WebSphere brand IBM WebSphere Telecom Web Services Server, Version 7.1

Address Masking component Web service

The Address Masking component Web service provides features to hide the actual identity of a subscriber from third party applications (TPA). Third parties are internal and external customers of service providers.

Note: They can be different internal divisions within an organization that wish to develop new services based on core infrastructure function or external customers that wish to integrate new or enhance existing services.

Address masking is provided by the Address Masking mediation primitive (part of the processing flow for the Access Gateway), working in conjunction with the Address Masking component Web service (a Service Platform component).

You can use address masking to mask, unmask, shadow, or unshadow the specific addresses that identify the subscriber (MSISDN or SIP address) to an application. The Address Masking mediation primitive extracts occurrences of any such address from the message (SMO) and sends the addresses as key-value pairs to the Address Masking component Web service. The masking service replaces all addresses contained in the request with their masked values, or vice versa, depending on the operation being performed.

The operations being performed are configured as policies, using the Service Policy Manager. The mediation primitive looks up the policies and behaves accordingly.

The following operations are provided:
Masking
Encrypts the address fields contained in a request message, using an encryption algorithm. The encrypted address value is composed of numbers, alphanumeric characters and special characters.
Unmasking
Decrypts one or more masked address values contained in a request message. This operation and the masking operation are complementary.
Shadowing
Replaces the MSISDN contained in a request message with a pseudo-MSISDN value, and returns the pseudo value to the requester. For example, the MSISDN 9818010846 might be replaced by 98180XXXXX where X is any digit from 0 to 9. The number of digits to be shadowed is user configurable.
Note: Pay attention to the fact that the algorithm used for shadowing is very difficult to decipher, but not impossible. Also, be aware that there is a possibility of the generated shadowed number appearing as a valid MSISDN number. Hence, Shadowing is a comparatively vulnerable option as compared to the Masking or MaskingWithExpiry operations. If you are concerned about security, you should not use the Shadowing operation.
Unshadowing
Replaces the pseudo-MSISDN value contained in a request message with the actual MSISDN, and returns the unshadowed MSISDN to the requester. This operation and the masking operation are complementary.
MaskingWithExpiry
Replaces the address fields with a pseudo (random) number, which is configured for expiry–in other words, the pseudo number can be used only for a certain period of time, after which the address expires. Any subsequent requests that use an expired number are rejected. This operation and the UnmaskingWithExpiry operation are complementary.
UnmaskingWithExpiry
Given a masked number, it retrieves the corresponding original number from a database and sends the response back to the user. This operation and the MaskingWithExpiry operation are complementary.
Note: The Address Masking component Web service mediation primitive is deployed as a Service Platform components, and the mediation primitive uses the Service Policy Manager for masking configurations. This mediation primitive is available only with the version 7.1 levels of the TWSS Access Gateway and Service Policy Manager.



Terms of use
(C) Copyright IBM Corporation 2009. All Rights Reserved.