution to the enormous task of filtering SMS messages or the like. In addition, by distributing the system at a lower layer in the communication network than that of communication network systems such as MSCs and SMCs, the transmission delays inherent in any filtering mechanism are made smaller compared to the delays that would occur if the filtering system of the invention were implemented at a higher layer in the communication network than that proposed.

The method of the invention can be implemented as a software program executable on a processor of the packet data interceptor wherein a memory is arranged to store machine readable instructions comprising program code of said software program for implementing the first aspect of the invention.

The said step of determining whether an intercepted packet data message is an unwanted message may comprise the method taught by US2003/0083078, for example.

Preferably, the step of determining whether an intercepted packet data message is an unwanted message comprises analysing a content of said message to determine if said content comprises a malicious attack code, spam and/or determining whether said content contains a virus, worm or the like.

As wireless communication networks terminals are becoming more sophisticated, it is becoming increasingly necessary to adapt said systems to combat the growing problem of spam messages within the wireless communication networks and the inevitable spread of viruses within said communication networks.

The step of performing an action on an intercepted message to indicate that it is an unwanted message may comprise any of: discarding the message; encapsulating the message with a warning that it may comprise spam and/or contain a virus, worm or the like and forwarding said encapsulated message to the intended recipient; or forwarding the message to another destination to that of the intended recipient such as a spam repository.

Preferably, as an initial step prior to determining if an intercepted packet data message is an unwanted message, the method includes the step of determining whether an intercepted message is an SMS and/or an MMS message and, if it is determined that said intercepted message is not an SMS and/or an MMS message, then forwarding said message to its intended destination thereby bypassing an unwanted-message determinator. The inclusion of an initial step as aforesaid increases the message filtering speed where the system is concerned only with SMS and MMS messages.

Preferably also, as an initial or additional step prior to determining if an intercepted packet data message is an unwanted message, the method includes the step of determining whether said message has originated from the terminal of a communication network subscriber who subscribes to an unwanted message filtering service.

The filtering method in accordance with the invention may be offered on a subscription basis only as a means of generating additional communication network operation revenues for operators and service providers.

In a second aspect of the present invention, there is provided a system for identifying unwanted-packet data messages in a wireless communication network, characterised in that it comprises: a packet data message interceptor that is located in a layer of the communication network below that of a packet data message forwarder; a means for determining whether an intercepted packet data message is an unwanted message, also referred to as unwanted-message determinator; and a processor responsive to said unwanted-message determinator to process said message to indicate that it is unwanted. Preferably, the system includes an updater for updating a memory of the packet data message interceptor with program code comprising newer definitions for malicious attack code, spam, viruses, worms or the like.

In a third aspect of the present invention, there is provided a packet data message interceptor for intercepting packet data messages sent by or being delivered to wireless communication network terminals served by a predetermined base station controller and/or a base station in a wireless communication system, said packet data message interceptor being located in a layer of the communication network below that of a packet data message forwarder, said packet data message interceptor including a memory and a processor, said memory being arranged to store machine readable instructions comprising program code for executing the method in accordance with the first aspect of the invention and said processor being arranged to execute the stored program code.

In a fourth aspect of the present invention, there is provided a machine readable medium comprising program code executable on a device in accordance with the third aspect of the invention for implementing the method of the first aspect of the invention.

In a fifth aspect of the present invention, there is provided a method of identifying unwanted-packet data messages in a wireless communication network, characterised in that it comprises the steps of: determining whether an intercepted packet data message is an unwanted message; and, if it is determined that an intercepted packet data message is an unwanted message, then performing an action on said message to indicate that it is unwanted, wherein said step of determining whether an intercepted packet data message is an unwanted message comprises analysing a content of said message to determine if it comprises malicious attack code, spam and/or a virus, worm or the like.

Preferably, the packet data message interceptor is provided in the communication network in a layer below that of a packet data message forwarder, said packet data message forwarder comprises a short message centre (SMC) and/or a multi- media message centre (MMC) connected to a mobile switching centre (MSC) of the wireless communication network and the wireless communication network is a mobile wireless communication network.

In a sixth aspect of the present invention, there is provided a system for identifying unwanted-packet data messages in a wireless communication network, characterised in that it comprises: a packet data message interceptor, an unwanted-message determinator for determining whether an intercepted packet data message is an unwanted message; and, a processor responsive to said unwanted-message determinator to process said message to indicate that it is unwanted, wherein said unwanted-message determinator analyses a content of said message to determine if it comprises spam and/or a virus, worm or the like.

