CN109995733B - Capability service opening method, device, system, equipment and medium - Google Patents

Capability service opening method, device, system, equipment and medium Download PDF

Info

Publication number
CN109995733B
CN109995733B CN201711491736.3A CN201711491736A CN109995733B CN 109995733 B CN109995733 B CN 109995733B CN 201711491736 A CN201711491736 A CN 201711491736A CN 109995733 B CN109995733 B CN 109995733B
Authority
CN
China
Prior art keywords
calling
capability
information
user
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711491736.3A
Other languages
Chinese (zh)
Other versions
CN109995733A (en
Inventor
马松岩
王峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Liaoning Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Liaoning Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Liaoning Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201711491736.3A priority Critical patent/CN109995733B/en
Publication of CN109995733A publication Critical patent/CN109995733A/en
Application granted granted Critical
Publication of CN109995733B publication Critical patent/CN109995733B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention provides a method, a device, a system, equipment and a medium for opening a capability service. The method comprises the following steps: receiving calling request information sent by a capability user; acquiring the calling state of the capability user according to the calling request information and the historical calling information; and sending calling request passing information to the capability user and providing capability open service to the capability user under the condition that the calling state is judged to be normal according to the calling characteristic information. The invention can protect the privacy of the user while the capability is opened.

Description

Capability service opening method, device, system, equipment and medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, a system, a device, and a medium for opening a capability service.
Background
In the era of mobile internet, telecom operators face huge challenges of service quality and service innovation, and need to provide service interfaces for third-party enterprises or individual developers through opening system capacity of the telecom operators, so that timely, personalized and diversified services are provided for users, user experience and viscosity are improved, potential service value is continuously mined, an industrial chain is enlarged, and an open win-win ecological chain is formed. At present, a capacity open mode is initially established by a telecom operator, but a capacity open platform of the telecom operator provides services and simultaneously inevitably brings a series of key problems of privacy protection. Meanwhile, the public has higher sensitivity to the private data, the requirement for keeping the private data secret is increased day by day, the disclosure of the private data is not limited to economic disputes, and the disclosure of the private data becomes a social problem discussed together in the whole society. Recently, more rampant telecom fraud pushes telecom operators to the wind tip. How to open the capability while ensuring the security of the privacy of the user becomes a great challenge for telecom operators.
The existing method for protecting the privacy of the user of the capacity open platform of the telecom operator can carry out encryption processing by calling the message in the process, so as to prevent data leakage in the interaction process; identity verification is carried out on the calling party, such as request of an IP address and application validity, and the calling party is ensured to be safe and credible; data with high risk is generated by the capacity open platform in a readable form and directly displayed to the user, such as page display or file generation, so that the leakage risk is reduced, and the purpose of protecting the privacy of the user while the capacity is open is achieved.
In the prior art, in the aspect of protecting the privacy of a user by a capability open platform, the emphasis is placed on post-treatment, when a behavior of a certain capability caller maliciously calling the capability open platform to acquire user information is completed, subsequent punishment measures such as preventing the capability caller from continuously accessing and the like are performed on the capability caller by determining the identity of the capability caller, so that the user data is prevented from being further leaked, but the user cannot be prevented from being harassed in advance; in the aspect of capability openness for protecting user privacy, the prior art scheme focuses on a transmission layer, and ensures that an interaction process is not intercepted by a third party through mechanisms such as transmission encryption and the like, but the access behavior of a primarily verified capability caller is not controlled, and the capability caller may possibly call malicious capability to acquire user privacy data, so that a great risk exists.
Disclosure of Invention
The embodiment of the invention provides a method, a device, a system, equipment and a medium for opening a capability service, which are used for solving the problem of user privacy leakage in the traditional capability service opening business.
In a first aspect, an embodiment of the present invention provides a capability service opening method, where the method includes:
receiving calling request information sent by a capability user;
acquiring the calling state of the capability user according to the calling request information and the historical calling information;
and sending calling request passing information to the capability user and providing capability open service to the capability user under the condition that the calling state is judged to be normal according to the calling characteristic information.
In a second aspect, an embodiment of the present invention provides a capability service opening apparatus, where the apparatus includes:
the receiving module is used for receiving calling request information sent by a capability user;
the calling state acquisition module is used for acquiring the calling state of the capability user according to the calling request information and the historical calling information;
and the judging module is used for sending calling request passing information to the capability user and providing capability open service to the capability user under the condition that the calling state is judged to be normal according to the calling characteristic information.
