TECHNICAL FIELD The invention relates to the field of managing communications in a communications network.

BACKGROUND Communications devices such as mobile telephones and personal computers can be used to make telephone calls and send Short Message Service (SMS) messages. The user typically has a subscription with a network provider, who charges the user for calls made or SMS messages sent. As devices such as mobile telephones become more complex, they can run increasingly complicated software. A problem arises when a software application attempts to place a call or send a SMS message. The call or SMS message may be sent to a telephone number for which a premium charge is billed to the user. This may be without the user's consent if the user is not aware that the software application is placing such a call or sending such a message. Alternatively, it may be with the user's consent, but the user may not be aware that the call/SMS message is sent to a premium rate telephone number.

Software applications use an application called a dialler to place calls or send SMS messages. A dialler may be included as part of software installed by the user. For example, a user may install an application that includes an embedded advert. By clicking on the advert, the dialler is activated which dials a premium rate telephone number. It may not be apparent to the user that clicking on the advert causes the dialler to dial a premium rate telephone number, or that the number is a premium rate telephone number, and so the user may click on the advert several times. He will only be aware that this caused the dialler to call a premium rate telephone number when he is billed, and the bill includes the premium rate charges.

One way to prevent an application from contacting premium rate telephone numbers, either by calling or using SMS, is to use call barring. Many network operators offer a call barring service to their subscribers. The call barring service prevents calls or SMS messages being sent to premium telephone rate numbers. While this effectively stops software applications from contacting telephone premium rate numbers, it also stops the user from contacting a premium telephone rate number that he wishes to contact, and will stop legitimate applications from contacting premium rate telephone numbers. An example of a legitimate application is a call manager application which the user may, for example, programme to send an automatic SMS reply to a received SMS message.

Another way to address the problem is to compare the telephone number that the application is attempting to contact with a blacklist of telephone numbers. If the telephone number matches a telephone number in the blacklist, then the contact is not established. However, this relies on a premium rate telephone number being provisioned in the blacklist. SUMMARY

It has been realised that a more flexible way of preventing applications from contacting premium rate or other expensive telephone numbers is required that prevents unwanted communications with that number. According to a first aspect, there is provided a method of managing communications in a communication network. A telephony device determines that a software application is attempting to contact a telephone number. It then determines that the telephone number matches at least one predetermined criterion. The device sends a query to a reputation server, the query including information identifying the software application. The device receives a response from the reputation server, the response including a reputation relating to the software application. On the basis of the received reputation relating to the software application, the device can take further action.

Examples of the sort of further action that the device can take include:

· preventing the software application from contacting the telephone number;

• closing the software application; and

• preventing the software application from using any communication services.

These actions ensure that the software application cannot establish contact with another device that might incur high billing charges for the user. One way of determining that the telephone number matches at least one predetermined criterion comprises is to compare a portion of numbers contained in the telephone number with entries in a database. This is because premium numbers in a given country typically have certain number strings that identify them. By matching the number strings, the device can determine whether the number is likely to be a premium number or not.

As an option, the database is stored at the telephony device. Alternatively, the database may be stored at a remote node. In this case, the method comprises sending a message containing at least a portion of numbers contained in the telephone number to the remote node. The remote node performs a check against the database and sends a response to the device, the response including an indication of whether the telephone number matches the at least one predetermined criterion. Another way of determining that the telephone number matches at least one predetermined criterion is to determine whether the telephone number includes a country code that differs from the country code of the telephone number belonging to the telephony device. Calling other countries typically incurs high charges, and so this prevents a software application from making such a call without the user's consent.

A further way of determining that the telephone number matches at least one predetermined criterion includes determining that the telephone number is not provisioned in a database of acceptable telephone numbers. By comparing the number with a blacklist of numbers, the device can be prevented from calling numbers that are known to be suspicious.

There are several ways in which the software application can attempt to contact the telephone number. It may, for example, attempt to establish a video call, send a Short Message Service message, send a Multimedia Message Service message, or send an Unstructured Supplementary Service Data message.