Preferably, the packet data message interceptor is provided in the communication network in a layer below that of a packet data message forwarder, said packet data message forwarder comprises a short message centre (SMC) and/or a multimedia message centre (MMC) connected to a mobile switching centre (MSC) of the wireless communication network and the wireless communication network is a mobile wireless communication network.

In a seventh aspect of the present invention, there is provided a packet data message interceptor for intercepting packet data messages sent by or being delivered to wireless communication network terminals served by a predetermined base station controller and/or a base station in a wireless communication system, said packet data message interceptor including a memory and a processor, said memory being arranged to store machine readable instructions comprising program code comprising the method of the fifth aspect of the invention and said processor being arranged to execute the stored program code to implement said method.

In an eight aspect of the present invention, there is provided a machine readable medium comprising program code executable on a device according to the seventh aspect of the invention for implementing the method of the fifth aspect of the invention. Brief description of the drawings

A description of the present invention will follow with reference to the accompanying drawings, of which:

Figure 1 is a block schematic diagram illustrating a simplified structure of a conventional global system for mobile communication (GSM) wireless communication network;

Figure 2 is a block schematic diagram illustrating a simplified structure of a GSM wireless communication network in accordance with the present invention;

Figure 3 is a block schematic diagram of a packet data message interception and processing system in accordance with the present invention;

Figure 4 is a flow diagram comprising a logical representation of a wireless communication network base station controller in accordance with the present invention; and

Figure 5 is a flow diagram comprising a logical representation of an wanted packet data message determinator in accordance with the present invention.

Detailed description of a preferred embodiment

The foregoing and further features of the present invention will be more readily understood from a description of a preferred embodiment, by way of example thereof, with reference to figures 2 to 5 of the accompanying drawings.

In the following description of a GSM mobile wireless communication network in accordance with the invention, like numerals to those employed in the description of a conventional GSM mobile wireless communication network as shown in figure 1 will be employed to denote like parts, but will be preceded by the numeral "1".

Referring to figure 2, the GSM communication network 110 comprises a plurality of mobile switching centres (MSCs) 112. The primary function of each MSC 112 is to switch call connections between mobile terminals 118 and between mobile terminals 118 and handsets (not shown) in a fixed or wireline communication network such as a PSTN 122. Each MSC 112 controls a plurality of base station controllers (BSCs) 114 which in turn each control a plurality of base stations (BSs) 116. Each BS 116 manages the communication network to air interface 115 for any mobile terminals 118 that are currently within its wireless coverage area (cell).

The GSM communication network 110 includes at least one packet data message forwarding centre (M/SMC) 124 which is responsible for relaying, storing and forwarding short message service (SMS) and/or multi-media service (MMS) messages between sending and receiving M/SMS enabled mobile terminals 118. The M/SMC 124, which for convenience is shown as a combined functionality device in figure 2, may comprise any of an SMC, an MMC, a separate SMC and a separate MMC or a combined SMC and MMC as illustrated. The M/SMC 124 may be capable of relaying, storing and forwarding other types of packet data messages in addition to SMS and MMS messages, but functions generally in the same manner as an SMC in a conventional GSM communication network. The M/SMC 124 may be connected through a suitable gateway (not shown) to the Internet and/or other data communication networks 126 in order to enable the delivery of electronic messages originating in such communication networks 126 to addressed mobile terminals 118. In such a case, the M/SMC 124 is enabled to transform an electronic message received from such a communication network 126 into a format compatible with the SMS and/or MMS systems.

The GSM communication network 110 of figure 2 described thus far has a structure that will be generally familiar to a skilled artisan. As such, it is not necessary to include a more detailed description and operation of such a communication network to understand the following description of how such a communication network can be adapted in accordance with the present invention by way of example thereof.