The embodiment of the invention provides a capability service opening device, which comprises: at least one processor, at least one memory, and computer program instructions stored in the memory, which when executed by the processor, implement the method of the first aspect of the embodiments described above.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, on which computer program instructions are stored, which, when executed by a processor, implement the method of the first aspect in the foregoing embodiments.
The ability service opening method, the ability service opening device, the ability service opening equipment and the ability service opening medium can protect the privacy of the user while the ability is opened.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 illustrates a flow diagram of a capability service opening method of an embodiment;
FIG. 2 is a block diagram showing a system configuration of a capability service opening method according to another embodiment;
FIG. 3 illustrates a call control flow diagram of a capability service opening method of another embodiment;
FIG. 4 shows a flow diagram of a capability service opening method of another embodiment;
FIG. 5 is a system flow diagram illustrating a capability service opening method according to another embodiment;
FIG. 6 illustrates a block diagram of a capability service exposure apparatus of an embodiment;
fig. 7 is a schematic diagram illustrating a hardware structure of a capability service opening device according to an embodiment of the present invention.
Detailed Description
Features and exemplary embodiments of various aspects of the present invention will be described in detail below, and in order to make objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not to be construed as limiting the invention. It will be apparent to one skilled in the art that the present invention may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present invention by illustrating examples of the present invention.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Fig. 1 is a flowchart illustrating a capability service opening method according to an embodiment, and as shown in fig. 1, the method includes:
in step S10, the call request information sent by the capability user is received.
And step S20, acquiring the calling state of the capability user according to the calling request information and the historical calling information.
And step S30, when the calling state is judged to be normal according to the calling characteristic information, sending calling request passing information to the capability user, and providing capability opening service to the capability user.
In particular, as telecommunication domain capability providers deposit more comprehensive, deeper, and more private customer data, some of the capability uses, although authorized, can still gain and maintain user private data in their systems through a large number of malicious, open platforms of access capabilities. In order to solve the problem, the proposal establishes a call control subsystem in the capability open platform system. Fig. 3 shows a call control flow chart of a capability service opening method according to another embodiment, as shown in fig. 3, when a capability visitor initiates a call request, a capability user portal first performs a preliminary authorization judgment on the request initiated this time, for example, whether the capability visitor is already registered in a capability opening platform, whether the service request applied this time has an authority, whether a message format is correct, and the like. After the capability user portal passes the verification, before the capability provider system is called, a calling judgment link is added, the calling control subsystem and the capability user portal complete the interaction through real-time information, the capability user portal initiates a calling judgment request to the calling control subsystem, the calling control subsystem authenticates the current service calling request, and the calling control subsystem judges whether to put the request through. And the call control subsystem judges whether the current call request state is normal or not, and the capability open platform carries out subsequent processes according to the return result. If the access is judged to be in a normal state, the request is released, and the subsequent processes are continuously completed, such as calling an interface of a capability provider to complete service handling or data query and the like; if the request is judged to be in an abnormal state, the subsequent access process is stopped, so that the purpose of preventing information leakage is achieved.
In a possible implementation manner, the invoking feature information includes an invoking frequency deviation threshold, the historical invoking information includes invoking times, and the acquiring the invoking state of the capability user according to the invoking request information and the historical invoking information includes: acquiring the calling frequency of the capacity user according to the calling request information and the calling times; when the calling state is judged to be normal according to the calling characteristic information, sending calling request passing information to the capability user, wherein the calling request passing information comprises: and sending calling request passing information to the capability user under the condition that the calling frequency is judged to be normal according to the calling frequency deviation threshold.
In one possible implementation, the call characteristic information includes a call period threshold, the historical call information includes a historical period,
acquiring the calling state of the capability user according to the calling request information and the historical calling information, wherein the method comprises the following steps:
acquiring the calling period of the capacity user according to the calling request information and the history period;
when the calling state is judged to be normal according to the calling characteristic information, sending calling request passing information to the capability user, wherein the calling request passing information comprises:
and sending a calling request passing message to the capability user under the condition that the calling period is judged to be normal according to the calling period threshold value.
In one possible implementation, the calling feature information includes a calling information range threshold, and the calling request information includes a calling information range, and the method further includes:
acquiring the calling information range ratio of the capacity user according to the calling information range and the total information range;