In order to assist the reputation server in coming to a decision on the reputation of the software application, the query optionally includes further information. This may be, for example, the current time, or an indication of the status of the device. The status of the device and the time can be used to establish the likelihood of the user being involved in the attempt to contact the telephone number. Other information may include information identifying the source of the software application and the type of contact that the software application is attempting to establish, for example whether it is attempting to send an SMS message or establish a voice call. The query may also include the telephone number. The response from the reputation server may then include a reputation relating to the telephone number, such that the further action to be taken can be based on the received reputation relating to the software application and the received reputation of the telephone number. Note that the telephone number may be a regular E.164 number or could be a short code number.

According to a second aspect, there is provided a telephony device for use in a communication network. The device is provided with a processor that is arranged to determine that a software application running at the device is attempting to contact an telephone number. The processor is further arranged to determine that the telephone number matches at least one predetermined criterion. A transmitter is provided for sending a query to a reputation server. The query includes information identifying the software application. The device is further provided with a receiver for receiving a response from the reputation server. The response includes a reputation relating to the software application. The processor is arranged to take further action on the basis of the received reputation relating to the software application.

As an option, the processor is arranged to take further action such as:

· preventing the software application from contacting the telephone number;

• closing the software application; and

• preventing the software application from using any communication services.

As a further option, the processor is arranged to determine that the telephone number matches at least one predetermined criterion comprises by comparing a portion of numbers contained in the telephone number with entries in a database. This allows the processor to determine, for example, that the number is likely to be a premium rate number, or includes a country code different to the country code of the telephone number associated with the device. In an optional embodiment, the device further comprises a computer readable medium in the form of a memory on which the database is stored.

In an alternative embodiment, the device is provided with a second transmitter for sending a message containing at least a portion of numbers contained in the telephone number to a remote node, the remote node having access to the database. A second receiver is provided for receiving a response from the remote node, the response including an indication of whether the telephone number matches at least one predetermined criterion.

The processor is optionally arranged to determine that the telephone number matches at least one predetermined criterion by determining whether the telephone number includes a country code that differs from the country code of the telephone number belonging to the telephony device.

The device optionally comprises a computer readable medium in the form of a memory. The memory stores a database of acceptable telephone numbers, and the processor is arranged to determine that the telephone number matches at least one predetermined criterion in part by determining that the telephone number is not provisioned in the database of acceptable telephone numbers.

The transmitter may be further arranged to send a query to a reputation server that includes the telephone number. The receiver may then be further arranged to receive a response from the reputation server that includes a reputation relating to the telephone number. The processor may then be arranged to take further action on the basis of the received reputation relating to the software application and the received reputation of the telephone number.

According to a third aspect, there is provided a reputation server for use in a communication network. The reputation server is provided with a receiver for receiving from a telephony device a reputation query. The reputation query includes information identifying a software application that has attempted to contact an telephone number that matches at least one predetermined criterion. A processor is provided for performing a reputation check on the software application, and a transmitter is provided for sending a response to the telephony device. The response includes a reputation relating to the software application. Note that the query may include further information in order to assist the reputation server in performing the reputation check. This information can be used to establish the likelihood of the user intervening in contacting the number. For example, if the attempted contact is made late at night when the user is likely to be asleep, then it is unlikely that the user has intervened. Furthermore, if it is established that the device has not been used by the user, for example by determining that the display backlight is not lit, or that the user has not used any user inputs such as the keyboard when the attempt to contact the telephone number has been made, it is also likely that the user has not intervened in the attempted contact.

The reputation server may also use information such as the source of the software application, and whether the software application itself is trusted or whether the software application has been distributed by an organisation that is trusted. It may also check the telephone number itself against a database of blacklisted telephone numbers known to be suspicious.

