SYSTEMS, METHODS, AND COMPUTER READABLE MEDIA FOR DETECTING AND MITIGATING ADDRESS SPOOFING IN MESSAGING SERVICE TRANSACTIONS
Systems, methods, and computer readable media for detecting and mitigating address spoofing in messaging service transactions are disclosed. A messaging service firewall (MSF) separate from a short message service center (SMSC) receives a mobility management reply message (MMR) that is sent by a mobile location register element in response to an associated mobility management query (MMQ) and that includes a serving switch identifier. The MSF allocates a global title address (GTA) from a pool of GTAs and stores a correlation between the allocated GTA and the originating SMSC. The MSF replaces the serving switch identifier in the MMR with the allocated GTA and routes the modified MMR. The MSF then receives a messaging service message (MSM) that is addressed to the allocated GTA and that includes the purported originating SMSC. If the purported originating SMSC does not match the SMSC to which the GTA is correlated, the MSM is discarded.
This application claims the benefit of U.S. Provisional Patent Application Ser. No. 61/159,323, filed Mar. 11, 2009; the disclosure of which is incorporated herein by reference in its entirety.
TECHNICAL FIELDThe subject matter described herein relates to methods and systems for detecting fraudulent activity within a telecommunications network. More particularly, the subject matter described herein relates to systems, methods, and computer readable media for detecting and mitigating address spoofing in messaging service transactions.
BACKGROUNDA telecommunications network may support one or more messaging services. One example messaging service is the short message service, or SMS. SMS allows the communication of short text messages between mobile communications devices, such as mobile phones, personal digital assistants, and the like. For brevity, the term “mobile phone” is hereinafter used to generically refer to any type of mobile communications device, although the subject matter described herein is not so limited.
The delivery of an SMS message is a two-step process. First, if the receiver is a mobile subscriber, the receiver's current location—more specifically, the identity of the mobile switching center (MSC) that is currently serving the receiver's mobile phone, referred to as the serving MSC —must be determined. Second, the MT/SM message is forwarded to the serving MSC, which will transmit the MT/SM message to the receiver's mobile phone.
In the scenario where sender 106 is in a first mobile telecommunications network and receiver 108 is in a second mobile telecommunications network, the SMS message is communicated from the first network, hereinafter referred to as the originating network, to the second network, hereinafter referred to as the terminating network. In the conventional network illustrated in
It is not uncommon for a terminating network to charge a termination fee for receiving and processing SMS messages that originate from other networks. The terminating network may determine the identity of the originating network—and thus determine whom to charge—by looking at the source address fields within either SRI_SM message 110 or MT_FORWARD_SM message 118. Moreover, both SRI_SM message 110 and MT_FORWARD_SM message 118 contain the address of SMSC 102 at two layers of the signaling message protocol, and thus within two separate sets of message parameters or fields: the signaling connection control part (SCCP) layer and the mobile application part (MAP) layer. Table 1, below, lists the parameter names for the two messages and the two layers.
In the conventional telecommunication network illustrated in
To avoid being charged a termination fee for SMS messages sent to the terminating network, unscrupulous originating network operators may “spoof” (falsify) the contents of the SMS message so that the SMS message appears to have come from a third telecommunications network rather than from the actual originating network.
This is a particularly pernicious problem in light of unwanted solicitations, colloquially called “spam”, which flood the world's email systems daily with millions or billions of unwanted messages. The entities that generate these unwanted communications have recently started sending spam via SMS. Spam SMS messages are particularly grievous since the subscriber is often charged a fee for every SMS message received, which results in a subscriber not only receiving unwanted and often offensive SMS messages, but the subscriber having to pay for these unwanted SMS messages. Some subscribers may have plans that have a finite number of SMS messages that may be sent or received within a billing period, where the subscriber is charged a steep fee for every additional message sent or received during that billing period. In a worst case scenario, the charge levied upon the subscriber due to the additional SMS messages may be many times more than the cost of the original subscription. Network operators may then face the prospect of absorbing the cost themselves or risk losing subscribers. In this scenario particularly, the network operator would desire to detect and discard spoofed MT/SM messages.
Accordingly, in light of the potential for fraudulent spoofing of SMS addresses, there exists a need for systems, methods, and computer readable media for detecting and mitigating address spoofing in messaging service transactions.