and sending calling request passing information to the capability user under the condition that the calling information range ratio is judged to be normal according to the calling information range threshold value.
In one possible implementation, the method further includes:
calculating the malicious behavior index of the ability user according to the calling frequency, the calling period and the calling information range ratio;
when the calling state is judged to be normal according to the calling characteristic information, sending calling request passing information to the capability user, wherein the calling request passing information comprises:
and sending a calling request passing message to the capability user under the condition that the calling state is judged to be normal according to the malicious behavior index and the index threshold.
In one possible implementation, the method further includes:
acquiring a use risk value of the capability user according to the calling request information and the user authentication information;
when the use risk value and a risk threshold value are used, judging whether the use authentication of the capability receiver is passed;
and when the judgment result is that the use authentication of the capability receiver is passed, providing the capability opening service for the capability user.
In one possible implementation manner, the user authentication information includes: capability user self attribute information and capability user business behavior information.
In one possible implementation, the method further includes:
and judging whether to terminate the capacity open service or not according to the use risk value in the process of providing the capacity open service for the capacity user.
Specifically, fig. 2 is a block diagram illustrating a system structure of a capability service opening method according to another embodiment, as shown in fig. 2, which mainly opens a capability to a capability opening platform while protecting user privacy. Judging whether the request is a suspected malicious calling behavior initiated by a non-user in real time by calling the control subsystem and carrying out subsequent control; and the risk authentication subsystem carries out omnibearing risk identification on the ability visitor and provides decision basis for ability operation.
And the calling control subsystem judges whether the calling application state is normal in real time through the multi-dimensional characteristic values, and three characteristic values of calling frequency deviation value, user range ratio and calling period linear conformity are adopted.
According to the scheme, through analyzing the log analysis statistical result of malicious calling which is suspected to aim at obtaining user privacy data, since normal ability calling ability visitors which are suspected to be not initiated by users need to initiate a calling process for many times, the frequency of most of the abnormal calling is high, and the frequency deviation value of the ability visitor calling ability open platform is used as one of characteristic values for judging the suspected abnormal calling; in order to obtain a large amount of user data, the range of the mobile phone numbers of the users involved in abnormal calling is usually large, so that the calling user range is taken as one of characteristic values; in addition, in order to ensure the value of the acquired user data, the capability caller generally has a linear relationship with the call cycle for the statistical analysis of the subsequent data, so that the linear coincidence of the call cycle is one of the characteristic values.
Fig. 4 shows a flowchart of a capability service opening method according to another embodiment, and the call control authentication flow is described in detail below with reference to the call control system authentication flowchart of fig. 4:
step 1, a capability visitor initiates a calling request through a capability user portal;
step 2, judging whether the ability visitor is an internal trusted system;
step 2-1, if the ability visitor is an internal trusted system, the request is put through, and the step 5 is skipped;
step 2-2, the ability visitor is a non-internal trusted system, and the process is carried out to step 3;
step 3, judging whether the access is normal or not through the multi-dimensional characteristic values;
the proposal combines the three-domain capability open platform data of the IT system, and forms a three-dimensional characteristic value from three aspects of calling frequency deviation value, user range ratio and calling period linear conformity, and judges whether the calling capability calling state is normal in real time by using the three-dimensional characteristic value.
Wherein the calling frequency deviation value is
Figure GDA0003041584910000071
Where v _ id is this capabilityVisitor code, t is the calling time, Cf (v _ id, t) is the calling frequency of the ability visitor calculated in real time, the calling frequency can be defined as the calling times in unit time, for example, the calling times of the ability visitor are recorded from the initial time to the t time,
Figure GDA0003041584910000072
for the average call frequency of the statistically sampled n capacity visitors at time t, the value of Ca may vary greatly during different time periods, such as the average call frequency during the end of the month or holidays may increase. The calling time and times can be obtained through the existing data of the IT system capability open platform.
The user range ratio value formula is
Figure GDA0003041584910000073
Wherein Uvc (v _ id, t) is the calling times of v _ id of the ability visitor in t time, and Uc (ts) is the number of communication users in ts time stamp in the telecommunication system. The capability calling information data is stored in an IT system capability open platform; the number of communications subscribers is maintained in an enterprise big data system.
The linear conformity expression of the calling period is
CPL(v_id,t)=|D(v_id,snum,t)-D(v_id,snum,(t-tcy) - | + SDNL (t) (equation 3)
Wherein D (v _ id, snum, t) is the time interval from the last request received by the calling device v _ id to the service number snumcyThe last time the request was called, which is recorded in the system, sdnl (t) represents a system linearity error value, such as system interaction network delay or clock adjustment, which is stored in the enterprise big data system. Data is updated for D (v _ id, snum, t) after the computation is completed.
According to the three-dimensional characteristic value, calculating a malicious calling behavior index of the capability caller for suspected non-user initiation as
Figure GDA0003041584910000081
