首页 \ 问答 \ 网关中的短信源识别(SMS source identification in gateway)

网关中的短信源识别(SMS source identification in gateway)

我建立了一个应用程序,处理来自特定发件人的短信,短信通过短信网关接收到我的机器中,但我不知道如何验证收到的短信是否真的来自可信网络来源因为我看到一些在线发送短信的应用程序字母数字发送器这可能会混淆系统,如果没有照顾。

可以采用哪些方法来保持安全,以便所有目标SMS都应该从可信来源进行验证。

可信来源:可信来源应该是电话号码持有人的网络或任何相关信息


I have built an application which deals with SMS from specific sender's, the SMS is received through SMS gateway into my Machine but i wonder how can i verify that the SMS received is really from trusted network source cos i seen some applications online which send SMS with alphanumeric sender this can confuse the system if care hasn't been taken.

What approaches can be deployed to stay in a safer side so that all the targeted SMS should be verified to be from trusted source.

trusted source: a trusted source should be the phone numbers holder's network or anything relevant


原文:https://stackoverflow.com/questions/40828702
更新时间:2019-11-29 02:16

最满意答案

短信系统使用GSM网络,这是你无法控制的。 我有多年使用SMS的经验,并且还编写了一个旧的SMS平台。 据我所知,短信发送者ID可能很容易伪造,事实上,如果您有权访问低级GSM网络,您可以发送任何您想要的发件人ID(数字,字母等)

如果你想确保一个真实的电话号码发送短信,我认为唯一的和100%安全的方式是重新发送一个确认短信到这个发件人号码,并等待确认码。 这是粗鲁的,但值得信赖。 这并不意味着发件人是一个真正的电话,它可能是一个虚拟号码,但你无法做任何事情来解决这个问题。

我记得每一个特定的网络和提供商都有特殊的服务。 例如在西班牙,我记得我们使用了一项服务,通知我们有关任何电话号码,它是我们公司(提供商)和最后一次连接此号码的时间,但它是一种付费服务(非常昂贵,更多或每次支票少于0,10欧元)。

无论如何,任何信息都取决于API提供者的实现和接口。

这里你有GSM 3.4规范的更多信息。

https://en.wikipedia.org/wiki/GSM_03.40


the SMS system uses GSM network and this is out of your control. I have years of experience working with SMS and also programmed an old SMS platform. As I know the SMS sender ID could be fake easily, in fact if you have access to low-level GSM network you can send whatever sender id you want (numbers, alphanumieric, etc...)

If you want to make sure a SMS was sent by a real phone number I think the only and 100% secure way is to resend a confirmation SMS to this sender number and wait for the confirmation code. It's rude but is trustable. That does not mean the sender is a real phone, it could be a virtual number but you cannot do anything to solve that.

As I remember every specific network and provider have special services. For example in Spain I remember we consumed a service which inform us about any phone number, it was throuwing us the company (provider) and the time of the last connection of this number, but it was a paid service (very expensive, more or less 0,10€ for each check).

Anyway, any information depends on the implementation and interface of your API provider.

Here you have GSM 3.4 specification for more information.

https://en.wikipedia.org/wiki/GSM_03.40

2016-11-27

相关文章

更多

最新问答

更多
  • jsPlumb draggable element javascript函数(jsPlumb draggable element javascript function)
  • MVC4:ViewModel(带有radiobuttonlist)在HttpPost之后为空(MVC4: ViewModel (with radiobuttonlist) is empty after HttpPost)
  • 如何在同一帐户上设置“Dev repo”(在prod和团队之间)(How to set up a “Dev repo” (between the prod and the team) on the same account)
  • 如何在tcl中将eth0配置为发送方udp端口(how to configure eth0 as a sender udp port in tcl)
  • 如何在datarow []中的列中找到最大值?(How to find max value in a column in a datarow[] ?)
  • 如何使用预定义文本替换来自数据库的部分结果(How do I replace part of result coming from Database with predefined text)
  • Selenium Java注入了新的Javascript函数(Selenium Java inject new Javascript function)
  • 使用.on的多个下拉菜单选择文本仅适用于第一个下拉列表(Multiple Dropdowns Menu Selection text using .on works only on first dropdown)
  • 快速将黄土曲线添加到大型数据集图中的方法(Quick way to add loess curve to large data set graph)
  • FilteringSelect in mvc(FilteringSelect in mvc)
  • 在Delphi XE2中开发Mac或iOS应用程序需要哪些硬件/软件?(What hardware/software is necessary to develop Mac or iOS apps in Delphi XE2?)
  • 在原型的构造函数中初始化属性时获取“未定义”(Getting 'undefined' when a property is initialized in the constructor of a prototype)
  • 通过越狱加载的应用程序的Documents文件夹位置(Location of Documents folder for an app loaded via jailbreak)
  • 在OpenGL中使用可编程和固定管道功能(Using both programmable and fixed pipeline functionality in OpenGL)
  • 将任何用户输入重定向到单独的底层程序(redirect any user input to a separate underlying program)
  • 编辑文本不能正常工作android(Edit texts not working properly android)
  • “user_denied”Facebook应用页面上的Facebook用户区域设置(Facebook user locale on “user_denied” facebook app page)
  • 在大图像中找到小的部分透明图像的坐标(find coordinates of small partially-transparent image within a large image)
  • 我如何在cakephp 3.1中获得完整的相对路径?(How i can get full relative path of image in cakephp 3.1?)
  • 如何保存拖动标记的新本地化?(How to save new localization of dragged marker?)
  • MySQL UPDATE vs INSERT和DELETE(MySQL UPDATE vs INSERT and DELETE)
  • 在执行查询之前,在SQLAlchemy模型中将datetime转换为unix时间戳?(Convert datetime to unix timestamp in SQLAlchemy model before executing query?)
  • OpenCL与OpenGL互操作的优势(Advantage of OpenCL interoperability with OpenGL)
  • 如何解析用点和等分隔的数据然后添加到listview(How to parsing data from delimited with dot and equal then add to listview)
  • 带调试输出的X3解析器段错误(BOOST_SPIRIT_X3_DEBUG)(X3 parser segfaults with debug output (BOOST_SPIRIT_X3_DEBUG))
  • 将文件夹名称添加到fgrep结果(Add folder name to fgrep result)
  • 在MySQL中加载一个表是非常慢的(Loading one table in MySQL is ridiculously slow)
  • 如何将JSON放入PHP变量?(How do I put JSON into a PHP Variable?)
  • 如何绕过Microsoft.Speech.Recognition中的不流畅?(How to bypass disfluencies in Microsoft.Speech.Recognition?)
  • 原点的最后一行是什么?(What is the last row of an origin for?)