SUMMARYAccording to one aspect, the subject matter described herein includes a method for detecting and mitigating address spoofing in a messaging service transaction. A messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processor receives a mobility management reply message that is sent by a mobile location register element in response to an associated mobility management query, the mobility management query and the mobility management reply message being associated with a mobility management transaction, the mobility management reply message including a message service recipient identifier and a serving switch identifier. The messaging service firewall allocates a global title address (GTA) from a pool of global title addresses within a range of global title addresses assigned to the firewall, and stores a correlation between the allocated GTA and an originating SMSC identifier. The messaging service firewall replaces the serving switch identifier in the mobility management reply message with the allocated GTA and routes the modified mobility management reply message. The messaging service firewall then receives a message service message associated with the mobility management transaction, the messaging service message being addressed to the allocated GTA, and determines the originating SMSC identifier to which the allocated GTA is correlated. The messaging service firewall compares SMSC identifier information extracted from the messaging service message with the originating SMSC identifier to which the allocated GTA is correlated to determine if the messaging service message contains spoofed address information. In response to determining that the messaging service message contains spoofed address information, the messaging service firewall discards the messaging service message.
According to another aspect, the subject matter described herein includes a method for detecting and mitigating address spoofing in a messaging service transaction. A messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processor receives a mobility management query message associated with a message delivery transaction that is sent by an originating SMSC element, where the mobility management query message includes a message service recipient identifier and a first originating SMSC identifier. The messaging service firewall generates a mobility management reply message in response to the query message, the reply message including a least a portion of the first originating SMSC identifier in one or more parameters of the reply message that trigger the originating SMSC to echo the parameters in a subsequent message associated with the message delivery transaction. The messaging service firewall receives a messaging service message associated with the message delivery transaction, where the messaging service message includes the echoed parameters, and extracts the echoed parameters from the messaging service message. The messaging service firewall compares SMSC identifier information extracted from the messaging service message with SMSC identifier information contained in the routing label of the received messaging service message to determine if the messaging service message contains spoofed address information. In response to determining that the messaging service message contains spoofed address information, the messaging service firewall discards the messaging service message.
According to yet another aspect, the subject matter described herein includes a system for detecting and mitigating address spoofing in messaging service transactions. The system includes a messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processor. The messaging service firewall includes a network interface for sending and receiving signaling messages and a spoofing detection module for: receiving, from the network interface, a mobility management reply message that is sent by a mobile location register element in response to an associated mobility management query, where the mobility management reply message includes a message service recipient identifier and a serving switch identifier; allocating a global title address (GTA) from a pool of global title addresses within a range of global title addresses assigned to the firewall; generating and storing a correlation record that associates the GTA with an originating SMSC identifier; replacing the serving switch identifier in the reply message with the firewall GTA; and routing the modified reply message. The spoofing detection module is also for: receiving, from the network interface, a message service message including the allocated GTA and using the allocated GTA to locate the correlation record; comparing SMSC identifier information extracted from the messaging service message with SMSC identifier information contained in the correlation record to determine if the messaging service message contains spoofed address information; and, in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.
According to yet another aspect, the subject matter described herein includes a system for detecting and mitigating address spoofing in messaging service transactions. The system includes a messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processor. The messaging service firewall includes a network interface for sending and receiving signaling messages and a spoofing detection module for receiving, from the network interface, a mobility management query message associated with a message delivery transaction that is sent by an originating SMSC element, where the mobility management query message includes a message service recipient identifier and a first originating SMSC identifier, and generating a mobility management reply message, in response to the query message, that includes a least a portion of the first originating SMSC identifier in one or more parameters of the reply message that trigger the originating SMSC to echo the parameters in a subsequent message associated with the message delivery transaction. The spoofing detection module is also for receiving, from the network interface, a messaging service message associated with the message delivery transaction, where the messaging service message includes the echoed parameters; extracting the echoed parameters in the messaging service message; comparing SMSC identifier information extracted from the messaging service message with SMSC identifier information contained in the routing label of the received messaging service message to determine if the messaging service message contains spoofed address information; and, in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.
