Message spoofing detection via validation of originating switch
First Claim
1. In a communication network supporting a short messaging service (SMS), wherein an incoming mobile terminated SMS message includes indicia of a sender as a source address in a message header of the mobile terminated SMS message and is subject to possible message spoofing so as to appear to originate from a sender other than the true sender, a method of detecting instances of message spoofing in mobile terminated SMS messages comprising:
- identifying the originating switch identification contained in signaling control information that accompanies the received mobile terminated SMS message, the originating switch identification not being part of said message header, the originating switch identification defining a trusted address of the originating switch in the communication network, the originating switch being the switch that terminates communications having a terminal of the sender as a destination and is the initial switch to first receive the incoming SMS message launched from the terminal of the sender;
identifying the communication source address in the message header of the received SMS message;
determining a first switch identification that serves said communication source address of the sender'"'"'s terminal, the first switch identification being obtained from a location register assigned to monitor the location of the sender'"'"'s terminal based on said source address, the first switch identification defining an affiliated address; and
determining for the mobile terminated SMS message whether the trusted address differs from the affiliated address, wherein message origination spoofing is detected if the trusted address differs from the affiliated address.
5 Assignments
0 Petitions
Accused Products
Abstract
Message spoofing is detected by an anti-spoofing application comparing a trusted switch address (i.e., corresponding to an originating switch having processed an incoming message) to an “affiliated” address (i.e., corresponding to a switch serving the location of the identified sender). Message spoofing is detected if the trusted address differs from the affiliated address.
223 Citations
16 Claims
-
1. In a communication network supporting a short messaging service (SMS), wherein an incoming mobile terminated SMS message includes indicia of a sender as a source address in a message header of the mobile terminated SMS message and is subject to possible message spoofing so as to appear to originate from a sender other than the true sender, a method of detecting instances of message spoofing in mobile terminated SMS messages comprising:
-
identifying the originating switch identification contained in signaling control information that accompanies the received mobile terminated SMS message, the originating switch identification not being part of said message header, the originating switch identification defining a trusted address of the originating switch in the communication network, the originating switch being the switch that terminates communications having a terminal of the sender as a destination and is the initial switch to first receive the incoming SMS message launched from the terminal of the sender; identifying the communication source address in the message header of the received SMS message; determining a first switch identification that serves said communication source address of the sender'"'"'s terminal, the first switch identification being obtained from a location register assigned to monitor the location of the sender'"'"'s terminal based on said source address, the first switch identification defining an affiliated address; and determining for the mobile terminated SMS message whether the trusted address differs from the affiliated address, wherein message origination spoofing is detected if the trusted address differs from the affiliated address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A communication processing node in a communication network supporting short messaging service (SMS), wherein a mobile terminated SMS message includes indicia of a sender as a source address in a message header of the mobile terminated SMS message and is subject to possible message spoofing so as to appear to originate from a sender other than the true sender, the communication processing node detects instances of message spoofing in mobile terminated SMS messages and comprises:
-
means for identifying the originating switch identification contained in signaling control information that accompanies the received mobile terminated SMS message, the originating switch identification not being part of said message header, the originating switch identification defining a trusted address of the originating switch in the communication network, the originating switch being the switch that terminates communications having a terminal of the sender as a destination and is the initial switch to first receive the incoming SMS message launched from the terminal of the sender; means for identifying the communication source address in the message header of the received SMS message; means for determining a first switch identification that serves said communication source address of the sender'"'"'s terminal, the first switch identification being obtained from a location register assigned to monitor the location of the sender'"'"'s terminal as identified by said source address, the first switch identification defining an affiliated address; and means for determining for the mobile terminated SMS message whether the trusted address differs from the affiliated address, wherein message origination spoofing is detected if the trusted address differs from the affiliated address. - View Dependent Claims (13, 14, 15, 16)
-
Specification