Systems, methods, and computer readable media for detecting and mitigating address spoofing in messaging service transactions

US 8,908,864 B2
Filed: 10/05/2012
Issued: 12/09/2014
Est. Priority Date: 03/11/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method for detecting and mitigating address spoofing in a messaging service transaction, the method comprising:

at a messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processing device;

receiving a mobility management reply message that is sent by a mobile location register element in response to an associated mobility management query, the mobility management query and the mobility management reply message being associated with a mobility management transaction, the mobility management reply message including a message service recipient identifier and a serving switch identifier;

allocating a global title address (GTA) from a pool of global title addresses within a range of global title addresses assigned to the firewall to a correlation record;

storing the correlation record indicating a correlation between the allocated GTA and an originating SMSC identifier of the mobility management query;

replacing the serving switch identifier in the mobility management reply message with the allocated GTA resulting in a modified mobility management reply message;

routing the modified mobility management reply message;

receiving a message service message associated with the mobility management transaction, the messaging service message being addressed to the allocated GTA;

determining the originating SMSC identifier to which the allocated GTA is correlated;

comparing SMSC identifier information extracted from the messaging service message with the originating SMSC identifier to which the allocated GTA is correlated to determine if the messaging service message contains spoofed address information; and

in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer readable media for detecting and mitigating address spoofing in messaging service transactions are disclosed. A messaging service firewall (MSF) separate from a short message service center (SMSC) receives a mobility management reply message (MMR) that is sent by a mobile location register element in response to an associated mobility management query (MMQ) and that includes a serving switch identifier. The MSF allocates a global title address (GTA) from a pool of GTAs and stores a correlation between the allocated GTA and the originating SMSC. The MSF replaces the serving switch identifier in the MMR with the allocated GTA and routes the modified MMR. The MSF then receives a messaging service message (MSM) that is addressed to the allocated GTA and that includes the purported originating SMSC. If the purported originating SMSC does not match the SMSC to which the GTA is correlated, the MSM is discarded.

112 Citations

12 Claims

1. A method for detecting and mitigating address spoofing in a messaging service transaction, the method comprising:
- at a messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processing device;
  
  receiving a mobility management reply message that is sent by a mobile location register element in response to an associated mobility management query, the mobility management query and the mobility management reply message being associated with a mobility management transaction, the mobility management reply message including a message service recipient identifier and a serving switch identifier;
  
  allocating a global title address (GTA) from a pool of global title addresses within a range of global title addresses assigned to the firewall to a correlation record;
  
  storing the correlation record indicating a correlation between the allocated GTA and an originating SMSC identifier of the mobility management query;
  
  replacing the serving switch identifier in the mobility management reply message with the allocated GTA resulting in a modified mobility management reply message;
  
  routing the modified mobility management reply message;
  
  receiving a message service message associated with the mobility management transaction, the messaging service message being addressed to the allocated GTA;
  
  determining the originating SMSC identifier to which the allocated GTA is correlated;
  
  comparing SMSC identifier information extracted from the messaging service message with the originating SMSC identifier to which the allocated GTA is correlated to determine if the messaging service message contains spoofed address information; and
  
  in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.
- View Dependent Claims (2)
- - 2. The method of claim 1 comprising generating a message detail record based on an attempted delivery of the message service message.

3. A method for detecting and mitigating address spoofing in a messaging service transaction, the method comprising:
- at a messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processing device;
  
  receiving a mobility management query message associated with a message delivery transaction that is sent by an originating SMSC element, where the mobility management query message includes a message service recipient identifier and a first originating SMSC identifier;
  
  generating a mobility management reply message in response to the query message, the reply message including at least a portion of the first originating SMSC identifier in one or more parameters of the reply message that trigger the originating SMSC to echo the parameters in a subsequent message associated with the message delivery transaction;
  
  receiving a messaging service message associated with the message delivery transaction, where the messaging service message includes the echoed parameters;
  
  extracting the echoed parameters from the messaging service message;
  
  comparing SMSC identifier information in the echoed parameters extracted from the messaging service message with SMSC identifier information contained in a routing label of the received messaging service message to determine if the messaging service message contains spoofed address information; and
  
  in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.
- View Dependent Claims (4, 5)
- - 4. The method of claim 3 comprising generating a message detail record based on an attempted delivery of the message service message.
  - 5. The method of claim 3 wherein receiving the messaging service message associated with the message delivery transaction comprises receiving the messaging service message from a signaling message routing node that uses mobile application part (MAP) screening to route received messaging service messages.