The subject matter described herein for detecting and mitigating address spoofing in messaging service transactions may be implemented in hardware, software, firmware, or any combination thereof. As such, the terms “function” or “module” as used herein refer to hardware, software, and/or firmware for implementing the feature being described. In one exemplary implementation, the subject matter described herein may be implemented using a non-transitory computer readable medium having stored thereon computer executable instructions that when executed by the processor of a computer control the computer to perform steps. Exemplary computer readable media suitable for implementing the subject matter described herein include non-transitory computer-readable media, such as disk memory devices, chip memory devices, programmable logic devices, and application specific integrated circuits. In addition, a computer readable medium that implements the subject matter described herein may be located on a single device or computing platform or may be distributed across multiple devices or computing platforms.
Preferred embodiments of the subject matter described herein will now be explained with reference to the accompanying drawings, wherein like reference numerals represent like parts, of which:
In accordance with the subject matter disclosed herein, systems, methods, and computer readable media are provided for detecting and mitigating address spoofing in messaging service transactions.
Reference will now be made in detail to exemplary embodiments of the present invention, examples of which are illustrated in the accompanying drawings. Wherever possible, the same reference numbers will be used throughout the drawings to refer to the same or like parts.
In the embodiment illustrated in
For the purposes of illustration only and without limitation, system 200 in
In one embodiment, spoofing detection module 218 is for: receiving, from the network interface, a mobility management query message associated with a message delivery transaction that is sent by an originating SMSC element, where the mobility management query message includes a message service recipient identifier and a first originating SMSC identifier; generating a mobility management reply message, in response to the query message, that includes a least a portion of the first originating SMSC identifier in one or more parameters of the reply message that trigger the originating SMSC to echo the parameters in a subsequent message associated with the message delivery transaction; receiving, from the network interface, a messaging service message associated with the message delivery transaction, where the messaging service message includes the echoed parameters; extracting the echoed parameters in the messaging service message; comparing SMSC identifier information extracted from the messaging service message with SMSC identifier information contained in the routing label of the received messaging service message to determine if the messaging service message contains spoofed address information; and, in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.
In an alternative embodiment, spoofing detection module 218 is for: receiving, from the network interface, a mobility management query message associated with a message delivery transaction that is sent by an originating SMSC element, where the mobility management query message includes a message service recipient identifier and a first originating SMSC identifier; generating a mobility management reply message, in response to the query message, that includes a least a portion of the first originating SMSC identifier in one or more parameters of the reply message that trigger the originating SMSC to echo the parameters in a subsequent message associated with the message delivery transaction; receiving, from the network interface, a messaging service message associated with the message delivery transaction, where the messaging service message includes the echoed parameters; extracting the echoed parameters in the messaging service message; comparing SMSC identifier information extracted from the messaging service message with SMSC identifier information contained in the routing label of the received messaging service message to determine if the messaging service message contains spoofed address information; and, in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.
Referring now to
In one embodiment, mobility management request message 300 may include information indicating the source of the message. In the embodiment illustrated in
At block 302, STP 210 selects one of firewall nodes 202 based on the called party address contained within mobility management request message 300. In the embodiment illustrated in
Forwarding an unmodified SRI_SM message from FWL1 202 to HRL 206 does not guarantee that the response to the SRI_SM message, such as an SRI_SM_ACK message, will return through FWL1 202. Thus, in one embodiment, at block 306, firewall node FWL1 202 terminates SRI_SM message 304 and generates a new SRI_SM message 308, which sends to HLR 206. HLR 206 sends a reply message, SRI_SM_ACK 310, containing the IMSI number (“FFF”) for MS 214 and an identity of the serving MSC (“DDD”). For brevity, the IMSI and serving MSC parameters are displayed in all figures using the format “IMSI@servingMSC”. Alternatively, FWL1 202 may modify the original mobility management request message 300 in such as manner as to guarantee that the response from HLR 206 returns through FWL1 202. For example, FWL1 202 may update the source information in the routing label so that it appears to HLR 206 that the mobility management request message originated from FWL1 202.
