SORACOM Announces Secure SMS API and Mobile SMS support for SORACOM Beam, Funnel and Harvest
We launched the SORACOM IoT platform just two years ago at IT Pro Expo, with the initial services of SORACOM Air and SORACOM Beam. The platform was limited to cellular based wireless communication technology. Today SORACOM’s IoT Platform has a total of 11 services, has added supports LPWAN technologies, specifically LoRaWAN and Sigfox, and is in use by more than 8,000 customers.
At this year’s Nikkei IT Pro Expo, the third since our launch, we announced new features to SORACOM Air, SORACOM Beam, SORACOM Funnel and SORACOM Harvest. In this blog post, we will provide a summary of the SMS functionality we’ve delivered!
Evolution of SORACOM Air for Cellular’s Infrastructure
When we started SORACOM Air, we implemented only the minimum mobile network components needed to interconnect with the Mobile Network Operators (MNOs) as an Mobile Virtual Network Operator (MVNO). We are pleased to announce that two additional network components are now implemented in SORACOM’s infrastructure:
- Home Location Register (HLR), which is the subscriber information database, we described in this blog post.
- the Short Message Service Center (SMSC). An SMSC handles SMS sending, receiving, storage and forwarding.
Having our own SMSC has enabled us to add Secure SMS support to SORACOM AIR, exposed via our API (of course).
Let’s take a look!
SMS Reinvented: SORACOM Air SMS API
As you all know, SMS is a messaging technology that has been essential part of mobile communication for long time. Although smartphone push notifications have been more common for smartphone applications nowadays, SMS is still used for a wide range of features. SMS is of course used for text messaging among people, but it is also used for
- machine-to-machine (M2M) communication
- mobile payment mechanisms
- one time password delivery for multifactor authentication
Why has SMS been used in such a wide range of applications? From an IoT platform service provider point of view, my answer would be the following features have advantages that other messaging methods do not have in common.
- A dormant mode cellular modem (which consumes much less energy), can wake up with signals from the base station and receive an incoming SMS message.
- A cellular modem can transmit and receive data without establishing IP data session or connection on top, using only cellular network signaling.
- Authentication by the SIM card is performed, sender or recipient cannot spoof the identity.
Using Feature #1 we can implement push notification from the server side to devices. This avoids the scenario of keeping devices data connections alive, and have them poll the server side. This is often the cause of unwanted battery drain and wasted data traffic consumption.
The Feature #2 brings the possibility to enable communication even when the IP communication is difficult due to restrictions on the device. It is also useful if the overhead of establishing an IP connection is not negligible.
The need for more Secure SMS Messaging
Enabling SMS on an IoT device also has a downside, though. Since SMS can be sent to the other party only by knowing the mobile number, there is a risk of an attacker sending SMS messages to a victim device to cause malfunctioning and/or unnecessary battery draining. E.g. If it is a security sensor run by battery, it could present a serious risk.
Therefore, we have designed SORACOM Air SMS API so that our customers can leverage SMS without exposing those devices to public SMS messages.
As shown in the diagram, we have added an API method to send and SMS message to a device by simply posting JSON document. With the API, the user can send SMS messages to their devices just by calling from the Web console, SORACOM command line interface (CLI) or their own program (using the Soracom API) as necessary.
Only the operator (SORACOM Account) that owns a SIM can send SMS to a device with that SIM. i.e. if you call the API specifying a SIM that you do not own, the request will be rejected. All our API calls are authenticated, and require credentials with appropriate permissions.
If the phone number of the device is leaked or guessed, our SMSC does not forward SMS messages that originate from the external number space. This prevents your devices receiving any unintended SMS messages.
By extension, device to device SMS messaging is supported with the same principle in mind. Only SIMs that belong to an operator can exchange SMS messages to each other.
When to use SORACOM Air SMS API
At SORACOM, we listen to customers and prioritize what to build based on their feedback. Ever since we released SORACOM Air, we have received many requests for SMS.
As we listen to the customer’s’ voice, we realised that we could classify their needs into the following three use cases.
Use Case 1: Power Savings and Remote Wake
Customers want to remotely wake up sleeping devices using an SMS message. This is an advantage of the underlying technology and enables significant power saving.
Use Case 2: Push Configuration information
SMS was initially designed for remote management of devices. It works even if the device is not yet configured for IP data communication. Many customer told us that it is time consuming to configure their devices before shipment, and wanted a way to automate this.
Use Case 3: Remote Command Execution
SMS messages can also be used as elegant mechanism for a secure, remote command channel without the data cost of constant IP data connections.
The SMS API is available today for Public Beta using the Web Console, API or the CLI. During the Public Beta period, there is no fee for the SMS API, and all feedback is very welcome.
Mobile Originated SMS support in SORACOM Beam, Funnel, Harvest
The SMS API above is for SMS Messages to a device, but what about SMS messages from the device? For this we have added SMS support to Soracom Beam, Funnel and Harvest.
When sending data from the device to the cloud, SORACOM Beam is used connect to a public endpoint securely. SORACOM Funnel provides an adapter for transferring data to various cloud services including Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. SORACOM Harvest is a service that collects and visualizes data. Each of these now support receiving data by SMS messages from a device.
Let’s take a look at how this works.
Each of these services is assigned an SMS number enabling you to send data to the cloud by simply sending an SMS the appropriate number.
- SORACOM Beam → 901011
- SORACOM Funnel → 901021
- SORACOM Harvest → 901031
This feature is automatically configured for SORACOM Funnel and SORACOM Harvest. For SORACOM Beam setting up SMS is just easy as the other supported protocols. Here is a screenshot of the SMS to HTTP/HTTPS configuration. The Phone Number 901011 is fixed, and you simply configure the target destination server to receive the SMS data via HTTP(S) POST.
Advantage of data transmission using SMS:
- Save power by reducing overhead: since it is possible to transmit SMS data without activating a data communication session, it is expected to save power.
- Constrained devices: since SMS also operates in devices and areas that do not support data communication, very constrained devices with cellular modules can handle data transmission
It is worth mentioning that each SMS message is limited to 140 bytes of data. This is significantly more data than many LPWAN technologies. Also, SMS messages tend to be more expensive than IP data communication when sending high frequency, two-way data. As discussed, SMS can be used as a backup communication channel, in constrained devices, or where battery life time is critical.
Please do let us know the use cases and feature requests you need, especially during the Public Beta period.