6. A system for detecting and mitigating address spoofing in messaging service transactions, the system comprising:
- a messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processing device, the messaging service firewall including;
  
  a network interface for sending and receiving signaling messages; and
  
  a spoofing detection module for;
  
  receiving, from the network interface, a mobility management reply message that is sent by a mobile location register element in response to an associated mobility management query, the mobility management query and the mobility management reply message being associated with a mobility management transaction, where the mobility management reply message includes a message service recipient identifier and a serving switch identifier;
  
  allocating a global title address (GTA) from a pool of global title addresses within a range of global title addresses assigned to the firewall to a correlation record;
  
  generating and storing the correlation record that associates the allocated GTA with an originating SMSC identifier of the mobility management query;
  
  replacing the serving switch identifier in the reply message with the allocated GTA resulting in a modified reply message;
  
  routing the modified reply message;
  
  receiving, from the network interface, a message service message including the allocated GTA and using the allocated GTA to locate the correlation record;
  
  comparing SMSC identifier information extracted from the messaging service message with SMSC identifier information contained in the correlation record to determine If the messaging service message contains spoofed address information; and
  
  in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.
- View Dependent Claims (7)
- - 7. The system of claim 6 wherein the messaging service firewall generates a message detail record based on an attempted delivery of the message service message.

8. A system for detecting and mitigating address spoofing in messaging service transactions, the system comprising:
- a messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processing device, the messaging service firewall including;
  
  a network interface for sending and receiving signaling messages; and
  
  a spoofing detection module for;
  
  receiving, from the network interface, a mobility management query message associated with a message delivery transaction that is sent by an originating SMSC element, where the mobility management query message includes a message service recipient identifier and a first originating SMSC identifier;
  
  generating a mobility management reply message, in response to the query message, that includes at least a portion of the first originating SMSC identifier in one or more parameters of the reply message that trigger the originating SMSC to echo the parameters in a subsequent message associated with the message delivery transaction;
  
  receiving, from the network interface, a messaging service message associated with the message delivery transaction, where the messaging service message includes the echoed parameters;
  
  extracting the echoed parameters in the messaging service message;
  
  comparing SMSC identifier information in the echoed parameters extracted from the messaging service message with SMSC identifier information contained in a routing label of the received messaging service message to determine if the messaging service message contains spoofed address information; and
  
  in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.
- View Dependent Claims (9, 10)
- - 9. The system of claim 8 wherein the messaging service firewall generates a message detail record based on an attempted delivery of the message service message.
  - 10. The system of claim 8 comprising a signaling message routing node that uses mobile application part (MAP) screening to route messaging service messages to the messaging service firewall.

11. A non-transitory computer readable medium having stored thereon executable instructions that when executed by the processing device of a computer control the computer to perform steps comprising:
- at a messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processing device;
  
  receiving a mobility management reply message that is sent by a mobile location register element in response to an associated mobility management query, the mobility management query and the mobility management reply message being associated with a mobility management transaction, where the mobility management reply message includes a message service recipient identifier and a serving switch identifier;
  
  allocating a global title address (GTA) from a pool of global title addresses within a range of global title addresses assigned to the firewall to a correlation record;
  
  generating and storing the correlation record that associates the allocated GTA with an originating SMSC identifier of the mobility management query;
  
  replacing the serving switch identifier in the reply message with the allocated GTA resulting in a modified reply message;
  
  routing the modified reply message;
  
  receiving the message service message including the allocated GTA and using the allocated GTA to locate the correlation record;
  
  comparing SMSC identifier information extracted from the messaging service message with SMSC identifier information contained in the correlation record to determine if the messaging service message contains spoofed address information; and
  
  in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.

12. A non-transitory computer readable medium having stored thereon executable instructions that when executed by the processing device of a computer control the computer to perform steps comprising:
- at a messaging service firewall separate from a short message service center (SMSC) and implemented on a platform including at least one processing device;
  
  receiving a mobility management query message associated with a message delivery transaction that is sent by an originating SMSC element, where the mobility management query message includes a message service recipient identifier and a first originating SMSC identifier;
  
  generating a mobility management reply message, in response to the query message, that includes at least a portion of the first originating SMSC identifier in one or more parameters of the reply message that trigger the originating SMSC to echo the parameters in a subsequent message associated with the message delivery transaction;
  
  receiving a messaging service message associated with the message delivery transaction, where the messaging service message includes the echoed parameters;
  
  extracting the echoed parameters in the messaging service message;
  
  comparing SMSC identifier information in the echoed parameters extracted from the messaging service message with SMSC identifier information contained in a routing label of the received messaging service message to determine if the messaging service message contains spoofed address information; and
  
  in response to determining that the messaging service message contains spoofed address information, discarding the messaging service message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ZephyrTel, Inc.
Original Assignee
Tekelec Netherlands Group BV
Inventors
Nooren, Eloy Johan Lambertus
Primary Examiner(s)
Herzog, Madhuri

Application Number

US13/646,538
Publication Number

US 20130095793A1
Time in Patent Office

795 Days
Field of Search

380247-250, 380270-274, 726 11- 14, 455/403, 455410-411, 455/445, 455/466, 709220-245
US Class Current

380/270
CPC Class Codes

H04L 63/1441   Countermeasures against mal...

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

H04W 88/184   Messaging devices, e.g. mes...

Systems, methods, and computer readable media for detecting and mitigating address spoofing in messaging service transactions

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

112 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods, and computer readable media for detecting and mitigating address spoofing in messaging service transactions

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links