The receiver may be further arranged to receive a reputation query that includes the telephone number, the processor may be further arranged to perform a reputation check on the telephone number, and the transmitter may be further arranged to send a response that includes a reputation relating to the telephone number.

Furthermore, the reputation server may, when performing a reputation check, take into account the type of contact that the software application is attempting to establish, such as SMS message, voice call, video call, MMS message and so on.

According to a fourth aspect, there is provided a computer program product comprising a computer readable medium on which is stored a computer program, the computer program comprising computer readable code means which, when run on a telephony device, causes the telephony device to perform the method described above in the first aspect.

According to a fourth aspect, there is provided a computer program product comprising a computer readable medium on which is stored a computer program, the computer program comprising computer readable code means which, when run on a reputation server, causes the reputation server to behave as described above in the third aspect. BRIEF DESCRIPTION OF THE DRAWINGS

Figure 1 illustrates schematically in a block diagram a network architecture according to an embodiment of the invention;

Figure 2 illustrates schematically in a block diagram a telephony device according to an embodiment of the invention; and Figure 3 is a flow diagram showing the steps of an embodiment of the invention;

Figure 4 illustrates schematically in a block diagram a reputation server according to an embodiment of the invention. DETAILED DESCRIPTION

Turning to Figure 1 , there is illustrated a telephony device 1 that can send and receive communications via a communications network 2. There is also illustrated a recipient 3 which a software application at the device 1 is attempting to contact. Contact may be made by any means for which the user of the device 1 may be charged. Examples of ways in which the device 1 attempts to contact the recipient include establishing a voice or video call, or sending a message such as an SMS or a Multimedia Message Service (MMS) message, or an Unstructured Supplementary Service Data (USSD) message.

The device 1 , before allowing the software application to contact the recipient 3, checks the telecommunication/telephone number of the recipient to determine whether the telephone number matches at least one predetermined criterion. Examples of predetermined criteria include the telephone number being a premium rate telephone number that is expensive to contact, or the telephone number having a country code different to that of the telephone number of the device 1 . In one embodiment, the checking occurs by referring to a database stored locally at the device 1 , in an alternative embodiment, the checking occurs by contacting a remote database 4. Note that the telephone number could be a regular long number (e.g. in accordance with the E.164 telecommunication plan) or could be a short code. In this regard, a short code is also known as a short text number, and is a special number, significantly shorter than a full E.164 number. Short codes are typically used for value-added services such as television program voting, ordering ringtones, charity donations and mobile services etc. Communications made using a short code can be billed at a higher rate than a standard communication and may even subscribe a customer to a recurring monthly service for which they will be charged. Short codes can be used to send SMS, MMS and voice messages.

In the event that the telephone number matches the predetermined criterion, the device 1 determines the identity of the software application that is attempting to contact the recipient 3, and sends a reputation query to a reputation server 5. The reputation query includes information identifying the software application, which allows the reputation server 5 to perform a check on the reputation of the software application. The reputation server 5 then responds to the device 1 with the results of the reputation check, and the device 1 can take further action. Examples of further action include closing the software application, preventing the software application from making contact with the telephone number, and preventing the software application from making contact with any telephone number.

In addition, or as an alternative to checking the reputation of the software application that is attempting to contact a telephone number, the device 1 can also implement a reputation check of the number that the software application is attempting to contact. For example, if it is determined that the telephone number does match the predetermined criterion, then the device 1 can send a number reputation query to a reputation server 5, the query including the telephone number. The reputation server 5 can then perform a check on the reputation of the number that the software application is attempting to contact, and respond to the device 1 with the results of the reputation check. In this example, the number reputation check could be implemented simultaneously/together with the reputation check of the software application. Alternatively, the number reputation check could be implemented either before or after the reputation check of the software application, with the performance of the latter of the checks being dependent upon the outcome of the former of the checks. For example, if the reputation check of a software application determines that the application can be trusted, then the check of the number may not be performed at all, or may be limited to a check as to whether or not the number falls within/matches a specific group or range of premium rate numbers. As an alternative, the step of checking the telephone number of the recipient to determine whether the telephone number matches at least one predetermined criterion can include performing a reputation check of the number by sending a number reputation query to a reputation server 5. Figure 2 illustrates a telephony device 1 according to an embodiment of the invention. The device is provided with a processor 6 that can run a software application 7. A computer readable medium in the form of a memory 8 is provided. The memory may be used to store computer code for the software application 7. When the software application 7 is running, it attempts to contact the recipient 3 as described above. The processor 6 determines that the application 7 is attempting to contact the recipient 3. This may be done in one of a number of ways. For example, a hooking rule may be established to hook operating system telephony and messaging functions. Alternatively, the SMS or email outbox could be monitored. There are other ways of determining that the application 7 is attempting to contact the recipient, and the two ways described above are by way of example only.