Wherein Eig (i) is different characteristic values, and Wei (i) is the weight values corresponding to the different characteristic values. For a set of suspected non-user initiated malicious invocation behavior indices that have been proven to be non-user initiated malicious invocation behaviors, U ═ U1, U2
S(n)∈[Min(Ui),Max(Uj)](i is 1. ltoreq. m, j is 1. ltoreq. m) (formula 5)
The telephone is judged to be suspected harassing or fraudulent.
Step 4-1, judging that the capability calling is not suspected to be a malicious calling behavior aiming at obtaining the user privacy data, and going to step 5;
step 4-2, judging that the user number is a suspected malicious calling behavior initiated by a non-user, and going to step 6;
step 5, calling the control system to pass the authentication, putting through the request, and performing the subsequent capacity acquisition process;
step 6, calling the control system to fail authentication, and terminating the calling request;
step 7, recording a behavior log for the current calling behavior of the ability visitor;
and 8, updating the relevant data of the ability visitor in the authentication system.
In some scenarios, risk authentication is required for the capability visitor, and the risk level is defined to provide decision basis for the capability operator. The capacity open platform may define risks from multiple dimensions, such as for capacity visitors of different natures, internet channel partners may be at a higher risk level than government-enterprise customer partners; for different service capabilities, the risk level is considered to be higher if business transaction requiring deduction of fees to users is carried out; such as a higher risk level for service capabilities requiring user authentication than for service capabilities not requiring user authentication. Meanwhile, a great advantage of a telecom operator is that the telecom operator has service and communication data of a terminal user, and can obtain risk data of capability calling of the user under the capability visitor through analysis of an enterprise big data platform and combination of a capability open platform calling log. And integrating the risk data, performing comprehensive risk analysis on the ability visitor, outputting risk authentication data, and providing the risk authentication data for an ability operator as a basis for judging the ability visitor, or as an input parameter for subsequent access control of the ability open platform. When the risk value is provided for the ability operator as a basis for judging the ability visitor, the ability operator can comprehensively judge whether the ability visitor has risk or not according to the risk value and by combining other factors of the ability visitor, such as ability registration behavior, credit rating and the like. When the risk value is used as an input parameter for subsequent access control of the capability opening platform, the risk value can be used as an input parameter for a subsequent capability access process, for example, the risk value is greater than a certain threshold value, and operations such as current limitation and access blocking are executed.
The process of risk authentication of the capability visitor is as follows, and fig. 5 is a schematic system flow diagram illustrating a capability service opening method according to another embodiment, as shown in fig. 5:
(1) a user calls a capability open platform through a capability visitor system;
(2) after the capability call passes through a capability user portal, updating the capability call record of the capability visitor in the risk authentication subsystem;
(3) for the capacity opened in a specific scene, the risk authentication subsystem synchronizes the opened capacity information to the enterprise big data system, the big data system completes user behavior matching modeling according to the capacity form, judges whether the capacity can be completed by the capacity visitor system or not through the telecommunication service and communication behavior data of the user, and calculates the risk result.
(301) After the capability user portal of the capability open platform registers new capability, the risk authentication subsystem synchronizes the service capability related element information to the enterprise big data platform;
(302) the enterprise big data platform confirms the caliber according to the concrete content of the service and establishes a service model;
(303) the enterprise big data platform informs the risk authentication subsystem that the establishment of the service model is completed;
(304) when a user initiates telecommunication service and communication behaviors, the enterprise big data platform collects relevant data;
(305) the risk authentication subsystem initiates an authentication request of the capability user corresponding to the service to the enterprise big data platform;
(306) after receiving the request, the enterprise big data platform compares the established model according to the behavior data of the user to judge the service risk of the user with the capacity;
(307) and the enterprise big data platform returns an authentication result to the risk authentication subsystem.
(4) The risk authentication subsystem compares the multidimensional risk grade of the capability caller with the defined general risk grade in the capability open platform system, and confirms the risk result together with the calculation result in the step 3;
recording the risk grade record of the capability caller in the risk authentication subsystem as a matrix form
Figure GDA0003041584910000101
Wherein G is the number of columns in the matrix, the value of the combined actual judgment element in the scheme is 3, K is the total number of services applied by the capability caller, Ab _ id is the capability service code, Vle is the feature value of the capability caller corresponding to the Ab _ id service, such as the current number of user calls of the service handling service, Ris is the risk value corresponding to the Ab _ id service, different capability callers may have different corresponding same service risk values, for example, the traffic query risk of the internal system is lower than that of the external system.
Similarly, the capability openness platform records the average risk level record matrix AOP (G × K) of all services of all capability visitors through the Visv_id(G multiplied by K) and the risk calculation result in the step 3 are operated to obtain the final risk discrimination value Rv.
Figure GDA0003041584910000102