The proposed solution seeks to distribute or delegate processing of packet data messages being transmitted by mobile terminals 118 or being received by them away from high-level communication network devices such as an SMC or an MSC since the volume of packet data message based traffic passing through each of such devices comprises a significant proportion of the whole of the packet data message traffic handled by the communication network 110. As such, the processing capabilities of message filtering/processing devices at this level in the communication network 110 would have to be huge. Consequently, in order to provide a scalable system for processing packet data messages such as SMS and MMS messages to identify those that are unwanted, e.g. comprise spam and/or contain computer viruses, worms or the like, there is associated with each base station controller (BSC) 114 a packet data message interception and processing system 128, also referred to as packet data message interceptor, which intercepts and processes packet data messages such as SMS and/or MMS messages going to or coming from mobile terminals 118. Hence the packet data message interceptor 128 is here arranged on a level or layer below the layer of the SMC or MSC 112 or the packet data message forwarder 124.

Each packet data message interception and processing system 128 is located in the communication network 110 such that it intercepts the packet data message traffic of a predetermined BSC 114 thereby delegating/distributing the message processing effort to an intermediate layer of the wireless communication network 1 10.

In addition to the packet data message interception and processing system 128 associated with each BSC 114, there is provided at least one unwanted-message definition server 130 which maintains an up to date list of unwanted message definitions and message filtering rules.

The packet data message interception and processing system 128 and its interaction with the unwanted-message definition server 130 will be more fully understood from a description of figure 3. The message interception and processing system generally designated by numeral 128 in figure 3 includes an interface 132 in its associated BSC 114. This interface 132 may comprise a Common Object Request Broker Architecture (CORBA) enabled interface. CORBA is a vendor-independent architecture and infrastructure standard that computer applications can use to work together over communication networks. The interface 132 allows packet data messages passing through the BSC 114 to be intercepted at the BSC 114 and conveyed to a similarly enabled interface 134 of an unwanted-message determinator 136. The unwanted message determination system forms part of the packet data message interception and processing system 128. Although said unwanted-message determinator 136 is shown for convenience as a separate module to the message interception interface 132 in figure 3, it will be understood that the message interception interface 132 and unwanted-message determinator 136 could indeed be provided as separate modules interconnected by a suitable communication link or as an integrated device within the BSC 114. It will also be appreciated that the packet data message interception and processing system 128 need not be co-located with the BSC 114, but that co-location offers some advantages such as a common power supply etc. The message interception interface 132 is located at a site in the communication network 110 convenient for intercepting packet data messages carried by its associated BSC 114.

The unwanted-message determinator 136 comprises a processor 138 which processes intercepted packet data messages received at the interface 134 in accordance with a set of filtering algorithms (rules) stored as program code in a memory 140. The filtering algorithms may comprise one or more spam detection algorithms which are applied to the content of an intercepted message to analyse its content to determine if it constitutes spam. Alternatively or additionally, the filtering algorithms may comprise one or more virus detection algorithms for analysing the content of an intercepted message to determine if it contains a computer virus or the like.

The filtering algorithms employed by the processor 138 to analyse the content of intercepted messages may be dynamically downloaded to the memory 140 from the unwanted-message definition server 130 which acts as the or one of a number of servers for maintaining up to date unwanted message definitions and filtering algorithms for the packet data message interception and processing systems 128 of the wireless communication network 110. Updates from the unwanted-message definition server 130 may be conducted in response to a request for an update initiated by a processing system processor 138 or on a periodical basis as will be familiar to a skilled artisan in the context of the Internet.

The unwanted-message definition server 130 and packet data message processing systems 128 may be implemented by a system such as the International Business Machines (IBM) "System Management Framework" which comprises a computing platform that allows code to be dynamically downloaded from a SMF server (unwanted-message definition server 130) to many SMF clients (processing systems 128). The unwanted-message definition server 130 could be co-located with an M/SMC 124 in the wireless communication network 110.

The memory 140 also stores program code executable by the processor 138 for performing an action on an intercepted message in accordance with the result of the step of analysing the content of the message in accordance with the one or more filtering (spam and/or virus detection) algorithms. Where the step of determining whether an intercepted message is wanted or not results in a determination that the message is wanted or safe, then the message is conveyed via the interface 134 to the BSC 114 for forwarding to its intended destination. However, where it is determined that a message is unwanted or not safe then there are a number of options for the further performing an action on of said message.