When the processor determines that the software application 7 is attempting to contact the recipient, it obtains the telephone number that the software application is attempting to contact. The processor 6 checks to see if the telephone number matches at least one predetermined criterion. A predetermined criterion may be, for example, determining that the telephone number is a premium rate telephone number, or that it has a country code different to that of the telephone number of the device 1 . Taking the example of the telephone number being a premium rate telephone number, this can be done quite simply. Premium rate telephone numbers in most countries are well structured, and typically include a string of numbers towards the start of the telephone number. For example, the telephone number +44 870 123456 comprises a country code (44) and a string of number (870) that identifies the number as a non- geographic specific premium rate telephone number. If the telephone number that the software application 7 is attempting to contact includes the 870 string of numbers in the same position, then it is likely to be a premium rate number.

There are several ways in which the processor 6 can determine that the telephone number is a premium rate number. In one embodiment, a database 9 of premium rate number identifiers can be maintained at the device 1 . In an alternative embodiment, the processor 6 can use a transmitter 10 to send a query to the remote database 4. A receiver 1 1 is arranged to receive a response from the remote database 4 indicating whether or not the number is a premium rate number. Alternatively, this check to see if the telephone number matches at least one predetermined criterion may involve performing a number reputation check. This number reputation check can involve sending a number reputation query to a reputation server 5, the query including the telephone number. The reputation server 5 can then perform a check on the reputation of the number that the software application is attempting to contact, and respond to the device 1 with the results of the reputation check.

A further criterion can be applied by using acceptable telephone numbers stored in a contacts list 12 at the device. If the telephone number that the software application 7 is attempting to contact is in the contacts list 12, then it is likely that the user is agreeable to the software application 7 attempting to contact the telephone number. In this case, the attempt to contact the telephone number will be allowed.

In an optional embodiment, the further criterion may include the user not having a significant amount of contacts with numbers from a specific country in his contacts list 12. For example, if the application 7 is attempting to contact an telephone number having a country code different to that of the device, the processor 6 can check to determine if the user has a predetermined number of contacts with the same country code as the telephone number that the application 7 is attempting to contact. If a sufficient number of contacts with that country code exist, then the further criterion is not met and the call is allowed to be established.