Wherein, Visv_id(G-1, n) and AOP (G-1, n) denote the data at line G-1 and column n in the matrix, BiDv_id(Ab_idn) And (3) representing the risk evaluation value of Ab _ id capability of the v _ id capability visitor returned by the big data system in the step 3. Finally, the ability operator can comprehensively judge whether the ability visitor has risks according to the Rv value and by combining other elements of the ability visitor, such as ability registration behaviors, credit rating and the like. Or the Rv value is used as an input parameter of a subsequent capacity access flow, for example, a judgment basis is provided for links such as current limitation and access blocking.
The invention provides a capability opening platform and a method based on user privacy protection, which protect the user privacy from two aspects of calling control and risk authentication for a capability visitor. The calling control subsystem and the capability user portal complete interaction through real-time messages, the capability user portal initiates a calling judgment request to the calling control subsystem, the calling control subsystem authenticates the current service calling request, judges whether the calling request is normal capability calling initiated by a suspected non-user according to the current request calling state, and the capability open platform performs subsequent processes according to the returned result. If the access is judged to be in a normal state, the request is released, and the subsequent process is continuously completed; if the request is judged to be in an abnormal state, the subsequent access process is stopped. Compared with the prior art, the method can prevent in advance and judge whether the request is legal or not in real time, thereby achieving the purpose of preventing information leakage. The risk authentication subsystem synchronizes the capability information opened by the capability opening platform to the enterprise big data system, the big data system completes user behavior matching modeling according to the capability form, judges whether the capability visitor system is possible to complete the capability calling through the telecommunication service and communication behavior data of the user, and compares the multidimensional risk level of the capability caller with the defined general risk level in the capability opening platform system to confirm the risk result. And finally, the ability operator can comprehensively judge whether the ability visitor has risks or not according to the settlement result and by combining other elements of the ability visitor, or the ability operator can use the ability visitor as an input parameter of a subsequent ability access process. Compared with the prior art, the privacy protection effect is achieved without sacrificing user experience and changing the existing behavior of the user, and the purpose of protecting the privacy of the user while opening the capability is achieved through strong authentication modes such as a service password or a short message.
Fig. 6 is a block diagram illustrating a capability service opening apparatus according to an embodiment, and as shown in fig. 6, the capability service opening apparatus 400 includes:
a receiving module 41, configured to receive a call request message sent by a capability user;
a calling state obtaining module 42, configured to obtain a calling state of the capability user according to the calling request information and the historical calling information;
and a determining module 43, configured to send a call request passing message to the capability user and provide a capability opening service to the capability user when the call state is determined to be normal according to the call feature information.
In one possible implementation, the invocation feature information includes an invocation frequency deviation threshold, the historical invocation information includes invocation times,
the call state obtaining module 42 includes:
the first obtaining submodule is used for obtaining the calling frequency of the capability user according to the calling request information and the calling times;
the determining module 43 includes:
and the first judgment submodule is used for sending calling request passing information to the capability user under the condition that the calling frequency is judged to be normal according to the calling frequency deviation threshold value.
In one possible implementation, the call characteristic information includes a call period threshold, the historical call information includes a historical period,
the call state obtaining module 42 includes:
the second obtaining submodule is used for obtaining the calling period of the capability user according to the calling request information and the history period;
the determining module 43 includes:
and the second judging submodule is used for sending calling request passing information to the capability user under the condition that the calling period is judged to be normal according to the calling period threshold value.
In one possible implementation manner, the calling feature information includes a calling information range threshold, and the calling request information includes a calling information range, the apparatus further includes:
the third acquisition module is used for acquiring the calling information range ratio of the capacity user according to the calling information range and the total information range;
and the third judging module is used for sending calling request passing information to the capability user under the condition that the calling information range ratio is judged to be normal according to the calling information range threshold value.
In one possible implementation, the apparatus further includes:
the malicious behavior index acquisition module is used for calculating the malicious behavior index of the ability user according to the calling frequency, the calling period and the calling information range ratio;
the determining module 43 includes:
and the fourth judgment submodule is used for sending a calling request passing message to the capability user under the condition that the calling state is judged to be normal according to the malicious behavior index and the index threshold.
In one possible implementation, the apparatus further includes:
the use risk value acquisition module is used for acquiring the use risk value of the capability user according to the calling request information and the user authentication information;
the authentication judging module is used for judging whether the use authentication of the capability receiver is passed or not when the use risk value and the risk threshold value are used;
and the authentication passing module is used for providing the capability opening service for the capability user when the judgment result is that the capability receiver passes the use authentication.