A first option for further performing an action on an unwanted message is to simply discard it. A second option is to forward the unwanted message to a repository 142. This option is particularly applicable to unwanted messages deemed unsafe through the presence of viruses or the like or messages determined as unwanted because they are deemed to comprise spam. A repository 140 for such messages provides the communication network operator or service provider with the ability to analyse messages determined as unwanted to improve spam and virus filtering algorithms. A further option to further process messages determined as unwanted is to encapsulate said messages with a warning and forward the encapsulated message to its intended recipient. The message is encapsulated such that on opening the message only the warning part of the message is opened initially to forewarn the recipient that the message may comprise spam or may contain a virus, for example.

Referring now to figure 4, this comprises a flow diagram that logically represents the BSC 114 when the packet data message interception and processing system 128 associated with said BSC 114 is configured to intercept and process SMS messages being transmitted from and being delivered to terminals 118 controlled by the BSC 114.

In a first initial step, a packet data message received from an MSC 112 is analysed to determine if it comprises an SMS message or not. This step can be conducted in a processor (not shown) of the BSC 114. Where it is determined that the intercepted packet data message is not an SMS message then the message is forwarded by the BSC 114 to a BS 116 for relaying to its intended recipient. For packet data messages received at the BSC 114 from a BS 116, a similar initial step is conducted and where it is determined that the intercepted packet data message is not an SMS message, said message is forwarded to the MSC 112 for onward transmission.

The above function is performed by an SMS/MMS determinator for determining whether an intercepted message is any of an SMS and an MMS message and a forwarder responsive to said SMS/MMS determinator for forwarding said message to its intended destination thereby by-passing the unwanted-message determinator 136 of the packet data message interceptor 128 when it is determined that said intercepted message is not an SMS and not an MMS message.

In either case above, where it is determined that an intercepted message is an SMS message then said message is re-directed to the unwanted-message determinator 136 for further handling as already described. Where an SMS message that was re-directed to the unwanted-message determinator 136 is determined to comprise a wanted or safe SMS message, said message is returned to the BSC 114 where a determination is made of whether said returned SMS message is destined for the MSC 112 or a BS 116 and the message forwarded accordingly. This further step may be conducted in the processor of the BSC 114.

In a further initial step, the processor of the BSC 114 or the processor 138 of the unwanted-message determinator 136 may be arranged and designed to determine whether an intercepted packet data message has originated from a subscriber terminal 118 that is identified as subscribing to a message filtering service. In the case that it is, the message is processed as aforesaid. The processor hence comprises an origin-determinator functionality. Where it is determined that it is not, then the message may be forwarded to its intended recipient without being processed, i.e. by-passing the unwanted-message determinator 136. However, the communication network operator or service provider may operate a policy of discarding the messages of a communication network subscriber not contracted to the message filtering service where it is determined that said message may be unsafe, i.e. contain a virus or the like.

The BSC processor and the message determination processor 138 may comprise a single processor where the packet data message interception and processing system 128 is co-located with the BSC 114.

Figure 5 comprises a flow diagram comprising a logical representation of the unwanted-message determinator 136 as herein before described but where the system is configured to intercept and process SMS messages being transmitted from and being delivered to terminals 118 controlled by the BSC 114.

In an alternative arrangement, the packet data message interception and processing system 128 may be made more scalable by locating it in the communication network 110 such that it intercepts SMS/MMS messages for mobile terminals 118 of only one BS 116 as illustrated in dotted line in the bottom left-hand part of figure 2. However, it will be appreciated that this arrangement would require approximately 10 to 20 times more packet data message interception and processing systems 128 than the case where these systems are associated with BSCs 114 as described above since in a typical wireless communication network there are about 15 BSs 116 to each BSC 114.

It will also be appreciated that, whilst the foregoing description of an embodiment of the invention has been directed to a GSM wireless communication network, the present invention is equally applicable to non-GSM mobile wireless communication networks and to fixed wireless communication networks.

In summary, the invention is directed to a method and system for identifying unwanted short message service (SMS) messages in a mobile wireless communication system. The problem of unwanted-junk or spam electronic messages (emails) is well known in the context of the Internet. However, the problem of spam SMS messages in wireless communication networks is growing. The present invention comprises a scalable solution to the issue of filtering packet data messages in wireless communication systems by delegating the function of filtering such messages to devices located in a layer of the communication network below the short message centres (SMCs). The filtering devices are employed in association with base station controllers. An advantage offered by this arrangement is that the system is scalable such that each device filters only a small proportion of the packet data messages handled by the communication network as a whole. The method includes intercepting unwanted messages and performing an action on them to indicate that they are unwanted.