The first step of determining the telephone number matches a predetermined criterion is used to establish the likelihood of the application attempting to contact an undesirable number. If this is established, then a check must be made on the reputation of the application and/or on the reputation of the number being contacted (e.g. if a thorough check of the reputation of the number has not already been performed during the first step), typically using a reputation query protocol. In this case a transmitter 13 is used to send a reputation query to a reputation server 5, such as a Network Reputation Services (NRS) server. The reputation query includes information identifying the software application 7 attempting to contact the telephone number. The identifying information for the software application may include any of a file name, file location, hash value and so on. Further information may also be included. For example, it may include an indication of the type of operation attempted, such as whether the contact is a call or an SMS. Other information may include the local time. Information may also be included to identify whether a device screen lock/backlight or active or not. This can help to establish whether or not the user is directly attempting to contact the telephone number, or if the contact is being attempted without user intervention. Further information may include the time from the latest user key-press or other user interface event. Further information may include an indication of the origin of the application attempting to contact the telephone number. An application obtained from a third party market or direct HTTP download will be less trusted than one obtained from an official application store. The further information can all be used to assist in establishing whether or not the user is using the device at the moment, or whether the application is dialling on it's own in middle of night while user is likely to be sleeping. In addition, if a thorough check of the reputation of the number has not already been performed during the first step, then the further information included in the reputation query may also include the telephone number, such that the reputation server 5 can also perform a number reputation query if required. The reputation server 5 performs a check on the reputation of the software application 7. The reputation of the software application may be determined by many factors. For example, if not many instances of the software application 7 are known, then the software application 7 may have a reduced reputation. If it is known that the software application has been distributed by, or is otherwise linked to spam communications, then the software application will have a reduced reputation. If it is known that the software application 7 does not accept much user input then it may have a reduced reputation. It will be apparent to a skilled person that many different factors may affect the reputation of the software application 7, and the above are provided as examples only.

Once the reputation check has been performed, the reputation server 5 sends a response to the device 1 . The response is received by the device 1 at a receiver 14, and includes reputation information for the software application 7. The reputation information may be, for example, "good" if the software application 7 is known to be a legitimate application, "bad" if the software application 7 is known to be a suspicious application, and "unknown" if the software application 7 is unknown to the reputation server 5.

The processor 6 is arranged to take further action depending on the received reputation information. If the reputation information implies that the software application 7 is a legitimate application, then the processor will allow the software application 7 to contact the telephone number. If the reputation information implies that the software application is suspicious or unknown, then the processor 6 may take action to prevent the software application from contacting the telephone number. This may include, for example, preventing the software application from contacting the telephone number in this specific instance, closing the software application completely, and preventing software application from using any communication services such as contacting any telephone number. The processor may also pass details about the software application to an anti-virus application (not shown) for further checks on the software application 7. Furthermore, a dialogue may be displayed to the user of the device 1 informing the user that a suspicious or unknown software application 7 has attempted to contact an telephone number. The dialogue may give the user the option to allow the software application 7 to contact the telephone number despite the warnings given to the user.

As noted above, if a thorough check of the reputation of the number has not already been performed during the first step, then the further information included in the reputation query may also include the telephone number. In this case, the reputation server 5 can also perform a number reputation query. For example, the number reputation check could be implemented simultaneously/together with the reputation check of the software application. Alternatively, the number reputation check could be implemented either before or after the reputation check of the software application.

In one possible embodiment, the reputation server 5 could first perform the reputation check of the software application 7. Depending upon the outcome of the reputation check of the software application 7, the reputation server 5 could then perform a reputation check of the number. For example, if the reputation check of the software application 7 determines that the software application 7 may be suspicious or is unknown, then the reputation server 5 could check if the number is on a blacklist that should be barred. As a further example, if the reputation check of the software application 7 determines that the software application is a legitimate application, then the reputation server 5 could skip the reputation check of the number.

In another possible embodiment, the reputation server 5 could first perform the reputation check of the number. Depending upon the outcome of the reputation check of the number, the reputation server 5 could then perform a reputation check of the software application 7. For example, if the reputation check of the number determines that the number belongs to a trustworthy recipient, then the reputation server 5 could skip the reputation check of the software application 7. As a further example, if the reputation check of the number determines that the number may belong to an untrustworthy recipient, then the reputation server 5 could perform the reputation check of the software application 7

A program 15 may be stored in the memory 8 which, when executed by the processor 6, causes the device 1 to behave as described above.

Figure 3 is a flow diagram showing key aspects of an embodiment of the invention in which the reputation check of the software application 7 is performed. The following numbering corresponds to the numbering of Figure 3:

51 . The device 1 determines that the software application 7 running on the device is attempting to contact an telephone number.