In one embodiment, firewall node FWL1 202 has at its disposal a pool of addresses or other form of identity by which it may be identified. In the embodiment illustrated in
At block 314, FWL1 202 stores a correlation between the selected or allocated GTA and information identifying an originating SMSC. In one embodiment, FWL1 202 may store correlation information in the form of a correlation record in a table, database, or other form of data storage and retrieval. In the embodiment illustrated in
At block 316, FWL1 202 terminates SRI_SM_ACK message 314 that it receives from HLR 206 and generates a new SRI_SM_ACK message 318, which it forwards to SMSC 204. Generated SRI_SM_ACK message 318 contains the IMSI for MS 214, i.e., “FFF”, but instead of the address of SRVMSC 208, FWL1 202 replaces the actual value “DDD” with the address of the selected GTA, e.g., “GTA7”. In this manner, FWL1 202 can guarantee that, as will be shown below, other messages involved in the message delivery transaction will also be routed through FWL1 202. By guaranteeing that all messages involved in the message delivery transaction are seen by the same node (e.g., FWL1 202), this ensures the opportunity to compare the address of the originating SMSC (e.g., SMSC 204) as reported in the mobility management query message with the address of the originating SMSC as reported in any subsequent message service message that is part of the same mobility management transaction. If the addresses are not the same, this is a very likely indication of spoofing. The process continues in
MT_F_SM message 320 is received by FWL1 202. At block 322, FWL1 202 extracts the key, which FWL1 202 will use to look up the correlation information, from received MT_F_SM message 320. In the embodiment illustrated in
MT_F_SM message 328 is received by FWL1 202. At block 330, FWL1 202 extracts the key, which FWL1 202 will use to look up the correlation information, from received MT_F_SM message 328. In the embodiment illustrated in
In the embodiment illustrated in
In other words, rather than storing correlation data within the firewall node, the firewall node stores the correlation data in the synthetic response itself, and presumes that when a subsequent mobility management message, such as a mobility service request, arrives, the subsequent mobility management message will contain the correlation data that the firewall node needs to perform spoofing detection and mitigation. This process will now be described in detail using
In one embodiment, an SMSC may send a mobility management request message requesting routing information for a called party mobile subscriber, such as MS 214, identified by MSISDN number (“EEE”). In the embodiment illustrated in
At block 402 in
However, FWL 202 cannot completely replace the contents of the serving MSC identifier (e.g., address “DDD”) with the address of the source of SRI_SM message 400 (e.g., address “AAA”), because the serving MSC identifier is subsequently used by SMSC 204 as the destination for the message service request. If synthetic SRI_SM_ACK message 404 included address AAA in the serving MSC field, a subsequent MT_F_SM message would be delivered back to SMSC 204.
To overcome this problem, only a portion of the serving MSC address field in synthetic SRI_SM_ACK message 404 contains the address of the source of the SRI_SM message 400. In one embodiment, the serving MSC address is an MSISDN number, of the format shown below:
-
- CC:NDC:SN
where CC=country code, NDC=network destination code, and SN=subscriber number. The CC and NDC fields must contain values that are correct for FWL 202, so that the subsequent messaging service message is directed to the correct country and network to which FWL 202 belongs. This leaves only the SN field, which FWL 202 uses to store the address “AAA”. In one embodiment, only a portion of address AAA is stored in the SN portion of the serving MSC field; as will be seen below, this is enough information to detect spoofing. In another embodiment, also described below, the various pieces of information needed for correlation and spoofing detection may be combined, encrypted, and/or compressed to fit into the available spaces of the IMSI and serving MSC fields within synthetic SRI_SM_ACK message 404.
- CC:NDC:SN
Referring again to
At block 406, SMSC 204 receives synthetic SRI_SM_ACK message 404 and uses the IMSI@servingMSC information to issue a message service request message to what it believes to the serving MSC. In the embodiment illustrated in
At block 410, STP 210 uses MAP filtering to determine that MT_F_SM message 408 is a mobility management service message, and therefore forwards the message to FWL 202. The forwarded MT_F_SM message 412 is thus guaranteed to go to the same firewall node that received and processed the original mobility management query message (e.g., SRI_SM message 400) that is associated with the subsequent mobility management service message (e.g., MT_F_SM message 404.)