Claims

1. A method for identifying unwanted packet data messages in a wireless communication network (110), characterised in that it comprises the steps of: intercepting packet data messages in an element (128) of the communication network (110) other than an element (124) architecturally arranged for processing such packet data messages; determining whether such intercepted packet data message is an unwanted message; and, if it is determined that the intercepted packet data message is an unwanted message, then performing an action on said message to indicate that it is unwanted.

2. A method as claimed in claim 1 , characterised in that the element (124) architecturally arranged for processing such packet data messages is selected to comprise any of a short message centre (SMC) and a multi-media message centre (MMC) connected to a mobile switching centre (MSC) (112) of the wireless communication network (110) and in that the wireless communication network (110) is selected to be a mobile wireless communication network.

3. A method as claimed in claim 2, characterised in that the packet data messages are selected to comprise any of a short message service (SMS) messages and multi-media message service (MMS) messages.

4. A method as claimed in any of claims 1 to 3, characterised in that the element (128) of the communication network (110) other than an element (124) architecturally arranged for processing such packet data messages is provided in the wireless communication network such that it intercepts packet data messages being one of sent by and delivered to wireless communication network terminals (118) served by one of a predetermined base station controller (114) and a base station (116).

5. A method as claimed in any of claims 1 to 4, characterised in that the element (128) of the communication network (110) other than an element (124) architecturally arranged for processing such packet data messages is co-located with a base station controller (114).

6. A method as claimed in any preceding claim, characterised in that the element (128) of the communication network (110) other than an element (124) architecturally arranged for processing such packet data messages is selected to include a memory (140) and a processor (138), said memory (140) being arranged to store machine-readable instructions comprising program code for determining whether an intercepted packet data message is an unwanted message and said processor (138) being arranged to execute said program code to implement the steps of: determining whether an intercepted packet data message is an unwanted message; and, if it is determined that an intercepted packet data message is an unwanted message, then performing an action on said message to indicate that it is unwanted.

7. A method as claimed in any preceding claim, characterised in that said step of determining whether an intercepted packet data message is an unwanted message comprises analysing routing information for said intercepted packet data message.

8. A method as claimed in any of claims 1 to 6, characterised in that said step of determining whether an intercepted packet data message is an unwanted message comprises an analysis step for analysing a content of said message to determine if said content comprises any of a malicious attack code, spam, a virus, and a worm.

9. A method as claimed in claim 8, characterised in that the analysis step comprises applying a set of filtering rules to the content of said message.

10. A method as claimed in claim 9, characterised in that the set of filtering rules is selected to comprise a spam detection algorithm.

11. A method as claim in claim 10, characterised in that the spam detection algorithm is arranged to detect macros in any of SMS and MMS messages.

12. A method as claimed in claim 11 , characterised in that the spam detection algorithm is arranged to detect call-back macros in any of SMS and MMS messages.

13. A method as claimed in claim 9, characterised in that the set of filtering rules comprises a virus/worm detection algorithm.

14. A method as claimed in any of claims 8 to 13, characterised in that it includes the step of updating the element (128) of the communication network (110) other than an element (124) architecturally arranged for processing such packet data messages with program code comprising newer definitions for any of a malicious attack code, spam, a virus, and a worm.

15. A method as claimed in any preceding claims, characterised in that the step of performing an action on an intercepted message to indicate that it is an unwanted message comprises any of: discarding the message; encapsulating the message with a warning that it may comprise any of a malicious attack code, spam, a virus, and a worm, and forwarding said encapsulated message to the intended recipient; forwarding the message to another destination to that of the intended recipient.

16. A method as claimed in claim 15, characterised in that the another destination is selected to comprise a spam message repository.

17. A method as claimed in any preceding claim, characterised in that as an initial step prior to determining if an intercepted packet data message is an unwanted message, the method includes the step of determining whether an intercepted message is any of an SMS and an MMS message and, if it is determined that said intercepted message is not an SMS and not an MMS message, then forwarding said message to its intended destination thereby by-passing an unwanted- message determinator (136).

18. A method as claimed in any preceding claim, characterised in that prior to determining if an intercepted packet data message is an unwanted message, the method includes the step of determining whether said message has originated from the terminal (118) of a communication network subscriber who subscribes to an unwanted message filtering service.