In one possible implementation manner, the user authentication information includes: capability user self attribute information and capability user business behavior information.
In one possible implementation, the apparatus further includes:
and the service termination judging module is used for judging whether to terminate the capacity open service according to the use risk value in the process of providing the capacity open service for the capacity user.
In one possible implementation, the apparatus further includes:
the use risk value acquisition module is used for acquiring the use risk value of the capability user according to the calling request information and the user authentication information;
the authentication judging module is used for judging whether the use authentication of the capability receiver is passed or not when the use risk value and the risk threshold value are used;
and the service providing module is used for providing the capability opening service for the capability user when the judgment result is that the use authentication of the capability receiver is passed.
In a possible implementation manner, the present invention further provides a capability service opening system, including: capability providers, capability openness platforms and capability users,
the capability provider is used for providing capability open service for a capability user according to the judgment result of the capability open platform, and comprises a B domain system, an O domain system and a C domain system;
the capacity opening platform comprises a calling control subsystem and a risk authentication subsystem, wherein the calling control subsystem and the risk authentication subsystem comprise corresponding modules in the capacity opening service device;
the capacity user is used for sending calling request information to the capacity opening platform and requesting the capacity opening service, and the capacity user comprises an internal user and an external user.
In addition, the capability service opening method described in conjunction with fig. 1 according to the embodiment of the present invention may be implemented by a capability service opening device. Fig. 7 is a schematic diagram illustrating a hardware structure of a capability service opening device according to an embodiment of the present invention.
The capability service opening device may comprise a processor 401 and a memory 402 storing computer program instructions.
Specifically, the processor 401 may include a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or may be configured as one or more Integrated circuits implementing embodiments of the present invention.
Memory 402 may include mass storage for data or instructions. By way of example, and not limitation, memory 402 may include a Hard Disk Drive (HDD), floppy Disk Drive, flash memory, optical Disk, magneto-optical Disk, tape, or Universal Serial Bus (USB) Drive or a combination of two or more of these. Memory 402 may include removable or non-removable (or fixed) media, where appropriate. The memory 402 may be internal or external to the data processing apparatus, where appropriate. In a particular embodiment, the memory 402 is a non-volatile solid-state memory. In a particular embodiment, the memory 402 includes Read Only Memory (ROM). Where appropriate, the ROM may be mask-programmed ROM, Programmable ROM (PROM), Erasable PROM (EPROM), Electrically Erasable PROM (EEPROM), electrically rewritable ROM (EAROM), or flash memory or a combination of two or more of these.
The processor 401 reads and executes the computer program instructions stored in the memory 402 to implement any of the capability service opening methods in the above embodiments.
In one example, the capability service opening device may further include a communication interface 403 and a bus 410. As shown in fig. 4, the processor 401, the memory 402, and the communication interface 403 are connected via a bus 410 to complete communication therebetween.
The communication interface 403 is mainly used for implementing communication between modules, apparatuses, units and/or devices in the embodiments of the present invention.
Bus 410 includes hardware, software, or both to couple the components of the capability service openness device to each other. By way of example, and not limitation, a bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hypertransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus or a combination of two or more of these. Bus 410 may include one or more buses, where appropriate. Although specific buses have been described and shown in the embodiments of the invention, any suitable buses or interconnects are contemplated by the invention.
In addition, in combination with the capability service opening method in the foregoing embodiment, the embodiment of the present invention may provide a computer-readable storage medium to implement. The computer readable storage medium having stored thereon computer program instructions; the computer program instructions, when executed by a processor, implement any of the capability service opening methods in the above embodiments.
It is to be understood that the invention is not limited to the specific arrangements and instrumentality described above and shown in the drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present invention are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications and additions or change the order between the steps after comprehending the spirit of the present invention.
The functional blocks shown in the above-described structural block diagrams may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the invention are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information. Examples of a machine-readable medium include electronic circuits, semiconductor memory devices, ROM, flash memory, Erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, Radio Frequency (RF) links, and so forth. The code segments may be downloaded via computer networks such as the internet, intranet, etc.
It should also be noted that the exemplary embodiments mentioned in this patent describe some methods or systems based on a series of steps or devices. However, the present invention is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be performed in an order different from the order in the embodiments, or may be performed simultaneously.
As described above, only the specific embodiments of the present invention are provided, and it can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the module and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. It should be understood that the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the present invention, and these modifications or substitutions should be covered within the scope of the present invention.