The process continues in
Since, in the embodiment illustrated in
It may be desirable to obscure the fact that the SRI_SM_ACK message that FWL 202 sends to SMSC 204 is synthetic. Thus, in one embodiment, the correlation data that FWL 202 stores in the IMSI and serving MSC fields of synthetic SRI_SM_ACK message 404 may be encrypted. This is illustrated in
In one embodiment, FWL 202 receives SRI_SM message 400, which includes two parameters: the SCCP SMSC (SRC) parameter 500, which is in MSISDN format, and the called party (CDPA) parameter 502, also in MSISDN format. FWL 202 uses the country code (CC) and network destination code (NDC) fields of SRC parameter 500 and all of the fields of CDPA parameter 502 as input into an encryption algorithm 504. Encryption algorithm 504 may also require an encryption key 506 as input. The output of encryption algorithm 504 is used to generate synthetic SRI_SM_ACK message 404, which has two parameters: the IMSI number (IMSI) parameter 508 and the serving MSC (SRVMSC) parameter 510. IMSI parameter 508 is in the IMSI format, which includes the following fields:
-
- MCC:MNC:MSIN
where MCC=mobile country code, MNC=mobile network code, and MSIN=mobile subscriber identity number. SRVMSC parameter 510 is in the MSISDN format.
- MCC:MNC:MSIN
In the embodiment illustrated in
In the embodiment illustrated in
To detect spoofing, FWL 202 can compare the SCCP SMSC parameter 522, which stores information indicating the source of original SRI_SM message 400, with the contents of the SCCP SMSC parameter for MT_F_SM message 412 (not shown in
In some systems, however, the entity that sends the original SRI_SM message may be different from the entity that sends the subsequent MT_F_SM message. Alternatively, the same entity may send both messages but that entity may be a cluster of nodes, or a single node that uses multiple addresses. In these scenarios, the contents of SCCP SMSC parameter 522 may not be exactly the same as source address of MT_F_SM message 412. However, since the purpose of spoofing is usually to redirect a termination fee from the originating network to a third network, comparing only the CC and NDC fields of the two addresses is enough to determine whether or not MT_F_SM message 412 is spoofed.
The embodiment illustrated in
It will be understood that various details of the subject matter described herein may be changed without departing from the scope of the subject matter described herein. For example, the methods and systems described herein are not limited to SMS messages, but may apply to other messaging services, such as multimedia messaging services (MMS), may also apply to other mobility management related services, and may also apply to other telecommunication services that first locate a called party and then send data to that called party. Furthermore, the foregoing description is for the purpose of illustration only, and not for the purpose of limitation.
Claims
1. A method for detecting and mitigating address spoofing in a messaging service transaction, the method comprising:
- at a messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processor: receiving a mobility management reply message that is sent by a mobile location register element in response to an associated mobility management query, the mobility management query and the mobility management reply message being associated with a mobility management transaction, the mobility management reply message including a message service recipient identifier and a serving switch identifier; allocating a global title address (GTA) from a pool of global title addresses within a range of global title addresses assigned to the firewall; storing a correlation between the allocated GTA and an originating SMSC identifier; replacing the serving switch identifier in the mobility management reply message with the allocated GTA; routing the modified mobility management reply message; receiving a message service message associated with the mobility management transaction, the messaging service message being addressed to the allocated GTA; determining the originating SMSC identifier to which the allocated GTA is correlated; comparing SMSC identifier information extracted from the messaging service message with the originating SMSC identifier to which the allocated GTA is correlated to determine if the messaging service message contains spoofed address information; and in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.
2. The method of claim 1 comprising generating a message detail record based on the attempted delivery of the message service message.
3. A method for detecting and mitigating address spoofing in a messaging service transaction, the method comprising:
- at a messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processor: receiving a mobility management query message associated with a message delivery transaction that is sent by an originating SMSC element, where the mobility management query message includes a message service recipient identifier and a first originating SMSC identifier; generating a mobility management reply message in response to the query message, the reply message including a least a portion of the first originating SMSC identifier in one or more parameters of the reply message that trigger the originating SMSC to echo the parameters in a subsequent message associated with the message delivery transaction; receiving a messaging service message associated with the message delivery transaction, where the messaging service message includes the echoed parameters; extracting the echoed parameters from the messaging service message; comparing SMSC identifier information extracted from the messaging service message with SMSC identifier information contained in the routing label of the received messaging service message to determine if the messaging service message contains spoofed address information; and in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.
4. The method of claim 3 comprising generating a message detail record based on the attempted delivery of the message service message.
