[Asterisk-Users] calling card application
Jeremy Hall
jeremyhall at mpccorp.com
Tue May 25 10:31:38 MST 2004
Good afternoon,
I haven't set up a pre-paid system myself, so I can't answer to details
on what system to use, etc. But I can give you some advise regarding
your authentication scheme.
If by authentication by mobile number you mean the caller ID received,
that is not secure at all. CallerID is very easy to spoof when you have
a digital line (certain types, of course.) For example, when I call out
from my Asterisk box, if I prefix the number with 9, it sends my correct
CallerID information. If I prefix the number with 8, it sends the
number I am calling as the CID. I can just as easily set that to show
random numbers, or a mobile number I know will give me pre-paid minutes
on XYZ company's long distance account.
If you do want to use the CallerID as part of the authentication, that
is fine, but I would highly recommend keeping the PIN code in place
also, as a safeguard against a falsified CID.
Examples
1. Caller ID shows correct number of a user: Caller is presented with a
prompt for a PIN, user enters in correct pin, prompted for destination
number, call completes.
2. Caller ID shows correct number of a user: Caller is presented with a
prompt for a PIN, incorrect pin is entered, Invalid account message
played, disconnected or transferred to operator.
3. Caller ID does not match customer database. Caller is played a
message stating how to get an account, and routed to operator or
disconnected accordingly.
Even with the PIN, you could still store the appropriate pauses in a
speed dial and be seemingly transparent for the user. Many phones have
a calling card function in them already, which will work fine as well.
Good luck,
Jeremy
-----Original Message-----
From: Wolfgang Pichler [mailto:madmin at dialog-telekom.at]
Sent: Tuesday, May 25, 2004 9:17 AM
To: Asterisk-Users Mailinglist
Subject: [Asterisk-Users] calling card application
<SNIP>
- Then asterisk checks if the user is authorized with his mobile number.
<SNIP>
Where are the possible problems ?
<SNIP>
More information about the asterisk-users
mailing list