19. A system for identifying unwanted-packet data messages in a wireless communication network (110), characterised in that it comprises: a packet data message interceptor (128) for intercepting packet data messages, said packet data message interceptor (128) being an element of the communication network (110) other than an element (124) architecturally arranged for processing such packet data messages; a unwanted-message determinator (136) for determining whether an intercepted packet data message is an unwanted message; and a processor (138) responsive to said unwanted-message determinator (136) for performing an action on said intercepted packet data message to indicate if it is unwanted.

20. A system as claimed in claim 19, characterised in that the element (124) architecturally arranged for processing such packet data messages comprises any of a short message centre (SMC) and a multi-media message centre (MMC) connected to a mobile switching centre (MSC) (112) of the wireless communication network (110) and in that the wireless communication network is a mobile wireless communication network.

21. A system as claimed in claim 19 or claim 20, characterised in that the packet data message interceptor (128) is provided in the wireless communication network such that it intercepts packet data messages being one of sent by and delivered to wireless communication network terminals (118) served by any of a predetermined base station controller (114) and a base station (11 ).

22. A system as claimed in any of claims 19 to 21 , characterised in that the packet data message interceptor (128) is co-located with a base station controller (114).

23. A system as claimed in any of claims 19 to 22, characterised in that the packet data message interceptor (128) includes a memory (140) and a processor (138), said memory (140) being arranged to store machine readable instructions comprising program code comprising the method of any of claims 1 to 13 and said processor (138) being arranged to execute the stored program code to implement said method.

24. A system as claimed in claim 23, characterised in that it includes an unwanted- message definition server (130) for updating the memory (140) of the packet data message interceptor (128) with program code comprising newer definitions for any of a malicious attack code, spam, a virus, and a worm.

25. A system as claimed in claim 23 or claim 24, characterised in that it includes a spam message repository (142).

26. A system as claimed in any of claims 23 to 25, characterised in that the processor (138) is designed to determine whether an intercepted message is any of an SMS and an MMS message to forward said message to its intended destination thereby by-passing the unwanted-message determinator (136) when it is determined that said intercepted message is not an SMS and not an MMS message.

27. A system as claimed in any of claims 23 to 26, characterised in that the processor (138) is designed to determine whether an intercepted message has originated from a terminal of a communication network subscriber (118) who subscribes to an unwanted message filtering service.

28. A packet data message interceptor (128) for intercepting packet data messages being any of sent by and delivered to wireless communication network terminals (118) served by any of a predetermined base station controller (114) and a base station (116) in a wireless communication system (110), said packet data message interceptor (128) being an element of the communication network (110) other than an element (124) architecturally arranged for processing such packet data messages, said packet data message interceptor (128) comprising: an interface (132) for intercepting packet data messages; a memory (140); and a processor (138), wherein said memory (140) is arranged to store machine readable instructions comprising program code for executing the method of any of claims 1 to 18 and said processor (138) is arranged to execute the stored program code.

29. A machine readable medium comprising program code executable on a processor (128) for implementing the method of one of claims 1 to 18.

30. A method of identifying unwanted-packet data messages in a wireless communication network (110), characterised in that it comprises the steps of: intercepting a packet data message determining whether an intercepted packet data message is an unwanted message; and, if it is determined that an intercepted packet data message is an unwanted message, then performing an action on said message to indicate that it is unwanted, wherein said step of determining whether an intercepted packet data message is an unwanted message comprises analysing a content of said message to determine if it comprises any of a malicious attack code, spam, a virus, and a worm.

31. A method as claimed in claim 30, characterised in that a packet data message interceptor (128) is provided as an element of the communication network (110) other than an element (124) architecturally arranged for processing such packet data messages, and wherein as said element (124) architecturally arranged for processing such packet data messages a packet data message forwarder (124) is selected to comprise any of a short message centre (SMC) and a multi-media message centre (MMC) connected to a mobile switching centre (MSC) (112) of the wireless communication network and in that the wireless communication network is selected to be a mobile wireless communication network.

32. A method as claimed in claim 31 , characterised in that the packet data message interceptor (124) is co-located with a base station controller (114).