5. The method of claim 3 wherein receiving the messaging service message associated with the message delivery transaction comprises receiving the messaging service message from a signaling message routing node that uses mobile application part (MAP) screening to route received messaging service messages.
6. A system for detecting and mitigating address spoofing in messaging service transactions, the system comprising:
- a messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processor, the messaging service firewall including: a network interface for sending and receiving signaling messages; and a spoofing detection module for: receiving, from the network interface, a mobility management reply message that is sent by a mobile location register element in response to an associated mobility management query, where the mobility management reply message includes a message service recipient identifier and a serving switch identifier; allocating a global title address (GTA) from a pool of global title addresses within a range of global title addresses assigned to the firewall; generating and storing a correlation record that associates the GTA with an originating SMSC identifier; replacing the serving switch identifier in the reply message with the firewall GTA; routing the modified reply message; receiving, from the network interface, a message service message including the allocated GTA and using the allocated GTA to locate the correlation record; comparing SMSC identifier information extracted from the messaging service message with SMSC identifier information contained in the correlation record to determine if the messaging service message contains spoofed address information; and in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.
7. The system of claim 6 wherein the messaging service firewall generates a message detail record based on the attempted delivery of the message service message.
8. A system for detecting and mitigating address spoofing in messaging service transactions, the system comprising:
- a messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processor, the messaging service firewall including: a network interface for sending and receiving signaling messages; and a spoofing detection module for: receiving, from the network interface, a mobility management query message associated with a message delivery transaction that is sent by an originating SMSC element, where the mobility management query message includes a message service recipient identifier and a first originating SMSC identifier; generating a mobility management reply message, in response to the query message, that includes a least a portion of the first originating SMSC identifier in one or more parameters of the reply message that trigger the originating SMSC to echo the parameters in a subsequent message associated with the message delivery transaction; receiving, from the network interface, a messaging service message associated with the message delivery transaction, where the messaging service message includes the echoed parameters; extracting the echoed parameters in the messaging service message; comparing SMSC identifier information extracted from the messaging service message with SMSC identifier information contained in the routing label of the received messaging service message to determine if the messaging service message contains spoofed address information; and in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.
9. The system of claim 8 wherein the messaging service firewall generates a message detail record based on the attempted delivery of the message service message.
10. The system of claim 8 comprising a signaling message routing node that uses mobile application part (MAP) screening to route messaging service messages to the messaging service firewall.
11. A non-transitory computer readable medium having stored thereon executable instructions that when executed by the processor of a computer control the computer to perform steps comprising:
- at a messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processor: receiving a mobility management reply message that is sent by a mobile location register element in response to an associated mobility management query, where the mobility management reply message includes a message service recipient identifier and a serving switch identifier; allocating a global title address (GTA) from a pool of global title addresses within a range of global title addresses assigned to the firewall; generating and storing a correlation record that associates the GTA with an originating SMSC identifier; replacing the serving switch identifier in the reply message with the firewall GTA; routing the modified reply message; receiving the message service message including the allocated GTA and using the allocated GTA to locate the correlation record; comparing SMSC identifier information extracted from the messaging service message with SMSC identifier information contained in the correlation record to determine if the messaging service message contains spoofed address information; and in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.
12. A non-transitory computer readable medium having stored thereon executable instructions that when executed by the processor of a computer control the computer to perform steps comprising:
- at a messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processor: receiving a mobility management query message associated with a message delivery transaction that is sent by an originating SMSC element, where the mobility management query message includes a message service recipient identifier and a first originating SMSC identifier; generating a mobility management reply message, in response to the query message, that includes a least a portion of the first originating SMSC identifier in one or more parameters of the reply message that trigger the originating SMSC to echo the parameters in a subsequent message associated with the message delivery transaction; receiving a messaging service message associated with the message delivery transaction, where the messaging service message includes the echoed parameters; extracting the echoed parameters in the messaging service message; comparing SMSC identifier information extracted from the messaging service message with SMSC identifier information contained in the routing label of the received messaging service message to determine if the messaging service message contains spoofed address information; and in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.
Type: Application
Filed: Mar 11, 2010
Publication Date: Sep 16, 2010
Inventor: Eloy Johan Lambertus Nooren (Breda)
Application Number: 12/722,460
International Classification: G06F 21/00 (20060101); G06F 15/16 (20060101);