Design for Masking & Storing Virtual Phone Numbers
Question → Why Hyperlocal companies have to hide the Phone-Numbers ?
Question → What would happen, if the Phone-Numbers are exposed ?
Answer → As a customer for you :-
- It may so happen that, your number may get exposed and lands into the hands of the bad people and you would be added to the random-whatsapp-groups OR you may start getting blank calls and hence breach of security.
- In the worst case scenario, people may do the Social-Engineering on you and may end up hacking your accounts.
Therefore, the companies with whom you share your MobileNumbers (during Login OR signUp process), it’s their responsibility to keep the customer’s phoneNumbers secure.
Question → How do the Customers receive calls from Delivery-Agents and vice-versa, without exposing their actualNumbers ?
Answer → Solution is Virtual-Phone-Numbers. These Virtual-Phone-Numbers look very similar to the actualPhoneNumbers, but they are only applicable for a particular transaction.
Question → How do Hyperlocal-companies obtain the Virtual-Numbers ?
Answer → Below are the steps involved into the operation :-
- The Hyperlocal-companies owns the service known as : “Virtual-Number-Service”, whose job is to periodically fetch the Virtual-Numbers from the Telecom-Providers like Airtel, Jio, etc.
- “Virtual-Number-Service” then stores these Virtual-Numbers into their respective database. We keep these Virtual Phone Numbers handy, so that we can use them instantly whenever there is a need for our transaction.
Question → Does every User gets a Virtual-Number ?
Answer → No. This is because of following reasons :-
- Because if we assign a virtual-number to a user till eternity, then again we fall into the same problem of security as similar to that in the case with actual Phone Numbers.
- If we assign unique virtual number to an each user, then say we have millions of users, then we would have to keep millions of virtual-numbers engaged with us and it may so happen that, most of those numbers are not in use as well.
Question → How does the assignment of Virtual-Number should look like ?
Note: Once the transaction is done, that virtual number should be un-assigned OR unmapped.
Question → Whether the Virtual Phone Numbers are assigned to both the parties involved in a transaction ?
Answer → Yes, if 2 parties are involved in a transaction, then 2 different virtual phoneNumbers are being assigned to both the involved parties.
Question → What if one deliveryAgent have got multiple orders to deliver ?
Question → At what moment, the Virtual Phone Numbers are being allocated ?
Answer → The Virtual Phone Number is allocated to both the parties when The Order has been placed by the User AND The deliveryAgent has been allocated to that Order.
Question → How does our overall architecture for the assignment of Virtual Phone Numbers looks like ?
Answer → Below is how the system setup looks like ?
- “A” and “B” are the users and “D” is the deliveryAgent.
- The DeliveryAgent “D” have got the orders to be delivered for Users “A” and “B”.
- The original phoneNumbers of our Users and DeliveryAgents are being stored in the Profile Database.
Here is how the Flow Diagram looks like :-
Step #1.) Whenever the oder is being received at the Orders-Service and the deliveryAgent is being allocated, the event (DriverAssigned) is being sent to the Kafka.
Step #2.) The event (DriverAssigned) is being received by the Kafka-consumers. It hits to the Virtual-Number-Service and gets a pair of Virtual-Numbers for both the parties involved into the transaction :-
- One Virtual-Number for User-A.
- Another Virtual-Number for the DeliveryAgent-D.
Step #3.) Once we get virtual-numbers for both the parties, we save them into the Orders-Service, so that the same can be rendered into the App :-
- Virtual-Number for User-A is AAA.
- Virtual-Number for the DeliveryAgent-D is DDD.
Notes:
- In the Customer-App, we have to show the DeliveryAgent’s PhoneNumber DDD, so that customer-A can directly give a call to the Agent.
- Similarly, In the Agent-App, we have to show the Customer’s PhoneNumber AAA, so that deliveryAgent-D can directly give a call to the Customer.
Question → What happens when Customer gives the call to the DeliveryAgent, say to check Where the deliveryBoy is ?
Answer → Below is what happens when Customer-A calls to DeliveryAgent-D :-
- Original number of User-A is 123.
- User-A can see the anonymised number of DeliveryAgent-D i.e. User-A can only see the Virtual-Number of DeliveryAgent-D which is DDD.
Here is how the Flow Diagram looks like :-
Step #1.) When the User-A calls to DDD, this call goes to Telecom-Operator.
Note:-
- Now, Telecom-Operators don’t know the mapping i.e. they don’t know, where to forward the call ?
- When the User-A calls to DDD, this call goes to Telecom-Operator. The Telecom-Operator don’t know the actualNumber to which the DDD is being mapped to ?
Step #2.) The Telecom-Operator now makes a call to our Virtual-Number-Service in order to validate the transaction and in return, it sends following things back to the Telecom-Operator :-
- The Original Number of DeliveryAgent-D i.e. 456.
- The Virtual Number of User-A i.e. AAA.
Step #3.) The Telecom-Operator now makes a call to the Delivery-Agent on his actualNumber i.e. 456.
Question → Explain little more about the validation step that has been mentioned above during the process when one party calls to another ?
Answer → The validation looks like this, If User-A (OriginalNumber as 123) makes a call to the DeliveryAgent-D (VirtualNumber as DDD), then whether there exists a bridge between these 2 OR Not.
References :-