52. A determination is made that the telephone number matches a predetermined criterion, such as the telephone number being a premium rate telephone number or the telephone number having a country code different to the telephone number of the device 1 . If so, then the procedure proceeds at step S3, if not then the procedure proceeds at step S7. S3. In an embodiment of the invention, a check is made to determine whether the telephone number matches a number in a contacts list 12 stored at the device 1 . If not, then the procedure proceeds to step S4, if so then the procedure proceeds to step S7. Note that the order of steps S2 and S3 can be reversed. S4. The device 1 sends a query to the reputation server 5, the query including information identifying the software application 7. 55. The device 1 receives a response from the reputation server, the response indicating the reputation of the software application 7. As a further option, the response may include an indication of whether the application is trusted. In this case, the reputation server checks for trusted system applications, or applications distributed by organizations that the reputation server considers to be trustworthy.

56. The device 1 takes further action on the basis of the reputation of the software application. As described above, this may include closing the software application 7, preventing the software application 7 from contacting the telephone number, preventing the software application 7 from using any communication services, and passing details of the software application 7 to an anti-virus application.

57. If the telephone number does not match a predetermined criterion, or is provisioned in a contacts list 12 at the device 1 , then the software application 7 is allowed to contact the telephone number.

The process in Figure 3 could also include a step of performing a reputation check of the number that the software application is attempting to contact. For example, the query sent to the reputation server 5 in step S4 could include the number. The response received from the reputation server 5 in step S5 could then include an indication of the reputation of the number, if a reputation check of the number has been performed. Referring to Figure 4, there is shown a reputation server 5 such as a NRS. The reputation server 5 is provided with a receiver 16 for receiving a reputation query from the device 1 , which has identified that the software application 7 at the device that is attempting to contact a telephone number that matches a predetermined criterion. The reputation query includes information identifying the software application 7. The reputation query can also include further information such as the number that the software application is attempting to contact.

A processor 17 is provided for performing a reputation check on the software application and/or the number. This may involve querying a database 18, which may be located at the reputation server 5, or at a remote node. In Figure 4, the database 18 is shown as being located at the reputation server 5. The reputation check can be made as described above.

Once the reputation check has been made, the reputation server 5 sends a response to the device 1 using a transmitter 19, the response including a reputation relating to the software application and/or a reputation relating to the number.

The reputation server 5 may also be provided with a computer readable medium in the form of a memory 20, which can be used to store a program 21 . When the program 21 is run by the processor 17, it causes the reputation server 5 to behave as described above.

In an embodiment of the invention, the telephone number may have its reputation checked against a blacklist of telephone numbers. This is particularly useful for parental control applications in which parents want to ensure that children with mobile devices do not make expensive calls, do not make payments by way of SMS or MMS message (e.g. for purchases from an app store), do not subscribe to expensive SMS or MMS message services (e.g. ringtone downloads) etc, either intentionally or unintentionally. In a further embodiment of the invention, if the reputation check of a software application 7 determines that the software application 7 is suspicious, then the telephone number that it is trying to contact may be provisioned in a database of blacklisted telephone numbers. The reputation check of telephone number may then involve checking the telephone number against the blacklist of telephone numbers. The invention allows a device to prevent a software application from contacting an undesirable telephone number, such as a premium rate number or a number with a different county code to that of the telephone number associated with a device. The invention allows the device to take action against the software application itself, and not just prevent the software application from contacting the telephone number. However, it still allows the device to contact telephone numbers that may be expensive to contact, and gives the user some freedom in selecting allowable numbers by provisioning them in a contact list. By first looking at the telephone number that the software application is attempting to contact, false alarms can be reduced while unknown or suspicious software applications are prevented from performing expensive operations such as contacting premium telephone numbers. It will be appreciated by the person of skill in the art that various modifications may be made to the above-described embodiments without departing from the scope of the present invention. The following abbreviations have been used in this description:

MMS Multimedia Message Service

NRS Network Reputation Services

SMS Short Message Service

USSD Unstructured Supplementary Service Data