Claims (11)

1. A capability service opening method, the method comprising:
receiving calling request information sent by a capability user;
acquiring the calling state of the capability user according to the calling request information and the historical calling information;
when the calling state is judged to be normal according to the calling characteristic information, sending calling request passing information to the capability user, and providing capability open service to the capability user;
the calling feature information comprises a calling frequency deviation threshold value, the historical calling information comprises calling times and a historical period, and the calling state of the capacity user is acquired according to the calling request information and the historical calling information, and the calling feature information comprises:
acquiring the calling frequency of the capacity user according to the calling request information and the calling times;
when the calling state is judged to be normal according to the calling characteristic information, sending calling request passing information to the capability user, wherein the calling request passing information comprises:
sending a calling request passing message to the capability user under the condition that the calling frequency is judged to be normal according to the calling frequency deviation threshold;
the calling request information comprises a calling information range, and the obtaining of the calling state of the capability user according to the calling request information and the historical calling information comprises the following steps:
acquiring the calling period of the capacity user according to the calling request information and the history period;
the method further comprises the following steps:
acquiring the calling information range ratio of the capacity user according to the calling information range and the total information range;
calculating the malicious behavior index of the ability user according to the calling frequency, the calling period and the calling information range ratio;
when the calling state is judged to be normal according to the calling feature information, sending calling request passing information to the capability user, further comprising:
and sending a calling request passing message to the capability user under the condition that the calling state is judged to be normal according to the malicious behavior index and the index threshold.
2. The method of claim 1, wherein the calling feature information comprises a calling period threshold, and when the calling state is determined to be normal according to the calling feature information, sending a calling request passing message to the capability user comprises:
and sending a calling request passing message to the capability user under the condition that the calling period is judged to be normal according to the calling period threshold value.
3. The method of claim 2, wherein the call characteristic information comprises a call information range threshold, the method further comprising:
and sending calling request passing information to the capability user under the condition that the calling information range ratio is judged to be normal according to the calling information range threshold value.
4. The method of claim 1, further comprising:
acquiring a use risk value of the capability user according to the calling request information and the user authentication information;
judging whether the use authentication of the capability user is passed or not according to the use risk value and the risk threshold value;
and when the judgment result is that the use authentication of the capability user is passed, providing the capability opening service for the capability user.
5. The method of claim 4, wherein the user authentication information comprises: capability user self attribute information and capability user business behavior information.
6. The method of claim 4, further comprising:
and judging whether to terminate the capacity open service or not according to the use risk value in the process of providing the capacity open service for the capacity user.
7. A capability service opening apparatus, characterized in that the apparatus comprises:
the receiving module is used for receiving calling request information sent by a capability user;
the calling state acquisition module is used for acquiring the calling state of the capability user according to the calling request information and the historical calling information;
the judging module is used for sending calling request passing information to the capability user and providing capability open service to the capability user under the condition that the calling state is judged to be normal according to the calling characteristic information;
the calling characteristic information comprises a calling frequency deviation threshold, the historical calling information comprises calling times and a historical period, and the calling state acquisition module is specifically configured to:
acquiring the calling frequency of the capacity user according to the calling request information and the calling times;
the judgment module is specifically configured to:
sending a calling request passing message to the capability user under the condition that the calling frequency is judged to be normal according to the calling frequency deviation threshold;
the calling request information includes a calling information range, and the calling state obtaining module is specifically configured to:
acquiring the calling period of the capacity user according to the calling request information and the history period;
the device further comprises:
the third acquisition module is used for acquiring the calling information range ratio of the capacity user according to the calling information range and the total information range;
the malicious behavior index acquisition module is used for calculating the malicious behavior index of the ability user according to the calling frequency, the calling period and the calling information range ratio;
and the judging module is also used for sending calling request passing information to the capability user under the condition that the calling state is judged to be normal according to the malicious behavior index and the index threshold.
8. The apparatus of claim 7, further comprising:
the use risk value acquisition module is used for acquiring the use risk value of the capability user according to the calling request information and the user authentication information;
the authentication judgment module is used for judging whether the use authentication of the capability user is passed or not according to the use risk value and the risk threshold value;
and the service providing module is used for providing the capability opening service for the capability user when the judgment result is that the use authentication of the capability user is passed.
9. A capability service opening system, comprising: capability providers, capability openness platforms and capability users,
the capability provider is used for providing capability open service for a capability user according to the judgment result of the capability open platform, and comprises a B domain system, an O domain system and/or a C domain system;
the capability openness platform comprising a call control subsystem and a risk authentication subsystem, the call control subsystem and the risk authentication subsystem comprising the apparatus as claimed in claim 7;
the capacity user is used for sending calling request information to the capacity opening platform and requesting the capacity opening service, and the capacity user comprises an internal user and an external user.
10. A capability service opening apparatus, comprising: at least one processor, at least one memory, and computer program instructions stored in the memory that, when executed by the processor, implement the method of any of claims 1-6.
11. A computer-readable storage medium having computer program instructions stored thereon, which when executed by a processor implement the method of any one of claims 1-6.
CN201711491736.3A 2017-12-30 2017-12-30 Capability service opening method, device, system, equipment and medium Active CN109995733B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711491736.3A CN109995733B (en) 2017-12-30 2017-12-30 Capability service opening method, device, system, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711491736.3A CN109995733B (en) 2017-12-30 2017-12-30 Capability service opening method, device, system, equipment and medium

