Message spoofing detection via validation of originating switch

US 8,121,624 B2
Filed: 07/25/2006
Issued: 02/21/2012
Est. Priority Date: 07/25/2006
Status: Active Grant

First Claim

Patent Images

1. In a communication network supporting a short messaging service (SMS), wherein an incoming mobile terminated SMS message includes indicia of a sender as a source address in a message header of the mobile terminated SMS message and is subject to possible message spoofing so as to appear to originate from a sender other than the true sender, a method of detecting instances of message spoofing in mobile terminated SMS messages comprising:

identifying the originating switch identification contained in signaling control information that accompanies the received mobile terminated SMS message, the originating switch identification not being part of said message header, the originating switch identification defining a trusted address of the originating switch in the communication network, the originating switch being the switch that terminates communications having a terminal of the sender as a destination and is the initial switch to first receive the incoming SMS message launched from the terminal of the sender;

identifying the communication source address in the message header of the received SMS message;

determining a first switch identification that serves said communication source address of the sender'"'"'s terminal, the first switch identification being obtained from a location register assigned to monitor the location of the sender'"'"'s terminal based on said source address, the first switch identification defining an affiliated address; and

determining for the mobile terminated SMS message whether the trusted address differs from the affiliated address, wherein message origination spoofing is detected if the trusted address differs from the affiliated address.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Message spoofing is detected by an anti-spoofing application comparing a trusted switch address (i.e., corresponding to an originating switch having processed an incoming message) to an “affiliated” address (i.e., corresponding to a switch serving the location of the identified sender). Message spoofing is detected if the trusted address differs from the affiliated address.

223 Citations

16 Claims

1. In a communication network supporting a short messaging service (SMS), wherein an incoming mobile terminated SMS message includes indicia of a sender as a source address in a message header of the mobile terminated SMS message and is subject to possible message spoofing so as to appear to originate from a sender other than the true sender, a method of detecting instances of message spoofing in mobile terminated SMS messages comprising:
- identifying the originating switch identification contained in signaling control information that accompanies the received mobile terminated SMS message, the originating switch identification not being part of said message header, the originating switch identification defining a trusted address of the originating switch in the communication network, the originating switch being the switch that terminates communications having a terminal of the sender as a destination and is the initial switch to first receive the incoming SMS message launched from the terminal of the sender;
  
  identifying the communication source address in the message header of the received SMS message;
  
  determining a first switch identification that serves said communication source address of the sender'"'"'s terminal, the first switch identification being obtained from a location register assigned to monitor the location of the sender'"'"'s terminal based on said source address, the first switch identification defining an affiliated address; and
  
  determining for the mobile terminated SMS message whether the trusted address differs from the affiliated address, wherein message origination spoofing is detected if the trusted address differs from the affiliated address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the originating switch is a mobile switching center (MSC) that supports direct communications with the sender'"'"'s terminal.
  - 3. The method of claim 1, further comprising the steps of:
    - transmitting a location query using the communication source address of the sender'"'"'s terminal as contained in the message header of the incoming message;
      
      receiving a reply from the location register assigned to track the location of the sender'"'"'s terminal in response to the query where the reply contains the first switch identification reported by the location register as serving the sender'"'"'s terminal.
  - 4. The method of claim 1, further comprising blocking the delivery of the incoming message if message origination spoofing is detected.
  - 5. The method of claim 1, wherein all of the steps are performed by a terminating message application server.
  - 6. The method of claim 5, wherein the origination switch which is a mobile switching center to a Short Message Service Center (SMSC) and the terminating message application server comprises the SMSC.
  - 7. The method of claim 6, wherein the step of identifying the trusted address comprises inspecting the signaling control information that accompanies the incoming SMS message for indicia of an originating Mobile Switching Center (MSC), and wherein the step of determining the affiliated address comprises querying a location register associated with the source address of the sender for indicia of an MSC serving the identified sender.
  - 8. The method of claim 1, wherein the indicia of the sender is contained in the message header of the incoming message where the message header is subject to alteration by the user'"'"'s terminal.
  - 9. The method of claim 8, wherein the origination switch identity and the first switch identification are not subject to alteration by the user'"'"'s terminal.
  - 10. The method of claim 8, wherein the indicia of the sender'"'"'s terminal is contained in a mobile application part (MAP) of the electronic message that is subject to alteration by the user'"'"'s terminal.
  - 11. The method of claim 10, wherein the indicia of the origination switch is contained in the transaction capabilities application part of the electronic message and is not subject to alteration by the user'"'"'s terminal.

12. A communication processing node in a communication network supporting short messaging service (SMS), wherein a mobile terminated SMS message includes indicia of a sender as a source address in a message header of the mobile terminated SMS message and is subject to possible message spoofing so as to appear to originate from a sender other than the true sender, the communication processing node detects instances of message spoofing in mobile terminated SMS messages and comprises:
- means for identifying the originating switch identification contained in signaling control information that accompanies the received mobile terminated SMS message, the originating switch identification not being part of said message header, the originating switch identification defining a trusted address of the originating switch in the communication network, the originating switch being the switch that terminates communications having a terminal of the sender as a destination and is the initial switch to first receive the incoming SMS message launched from the terminal of the sender;
  
  means for identifying the communication source address in the message header of the received SMS message;
  
  means for determining a first switch identification that serves said communication source address of the sender'"'"'s terminal, the first switch identification being obtained from a location register assigned to monitor the location of the sender'"'"'s terminal as identified by said source address, the first switch identification defining an affiliated address; and
  
  means for determining for the mobile terminated SMS message whether the trusted address differs from the affiliated address, wherein message origination spoofing is detected if the trusted address differs from the affiliated address.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The communication processing node of claim 12, comprising a terminating message application server.
  - 14. The communication processing node of claim 13, wherein the originating switch is a mobile switching center and the terminating message application server comprises a Short Message Service Center (SMSC).
  - 15. The communication processing node of claim 12, wherein the indicia of the sender is contained in the mobile application part (MAP) of the incoming message subject to alteration by the user'"'"'s terminal.
  - 16. The communication processing node of claim 15, wherein the origination switch address is contained in the transaction capabilities application part of the incoming message and is not subject to alteration by the user'"'"'s terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent SA (Nokia Corporation)
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
Cai, Yigang, Sharma, Alok
Primary Examiner(s)
Eng, George
Assistant Examiner(s)
TORRES, MARCOS L

Application Number

US11/492,336
Publication Number

US 20080026778A1
Time in Patent Office

2,037 Days
Field of Search

455/466, 455/412.1, 455/412.2, 455/414.2, 455/414.3, 455/560, 709/223, 709/224, 709/206, 709/207, 370/349
US Class Current

455/466
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/1466   Active attacks involving in...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/12   Detection or prevention of ...

H04W 12/63   Location-dependent; Proximi...

H04W 4/12   Messaging; Mailboxes; Annou...

Message spoofing detection via validation of originating switch

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

223 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Message spoofing detection via validation of originating switch

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

223 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others