33. A method as claimed in any of claims 30 to 32, characterised in that the packet data interceptor (128) is selected to include a memory (140) and a processor

(138), said memory (140) being arranged to store machine-readable instructions comprising program code for determining whether an intercepted packet data message is an unwanted message and said processor (138) being arranged to execute said program code to implement the steps of: determining whether an intercepted packet data message is an unwanted message; and, if it is determined that an intercepted packet data message is an unwanted message, then performing an action on said message to indicate that it is unwanted.

34. A method as claimed in any of claims 30 to 33, characterised in that the step of analysing the content of an intercepted message to determine if said content comprises any of malicious attack code, spam, a virus, and a worm comprises applying a set of filtering rules to the content of said message.

35. A method as claimed in claim 34, characterised in that the set of filtering rules comprises a spam detection algorithm to detect macros in any of SMS and MMS messages.

36. A method as claimed in any of claims 30 to 35, characterised in that it includes the step of updating the packet data message interceptor (128) with program code comprising newer definitions for any of a malicious attack code, spam, a virus, and a worm.

37. A method as claimed in any of claims 30 to 36, characterised in that the step of performing an action on an intercepted message to indicate that it is an unwanted message comprises any of: discarding the message; encapsulating the message with a warning and forwarding said encapsulated message to the intended recipient; forwarding the message to another destination to that of the intended recipient.

38. A method as claimed in any of claims 30 to 37, characterised in that as an initial step prior to determining if an intercepted packet data message is an unwanted message, the method includes the step of determining whether an intercepted message is any of an SMS and an MMS message and, if it is determined that said intercepted message is not an SMS and not an MMS message, then forwarding said message to its intended destination thereby by- passing an unwanted-message determinator (136).

39. A method as claimed in any of claims 30 to 38, characterised in that prior to determining if an intercepted packet data message is an unwanted message, the method includes the step of determining whether said message has originated from the terminal (118) of a communication network subscriber who subscribes to an unwanted message filtering service.

40. A system for identifying unwanted-packet data messages in a wireless communication network (110), characterised in that it comprises: a packet data message interceptor (128) for intercepting packet data messages; an unwanted-message determinator (136) for determining whether an intercepted packet data message is an unwanted message; and, a processor (138) responsive to said unwanted-message determinator (136) to perform an action on said message to indicate that it is unwanted, wherein said unwanted-message determinator (136) is arranged to analyse a content of said message to determine if it comprises malicious attack code, spam, a virus, and a worm.

41. A system as claimed in claim 40, characterised in that the packet data message interceptor (128) is provided in the communication network as an element of the communication network (110) other than an element (124) architecturally arranged for processing such packet data messages, and wherein said element of the communication network (110) other than an element (124) architecturally arranged for processing such packet data messages, comprises any of a short message centre (SMC) and a multi-media message centre (MMC) connected to a mobile switching centre (MSC) (112) of the wireless communication network and in that the wireless communication network is a mobile wireless communication network.

42. A system as claimed in any of claims 40 to 41 , characterised in that the packet data interceptor (128) includes a memory (140) and a processor (138), said memory (140) being arranged to store machine readable instructions comprising program code for executing the method of any of claims 30 to 38 and said processor (138) being arranged to execute the stored program code.

43. A system as claimed in claim 42, characterised in that it includes an unwanted- message definition server (130) for updating the memory (140) of the packet data message interceptor (128) with program code comprising newer definitions for any of a malicious attack code, spam, a virus, and a worm.

44. A system as claimed in claim 42 or claim 43, characterised in that it includes an SMS/MMS determinator for determining whether an intercepted message is any of an SMS and an MMS message and a forwarder responsive to said SMS/MMS determinator for forwarding said message to its intended destination thereby by-passing an unwanted-message determinator (136) of the packet data message interceptor (128) when it is determined that said intercepted message is not an SMS and not an MMS message.

45. A packet data message interceptor (128) for intercepting packet data messages being any of sent by and delivered to wireless communication network terminals (118) served by any of a predetermined base station controller (114) and a base station (116) in a wireless communication system (110), said packet data message interceptor (128) comprising: an interface (132) for intercepting packet data messages; a memory (140); and a processor (138); wherein said memory (140) is arranged to store machine readable instructions comprising program code for executing the method of any of claims 30 to 39 and said processor (138) is arranged to execute the stored program code.

46. A machine readable medium comprising program code executable on a device (128) as claimed in claim 49 for implementing the method of claims 30 to 39.