Publications (2)

Publication Number Publication Date
CN109995733A CN109995733A (en) 2019-07-09
CN109995733B true CN109995733B (en) 2021-11-09

Family

ID=67110070

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711491736.3A Active CN109995733B (en) 2017-12-30 2017-12-30 Capability service opening method, device, system, equipment and medium

Country Status (1)

Country Link
CN (1) CN109995733B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113132299A (en) * 2019-12-30 2021-07-16 中国移动通信集团江西有限公司 Capability opening method and device, storage medium and computer equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103051623A (en) * 2012-12-20 2013-04-17 微梦创科网络科技(中国)有限公司 Method for limiting calling of open platform
CN103312660A (en) * 2012-03-06 2013-09-18 中兴通讯股份有限公司 Service realization method based on ability opening platform and ability opening platform
CN103841081A (en) * 2012-11-22 2014-06-04 中国移动通信集团公司 Capability scheduling method and system
CN105577810A (en) * 2015-12-30 2016-05-11 青岛海尔智能家电科技有限公司 Flexible service method, device and system for open interface
CN106878064A (en) * 2017-01-16 2017-06-20 腾讯科技(深圳)有限公司 Data monitoring method and device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104754009A (en) * 2013-12-31 2015-07-01 中国移动通信集团广东有限公司 Service acquisition and invocation method, device, client-side and server
CN104618429B (en) * 2014-12-23 2018-07-20 华为技术有限公司 A kind of method and device of information exchange
US20170142228A1 (en) * 2015-11-12 2017-05-18 International Business Machines Corporation Server cluster patch tracking to facilitate code level matching of added servers
CN107483500A (en) * 2017-09-25 2017-12-15 咪咕文化科技有限公司 A kind of Risk Identification Method based on user behavior, device and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103312660A (en) * 2012-03-06 2013-09-18 中兴通讯股份有限公司 Service realization method based on ability opening platform and ability opening platform
CN103841081A (en) * 2012-11-22 2014-06-04 中国移动通信集团公司 Capability scheduling method and system
CN103051623A (en) * 2012-12-20 2013-04-17 微梦创科网络科技(中国)有限公司 Method for limiting calling of open platform
CN105577810A (en) * 2015-12-30 2016-05-11 青岛海尔智能家电科技有限公司 Flexible service method, device and system for open interface
CN106878064A (en) * 2017-01-16 2017-06-20 腾讯科技(深圳)有限公司 Data monitoring method and device

Also Published As

Publication number Publication date
CN109995733A (en) 2019-07-09

Similar Documents

Publication Publication Date Title
US9549062B1 (en) Digital signature-over-voice for caller ID verification
KR101630913B1 (en) A method, device and system for verifying communication sessions
CN110598383B (en) Method and device for removing account authority limit
CN101202631A (en) System and method for identification authentication based on cipher key and timestamp
CN112437428B (en) Verification method and server
CN101667917B (en) Dynamic password input rule
CN108271158A (en) Call processing method and system
CN107705126B (en) Transaction instruction processing method and device
KR101306074B1 (en) Method and system to prevent phishing
CN109995733B (en) Capability service opening method, device, system, equipment and medium
US20140236824A1 (en) Method to detect and control unwanted outgoing payment services usage in smart devices
CN107995616B (en) User behavior data processing method and device
EP1125457B1 (en) Method and system for managing risk in a mobile telephone network
KR100599001B1 (en) Restriction method and system for illegal use of mobile communication terminal using Universal Subscriber Identity Module
CN114418586A (en) Reserved mobile phone number verification method, reserved mobile phone number verification device, reserved mobile phone number verification electronic equipment, reserved mobile phone number verification medium and program product
Hofbauer et al. A lightweight privacy preserving approach for analyzing communication records to prevent voip attacks using toll fraud as an example
RU53085U1 (en) ACCESS SYSTEM FOR USERS ACCESS TO PRIVATE DATA THROUGH A COMPUTER NETWORK
CN111224918A (en) Real-time networking security control platform and access authentication method
CN111328073A (en) No. seven signaling risk defense method and device
CN115866585B (en) Mobile phone APP information protection method
KR102597393B1 (en) Blockchain based Insurance fraud detection system through sharing information of claims for insurance
CN115460602A (en) Mobile terminal security solution based on zero trust
CN112566098A (en) Identification information verification method and server
CN114679294A (en) User identity verification method and device, electronic equipment and storage medium
CN117955655A (en) Real name registration method and system for Internet of things card based on blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant